You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@archiva.apache.org by br...@apache.org on 2014/04/19 05:53:05 UTC

[1/2] git commit: correct typos

Repository: archiva-site
Updated Branches:
  refs/heads/master 19d6a46ec -> 81e42acad


correct typos


Project: http://git-wip-us.apache.org/repos/asf/archiva-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/archiva-site/commit/14bd480c
Tree: http://git-wip-us.apache.org/repos/asf/archiva-site/tree/14bd480c
Diff: http://git-wip-us.apache.org/repos/asf/archiva-site/diff/14bd480c

Branch: refs/heads/master
Commit: 14bd480c438be3e3037d5495d90e51b57c8af977
Parents: 19d6a46
Author: Brett Porter <br...@apache.org>
Authored: Fri Apr 18 22:07:17 2014 +1000
Committer: Brett Porter <br...@apache.org>
Committed: Fri Apr 18 22:07:17 2014 +1000

----------------------------------------------------------------------
 src/site/xdoc/download.xml.vm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/archiva-site/blob/14bd480c/src/site/xdoc/download.xml.vm
----------------------------------------------------------------------
diff --git a/src/site/xdoc/download.xml.vm b/src/site/xdoc/download.xml.vm
index b938848..f9e3341 100644
--- a/src/site/xdoc/download.xml.vm
+++ b/src/site/xdoc/download.xml.vm
@@ -143,9 +143,9 @@ under the License.
       </subsection>
 
         #if ($archivaLastSerieVersion)
-          <subsection name="Last Release serie 1.3.x: Archiva ${archivaLastSerieVersion}">
+          <subsection name="Last Release series 1.3.x: Archiva ${archivaLastSerieVersion}">
             <p>
-            This is a preview release of the next version of Archiva.
+            This is the previous stable release of Archiva.
             <ul>
               <li><a href="./docs/${archivaLastSerieVersion}/release-notes.html">Release Notes</a></li>
               <li><a href="./known-issues.html">Known Issues and Errata</a></li>

[2/2] git commit: note security issues

Posted by br...@apache.org.

note security issues


Project: http://git-wip-us.apache.org/repos/asf/archiva-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/archiva-site/commit/81e42aca
Tree: http://git-wip-us.apache.org/repos/asf/archiva-site/tree/81e42aca
Diff: http://git-wip-us.apache.org/repos/asf/archiva-site/diff/81e42aca

Branch: refs/heads/master
Commit: 81e42acadcbc937ca671407713b75136f0a9fe46
Parents: 14bd480
Author: Brett Porter <br...@apache.org>
Authored: Fri Apr 18 23:06:41 2014 +1000
Committer: Brett Porter <br...@apache.org>
Committed: Fri Apr 18 23:06:41 2014 +1000

----------------------------------------------------------------------
 src/site/apt/security.apt | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/archiva-site/blob/81e42aca/src/site/apt/security.apt
----------------------------------------------------------------------
diff --git a/src/site/apt/security.apt b/src/site/apt/security.apt
index 870d687..a43f882 100644
--- a/src/site/apt/security.apt
+++ b/src/site/apt/security.apt
@@ -31,6 +31,44 @@ Security Vulnerabilities
   For more information about reporting vulnerabilities, see the
   {{{http://www.apache.org/security/} Apache Security Team}} page.
 
+* CVE-2013-2251: Apache Archiva Remote Command Execution
+
+  Apache Archiva is affected by a vulnerability in the version of the Struts
+  library being used, which allows a malicious user to run code on the
+  server remotely. More details about the vulnerability can be found at
+  {{http://struts.apache.org/2.3.x/docs/s2-016.html}}.
+
+  Versions Affected:
+
+    * Archiva 1.3 to Archiva 1.3.6
+
+  * The unsupported versions Archiva 1.2 to 1.2.2 are also affected.
+
+    []
+
+  All users are recommended to upgrade to {{{./download.cgi} Archiva 2.0.1
+  or Archiva 1.3.8}}, which are not affected by this issue.
+
+  Archiva 2.0.0 and later is not affected by this issue.
+
+* CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability
+
+  A request that included a specially crafted request parameter could be used
+  to inject arbitrary HTML or Javascript into the Archiva home page.
+
+  Versions Affected:
+
+    * Archiva 1.3 to Archiva 1.3.6
+
+  * The unsupported versions Archiva 1.2 to 1.2.2 are also affected.
+
+    []
+
+  All users are recommended to upgrade to {{{./download.cgi} Archiva 2.0.1
+  or Archiva 1.3.8}}, which are not affected by this issue.
+
+  Archiva 2.0.0 and later is not affected by this issue.
+
 * CVE-2010-1870: Struts2 remote commands execution
 
   Apache Archiva is affected by a vulnerability in the version of the Struts