You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@continuum.apache.org by br...@apache.org on 2014/06/13 16:46:47 UTC

svn commit: r1602447 - in /continuum/site: pom.xml src/site/apt/security.apt

Author: brett
Date: Fri Jun 13 14:46:47 2014
New Revision: 1602447

URL: http://svn.apache.org/r1602447
Log:
1.4.2 release

Modified:
    continuum/site/pom.xml
    continuum/site/src/site/apt/security.apt

Modified: continuum/site/pom.xml
URL: http://svn.apache.org/viewvc/continuum/site/pom.xml?rev=1602447&r1=1602446&r2=1602447&view=diff
==============================================================================
--- continuum/site/pom.xml (original)
+++ continuum/site/pom.xml Fri Jun 13 14:46:47 2014
@@ -123,8 +123,8 @@
 
   <properties>
     <checkoutDirectory>site-publish</checkoutDirectory>
-    <gaVersion>1.4.1</gaVersion>
-    <gaDate>7 January 2013</gaDate>
+    <gaVersion>1.4.2</gaVersion>
+    <gaDate>13 June 2014</gaDate>
   </properties>
   <distributionManagement>
     <!-- Site base required here for site:stage to calculate correct URLs -->

Modified: continuum/site/src/site/apt/security.apt
URL: http://svn.apache.org/viewvc/continuum/site/src/site/apt/security.apt?rev=1602447&r1=1602446&r2=1602447&view=diff
==============================================================================
--- continuum/site/src/site/apt/security.apt (original)
+++ continuum/site/src/site/apt/security.apt Fri Jun 13 14:46:47 2014
@@ -31,6 +31,22 @@ Security Vulnerabilities
   For more information about reporting vulnerabilities, see the
   {{{http://www.apache.org/security/} Apache Security Team}} page.
 
+* CVE-2013-2251: Apache Struts Remote Command Execution
+
+  Apache Continuum is affected by a vulnerability in the version of the Struts
+  library being used, which allows a malicious user to run code on the
+  server remotely. More details about the vulnerability can be found at
+  {{http://struts.apache.org/2.3.x/docs/s2-016.html}}.
+
+  Versions Affected:
+
+    * Continuum 1.3.1 to Continuum 1.4.1
+
+    []
+
+  All users are recommended to upgrade to {{{./download.cgi} Continuum
+  1.4.2}}, which are not affected by this issue. 
+
 * CVE-2010-1870: Struts2 remote commands execution
 
   Apache Continuum is affected by a vulnerability in the version of the