You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@unomi.apache.org by sh...@apache.org on 2020/06/04 14:20:35 UTC
svn commit: r1878477 - in /unomi/website: ./ security/
Author: shuber
Date: Thu Jun 4 14:20:34 2020
New Revision: 1878477
URL: http://svn.apache.org/viewvc?rev=1878477&view=rev
Log:
[scm-publish] Updating Unomi website
Added:
unomi/website/security/
unomi/website/security/cve-2020-11975.txt
Modified:
unomi/website/community-maturity-model-report.html
unomi/website/community-policies.html
unomi/website/community-team.html
unomi/website/contribute-become-a-committer.html
unomi/website/contribute-dependencies-guide.html
unomi/website/contribute-post-commit-policies-details.html
unomi/website/contribute-release-guide.html
unomi/website/documentation.html
unomi/website/get-started.html
unomi/website/index.html
unomi/website/resources.html
unomi/website/stories.html
unomi/website/use-cases.html
Modified: unomi/website/community-maturity-model-report.html
URL: http://svn.apache.org/viewvc/unomi/website/community-maturity-model-report.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/community-maturity-model-report.html (original)
+++ unomi/website/community-maturity-model-report.html Thu Jun 4 14:20:34 2020
@@ -95,7 +95,7 @@
<h3>Overview</h3>
<p>
- This is an assessment of the Unomi podlingâs maturity, meant to help inform the decision (of the mentors, community, Incubator PMC and ASF Board of Directors) to graduate
+ This is an assessment of the Unomi podling???s maturity, meant to help inform the decision (of the mentors, community, Incubator PMC and ASF Board of Directors) to graduate
it as a top-level Apache project. It is based on the ASF project maturity model at <a target="_blank" href="https://community.apache.org/apache-way/apache-project-maturity-model.html">https://community.apache.org/apache-way/apache-project-maturity-model.html</a>
Maintaining such a file is a new, experimental idea as part of the continuous improvement of the ASF incubation process.
</p>
@@ -107,7 +107,7 @@
<h3>Overall assessment</h3>
<p>
- Just introduced this report card, we will need to evaluate all the modelâs parts to see how we fare so far.
+ Just introduced this report card, we will need to evaluate all the model???s parts to see how we fare so far.
</p>
<h3>Maturity model assessment</h3>
@@ -141,7 +141,7 @@
</tr>
<tr>
<td><strong>CD20</strong></td>
- <td>The projectâs code is easily discoverable and publicly accessible.</td>
+ <td>The project???s code is easily discoverable and publicly accessible.</td>
<td class="text-center"><i class="fas fa-check text-success"></i></td>
<td>it is linked from the main project site and accessible in the public ASF git repository</td>
</tr>
@@ -153,7 +153,7 @@
</tr>
<tr>
<td><strong>CD40</strong></td>
- <td>The full history of the projectâs code is available via a source code control system, in a way that allows any released version to be recreated.</td>
+ <td>The full history of the project???s code is available via a source code control system, in a way that allows any released version to be recreated.</td>
<td class="text-center"><i class="fas fa-check text-success"></i></td>
<td>everything is in the ASF Git repository.</td>
</tr>
@@ -186,7 +186,7 @@
</tr>
<tr>
<td><strong>LC20</strong></td>
- <td>Libraries that are mandatory dependencies of the projectâs code do not create more restrictions than the Apache License does.</td>
+ <td>Libraries that are mandatory dependencies of the project???s code do not create more restrictions than the Apache License does.</td>
<td class="text-center"><i class="fas fa-check text-success"></i></td>
<td>NOTICE files contain all the information and has been reviewed on two releases already</td>
</tr>
@@ -198,7 +198,7 @@
</tr>
<tr>
<td><strong>LC40</strong></td>
- <td>Committers are bound by an Individual Contributor Agreement (the âApache iCLAâ) that defines which code they are allowed to commit and how they need to identify code that is not their own.</td>
+ <td>Committers are bound by an Individual Contributor Agreement (the ???Apache iCLA???) that defines which code they are allowed to commit and how they need to identify code that is not their own.</td>
<td class="text-center"><i class="fas fa-check text-success"></i></td>
<td>All committers have registered iCLAs</td>
</tr>
@@ -231,7 +231,7 @@
</tr>
<tr>
<td><strong>RE20</strong></td>
