You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@archiva.apache.org by Bram Van Dam <br...@intix.eu> on 2022/05/28 09:14:28 UTC

2.2.8 security release

It seems like Apache Archiva 2.2.8 was released on 25 May 2022, with a 
critical security fix for CVE-2022-29405 -- where any registered user
can reset any other user's password.

I couldn't find an announcement on any of the Archiva mailing lists, so 
I figured I'd send one myself.

Release notes can be found here:

https://archiva.apache.org/docs/2.2.8/release-notes.html

  - Bram

Re: 2.2.8 security release

Posted by Olivier Lamy <ol...@apache.org>.

Hi
Yes sorry for the delay, I sent the announcement this morning.

regards
Olivier

On Sat, 28 May 2022 at 19:14, Bram Van Dam <br...@intix.eu> wrote:

> It seems like Apache Archiva 2.2.8 was released on 25 May 2022, with a
> critical security fix for CVE-2022-29405 -- where any registered user
> can reset any other user's password.
>
> I couldn't find an announcement on any of the Archiva mailing lists, so
> I figured I'd send one myself.
>
> Release notes can be found here:
>
> https://archiva.apache.org/docs/2.2.8/release-notes.html
>
>   - Bram
>