You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2019/10/23 13:58:27 UTC
[activemq-website] branch master updated (a111afc -> 8083974)
This is an automated email from the ASF dual-hosted git repository.
clebertsuconic pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-website.git.
from a111afc adding merge scripts similar to artemis (checkout a PR, merge a PR and merge a checked out PR)
new 2b1b59a Revert "Changing security.md to reflect chagnes performed on PR #17"
new 33b61f2 Removing year from security pages to avoid confusion
new 8083974 This closes #19
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
content/components/artemis/security.html | 5 -----
content/components/classic/security.html | 25 ++-----------------------
src/components/artemis/security.md | 3 ---
src/components/classic/security.md | 15 ++-------------
4 files changed, 4 insertions(+), 44 deletions(-)
[activemq-website] 03/03: This closes #19
Posted by cl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
clebertsuconic pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
commit 8083974b9e795add95ccfd13cbb2f6b1126a3bb2
Merge: a111afc 33b61f2
Author: Clebert Suconic <cl...@apache.org>
AuthorDate: Wed Oct 23 09:58:16 2019 -0400
This closes #19
content/components/artemis/security.html | 5 -----
content/components/classic/security.html | 25 ++-----------------------
src/components/artemis/security.md | 3 ---
src/components/classic/security.md | 15 ++-------------
4 files changed, 4 insertions(+), 44 deletions(-)
[activemq-website] 01/03: Revert "Changing security.md to reflect
chagnes performed on PR #17"
Posted by cl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
clebertsuconic pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
commit 2b1b59a7aff4e29a5744a3c22129a74ba0e095e2
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Oct 23 12:38:05 2019 +0100
Revert "Changing security.md to reflect chagnes performed on PR #17"
This reverts commit 561ecfa16c1145ef0977e5fa432e524d21076dba.
---
src/components/classic/security.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/components/classic/security.md b/src/components/classic/security.md
index 4f154b0..c6996f1 100644
--- a/src/components/classic/security.md
+++ b/src/components/classic/security.md
@@ -14,10 +14,11 @@ See the main [Security Advisories](../../security-advisories) page for details f
#### 2018
* [CVE-2018-8006](../../security-advisories.data/CVE-2018-8006-announcement.txt) - ActiveMQ Web Console - Cross-Site Scripting
+* [CVE-2017-15709](../../security-advisories.data/CVE-2017-15709-announcement.txt) - Information Leak
* [CVE-2018-11775](../../security-advisories.data/CVE-2018-11775-announcement.txt) - Missing TLS Hostname Verification
#### 2017
-* [CVE-2017-15709](../../security-advisories.data/CVE-2017-15709-announcement.txt) - Information Leak
+* [CVE-2015-7559](../../security-advisories.data/CVE-2015-7559-announcement.txt) - DoS in client via shutdown command
#### 2016
* [CVE-2016-6810](../../security-advisories.data/CVE-2016-6810-announcement.txt) - ActiveMQ Web Console - Cross-Site Scripting
@@ -26,7 +27,6 @@ See the main [Security Advisories](../../security-advisories) page for details f
* [CVE-2016-3088](../../security-advisories.data/CVE-2016-3088-announcement.txt) - ActiveMQ Fileserver web application vulnerabilities
#### 2015
-* [CVE-2015-7559](../../security-advisories.data/CVE-2015-7559-announcement.txt) - DoS in client via shutdown command
* [CVE-2015-5254](../../security-advisories.data/CVE-2015-5254-announcement.txt) - Unsafe deserialization in ActiveMQ
* [CVE-2015-1830](../../security-advisories.data/CVE-2015-1830-announcement.txt) - Path traversal leading to unauthenticated RCE in ActiveMQ
[activemq-website] 02/03: Removing year from security pages to
avoid confusion
Posted by cl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
clebertsuconic pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
commit 33b61f23ab52c9145bb0f0e6cfbe380df00c950c
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Oct 23 12:44:02 2019 +0100
Removing year from security pages to avoid confusion
---
content/components/artemis/security.html | 5 -----
content/components/classic/security.html | 25 ++-----------------------
src/components/artemis/security.md | 3 ---