- <td>Releases are approved by the projectâs PMC (see CS10), in order to make them an act of the Foundation.</td>
+ <td>Releases are approved by the project???s PMC (see CS10), in order to make them an act of the Foundation.</td>
<td class="text-center"><i class="fas fa-check text-success"></i></td>
<td>Happened for three major releases already</td>
</tr>
@@ -243,7 +243,7 @@
</tr>
<tr>
<td><strong>RE40</strong></td>
- <td>Convenience binaries can be distributed alongside source code but they are not Apache Releases â they are just a convenience provided with no guarantee.</td>
+ <td>Convenience binaries can be distributed alongside source code but they are not Apache Releases ??? they are just a convenience provided with no guarantee.</td>
<td class="text-center"><i class="fas fa-check text-success"></i></td>
<td>See the releases <a href="download.html">here</a></td>
</tr>
@@ -314,7 +314,7 @@
<td><strong>CO10</strong></td>
<td>The project has a well-known homepage that points to all the information required to operate according to this maturity model.</td>
<td class="text-center"><i class="fas fa-check text-success"></i></td>
- <td>See the <a class="externalLink" target="_blank" href="http://unomi.incubator.apache.org">projectâs home page</a> that includes a <a href="contribute.html">contribute</a> section
+ <td>See the <a class="externalLink" target="_blank" href="http://unomi.incubator.apache.org">project???s home page</a> that includes a <a href="contribute.html">contribute</a> section
that describes how to become a committer as well as <a href="contribute-become-a-committer.html">several</a> <a href="contribute-committer-guide.html">documents</a> for on-board newcomers quickly</td>
</tr>
<tr>
@@ -373,13 +373,13 @@
<tbody>
<tr>
<td><strong>CS10</strong></td>
- <td>The project maintains a public list of its contributors who have decision power â the projectâs PMC (Project Management Committee) consists of those contributors.</td>
+ <td>The project maintains a public list of its contributors who have decision power ??? the project???s PMC (Project Management Committee) consists of those contributors.</td>
<td class="text-center"><i class="fas fa-check text-success"></i></td>
<td>The project has a <a href="community-team.html">team page</a> that lists all the contributors along with their associated roles.</td>
</tr>
<tr>
<td><strong>CS20</strong></td>
- <td>Decisions are made by consensus among PMC members and are documented on the projectâs main communications channel. Community opinions are taken into account but the PMC has the final word if needed.</td>
+ <td>Decisions are made by consensus among PMC members and are documented on the project???s main communications channel. Community opinions are taken into account but the PMC has the final word if needed.</td>
<td class="text-center"><i class="fas fa-check text-success"></i></td>
<td>PPMC decisions have been unonimous so far, including voting new committers and new PPMC members. The project has been making important decisions on the project mailing lists. All community decisions have had a consensus without any PPMC action needed.</td>
</tr>
@@ -393,11 +393,11 @@
<td><strong>CS40</strong></td>
<td>In Apache projects, vetoes are only valid for code commits and are justified by a technical explanation, as per the Apache voting rules defined in CS30.</td>
<td class="text-center"><i class="fas fa-check text-success"></i></td>
- <td>The project hasnât used a veto at any point and relies on robust code reviews, especially for any issues around licenses problems.</td>
+ <td>The project hasn???t used a veto at any point and relies on robust code reviews, especially for any issues around licenses problems.</td>
</tr>
<tr>
<td><strong>CS50</strong></td>
- <td>All âimportantâ discussions happen asynchronously in written form on the projectâs main communications channel. Offline, face-to-face or private discussions that affect the project are also documented on that channel.</td>
+ <td>All ???important??? discussions happen asynchronously in written form on the project???s main communications channel. Offline, face-to-face or private discussions that affect the project are also documented on that channel.</td>
<td class="text-center"><i class="fas fa-check text-success"></i></td>
<td>The project has been making important decisions on the project mailing lists. When communication occurs on side channels (Slack, face-to-face mostly), the mailing list is always used to communicate important information to the community.</td>
</tr>
Modified: unomi/website/community-policies.html
URL: http://svn.apache.org/viewvc/unomi/website/community-policies.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/community-policies.html (original)
+++ unomi/website/community-policies.html Thu Jun 4 14:20:34 2020
@@ -99,7 +99,7 @@
<p>Apache Unomi makes minor releases every 6 weeks. Apache Unomi has a <a target="_blank" href="https://calendar.google.com/calendar/embed?src=0p73sl034k80oob7seouanigd0%40group.calendar.google.com">calendar</a> for cutting the next release branch. After a release branch is cut, the community works quickly to finalize that release.</p>
- <p>Apache Unomi aims to make 8 releases in a 12 month period. To accommodate users with longer upgrade cycles, some of these releases will be tagged as long term support (LTS) releases. LTS releases receive patches to fix major issues for 12 months, starting from the releaseâ⬙s initial release date. There will be at least one new LTS release in a 12 month period, and LTS releases are considered deprecated after 12 months. The community will mark a release as a LTS release based on various factors, such as the number of LTS releases currently in flight and whether the accumulated feature set since the last LTS provides significant upgrade value. Non-LTS releases do not receive patches and are considered deprecated immediately after the next following minor release. We encourage you to update early and often; do not wait until the deprecation date of the version you are using.</p>
+ <p>Apache Unomi aims to make 8 releases in a 12 month period. To accommodate users with longer upgrade cycles, some of these releases will be tagged as long term support (LTS) releases. LTS releases receive patches to fix major issues for 12 months, starting from the release?????™s initial release date. There will be at least one new LTS release in a 12 month period, and LTS releases are considered deprecated after 12 months. The community will mark a release as a LTS release based on various factors, such as the number of LTS releases currently in flight and whether the accumulated feature set since the last LTS provides significant upgrade value. Non-LTS releases do not receive patches and are considered deprecated immediately after the next following minor release. We encourage you to update early and often; do not wait until the deprecation date of the version you are using.</p>
<p>It is up to the Apache Unomi community to decide whether an identified issue is a major issue that warrants a patch release. Some examples of major issues are high severity security issues and high risk data integrity issues.</p>
Modified: unomi/website/community-team.html
URL: http://svn.apache.org/viewvc/unomi/website/community-team.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/community-team.html (original)
+++ unomi/website/community-team.html Thu Jun 4 14:20:34 2020
@@ -280,7 +280,7 @@
<td>-</td>
<td>Régis Mora</td>
<td>-</td>
- <td>Pékin Accueil</td>
+ <td>P??kin Accueil</td>
<td><a class="externalLink" target="_blank" href="https://www.pekin-accueil.com">https://www.pekin-accueil.com</a></td>
<td>Retired (was initial committer, PPMC)</td>
<td>+8</td>
Modified: unomi/website/contribute-become-a-committer.html
URL: http://svn.apache.org/viewvc/unomi/website/contribute-become-a-committer.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/contribute-become-a-committer.html (original)
+++ unomi/website/contribute-become-a-committer.html Thu Jun 4 14:20:34 2020
@@ -179,7 +179,7 @@
<li>They earnestly try to make Unomi better with their own code</li>
<li>They earnestly try to make Unomi better with code review</li>
<li>They accept and integrate feedback on their code</li>
- <li>They know, follow, and enforce Unomiâ⬙s practices while reviewing/merging code - style, documentation, testing, backward compatibility, etc.</li>
+ <li>They know, follow, and enforce Unomi?????™s practices while reviewing/merging code - style, documentation, testing, backward compatibility, etc.</li>
</ul>
</li>
</ul>
Modified: unomi/website/contribute-dependencies-guide.html
URL: http://svn.apache.org/viewvc/unomi/website/contribute-dependencies-guide.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/contribute-dependencies-guide.html (original)
+++ unomi/website/contribute-dependencies-guide.html Thu Jun 4 14:20:34 2020
@@ -118,7 +118,7 @@
<h2>Dependencies Guide</h2>
<p>This document describes policies for keeping Unomi dependencies up to date.</p>
- <p>Old dependencies cause user pain and can result in a system being unusable for some users. Many users do not use Unomi in isolation and bundle other dependencies in the same deployment. These additional dependencies might pull in incompatible dependencies to userâ⬙s environment which can again result in broken Unomi pipelines, sometimes with undefined behavior. To prevent this, users will have to update their deployment environment or worse yet may end up not being able to use Unomi along with some of the other dependencies at all.</p>
+ <p>Old dependencies cause user pain and can result in a system being unusable for some users. Many users do not use Unomi in isolation and bundle other dependencies in the same deployment. These additional dependencies might pull in incompatible dependencies to user?????™s environment which can again result in broken Unomi pipelines, sometimes with undefined behavior. To prevent this, users will have to update their deployment environment or worse yet may end up not being able to use Unomi along with some of the other dependencies at all.</p>
<p>If a component <em>X</em> chooses to override the version of a dependency <em>D</em> from <em>a</em> to <em>b</em> and another component <em>Y</em> is incompatible with version <em>b</em> of <em>D</em>, deployment of a user that uses both components <em>X</em> and <em>Y</em> will end up in a broken state.</p>
@@ -182,7 +182,7 @@
<p><strong>Dependencies of Java SDK components that may cause issues to other components if leaked should be vendored.</strong></p>
- <p><a target="_blank" href="https://www.ardanlabs.com/blog/2013/10/manage-dependencies-with-godep.html">Vendoring</a> is the process of creating copies of third party dependencies. Combined with repackaging, vendoring will allow Unomi components to depend on third party libraries without causing conflicts to other components. Vendoring should be done in a case-by-case basis since this can increase the total number of dependencies deployed in userâ⬙s enviroment.</p>
+ <p><a target="_blank" href="https://www.ardanlabs.com/blog/2013/10/manage-dependencies-with-godep.html">Vendoring</a> is the process of creating copies of third party dependencies. Combined with repackaging, vendoring will allow Unomi components to depend on third party libraries without causing conflicts to other components. Vendoring should be done in a case-by-case basis since this can increase the total number of dependencies deployed in user?????™s enviroment.</p>
<h3>Dependency updates and backwards compatibility</h3>
Modified: unomi/website/contribute-post-commit-policies-details.html
URL: http://svn.apache.org/viewvc/unomi/website/contribute-post-commit-policies-details.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/contribute-post-commit-policies-details.html (original)
+++ unomi/website/contribute-post-commit-policies-details.html Thu Jun 4 14:20:34 2020
@@ -141,7 +141,7 @@
<p>Flaky tests are considered failing tests, and fixing a flaky test is a critical/P1 issue.</p>
<p>Flaky tests are tests that randomly succeed or fail while using the same code version. Flaky test failures are one of the most dangerous types of failures
- because they are easy to ignore ââ¬â another run of the flaky test might pass successfully. However, these failures can hide real bugs and flaky tests often
+ because they are easy to ignore ???????? another run of the flaky test might pass successfully. However, these failures can hide real bugs and flaky tests often
slowly accumulate. Someone must repeatedly triage the failures, and flaky tests are often the hardest ones to fix.</p>
<p>Flaky tests do not provide a reliable quality signal, so it is important to quickly fix the flakiness. If a fix will take awhile to implement, it is safer
Modified: unomi/website/contribute-release-guide.html
URL: http://svn.apache.org/viewvc/unomi/website/contribute-release-guide.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/contribute-release-guide.html (original)
+++ unomi/website/contribute-release-guide.html Thu Jun 4 14:20:34 2020
@@ -193,7 +193,7 @@ gpg --verify test.txt.asc test.txt
<ol>
<li>Clone and checkout the project using:
<pre class="alert alert-primary"><code>git clone https://gitbox.apache.org/repos/asf/unomi.git</code></pre>
