You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2018/02/06 17:54:01 UTC
allura-site git commit: missed files in 1.8.0 release commit
Repository: allura-site
Updated Branches:
refs/heads/asf-site 86ab4a248 -> 96a75964c
missed files in 1.8.0 release commit
Project: http://git-wip-us.apache.org/repos/asf/allura-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura-site/commit/96a75964
Tree: http://git-wip-us.apache.org/repos/asf/allura-site/tree/96a75964
Diff: http://git-wip-us.apache.org/repos/asf/allura-site/diff/96a75964
Branch: refs/heads/asf-site
Commit: 96a75964c8af4238971515a5a4ccb61da2f40fa5
Parents: 86ab4a2
Author: Dave Brondsema <da...@brondsema.net>
Authored: Tue Feb 6 12:53:58 2018 -0500
Committer: Dave Brondsema <da...@brondsema.net>
Committed: Tue Feb 6 12:53:58 2018 -0500
----------------------------------------------------------------------
_src/content/2018-allura-1.8.0.md | 34 +++++++++
posts/2018-allura-1.8.0.html | 125 +++++++++++++++++++++++++++++++++
2 files changed, 159 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura-site/blob/96a75964/_src/content/2018-allura-1.8.0.md
----------------------------------------------------------------------
diff --git a/_src/content/2018-allura-1.8.0.md b/_src/content/2018-allura-1.8.0.md
new file mode 100644
index 0000000..96bb674
--- /dev/null
+++ b/_src/content/2018-allura-1.8.0.md
@@ -0,0 +1,34 @@
+Title: Apache Allura 1.8.0 released
+Date: 2018-02-06
+Tags: release
+Slug: allura-1.8.0
+Summary: Version 1.8.0 of Allura released, with many fixes & improvements and a critical security fix.
+
+#### New Features
+
+Apache Allura 1.8.0 has been released.
+It contains a Docker setup for production environments, and improved security and auditing around user logins.
+This release also contains a large number of fixes and smaller improvements. To see all the details, check out the [release changelog](https://forge-allura.apache.org/p/allura/git/ci/master/tree/CHANGES).
+
+#### Important Security Fix
+
+CVE-2018-1299 Apache Allura directory traversal vulnerability
+
+**Versions Affected:**<br>Apache Allura 1.7.0 and earlier
+
+**Description:**<br>
+Unauthenticated attackers may retrieve arbitrary files through the Allura web
+application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi
+or paster may prevent the attack from succeeding. Others, such as gunicorn do
+not prevent it and leave Allura vulnerable.
+
+**Mitigation:**<br>
+Users of vulnerable webservers with Allura should upgrade to Allura 1.8.0
+immediately.
+
+**Credit:**<br>
+This issue was discovered by Everardo Padilla Saca
+
+#### Get 1.8.0
+
+[Download Allura](http://www.apache.org/dyn/closer.cgi/allura/) and [install it](https://forge-allura.apache.org/docs/getting_started/installation.html) today.
http://git-wip-us.apache.org/repos/asf/allura-site/blob/96a75964/posts/2018-allura-1.8.0.html
----------------------------------------------------------------------
diff --git a/posts/2018-allura-1.8.0.html b/posts/2018-allura-1.8.0.html
new file mode 100644
index 0000000..7e865c7
--- /dev/null
+++ b/posts/2018-allura-1.8.0.html
@@ -0,0 +1,125 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <title> Apache Allura 1.8.0 released
+</title>
+ <meta charset="utf-8">
+ <meta name="description" content="Allura is an open source implementation of a software forge, a site that manages source code repositories, bug reports, discussions, and more for projects.">
+ <meta name="keywords" content="">
+ <meta name="author" content="">
+ <link rel="canonical" href="//allura.apache.org">
+
+ <!-- Facebook Meta Info-->
+ <meta property="og:url" content="//allura.apache.org">
+ <meta property="og:image" content="//allura.apache.org/theme/img/logo-asf-apache.png">
+ <meta property="og:description" content="Allura is an open source implementation of a software forge, a site that manages source code repositories, bug reports, discussions, and more for projects.">
+ <meta property="og:title" content="Apache Allura">
+ <meta property="og:site_name" content="Apache Allura">
+ <meta property="og:see_also" content="//allura.apache.org">
+
+ <!-- Twitter Meta Info-->
+ <meta name="twitter:card" content="Allura is an open source implementation of a software forge, a site that manages source code repositories, bug reports, discussions, and more for projects.">
+ <meta name="twitter:url" content="//allura.apache.org">
+ <meta name="twitter:title" content="Apache Allura">