src/components/classic/security.md | 11 -----------
4 files changed, 2 insertions(+), 42 deletions(-)
diff --git a/content/components/artemis/security.html b/content/components/artemis/security.html
index 379d260..07be4e2 100644
--- a/content/components/artemis/security.html
+++ b/content/components/artemis/security.html
@@ -96,13 +96,8 @@
<p>See the main <a href="../../security-advisories">Security Advisories</a> page for details for other components and general information such as reporting new security issues.</p>
-<h4 id="2018">2018</h4>
<ul>
<li><a href="../../security-advisories.data/CVE-2017-12174-announcement.txt">CVE-2017-12174</a> - Memory exhaustion via UDP and JGroups discovery</li>
-</ul>
-
-<h4 id="2016">2016</h4>
-<ul>
<li><a href="../../security-advisories.data/CVE-2016-4978-announcement.txt">CVE-2016-4978</a> - Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability</li>
</ul>
diff --git a/content/components/classic/security.html b/content/components/classic/security.html
index d8450a6..b9ac01a 100644
--- a/content/components/classic/security.html
+++ b/content/components/classic/security.html
@@ -96,39 +96,18 @@
<p>See the main <a href="../../security-advisories">Security Advisories</a> page for details for other components and general information such as reporting new security issues.</p>
-<h4 id="2019">2019</h4>
<ul>
<li><a href="../../security-advisories.data/CVE-2019-0222-announcement.txt">CVE-2019-0222</a> - Corrupt MQTT frame can cause broker shutdown</li>
-</ul>
-
-<h4 id="2018">2018</h4>
-<ul>
<li><a href="../../security-advisories.data/CVE-2018-8006-announcement.txt">CVE-2018-8006</a> - ActiveMQ Web Console - Cross-Site Scripting</li>
- <li><a href="../../security-advisories.data/CVE-2018-11775-announcement.txt">CVE-2018-11775</a> - Missing TLS Hostname Verification</li>
-</ul>
-
-<h4 id="2017">2017</h4>
-<ul>
<li><a href="../../security-advisories.data/CVE-2017-15709-announcement.txt">CVE-2017-15709</a> - Information Leak</li>
-</ul>
-
-<h4 id="2016">2016</h4>
-<ul>
+ <li><a href="../../security-advisories.data/CVE-2018-11775-announcement.txt">CVE-2018-11775</a> - Missing TLS Hostname Verification</li>
+ <li><a href="../../security-advisories.data/CVE-2015-7559-announcement.txt">CVE-2015-7559</a> - DoS in client via shutdown command</li>
<li><a href="../../security-advisories.data/CVE-2016-6810-announcement.txt">CVE-2016-6810</a> - ActiveMQ Web Console - Cross-Site Scripting</li>
<li><a href="../../security-advisories.data/CVE-2016-0734-announcement.txt">CVE-2016-0734</a> - ActiveMQ Web Console - Clickjacking</li>
<li><a href="../../security-advisories.data/CVE-2016-0782-announcement.txt">CVE-2016-0782</a> - ActiveMQ Web Console - Cross-Site Scripting</li>
<li><a href="../../security-advisories.data/CVE-2016-3088-announcement.txt">CVE-2016-3088</a> - ActiveMQ Fileserver web application vulnerabilities</li>
-</ul>
-
-<h4 id="2015">2015</h4>
-<ul>
- <li><a href="../../security-advisories.data/CVE-2015-7559-announcement.txt">CVE-2015-7559</a> - DoS in client via shutdown command</li>
<li><a href="../../security-advisories.data/CVE-2015-5254-announcement.txt">CVE-2015-5254</a> - Unsafe deserialization in ActiveMQ</li>
<li><a href="../../security-advisories.data/CVE-2015-1830-announcement.txt">CVE-2015-1830</a> - Path traversal leading to unauthenticated RCE in ActiveMQ </li>
-</ul>
-
-<h4 id="2014">2014</h4>
-<ul>
<li><a href="../../security-advisories.data/CVE-2014-3576-announcement.txt">CVE-2014-3576</a> - Remote Unauthenticated Shutdown of Broker (DoS)</li>
<li><a href="../../security-advisories.data/CVE-2014-3600-announcement.txt">CVE-2014-3600</a> - Apache ActiveMQ XXE with XPath selectors</li>
<li><a href="../../security-advisories.data/CVE-2014-3612-announcement.txt">CVE-2014-3612</a> - ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation</li>
diff --git a/src/components/artemis/security.md b/src/components/artemis/security.md
index f2d495d..b315e8c 100644
--- a/src/components/artemis/security.md
+++ b/src/components/artemis/security.md
@@ -9,8 +9,5 @@ Details of security problems fixed in released versions of Apache ActiveMQ Artem
See the main [Security Advisories](../../security-advisories) page for details for other components and general information such as reporting new security issues.
