You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2018/07/10 09:59:32 UTC
svn commit: r1032345 - in /websites/staging/directory/trunk/content: ./
api/news.html
Author: buildbot
Date: Tue Jul 10 09:59:32 2018
New Revision: 1032345
Log:
Staging update by buildbot for directory
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/api/news.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Jul 10 09:59:32 2018
@@ -1 +1 @@
-1835359
+1835528
Modified: websites/staging/directory/trunk/content/api/news.html
==============================================================================
--- websites/staging/directory/trunk/content/api/news.html (original)
+++ websites/staging/directory/trunk/content/api/news.html Tue Jul 10 09:59:32 2018
@@ -165,6 +165,10 @@
visibility: hidden;
}
h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="cve-2018-1337-plaintext-password-disclosure-in-secured-channel">CVE-2018-1337: Plaintext Password Disclosure in Secured Channel<a class="headerlink" href="#cve-2018-1337-plaintext-password-disclosure-in-secured-channel" title="Permanent link">¶</a></h1>
+<p>The Apache LDAP API 1.0.2 that has just been released fix a <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1337">critical security issue</a>: A bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request)</p>
+<p>We urge you to switch to this version.</p>
+<p>Downloads are available <a href="downloads.html">here</a></p>
<h1 id="news">News<a class="headerlink" href="#news" title="Permanent link">¶</a></h1>
<p><h2 class="news">Apache Directory LDAP API 1.0.2 released <em>posted on June 6st, 2018</em></h2></p>
<p>The Apache Directory Team is proud to announce the availability of version 1.0.2 of the Apache Directory LDAP API.</p>