You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@james.apache.org by bt...@apache.org on 2022/09/15 10:21:05 UTC

[james-project] branch master updated: [CHANGELOG] Mention CVE-2022-28220 STARTTLS command injection in Apache JAMES (#1188)

This is an automated email from the ASF dual-hosted git repository.

btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git


The following commit(s) were added to refs/heads/master by this push:
     new 670dd9da47 [CHANGELOG] Mention CVE-2022-28220 STARTTLS command injection in Apache JAMES (#1188)
670dd9da47 is described below

commit 670dd9da473820112b9b587fdc8056a3affbef0a
Author: Benoit TELLIER <bt...@linagora.com>
AuthorDate: Thu Sep 15 12:21:00 2022 +0200

    [CHANGELOG] Mention CVE-2022-28220 STARTTLS command injection in Apache JAMES (#1188)
---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9a710b281f..1953b6a32e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -155,6 +155,10 @@ Multiple performance enhancements for Distributed server mailbox, IMAP, SMTP and
 
 ## [3.7.1] - 2022-08-26
 
+### Security
+
+This release fixes CVE-2022-28220 `STARTTLS command injection in Apache JAMES`.
+
 ### Changes
 
  - [UPGRADE] Adopt MIME4J 0.8.7 (#961)


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org