You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by bu...@apache.org on 2013/02/23 16:01:10 UTC
svn commit: r851677 - in /websites/staging/maven/trunk/content: ./
maven-site-1.0-site.jar security.html
Author: buildbot
Date: Sat Feb 23 15:01:10 2013
New Revision: 851677
Log:
Staging update by buildbot for maven
Added:
websites/staging/maven/trunk/content/security.html
Modified:
websites/staging/maven/trunk/content/ (props changed)
websites/staging/maven/trunk/content/maven-site-1.0-site.jar
Propchange: websites/staging/maven/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Feb 23 15:01:10 2013
@@ -1 +1 @@
-1449334
+1449336
Modified: websites/staging/maven/trunk/content/maven-site-1.0-site.jar
==============================================================================
Binary files - no diff available.
Added: websites/staging/maven/trunk/content/security.html
==============================================================================
--- websites/staging/maven/trunk/content/security.html (added)
+++ websites/staging/maven/trunk/content/security.html Sat Feb 23 15:01:10 2013
@@ -0,0 +1,249 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!--
+ | Generated by Apache Maven Doxia at Feb 23, 2013
+ | Rendered using Apache Maven Stylus Skin 1.5
+-->
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <title>Maven - Security Vulnerabilities</title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
+ <meta name="Date-Revision-yyyymmdd" content="20130223" />
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+
+<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
+
+<script type="text/javascript">_uacct = "UA-140879-1";
+ urchinTracker();</script>
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="./" id="bannerLeft">
+ <img src="images/apache-maven-project-2.png" alt="" />
+ </a>
+ <span id="bannerRight">
+ <img src="images/maven-logo-2.gif" alt="" />
+ </span>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+
+ <div class="xleft">
+ <a href="http://www.apache.org/" class="externalLink">Apache</a>
+ >
+ <a href="index.html">Maven</a>
+ >
+ Security Vulnerabilities
+ </div>
+ <div class="xright">
+ Last Published: 2013-02-23
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+
+ <h5>Main</h5>
+ <ul>
+ <li class="none">
+ <a href="index.html">Welcome</a>
+ </li>
+ </ul>
+ <h5>Get Maven</h5>
+ <ul>
+ <li class="none">
+ <a href="download.html">Download</a>
+ </li>
+ <li class="none">
+ <a href="docs/3.0.5/release-notes.html">Release Notes (3.0.5)</a>
+ </li>
+ <li class="none">
+ <a href="docs/2.2.1/release-notes.html">Release Notes (2.2.1)</a>
+ </li>
+ <li class="none">
+ <a href="docs/2.0.11/release-notes.html">Release Notes (2.0.11)</a>
+ </li>
+ <li class="none">
+ <a href="license.html">License</a>
+ </li>
+ </ul>
+ <h5>IDE Integration</h5>
+ <ul>
+ <li class="none">
+ <a href="eclipse-plugin.html">Eclipse</a>
+ </li>
+ <li class="none">
+ <a href="netbeans-module.html">NetBeans</a>
+ </li>
+ </ul>
+ <h5>About Maven</h5>
+ <ul>
+ <li class="none">
+ <a href="what-is-maven.html">What is Maven?</a>
+ </li>
+ <li class="none">
+ <a href="maven-features.html">Features</a>
+ </li>
+ <li class="none">
+ <a href="general.html">FAQ (official)</a>
+ </li>
+ <li class="none">
+ <a href="http://docs.codehaus.org/display/MAVENUSER/FAQs-1" class="externalLink">FAQ (unofficial)</a>
+ </li>
+ </ul>
+ <h5>Documentation</h5>
+ <ul>
+ <li class="none">
+ <a href="plugins/index.html">Maven Plugins</a>
+ </li>
+ <li class="none">
+ <a href="guides/index.html">Index (category)</a>
+ </li>
+ <li class="none">
+ <a href="run-maven/index.html">Running Maven</a>
+ </li>
+ <li class="collapsed">
+ <a href="users/index.html">User Centre</a>
+ </li>
+ <li class="collapsed">
+ <a href="plugin-developers/index.html">Plugin Developer Centre</a>
+ </li>
+ <li class="none">
+ <a href="repository/index.html">Maven Repository Centre</a>
+ </li>
+ <li class="none">
+ <a href="developers/index.html">Maven Developer Centre</a>
+ </li>
+ <li class="none">
+ <a href="articles.html">Books and Resources</a>
+ </li>
+ <li class="none">
+ <a href="http://docs.codehaus.org/display/MAVENUSER/Home" class="externalLink">Wiki</a>
