You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ma...@apache.org on 2021/12/19 10:17:37 UTC
[archiva-site] branch master updated (0cb97ae -> 7317d9b)
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-site.git.
from 0cb97ae Updating release docu and download page
new 19f2dd9 Adding new security information
new 7317d9b Adding release information
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/site/apt/security.apt | 8 ++++++++
src/site/xdoc/index.xml.vm | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
[archiva-site] 01/02: Adding new security information
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-site.git
commit 19f2dd9a5767fec50695ca784445e5581078619b
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Sun Dec 19 11:15:27 2021 +0100
Adding new security information
---
src/site/apt/security.apt | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/site/apt/security.apt b/src/site/apt/security.apt
index 136004d..3b6a113 100644
--- a/src/site/apt/security.apt
+++ b/src/site/apt/security.apt
@@ -36,6 +36,14 @@ Security Vulnerabilities
%{toc|fromDepth=2|toDepth=2}
+* {CVE-2021-45105}: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
+
+ This may be used by attackers, if users changed the default Archiva log4j2.xml configuration.
+
+* {CVE-2021-45046}: Apache log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations
+
+ This may be used by attackers, if users changed the default Archiva log4j2.xml configuration.
+
* {CVE-2021-44228}: Apache log4j2 is vulnerable to remote code execution
As mentioned in this CVE Apache log4j2 libraries are vulnerable to remote code execution.
[archiva-site] 02/02: Adding release information
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-site.git
commit 7317d9bb85315961339665f7796a59c86e6e2c7c
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Sun Dec 19 11:17:21 2021 +0100
Adding release information
---
src/site/xdoc/index.xml.vm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/site/xdoc/index.xml.vm b/src/site/xdoc/index.xml.vm
index bef065d..226b723 100644
--- a/src/site/xdoc/index.xml.vm
+++ b/src/site/xdoc/index.xml.vm
@@ -40,7 +40,7 @@
<div class="hero-unit">
<span class="bignumber badge badge-warning">NEW</span>
<p><strong>${archivaReleaseDate}: The new Apache Archiva release version ${archivaReleaseVersion} is ready for download <a href="http://archiva.apache.org/download.html"/> </strong>.
- This is a security fix release. Please have a look at the <a href="http://archiva.apache.org/docs/${archivaReleaseVersion}/release-notes.html">release notes</a> for further information.
+ This is a bugfix release. Please have a look at the <a href="http://archiva.apache.org/docs/${archivaReleaseVersion}/release-notes.html">release notes</a> for further information.
As this release contains <strong>security fixes</strong>, we recommend to update to the new version immediately. </p>
</div>
</div>