You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by dk...@apache.org on 2020/03/26 15:28:14 UTC

[sling-org-apache-sling-app-cms] branch master updated: Updating release information for 0.16.0

This is an automated email from the ASF dual-hosted git repository.

dklco pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-app-cms.git


The following commit(s) were added to refs/heads/master by this push:
     new f72a0e9  Updating release information for 0.16.0
f72a0e9 is described below

commit f72a0e97f9ef91c491f9241fe2554b3985f67e94
Author: Dan Klco <dk...@apache.org>
AuthorDate: Thu Mar 26 11:28:00 2020 -0400

    Updating release information for 0.16.0
---
 README.md        |  2 +-
 docs/releases.md | 18 +++++++++++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 3508244..59c26a9 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ Try out Sling CMS on [Gitpod](https://www.gitpod.io/) for free for up to 50 hour
  * [Releases](docs/releases.md)
  * [Users](docs/users.md)
 
-### [Download Latest Version](https://search.maven.org/remotecontent?filepath=org/apache/sling/org.apache.sling.cms.builder/0.14.0/org.apache.sling.cms.builder-0.14.0.jar)
+### [Download Latest Version](https://search.maven.org/remotecontent?filepath=org/apache/sling/org.apache.sling.cms.builder/0.16.0/org.apache.sling.cms.builder-0.16.0.jar)
 ### [Report an Issue](https://issues.apache.org/jira)
 
 ## Contributing
diff --git a/docs/releases.md b/docs/releases.md
index c8dcc4f..8a15c89 100644
--- a/docs/releases.md
+++ b/docs/releases.md
@@ -12,12 +12,28 @@
 
 # Releases
 
-## 0.14.0 - CURRENT VERSION
+## 0.16.0 - CURRENT VERSION
+
+Added support for LDAP authentication, UI tweaks and bug fixes.
+
+#### [CVE Advisory: CVE-2020-1949 - Improper Neutralization of Input During Web Page Generation](https://s.apache.org/CVE-2020-1949)
+
+Scripts in Sling CMS do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.
+
+#### Remediation
+
+Upgrade to Sling CMS 0.16.0.
+
+ * [View Release](https://github.com/apache/sling-org-apache-sling-app-cms/releases/org.apache.sling.cms-0.16.0)
+ * [API JavaDoc](http://javadoc.io/doc/org.apache.sling/org.apache.sling.cms.api/0.16.0)
+
+## 0.14.0
 
 Focus on continued improvements to user experience, including significant improvments to the look and feel of the sites screens. Cleaned up inconsistencies in the breadcrumbs. New drag and drop re-ordering and added basic editable forms and significantly improved image transformations.
 
  * [View Release](https://github.com/apache/sling-org-apache-sling-app-cms/releases/org.apache.sling.cms-0.14.0)
  * [API JavaDoc](http://javadoc.io/doc/org.apache.sling/org.apache.sling.cms.api/0.14.0)
+* [Documentation](https://github.com/apache/sling-org-apache-sling-app-cms/tree/c45c70c207924d40b5f2cdca9b65374428d2ec3d)
 
 ## 0.12.0