+ </li>
+ </ul>
+ <h5>Community</h5>
+ <ul>
+ <li class="none">
+ <a href="community.html">Community Overview</a>
+ </li>
+ <li class="none">
+ <a href="guides/development/guide-helping.html">How to Contribute</a>
+ </li>
+ <li class="none">
+ <a href="guides/mini/guide-maven-evangelism.html">Maven Repository</a>
+ </li>
+ <li class="none">
+ <a href="users/getting-help.html">Getting Help</a>
+ </li>
+ <li class="none">
+ <a href="issue-tracking.html">Issue Tracking</a>
+ </li>
+ <li class="none">
+ <a href="source-repository.html">Source Repository</a>
+ </li>
+ <li class="none">
+ <a href="team-list.html">The Maven Team</a>
+ </li>
+ </ul>
+ <h5>Project Documentation</h5>
+ <ul>
+ <li class="collapsed">
+ <a href="project-info.html">Project Information</a>
+ </li>
+ </ul>
+ <h5>Maven Projects</h5>
+ <ul>
+ <li class="none">
+ <a href="ant-tasks/index.html">Ant Tasks</a>
+ </li>
+ <li class="none">
+ <a href="archetype/index.html">Archetype</a>
+ </li>
+ <li class="none">
+ <a href="doxia/index.html">Doxia</a>
+ </li>
+ <li class="none">
+ <a href="jxr/index.html">JXR</a>
+ </li>
+ <li class="none">
+ <a href="maven-1.x/index.html">Maven 1.x</a>
+ </li>
+ <li class="none">
+ <a href="index.html">Maven 2 & 3</a>
+ </li>
+ <li class="none">
+ <a href="pom/index.html">Parent POMs</a>
+ </li>
+ <li class="none">
+ <a href="plugins/index.html">Plugins</a>
+ </li>
+ <li class="none">
+ <a href="plugin-tools/index.html">Plugin Tools</a>
+ </li>
+ <li class="none">
+ <a href="scm/index.html">SCM</a>
+ </li>
+ <li class="none">
+ <a href="shared/index.html">Shared Components</a>
+ </li>
+ <li class="none">
+ <a href="skins/index.html">Skins</a>
+ </li>
+ <li class="none">
+ <a href="surefire/index.html">Surefire</a>
+ </li>
+ <li class="none">
+ <a href="wagon/index.html">Wagon</a>
+ </li>
+ </ul>
+ <h5>ASF</h5>
+ <ul>
+ <li class="none">
+ <a href="http://www.apache.org/foundation/how-it-works.html" class="externalLink">How Apache Works</a>
+ </li>
+ <li class="none">
+ <a href="http://www.apache.org/foundation/" class="externalLink">Foundation</a>
+ </li>
+ <li class="none">
+ <a href="http://www.apache.org/foundation/sponsorship.html" class="externalLink">Sponsoring Apache</a>
+ </li>
+ <li class="none">
+ <a href="http://www.apache.org/foundation/thanks.html" class="externalLink">Thanks</a>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
+ <img alt="Built by Maven" src="./images/logos/maven-feather.png"/>
+ </a>
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+ <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/g
uide-apt-format.html --><div class="section"><h2>Security Vulnerabilities<a name="Security_Vulnerabilities"></a></h2><p>Please note that binary patches are not produced for individual vulnerabilities. To obtain the binary fix for a particular vulnerability you should upgrade to an Apache Maven version where that vulnerability has been fixed.</p><p>For more information about reporting vulnerabilities, see the <a class="externalLink" href="http://www.apache.org/security/"> Apache Security Team</a> page.</p><div class="section"><h3>CVE-2013-0253 Apache Maven<a name="CVE-2013-0253_Apache_Maven"></a></h3><p>Severity: Medium</p><p>Vendor: The Apache Software Foundation</p><p>Versions Affected:</p><ul><li>Apache Maven 3.0.4</li><li>Apache Maven Wagon 2.1, 2.2, 2.3</li></ul><p>Description: Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL certificate checking, including: host name verification , date validity
, and certificate chain. Not validating the certificate introduces the possibility of a man-in-the-middle attack.</p><p>All users are recommended to upgrade to <a href="./download.cgi"> Apache Maven 3.0.5</a> and Apache Maven Wagon 2.4.</p><p>Credit This issue was identified by Graham Leggett</p></div></div>
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">
+ © 2002-2013
+ The Apache Software Foundation
+
+ - <a href="http://maven.apache.org/privacy-policy.html">Privacy Policy</a>.
+ Apache Maven, Maven, Apache, the Apache feather logo, and the Apache Maven project logos are trademarks of The Apache Software Foundation.
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>