You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by al...@apache.org on 2018/02/09 14:05:42 UTC

juddi git commit: NOJIRA updating site docs, fixing CLI packaging type, previous was a bundle which causes issues build issues

Repository: juddi
Updated Branches:
  refs/heads/master 94da72a84 -> b5ded210e


NOJIRA updating site docs, fixing CLI packaging type, previous was a bundle which causes issues build issues


Project: http://git-wip-us.apache.org/repos/asf/juddi/repo
Commit: http://git-wip-us.apache.org/repos/asf/juddi/commit/b5ded210
Tree: http://git-wip-us.apache.org/repos/asf/juddi/tree/b5ded210
Diff: http://git-wip-us.apache.org/repos/asf/juddi/diff/b5ded210

Branch: refs/heads/master
Commit: b5ded210ebeafee19608ebb26aba0af0ed363002
Parents: 94da72a
Author: Alex O'Ree <al...@apache.org>
Authored: Fri Feb 9 09:05:40 2018 -0500
Committer: Alex O'Ree <al...@apache.org>
Committed: Fri Feb 9 09:05:40 2018 -0500

----------------------------------------------------------------------
 juddi-client-cli/pom.xml      |  2 +-
 src/site/markdown/security.md | 23 ++++++++++++++++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/juddi/blob/b5ded210/juddi-client-cli/pom.xml
----------------------------------------------------------------------
diff --git a/juddi-client-cli/pom.xml b/juddi-client-cli/pom.xml
index 87c004e..6903358 100644
--- a/juddi-client-cli/pom.xml
+++ b/juddi-client-cli/pom.xml
@@ -25,7 +25,7 @@
     <groupId>org.apache.juddi</groupId>
     <artifactId>juddi-client-cli</artifactId>
     <version>3.3.6-SNAPSHOT</version>
-    <packaging>bundle</packaging>
+    <packaging>jar</packaging>
 
     <name>jUDDI CLI Client</name>
     <url>http://maven.apache.org</url>

http://git-wip-us.apache.org/repos/asf/juddi/blob/b5ded210/src/site/markdown/security.md
----------------------------------------------------------------------
diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md
index 348d752..54f4c50 100644
--- a/src/site/markdown/security.md
+++ b/src/site/markdown/security.md
@@ -2,7 +2,28 @@ Title: Security Advisories
 
 ## Security Advisories for Apache jUDDI
 
-### CVEID:CVE-2015-5241
+### CVEID : [CVE-2009-4267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267)
+
+VERSION:  3.0.0
+
+PROBLEMTYPE: Information Disclosure
+
+REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267
+
+DISCRIPTION: The jUDDI console doesn't escape line feeds that were passed in the numRows parameter. This affects log integrity, as this allows authenticated users to forge log records.
+
+Severity: Moderate
+
+Mitigation:
+
+3.0.0 users should upgrade to jUDDI 3.0.1 or newer
+
+Credit:
+
+This issue was discovered by Marc Schoenefeld of Red Hat Software.
+
+
+### CVEID: [CVE-2015-5241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5241)
 
 VERSION: 3.1.2, 3.1.3, 3.1.4, and 3.1.5 that utilize the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org