-#### 2018
* [CVE-2017-12174](../../security-advisories.data/CVE-2017-12174-announcement.txt) - Memory exhaustion via UDP and JGroups discovery
-
-#### 2016
* [CVE-2016-4978](../../security-advisories.data/CVE-2016-4978-announcement.txt) - Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability
diff --git a/src/components/classic/security.md b/src/components/classic/security.md
index c6996f1..34352c6 100644
--- a/src/components/classic/security.md
+++ b/src/components/classic/security.md
@@ -9,28 +9,17 @@ Details of security problems fixed in released versions of Apache ActiveMQ 5.x a
See the main [Security Advisories](../../security-advisories) page for details for other components and general information such as reporting new security issues.
-#### 2019
* [CVE-2019-0222](../../security-advisories.data/CVE-2019-0222-announcement.txt) - Corrupt MQTT frame can cause broker shutdown
-
-#### 2018
* [CVE-2018-8006](../../security-advisories.data/CVE-2018-8006-announcement.txt) - ActiveMQ Web Console - Cross-Site Scripting
* [CVE-2017-15709](../../security-advisories.data/CVE-2017-15709-announcement.txt) - Information Leak
* [CVE-2018-11775](../../security-advisories.data/CVE-2018-11775-announcement.txt) - Missing TLS Hostname Verification
-
-#### 2017
* [CVE-2015-7559](../../security-advisories.data/CVE-2015-7559-announcement.txt) - DoS in client via shutdown command
-
-#### 2016
* [CVE-2016-6810](../../security-advisories.data/CVE-2016-6810-announcement.txt) - ActiveMQ Web Console - Cross-Site Scripting
* [CVE-2016-0734](../../security-advisories.data/CVE-2016-0734-announcement.txt) - ActiveMQ Web Console - Clickjacking
* [CVE-2016-0782](../../security-advisories.data/CVE-2016-0782-announcement.txt) - ActiveMQ Web Console - Cross-Site Scripting
* [CVE-2016-3088](../../security-advisories.data/CVE-2016-3088-announcement.txt) - ActiveMQ Fileserver web application vulnerabilities
-
-#### 2015
* [CVE-2015-5254](../../security-advisories.data/CVE-2015-5254-announcement.txt) - Unsafe deserialization in ActiveMQ
* [CVE-2015-1830](../../security-advisories.data/CVE-2015-1830-announcement.txt) - Path traversal leading to unauthenticated RCE in ActiveMQ
-
-#### 2014
* [CVE-2014-3576](../../security-advisories.data/CVE-2014-3576-announcement.txt) - Remote Unauthenticated Shutdown of Broker (DoS)
* [CVE-2014-3600](../../security-advisories.data/CVE-2014-3600-announcement.txt) - Apache ActiveMQ XXE with XPath selectors
* [CVE-2014-3612](../../security-advisories.data/CVE-2014-3612-announcement.txt) - ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation