You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2018/02/06 17:54:01 UTC

allura-site git commit: missed files in 1.8.0 release commit

Repository: allura-site
Updated Branches:
  refs/heads/asf-site 86ab4a248 -> 96a75964c


missed files in 1.8.0 release commit


Project: http://git-wip-us.apache.org/repos/asf/allura-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura-site/commit/96a75964
Tree: http://git-wip-us.apache.org/repos/asf/allura-site/tree/96a75964
Diff: http://git-wip-us.apache.org/repos/asf/allura-site/diff/96a75964

Branch: refs/heads/asf-site
Commit: 96a75964c8af4238971515a5a4ccb61da2f40fa5
Parents: 86ab4a2
Author: Dave Brondsema <da...@brondsema.net>
Authored: Tue Feb 6 12:53:58 2018 -0500
Committer: Dave Brondsema <da...@brondsema.net>
Committed: Tue Feb 6 12:53:58 2018 -0500

----------------------------------------------------------------------
 _src/content/2018-allura-1.8.0.md |  34 +++++++++
 posts/2018-allura-1.8.0.html      | 125 +++++++++++++++++++++++++++++++++
 2 files changed, 159 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura-site/blob/96a75964/_src/content/2018-allura-1.8.0.md
----------------------------------------------------------------------
diff --git a/_src/content/2018-allura-1.8.0.md b/_src/content/2018-allura-1.8.0.md
new file mode 100644
index 0000000..96bb674
--- /dev/null
+++ b/_src/content/2018-allura-1.8.0.md
@@ -0,0 +1,34 @@
+Title: Apache Allura 1.8.0 released
+Date: 2018-02-06
+Tags: release
+Slug: allura-1.8.0
+Summary: Version 1.8.0 of Allura released, with many fixes & improvements and a critical security fix.
+
+#### New Features
+
+Apache Allura 1.8.0 has been released.
+It contains a Docker setup for production environments, and improved security and auditing around user logins.
+This release also contains a large number of fixes and smaller improvements.  To see all the details, check out the [release changelog](https://forge-allura.apache.org/p/allura/git/ci/master/tree/CHANGES).
+
+#### Important Security Fix
+
+CVE-2018-1299 Apache Allura directory traversal vulnerability
+
+**Versions Affected:**<br>Apache Allura 1.7.0 and earlier
+
+**Description:**<br>
+Unauthenticated attackers may retrieve arbitrary files through the Allura web
+application.  Some webservers used with Allura, such as Nginx, Apache/mod_wsgi
+or paster may prevent the attack from succeeding.  Others, such as gunicorn do
+not prevent it and leave Allura vulnerable.
+
+**Mitigation:**<br>
+Users of vulnerable webservers with Allura should upgrade to Allura 1.8.0
+immediately.
+
+**Credit:**<br>
+This issue was discovered by Everardo Padilla Saca
+
+#### Get 1.8.0
+
+[Download Allura](http://www.apache.org/dyn/closer.cgi/allura/) and [install it](https://forge-allura.apache.org/docs/getting_started/installation.html) today.