- in a separate directory, to make sure you donât have any additional files in the build
+ in a separate directory, to make sure you don???t have any additional files in the build
(such as allCountries.zip or other binary files that should not be there)</li>
<li>Create a new branch if needed for the release using:
<pre class="alert alert-primary"><code>cd unomi
@@ -215,9 +215,9 @@ gpg --verify test.txt.asc test.txt
<pre class="alert alert-primary"><code>mvn clean install -DskipITs=true -DskipTests=true -P integration-tests,performance-tests,rat,apache-release,docker,\!run-tests</code></pre>
</li>
<li>Check that there are no JARs or ZIP files in the source code, you can do this by looking at the generated RAT report here :
- <pre class="alert alert-primary"><code>less target/unomi-root-1.5.1-SNAPSHOT.rat</code></pre>
+ <pre class="alert alert-primary"><code>less target/unomi-root-2.0.0-SNAPSHOT.rat</code></pre>
</li>
- <li>Check that the KEYS file only contains signatures with @apache.org addresses (if there are non @apache.org donât remove them because they have
+ <li>Check that the KEYS file only contains signatures with @apache.org addresses (if there are non @apache.org don???t remove them because they have
been used to sign older releases)
</li>
<li>Check the Copyright notice years in the NOTICE file and anywhere else where it might be (by using search and replace)</li>
@@ -241,11 +241,11 @@ gpg: signing failed: Inappropriate ioctl
</li>
<li>Check into the target directory and unzip the source release and compile it using:
<pre class="alert alert-primary"><code>cd target
-gpg --verify unomi-root-1.5.1-SNAPSHOT-source-release.zip.asc unomi-root-1.5.1-SNAPSHOT-source-release.zip
-shasum -a 512 unomi-root-1.5.1-SNAPSHOT-source-release.zip
-cat unomi-root-1.5.1-SNAPSHOT-source-release.zip.sha512
-unzip unomi-root-1.5.1-SNAPSHOT-source-release.zip
-cd unomi-root-1.5.1-SNAPSHOT
+gpg --verify unomi-root-2.0.0-SNAPSHOT-source-release.zip.asc unomi-root-2.0.0-SNAPSHOT-source-release.zip
+shasum -a 512 unomi-root-2.0.0-SNAPSHOT-source-release.zip
+cat unomi-root-2.0.0-SNAPSHOT-source-release.zip.sha512
+unzip unomi-root-2.0.0-SNAPSHOT-source-release.zip
+cd unomi-root-2.0.0-SNAPSHOT
mvn clean install</code></pre>
to check that the packaged source build properly
</li>
@@ -265,7 +265,7 @@ mvn clean install</code></pre>
<pre class="alert alert-primary"><code>mvn -DskipITs=true -DskipTests=true -Darguments="-DskipITs=true -DskipTests=true" -P integration-tests,docker,performance-tests,\!run-tests release:perform</code></pre>
</li>
<li>If something fails, make sure you first drop the staging repository created here: <a href="https://repository.apache.org/#stagingRepositories" target="_blank">https://repository.apache.org/#stagingRepositories</a>.<br>
-If you need to relaunch the <code>release:perform</code> and donât have a release.properties, create a <code>release.properties</code> file with the following contents:
+If you need to relaunch the <code>release:perform</code> and don???t have a release.properties, create a <code>release.properties</code> file with the following contents:
<pre class="alert alert-primary"><code>scm.url=scm:git:https://gitbox.apache.org/repos/asf?p=unomi.git
scm.tag=unomi-root-1.5.1
and run mvn release:perform</code></pre>
@@ -416,7 +416,7 @@ git push origin -f</code></pre>
<h2 id="improve-the-process">Improve the process</h2>
- <p>It is important that we improve the release processes over time. Once youâve finished the release, please take a step back and look what areas of this process and be improved. Perhaps some part of the process can be simplified. Perhaps parts of this guide can be clarified.</p>
+ <p>It is important that we improve the release processes over time. Once you???ve finished the release, please take a step back and look what areas of this process and be improved. Perhaps some part of the process can be simplified. Perhaps parts of this guide can be clarified.</p>
<p>If we have specific ideas, please start a discussion on the dev@ mailing list and/or propose a pull request to update this guide. Thanks!</p>
@@ -515,7 +515,7 @@ https://issues.apache.org/jira/secure/Re
version=12338361
Apache Unomi is a Java Open Source customer data platform, a Java server
-designed to manage customers, leads and visitorsâ data and help personalize customersâ
+designed to manage customers, leads and visitors??? data and help personalize customers???
