You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by al...@apache.org on 2018/02/09 14:05:42 UTC
juddi git commit: NOJIRA updating site docs, fixing CLI packaging type,
previous was a bundle which causes issues build issues
Repository: juddi
Updated Branches:
refs/heads/master 94da72a84 -> b5ded210e
NOJIRA updating site docs, fixing CLI packaging type, previous was a bundle which causes issues build issues
Project: http://git-wip-us.apache.org/repos/asf/juddi/repo
Commit: http://git-wip-us.apache.org/repos/asf/juddi/commit/b5ded210
Tree: http://git-wip-us.apache.org/repos/asf/juddi/tree/b5ded210
Diff: http://git-wip-us.apache.org/repos/asf/juddi/diff/b5ded210
Branch: refs/heads/master
Commit: b5ded210ebeafee19608ebb26aba0af0ed363002
Parents: 94da72a
Author: Alex O'Ree <al...@apache.org>
Authored: Fri Feb 9 09:05:40 2018 -0500
Committer: Alex O'Ree <al...@apache.org>
Committed: Fri Feb 9 09:05:40 2018 -0500
----------------------------------------------------------------------
juddi-client-cli/pom.xml | 2 +-
src/site/markdown/security.md | 23 ++++++++++++++++++++++-
2 files changed, 23 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/juddi/blob/b5ded210/juddi-client-cli/pom.xml
----------------------------------------------------------------------
diff --git a/juddi-client-cli/pom.xml b/juddi-client-cli/pom.xml
index 87c004e..6903358 100644
--- a/juddi-client-cli/pom.xml
+++ b/juddi-client-cli/pom.xml
@@ -25,7 +25,7 @@
<groupId>org.apache.juddi</groupId>
<artifactId>juddi-client-cli</artifactId>
<version>3.3.6-SNAPSHOT</version>
- <packaging>bundle</packaging>
+ <packaging>jar</packaging>
<name>jUDDI CLI Client</name>
<url>http://maven.apache.org</url>
http://git-wip-us.apache.org/repos/asf/juddi/blob/b5ded210/src/site/markdown/security.md
----------------------------------------------------------------------
diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md
index 348d752..54f4c50 100644
--- a/src/site/markdown/security.md
+++ b/src/site/markdown/security.md
@@ -2,7 +2,28 @@ Title: Security Advisories
## Security Advisories for Apache jUDDI
-### CVEID:CVE-2015-5241
+### CVEID : [CVE-2009-4267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267)
+
+VERSION: 3.0.0
+
+PROBLEMTYPE: Information Disclosure
+
+REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267
+
+DISCRIPTION: The jUDDI console doesn't escape line feeds that were passed in the numRows parameter. This affects log integrity, as this allows authenticated users to forge log records.
+
+Severity: Moderate
+
+Mitigation:
+
+3.0.0 users should upgrade to jUDDI 3.0.1 or newer
+
+Credit:
+
+This issue was discovered by Marc Schoenefeld of Red Hat Software.
+
+
+### CVEID: [CVE-2015-5241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5241)
VERSION: 3.1.2, 3.1.3, 3.1.4, and 3.1.5 that utilize the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org