You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by br...@apache.org on 2011/02/15 14:15:34 UTC
svn commit: r1070880 - in /archiva/site: pom.xml src/site/apt/security.apt
src/site/apt/versions.apt.vm
Author: brett
Date: Tue Feb 15 13:15:33 2011
New Revision: 1070880
URL: http://svn.apache.org/viewvc?rev=1070880&view=rev
Log:
update released versions
Modified:
archiva/site/pom.xml
archiva/site/src/site/apt/security.apt
archiva/site/src/site/apt/versions.apt.vm
Modified: archiva/site/pom.xml
URL: http://svn.apache.org/viewvc/archiva/site/pom.xml?rev=1070880&r1=1070879&r2=1070880&view=diff
==============================================================================
--- archiva/site/pom.xml (original)
+++ archiva/site/pom.xml Tue Feb 15 13:15:33 2011
@@ -103,10 +103,11 @@
</site>
</distributionManagement>
<properties>
- <archivaReleaseVersion>1.3.3</archivaReleaseVersion>
- <archivaReleaseDate>20 December 2010</archivaReleaseDate>
- <supportedVersions>1.3.2</supportedVersions>
- <unsupportedVersions>1.3.1,1.3,1.2.2,1.2.1,1.2,1.1.3,1.1.2,1.1.1,1.1,1.0.2,1.0.1,1.0</unsupportedVersions>
+ <archivaReleaseVersion>1.3.4</archivaReleaseVersion>
+ <archivaReleaseDate>15 February 2011</archivaReleaseDate>
+ <supportedVersions></supportedVersions>
+ <!-- Dropped 1.2.x support in December 2010. 1.3 - 1.3.3 unsupported due to sec. vulnerability -->
+ <unsupportedVersions>1.3.3,1.3.2,1.3.1,1.3,1.2.2,1.2.1,1.2,1.1.3,1.1.2,1.1.1,1.1,1.0.2,1.0.1,1.0</unsupportedVersions>
</properties>
<profiles>
<profile>
Modified: archiva/site/src/site/apt/security.apt
URL: http://svn.apache.org/viewvc/archiva/site/src/site/apt/security.apt?rev=1070880&r1=1070879&r2=1070880&view=diff
==============================================================================
--- archiva/site/src/site/apt/security.apt (original)
+++ archiva/site/src/site/apt/security.apt Tue Feb 15 13:15:33 2011
@@ -28,7 +28,21 @@ Security Vulnerabilities
Please note that binary patches are not produced for individual vulnerabilities. To obtain the binary fix for a particular
vulnerability you should upgrade to an Apache Archiva version where that vulnerability has been fixed.
-* CSRF Vulnerability (CVE-2010-3449)
+* CVE-2011-0533: Apache Archiva cross-site scripting vulnerability
+
+ A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the
+ Archiva user management page. This fix is available in version {{{./download.html} 1.3.4}} of Apache Archiva. All users must
+ upgrade to this version (or higher).
+
+ Versions Affected:
+
+ * Archiva 1.3 - 1.3.3
+
+ * The unsupported versions Archiva 1.0 - 1.2.2 are also affected.
+
+ []
+
+* CVE-2010-3449: Apache Archiva CSRF Vulnerability
Apache Archiva doesn't check which form sends credentials. An attacker can create a specially crafted page and force
archiva administrators to view it and change their credentials. To fix this, a referrer check was added to the security
@@ -36,4 +50,15 @@ Security Vulnerabilities
in place. This fix is available in version {{{./download.html} 1.3.2}} of Apache Archiva. All users must upgrade to this
version (or higher).
+ Versions Affected:
+
+ * Archiva 1.3 to 1.3.1
+
+ * Archiva 1.2 to 1.2.2 (end of life)
+
+ * Archiva 1.1 to 1.1.4 (end of life)
+
+ * Archiva 1.0 to 1.0.3 (end of life)
+
+ []
Modified: archiva/site/src/site/apt/versions.apt.vm
URL: http://svn.apache.org/viewvc/archiva/site/src/site/apt/versions.apt.vm?rev=1070880&r1=1070879&r2=1070880&view=diff
==============================================================================
--- archiva/site/src/site/apt/versions.apt.vm (original)
+++ archiva/site/src/site/apt/versions.apt.vm Tue Feb 15 13:15:33 2011
@@ -20,6 +20,7 @@ Archiva Documentation
~~ TODO: have more specific links than Documentation, and find a better link for developer reference
+#if (!$supportedVersions.isEmpty())
* Previous Stable Releases
*------------+-------------------------------------------------+-----------------------------------------+----------------------------------------------------+
@@ -27,6 +28,7 @@ Archiva Documentation
| $v | {{{./docs/$v/release-notes.html} Release Notes}} | {{{./docs/$v/learn.html} Documentation}} | {{{./ref/$v/index.html} Developer Reference}} |
*------------+-------------------------------------------------+-----------------------------------------+----------------------------------------------------+
#end
+#end
* Unsupported Releases