You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by br...@apache.org on 2011/02/15 14:15:34 UTC

svn commit: r1070880 - in /archiva/site: pom.xml src/site/apt/security.apt src/site/apt/versions.apt.vm

Author: brett
Date: Tue Feb 15 13:15:33 2011
New Revision: 1070880

URL: http://svn.apache.org/viewvc?rev=1070880&view=rev
Log:
update released versions

Modified:
    archiva/site/pom.xml
    archiva/site/src/site/apt/security.apt
    archiva/site/src/site/apt/versions.apt.vm

Modified: archiva/site/pom.xml
URL: http://svn.apache.org/viewvc/archiva/site/pom.xml?rev=1070880&r1=1070879&r2=1070880&view=diff
==============================================================================
--- archiva/site/pom.xml (original)
+++ archiva/site/pom.xml Tue Feb 15 13:15:33 2011
@@ -103,10 +103,11 @@
     </site>
   </distributionManagement>
   <properties>
-    <archivaReleaseVersion>1.3.3</archivaReleaseVersion>
-    <archivaReleaseDate>20 December 2010</archivaReleaseDate>
-    <supportedVersions>1.3.2</supportedVersions>
-    <unsupportedVersions>1.3.1,1.3,1.2.2,1.2.1,1.2,1.1.3,1.1.2,1.1.1,1.1,1.0.2,1.0.1,1.0</unsupportedVersions>
+    <archivaReleaseVersion>1.3.4</archivaReleaseVersion>
+    <archivaReleaseDate>15 February 2011</archivaReleaseDate>
+    <supportedVersions></supportedVersions>
+    <!-- Dropped 1.2.x support in December 2010. 1.3 - 1.3.3 unsupported due to sec. vulnerability -->
+    <unsupportedVersions>1.3.3,1.3.2,1.3.1,1.3,1.2.2,1.2.1,1.2,1.1.3,1.1.2,1.1.1,1.1,1.0.2,1.0.1,1.0</unsupportedVersions>
   </properties>
   <profiles>
     <profile>

Modified: archiva/site/src/site/apt/security.apt
URL: http://svn.apache.org/viewvc/archiva/site/src/site/apt/security.apt?rev=1070880&r1=1070879&r2=1070880&view=diff
==============================================================================
--- archiva/site/src/site/apt/security.apt (original)
+++ archiva/site/src/site/apt/security.apt Tue Feb 15 13:15:33 2011
@@ -28,7 +28,21 @@ Security Vulnerabilities
   Please note that binary patches are not produced for individual vulnerabilities. To obtain the binary fix for a particular 
   vulnerability you should upgrade to an Apache Archiva version where that vulnerability has been fixed.
 
-* CSRF Vulnerability (CVE-2010-3449)
+* CVE-2011-0533: Apache Archiva cross-site scripting vulnerability
+
+  A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the
+  Archiva user management page. This fix is available in version {{{./download.html} 1.3.4}} of Apache Archiva. All users must
+  upgrade to this version (or higher).
+
+  Versions Affected:
+
+    * Archiva 1.3 - 1.3.3
+
+    * The unsupported versions Archiva 1.0 - 1.2.2 are also affected.
+    
+    []
+
+* CVE-2010-3449: Apache Archiva CSRF Vulnerability
 
   Apache Archiva doesn't check which form sends credentials. An attacker can create a specially crafted page and force
   archiva administrators to view it and change their credentials. To fix this, a referrer check was added to the security
@@ -36,4 +50,15 @@ Security Vulnerabilities
   in place. This fix is available in version {{{./download.html} 1.3.2}} of Apache Archiva. All users must upgrade to this
   version (or higher).
 
+  Versions Affected:
+
+    * Archiva 1.3 to 1.3.1
+
+    * Archiva 1.2 to 1.2.2 (end of life)
+
+    * Archiva 1.1 to 1.1.4 (end of life)
+
+    * Archiva 1.0 to 1.0.3 (end of life)
+
+    []
 

Modified: archiva/site/src/site/apt/versions.apt.vm
URL: http://svn.apache.org/viewvc/archiva/site/src/site/apt/versions.apt.vm?rev=1070880&r1=1070879&r2=1070880&view=diff
==============================================================================
--- archiva/site/src/site/apt/versions.apt.vm (original)
+++ archiva/site/src/site/apt/versions.apt.vm Tue Feb 15 13:15:33 2011
@@ -20,6 +20,7 @@ Archiva Documentation
 
 ~~ TODO: have more specific links than Documentation, and find a better link for developer reference
 
+#if (!$supportedVersions.isEmpty())
 * Previous Stable Releases
 
 *------------+-------------------------------------------------+-----------------------------------------+----------------------------------------------------+
@@ -27,6 +28,7 @@ Archiva Documentation
 | $v | {{{./docs/$v/release-notes.html} Release Notes}} | {{{./docs/$v/learn.html} Documentation}} | {{{./ref/$v/index.html} Developer Reference}} |
 *------------+-------------------------------------------------+-----------------------------------------+----------------------------------------------------+
 #end
+#end
 
 * Unsupported Releases