You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by ds...@apache.org on 2021/12/15 21:49:01 UTC
svn commit: r1896010 - in /subversion/site/publish: index.html news.html
Author: dsahlberg
Date: Wed Dec 15 21:49:01 2021
New Revision: 1896010
URL: http://svn.apache.org/viewvc?rev=1896010&view=rev
Log:
In site/publish: Add news item about non-vulnerability to CVE-2021-44228
* index.html
* news.html
Modified:
subversion/site/publish/index.html
subversion/site/publish/news.html
Modified: subversion/site/publish/index.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/index.html?rev=1896010&r1=1896009&r2=1896010&view=diff
==============================================================================
--- subversion/site/publish/index.html (original)
+++ subversion/site/publish/index.html Wed Dec 15 21:49:01 2021
@@ -70,6 +70,30 @@
<!-- In general, we'll keep only the most recent 3 or 4 news items here. -->
+<div class="h3" id="news-20211215">
+<h3>2021-12-15 — Subversion NOT affected by not affected by
+CVE-2021-44228 (Log4Shell)
+<a class="sectionlink" href="#news-20211215"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>Subversion is not based on Java and does not depend on the vulnerable
+ Apache Log4j library.</p>
+
+<p>Subversion provides language bindings for Java ("JavaHL") but this code
+ does not depend on the Apache Log4j library.</p>
+
+<p>However depending on your installation there may be related components
+ that are vulnerable:
+ <li>Some vendors provide Java based web interfaces bundled with their
+ Subversion distribution. Please check your vendor's information to
+ verify if you are vulnerable.</li>
+ <li>It is possible to write repository hooks in Java. These hooks are
+ written by the repository administrator.</li>
+</p>
+
+</div> <!-- #news-20210526 -->
+
<div class="h3" id="news-20210526">
<h3>2021-05-26 — IRC migration to libera.chat
<a class="sectionlink" href="#news-20210526"
Modified: subversion/site/publish/news.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/news.html?rev=1896010&r1=1896009&r2=1896010&view=diff
==============================================================================
--- subversion/site/publish/news.html (original)
+++ subversion/site/publish/news.html Wed Dec 15 21:49:01 2021
@@ -26,6 +26,30 @@
<!-- Maybe we could insert H2's to split up the news items by -->
<!-- calendar year if we felt the need to do so. -->
+<div class="h3" id="news-20211215">
+<h3>2021-12-15 — Subversion NOT affected by not affected by
+CVE-2021-44228 (Log4Shell)
+<a class="sectionlink" href="#news-20211215"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>Subversion is not based on Java and does not depend on the vulnerable
+ Apache Log4j library.</p>
+
+<p>Subversion provides language bindings for Java ("JavaHL") but this code
+ does not depend on the Apache Log4j library.</p>
+
+<p>However depending on your installation there may be related components
+ that are vulnerable:
+ <li>Some vendors provide Java based web interfaces bundled with their
+ Subversion distribution. Please check your vendor's information to
+ verify if you are vulnerable.</li>
+ <li>It is possible to write repository hooks in Java. These hooks are
+ written by the repository administrator.</li>
+</p>
+
+</div> <!-- #news-20210526 -->
+
<div class="h3" id="news-20210526">
<h3>2021-05-26 — IRC migration to libera.chat
<a class="sectionlink" href="#news-20210526"