experiences.
More details regarding Apache Unomi can be found here:
Modified: unomi/website/documentation.html
URL: http://svn.apache.org/viewvc/unomi/website/documentation.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/documentation.html (original)
+++ unomi/website/documentation.html Thu Jun 4 14:20:34 2020
@@ -356,7 +356,7 @@
</p>
<ol>
<li>Depending on your install, perform either the standalone or cluster migration</li>
- <li>Thatâs it !</li>
+ <li>That???s it !</li>
</ol>
</div><!-- /.blog-main -->
</div>
@@ -364,12 +364,10 @@
<div class="row mb-5 mt-5">
<div class="col">
<h2 class="pb-3 mb-3 border-bottom">Security Advisories</h2>
- <!--
<p>
- CVE- : Apache Unomi
+ CVE-2020-11975 : Remote Code Execution in Apache Unomi
</p>
- <a class="btn btn-outline-primary" href="security/cve-*.txt">Notes</a>
- -->
+ <a class="btn btn-outline-primary" href="security/cve-2020-11975.txt">Notes</a>
</div>
</div>
Modified: unomi/website/get-started.html
URL: http://svn.apache.org/viewvc/unomi/website/get-started.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/get-started.html (original)
+++ unomi/website/get-started.html Thu Jun 4 14:20:34 2020
@@ -100,7 +100,7 @@
<h5 class="project-heading">What is unique about <span class="text-muted">Apache Unomi</span> ?</h5>
<div class="pb-2 pt-2">
<p>One of the most unique features of this server is its privacy management features. Using the privacy REST API, it is possible for integrators to build user facing UIs that let them manage their profile, and control how they are being tracked, what data has been collected and even anonymize previously collected data or future data ! Finally there is even the possibility for end-users to delete their profile information completely.</p>
- <p>It is becoming more and more important to address privacy issues correctly, and it is even becoming more and more of a legal issue since a lot of legislation is now appearing in many countries to make sure that userâs right to privacy is respected.</p>
+ <p>It is becoming more and more important to address privacy issues correctly, and it is even becoming more and more of a legal issue since a lot of legislation is now appearing in many countries to make sure that user???s right to privacy is respected.</p>
<p>Of course these possibilities have no default UI inside of Apache Unomi so it is left up to the developers to expose them (or not).</p>
</div>
</div>
Modified: unomi/website/index.html
URL: http://svn.apache.org/viewvc/unomi/website/index.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/index.html (original)
+++ unomi/website/index.html Thu Jun 4 14:20:34 2020
@@ -161,7 +161,7 @@
<ul>
<li>New Karaf Shell Commands to view events, sessions and profiles, analyze rule executions, view incoming events, and much more...</li>
<li>Endpoint to search in events has been added</li>
- <li>New patch system to improve modifying default definitions (rules, segments, â¦)</li>
+ <li>New patch system to improve modifying default definitions (rules, segments, ???)</li>
</ul>