+ <meta name="twitter:description" content="Allura is an open source implementation of a software forge, a site that manages source code repositories, bug reports, discussions, and more for projects.">
+ <meta name="twitter:image" content="//allura.apache.org/theme/img/logo-asf-apache.png">
+
+ <!-- Google+ Meta Info-->
+ <meta itemprop="name" content="Apache Allura">
+ <meta itemprop="description" content="Allura is an open source implementation of a software forge, a site that manages source code repositories, bug reports, discussions, and more for projects.">
+ <meta itemprop="image" content="//allura.apache.org/theme/img/logo-asf-apache.png">
+
+ <link rel="stylesheet" type="text/css" href="//allura.apache.org/theme/css/flex.min.css">
+ <link rel="stylesheet" type="text/css" href="//allura.apache.org/theme/css/style.css">
+ <link rel="stylesheet" type="text/css" href="//allura.apache.org/theme/css/article.css">
+
+
+</head>
+
+<body cz-shortcut-listen="true" class="pg-">
+ <section id="content_wrapper" class="mobile-desktop row">
+ <div id="header" class="row ">
+ <header id="login_header" class="row">
+ <div class="bg-shadow pad-vert-md">
+ <span><h1 class="text-center"><a href="//allura.apache.org">Apache <img src="//allura.apache.org/theme/img/logo_white.png" width="94"> Allura<span class="tm">™</span></a></h1></span>
+ <span></span>
+ <h6 class="text-center">Open source project hosting platform</h6>
+ </div>
+ </header>
+ </div>
+
+ <div class="article-content">
+<div class="row bg-white pad-vert-lg">
+ <div class="row">
+ <h3 class="text-black text-center">Apache Allura 1.8.0 released</h3>
+ </div>
+
+ <div class="post-info text-center">
+ Published:
+ <abbr class="published" title="2018-02-06T00:00:00+00:00">
+ Tue 06 February 2018
+ </abbr>
+ <br>
+ Tagged:
+ <a href="//allura.apache.org/tag/release.html">release</a>
+ </div>
+
+ <div class="row">
+ <div class="col-20 no-float auto-margin">
+ <div class="row">
+ <div class="pad-md text-black"><h4>New Features</h4>
+<p>Apache Allura 1.8.0 has been released.
+It contains a Docker setup for production environments, and improved security and auditing around user logins.
+This release also contains a large number of fixes and smaller improvements. To see all the details, check out the <a href="https://forge-allura.apache.org/p/allura/git/ci/master/tree/CHANGES">release changelog</a>.</p>
+<h4>Important Security Fix</h4>
+<p>CVE-2018-1299 Apache Allura directory traversal vulnerability</p>
+<p><strong>Versions Affected:</strong><br>Apache Allura 1.7.0 and earlier</p>
+<p><strong>Description:</strong><br>
+Unauthenticated attackers may retrieve arbitrary files through the Allura web
+application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi
+or paster may prevent the attack from succeeding. Others, such as gunicorn do
+not prevent it and leave Allura vulnerable.</p>
+<p><strong>Mitigation:</strong><br>
+Users of vulnerable webservers with Allura should upgrade to Allura 1.8.0
+immediately.</p>
+<p><strong>Credit:</strong><br>
+This issue was discovered by Everardo Padilla Saca</p>
+<h4>Get 1.8.0</h4>
+<p><a href="http://www.apache.org/dyn/closer.cgi/allura/">Download Allura</a> and <a href="https://forge-allura.apache.org/docs/getting_started/installation.html">install it</a> today.</p></div>
+ </div>
+ </div>
+ </div>
+</div>
+</div>
+
+ <div class="row">
+ <footer id="footer" class="bg-black text-white col-24">
+ <p class="copy pad-top-sm text-center">Copyright © 2018 The Apache Software Foundation, Licensed under
+ <a href="http://www.apache.org/licenses/LICENSE-2.0.html">the Apache License, Version 2.0.</a></p>
+ <p class="copy pad-bot-sm text-center">Apache, Allura, Apache Allura, and the Apache feather logo are trademarks of The Apache Software Foundation.</p>
+ </footer>
+ </div>
+ </section>
+
+ <script type="application/javascript" src="//allura.apache.org/theme/js/jquery-1.11.2.min.js"></script>
+ <script type="application/javascript" src="//allura.apache.org/theme/js/frontend.js"></script>
+ <script type="application/javascript" src="//allura.apache.org/theme/js/article.js"></script>
+ <!-- Credits
+
+ Logo Design: Will Leonard
+ http://willleonard.org
+
+ Site design: Perry Merrity
+ http://perrymerrity.com/
+
+ bg-header-forge.jpg
+ Photo by: Stefan Schmitz
+ https://creativecommons.org/licenses/by-nd/2.0
+
+ bg-developers-fire.jpg
+ Photo by: Frédéric Bisson
+ https://creativecommons.org/licenses/by-nd/2.0
+ -->
+</body>
+</html>
\ No newline at end of file