You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@archiva.apache.org by Bram Van Dam <br...@intix.eu> on 2022/05/28 09:14:28 UTC
2.2.8 security release
It seems like Apache Archiva 2.2.8 was released on 25 May 2022, with a
critical security fix for CVE-2022-29405 -- where any registered user
can reset any other user's password.
I couldn't find an announcement on any of the Archiva mailing lists, so
I figured I'd send one myself.
Release notes can be found here:
https://archiva.apache.org/docs/2.2.8/release-notes.html
- Bram
Re: 2.2.8 security release
Posted by Olivier Lamy <ol...@apache.org>.
Hi
Yes sorry for the delay, I sent the announcement this morning.
regards
Olivier
On Sat, 28 May 2022 at 19:14, Bram Van Dam <br...@intix.eu> wrote:
> It seems like Apache Archiva 2.2.8 was released on 25 May 2022, with a
> critical security fix for CVE-2022-29405 -- where any registered user
> can reset any other user's password.
>
> I couldn't find an announcement on any of the Archiva mailing lists, so
> I figured I'd send one myself.
>
> Release notes can be found here:
>
> https://archiva.apache.org/docs/2.2.8/release-notes.html
>
> - Bram
>