<h4>Data collection</h4>
<ul>
@@ -209,7 +209,7 @@
<h2 class="featurette-heading">Business cases based on <span class="text-muted">Apache Unomi™</span> ?</h2>
<ul>
<li>Build a web personalization software to adapt the content on your website to your audience</li>
- <li>Collect data from mobile application and feed Apache Unomi™ to track and understand your customersâ journeys</li>
+ <li>Collect data from mobile application and feed Apache Unomi™ to track and understand your customers??? journeys</li>
<li>Connect the beacons deployed in your stores to Apache Unomi™ and consolidate the profile of your customers and leads across all these channels</li>
<li>Automatically push profiles from Apache Unomi™ to your CRM when a lead reach a given number of points in one of your scoring plans</li>
</ul>
Modified: unomi/website/resources.html
URL: http://svn.apache.org/viewvc/unomi/website/resources.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/resources.html (original)
+++ unomi/website/resources.html Thu Jun 4 14:20:34 2020
@@ -136,7 +136,7 @@
<div class="row pb-2 pt-4">
<div class="col-md-6">
<h6 class="pb-2 pt-2">ApacheCon 2015 - The Apache Unomi Project In-depth</h6>
- <p>Serge Huber, Jahiaâs CTO, discusses the new Apache Unomi project that was started in September 2015 and then demonstrates how it can be used to build integrated solutions that use Internet Of Thing devices and server-side technologies to build personalized user experiences.</p>
+ <p>Serge Huber, Jahia???s CTO, discusses the new Apache Unomi project that was started in September 2015 and then demonstrates how it can be used to build integrated solutions that use Internet Of Thing devices and server-side technologies to build personalized user experiences.</p>
<a class="btn btn-primary mt-3" target="_blank" href="https://www.slideshare.net/Jahia/apache-unomi-project-indepth">View in slideshare »</a>
</div>
<div class="col-md-6">
Added: unomi/website/security/cve-2020-11975.txt
URL: http://svn.apache.org/viewvc/unomi/website/security/cve-2020-11975.txt?rev=1878477&view=auto
==============================================================================
--- unomi/website/security/cve-2020-11975.txt (added)
+++ unomi/website/security/cve-2020-11975.txt Thu Jun 4 14:20:34 2020
@@ -0,0 +1,44 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+CVE-2020-11975: Remote Code Execution in Apache Unomi
+
+Severity: Critical
+
+Vendor: The Apache Software Foundation
+
+Versions Affected:
+
+This vulnerability affects all versions of Apache Unomi prior to 1.5.1
+
+Description:
+
+Apache Unomi allows conditions to use OGNL scripting which offers the possibility
+to call static Java classes from the JDK that could execute code with the
+permission level of the running Java process.
+
+This has been fixed in revision:
+
+https://git-wip-us.apache.org/repos/asf?p=unomi.git;h=789ae8e820c507866b9c91590feebffa4e996f5e
+
+Migration:
+
+Apache Unomi users should upgrade to 1.5.1 or later.
+
+Credit: This issue was reported by Yiming Xiang of NSFOCUS.
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEFt9+Vnc4Fy+UXwQCfBnR+70asd8FAl7XwXcACgkQfBnR+70a
+sd9XYRAAjHv3p4IZd/Uy+JRS3+i2fgYEDJGVjLpewDeoLp1pCRc8hUTTeKQXgq+E
+j3YOAbji9rV0fFYyOCQzmMraIDoHzQFt49Oit2gglXnB9fSer5Rk9lOQf1DgaTJz
+Op1Hf/pTwMrrhUQqe4vNRg9NRp7DYyZkObpeXbZaLRarv/NuYsDEXl9A6xDyRabe
+5wLGLep85+OalIhAUAXlI6uLqfzfDbU2jlJgcSpvCstOj9vDpkB+jpZOxi7GsN+X
+An69bWE+otpE9KlIlhu9GD/lRzzNY8r9DkZXE5Mp24smNm8UYr8GutnYEmAQO09u
+Mc9H/hRcnTfiJUeG+pXSNQSRJ+FfgK5Lvp9P4cppo481AGwCTLP01uJu8nsJb/46
+AlDF4xA+d7D8TlbN6NXm4FUrP1/QhKyvPHfvGjrPjEs0TbirMU9ypwsO4ESh0O8B
+6CVDxSKqmBfWjwQ4AYo+Izddsuf9ABSscNRJmfNxMBQZ0MXvGULcboXipVASWjBF
+HS936RtYJY04SQ0aJuTpuN2c8J6S/P+OGzry2ETWuaE5e3nQXWsUry98GQ/qFrK9
+3Jm1QZiP9dv8epZ6my0k+845+F2W1P8vkzy2QpGbnYsjcf3/f5T6U+Nz/k0skMHZ
+iFNa6aoDShfbziW3pYqLiAwJ+zEQFvU0B9nSXIeiwZwg9ZqWCxk=
+=AjB8
+-----END PGP SIGNATURE-----
Modified: unomi/website/stories.html
URL: http://svn.apache.org/viewvc/unomi/website/stories.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/stories.html (original)
+++ unomi/website/stories.html Thu Jun 4 14:20:34 2020
@@ -119,7 +119,7 @@
<p>"Apache Unomi was chosen as our CDP due the logical and plugin architecture, because it is an Apache
Open Source project and specially because of its Privacy (GPDR consent management) features.
This lets the user own their data, but also marketers and developers improve the user journey to help
- the users in their decision process and brand experience" â Andy Kaiser, Ninetailed founder</p>
+ the users in their decision process and brand experience" ??? Andy Kaiser, Ninetailed founder</p>
<a href="https://ninetailed.io/" target="_blank">ninetailed.io</a>
</div>
</div>
Modified: unomi/website/use-cases.html
URL: http://svn.apache.org/viewvc/unomi/website/use-cases.html?rev=1878477&r1=1878476&r2=1878477&view=diff
==============================================================================
--- unomi/website/use-cases.html (original)
+++ unomi/website/use-cases.html Thu Jun 4 14:20:34 2020
@@ -104,13 +104,13 @@
<h3 class="font-italic">Use Apache Unomi as an <span class="text-muted">analytics service</span> for a native mobile application</h3>
<div class="pb-2 pt-2">
- <p>In this case the server is used as a back-end for a native mobile application that will authenticate a user and then send events to the server when the user performs certains tasks within the app. Tasks may include pressing a button, getting close to a location (using GPS or beacons), etcâ¦</p>
+ <p>In this case the server is used as a back-end for a native mobile application that will authenticate a user and then send events to the server when the user performs certains tasks within the app. Tasks may include pressing a button, getting close to a location (using GPS or beacons), etc???</p>
<p>The application may also include a UI to expose the privacy management features of Apache Unomi.</p>
</div>
<h3 class="font-italic">Use Apache Unomi as a <span class="text-muted">centralized profile management system</span></h3>
<div class="pb-2 pt-2">
- <p>In this use case the server is used a centralized profile management system, making it easy to aggregate different profile information that may be stored in different systems such as CRMs, Issue tracking systems, forums, CMS, ⦠One way of achieving this is to make sure that âanonymousâ profiles are merged when an event such as a login happens and a unique cross-system identifier (usually the email address) is detected on each system.</p>
+ <p>In this use case the server is used a centralized profile management system, making it easy to aggregate different profile information that may be stored in different systems such as CRMs, Issue tracking systems, forums, CMS, ??? One way of achieving this is to make sure that ???anonymous??? profiles are merged when an event such as a login happens and a unique cross-system identifier (usually the email address) is detected on each system.</p>
<p>In this case connectors to all the different systems will need to be developped (and hopefully contributed back to the Apache Unomi community), so that the centralization of the information is managed by an Open Source and standards compliant server community.</p>
</div>
</div>