You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@continuum.apache.org by br...@apache.org on 2013/01/07 04:57:25 UTC
svn commit: r1429666 - in /continuum/site/src/site: apt/security.apt
site.xml xdoc/index.xml.vm
Author: brett
Date: Mon Jan 7 03:57:25 2013
New Revision: 1429666
URL: http://svn.apache.org/viewvc?rev=1429666&view=rev
Log:
adjust download links to use the CGI
Modified:
continuum/site/src/site/apt/security.apt
continuum/site/src/site/site.xml
continuum/site/src/site/xdoc/index.xml.vm
Modified: continuum/site/src/site/apt/security.apt
URL: http://svn.apache.org/viewvc/continuum/site/src/site/apt/security.apt?rev=1429666&r1=1429665&r2=1429666&view=diff
==============================================================================
--- continuum/site/src/site/apt/security.apt (original)
+++ continuum/site/src/site/apt/security.apt Mon Jan 7 03:57:25 2013
@@ -46,13 +46,14 @@ Security Vulnerabilities
[]
- All users are recommended to upgrade to Continuum 1.4.1, which configures
- Struts in such a way that it is not affected by this issue.
+ All users are recommended to upgrade to {{{./download.cgi} Continuum
+ 1.4.1}}, which configures Struts in such a way that it is not affected by
+ this issue.
* CVE-2011-0533: Apache Continuum cross-site scripting vulnerability
A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the
- Continuum user management page and project details pages. This fix is available in version {{{./download.html} 1.3.7}} of
+ Continuum user management page and project details pages. This fix is available in version {{{./download.cgi} 1.3.7}} of
Apache Continuum. All users must upgrade to this version (or higher).
Versions Affected:
@@ -70,7 +71,7 @@ Security Vulnerabilities
Apache Continuum doesn't check which form sends credentials. An attacker can create a specially crafted page and force
Continuum administrators to view it and change their credentials. To fix this, a referrer check was added to the security
interceptor for all secured actions. A prompt for the administrator's password when changing a user account was also set
- in place. This fix is available in version {{{./download.html} 1.3.7}} of Apache Continuum. All users must upgrade to this
+ in place. This fix is available in version {{{./download.cgi} 1.3.7}} of Apache Continuum. All users must upgrade to this
version (or higher).
Versions Affected:
Modified: continuum/site/src/site/site.xml
URL: http://svn.apache.org/viewvc/continuum/site/src/site/site.xml?rev=1429666&r1=1429665&r2=1429666&view=diff
==============================================================================
--- continuum/site/src/site/site.xml (original)
+++ continuum/site/src/site/site.xml Mon Jan 7 03:57:25 2013
@@ -31,7 +31,7 @@
</breadcrumbs>
<menu name="Main">
<item name="Home" href="index.html"/>
- <item name="Download" href="download.html"/>
+ <item name="Download" href="download.cgi"/>
<item name="Users Wiki" href="http://cwiki.apache.org/confluence/display/CONTINUUM/FAQ"/>
<item name="Articles" href="articles.html"/>
<item name="Features" href="features.html"/>
Modified: continuum/site/src/site/xdoc/index.xml.vm
URL: http://svn.apache.org/viewvc/continuum/site/src/site/xdoc/index.xml.vm?rev=1429666&r1=1429665&r2=1429666&view=diff
==============================================================================
--- continuum/site/src/site/xdoc/index.xml.vm (original)
+++ continuum/site/src/site/xdoc/index.xml.vm Mon Jan 7 03:57:25 2013
@@ -45,7 +45,7 @@
</p>
<div class="frontpagebox">
- <div class="headline"><a href="download.html">Download</a></div>
+ <div class="headline"><a href="download.cgi">Download</a></div>
<p>
<span style="font-size: 115%; font-weight: bold;">Continuum ${gaVersion} (GA)</span><br/>${gaDate}
<br/><a href="docs/${gaVersion}/release-notes.html">Release Notes</a> | <a href="docs/${gaVersion}/index.html">Documentation</a>