http://git-wip-us.apache.org/repos/asf/allura-site/blob/96a75964/posts/2018-allura-1.8.0.html
----------------------------------------------------------------------
diff --git a/posts/2018-allura-1.8.0.html b/posts/2018-allura-1.8.0.html
new file mode 100644
index 0000000..7e865c7
--- /dev/null
+++ b/posts/2018-allura-1.8.0.html
@@ -0,0 +1,125 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+  <title>    Apache Allura 1.8.0 released
+</title>
+  <meta charset="utf-8">
+  <meta name="description" content="Allura is an open source implementation of a software forge, a site that manages source code repositories, bug reports, discussions, and more for projects.">
+  <meta name="keywords" content="">
+  <meta name="author" content="">
+  <link rel="canonical" href="//allura.apache.org">
+
+  <!--    Facebook Meta Info-->
+  <meta property="og:url" content="//allura.apache.org">
+  <meta property="og:image" content="//allura.apache.org/theme/img/logo-asf-apache.png">
+  <meta property="og:description" content="Allura is an open source implementation of a software forge, a site that manages source code repositories, bug reports, discussions, and more for projects.">
+  <meta property="og:title" content="Apache Allura">
+  <meta property="og:site_name" content="Apache Allura">
+  <meta property="og:see_also" content="//allura.apache.org">
+
+  <!--    Twitter Meta Info-->
+  <meta name="twitter:card" content="Allura is an open source implementation of a software forge, a site that manages source code repositories, bug reports, discussions, and more for projects.">
+  <meta name="twitter:url" content="//allura.apache.org">
+  <meta name="twitter:title" content="Apache Allura">
+  <meta name="twitter:description" content="Allura is an open source implementation of a software forge, a site that manages source code repositories, bug reports, discussions, and more for projects.">
+  <meta name="twitter:image" content="//allura.apache.org/theme/img/logo-asf-apache.png">
+
+  <!--    Google+ Meta Info-->
+  <meta itemprop="name" content="Apache Allura">
+  <meta itemprop="description" content="Allura is an open source implementation of a software forge, a site that manages source code repositories, bug reports, discussions, and more for projects.">
+  <meta itemprop="image" content="//allura.apache.org/theme/img/logo-asf-apache.png">
+
+  <link rel="stylesheet" type="text/css" href="//allura.apache.org/theme/css/flex.min.css">
+  <link rel="stylesheet" type="text/css" href="//allura.apache.org/theme/css/style.css">
+          <link rel="stylesheet" type="text/css" href="//allura.apache.org/theme/css/article.css">
+
+
+</head>
+
+<body cz-shortcut-listen="true" class="pg-">
+  <section id="content_wrapper" class="mobile-desktop row">
+    <div id="header" class="row ">
+      <header id="login_header" class="row">
+        <div class="bg-shadow pad-vert-md">
+          <span><h1 class="text-center"><a href="//allura.apache.org">Apache <img src="//allura.apache.org/theme/img/logo_white.png" width="94"> Allura<span class="tm">™</span></a></h1></span>
+          <span></span>
+          <h6 class="text-center">Open source project hosting platform</h6>
+        </div>
+      </header>
+    </div>
+
+    <div class="article-content">
+<div class="row bg-white pad-vert-lg">
+  <div class="row">
+    <h3 class="text-black text-center">Apache Allura 1.8.0 released</h3>
+  </div>
+
+  <div class="post-info text-center">
+    Published:
+    <abbr class="published" title="2018-02-06T00:00:00+00:00">
+      Tue 06 February 2018
+    </abbr>
+    <br>
+    Tagged:
+        <a href="//allura.apache.org/tag/release.html">release</a>
+  </div>
+
+  <div class="row">
+    <div class="col-20 no-float auto-margin">
+      <div class="row">
+        <div class="pad-md text-black"><h4>New Features</h4>
+<p>Apache Allura 1.8.0 has been released.
+It contains a Docker setup for production environments, and improved security and auditing around user logins.
+This release also contains a large number of fixes and smaller improvements.  To see all the details, check out the <a href="https://forge-allura.apache.org/p/allura/git/ci/master/tree/CHANGES">release changelog</a>.</p>
+<h4>Important Security Fix</h4>
+<p>CVE-2018-1299 Apache Allura directory traversal vulnerability</p>
+<p><strong>Versions Affected:</strong><br>Apache Allura 1.7.0 and earlier</p>
+<p><strong>Description:</strong><br>
+Unauthenticated attackers may retrieve arbitrary files through the Allura web
+application.  Some webservers used with Allura, such as Nginx, Apache/mod_wsgi
+or paster may prevent the attack from succeeding.  Others, such as gunicorn do
+not prevent it and leave Allura vulnerable.</p>
+<p><strong>Mitigation:</strong><br>
+Users of vulnerable webservers with Allura should upgrade to Allura 1.8.0
+immediately.</p>
+<p><strong>Credit:</strong><br>
+This issue was discovered by Everardo Padilla Saca</p>
+<h4>Get 1.8.0</h4>
+<p><a href="http://www.apache.org/dyn/closer.cgi/allura/">Download Allura</a> and <a href="https://forge-allura.apache.org/docs/getting_started/installation.html">install it</a> today.</p></div>
+      </div>
+    </div>
+  </div>
+</div>
+</div>
+
+    <div class="row">
+      <footer id="footer" class="bg-black text-white col-24">
+        <p class="copy pad-top-sm text-center">Copyright © 2018 The Apache Software Foundation, Licensed under
+            <a href="http://www.apache.org/licenses/LICENSE-2.0.html">the Apache License, Version 2.0.</a></p>
+        <p class="copy pad-bot-sm text-center">Apache, Allura, Apache Allura, and the Apache feather logo are trademarks of The Apache Software Foundation.</p>
+      </footer>
+    </div>
+  </section>
+
+  <script type="application/javascript" src="//allura.apache.org/theme/js/jquery-1.11.2.min.js"></script>
+  <script type="application/javascript" src="//allura.apache.org/theme/js/frontend.js"></script>
+        <script type="application/javascript" src="//allura.apache.org/theme/js/article.js"></script>
+  <!-- Credits
+
+          Logo Design: Will Leonard
+          http://willleonard.org
+
+          Site design: Perry Merrity
+          http://perrymerrity.com/
+
+          bg-header-forge.jpg
+          Photo by: Stefan Schmitz
+          https://creativecommons.org/licenses/by-nd/2.0
+
+          bg-developers-fire.jpg
+          Photo by: Frédéric Bisson
+          https://creativecommons.org/licenses/by-nd/2.0
+      -->
+</body>
+</html>
\ No newline at end of file