You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by bt...@apache.org on 2023/03/31 05:44:42 UTC
[james-site] branch asf-site updated: Annouce CVE-2023-26269
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/james-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new e002b6f61 Annouce CVE-2023-26269
e002b6f61 is described below
commit e002b6f61f42567ac0db5e430d31f6c9ae9484c8
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Fri Mar 31 12:44:22 2023 +0700
Annouce CVE-2023-26269
---
content/feed.xml | 4 ++--
content/rat-report.html | 20 +++++++++++++++-----
content/server/feature-security.html | 16 ++++++++++++++++
3 files changed, 33 insertions(+), 7 deletions(-)
diff --git a/content/feed.xml b/content/feed.xml
index e60d63357..089c81094 100644
--- a/content/feed.xml
+++ b/content/feed.xml
@@ -24,8 +24,8 @@
</description>
<link>http://james.apache.org/</link>
<atom:link href="http://james.apache.org/feed.xml" rel="self" type="application/rss+xml"/>
- <pubDate>Fri, 31 Mar 2023 12:06:58 +0700</pubDate>
- <lastBuildDate>Fri, 31 Mar 2023 12:06:58 +0700</lastBuildDate>
+ <pubDate>Fri, 31 Mar 2023 12:42:55 +0700</pubDate>
+ <lastBuildDate>Fri, 31 Mar 2023 12:42:55 +0700</lastBuildDate>
<generator>Jekyll v4.2.0</generator>
<item>
diff --git a/content/rat-report.html b/content/rat-report.html
index 6153ed48c..c1649aec2 100644
--- a/content/rat-report.html
+++ b/content/rat-report.html
@@ -163,20 +163,20 @@
*****************************************************
Summary
-------
-Generated at: 2023-03-31T11:55:37+07:00
+Generated at: 2023-03-31T12:41:47+07:00
Notes: 2723
-Binaries: 12129
+Binaries: 12130
Archives: 6854
-Standards: 13828
+Standards: 13830
-Apache Licensed: 8718
+Apache Licensed: 8719
Generated Documents: 0
JavaDocs are generated, thus a license header is optional.
Generated files do not require license headers.
-4865 Unknown Licenses
+4866 Unknown Licenses
*****************************************************
@@ -1979,6 +1979,7 @@ Files with unapproved licenses:
src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/66/9983c72359d4fc4977ab5f326bf47ec72459eefa084c27470b2e0d560f8070
src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/f1/076370e6da52bd6c59fc968fa9ad39262523ab4294c309df789431e0f4d4e6
src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/0b/bf343fe7a4912112cc2fd5aae991c5f6f2b2ebaaec175e06f6ec9dd6b5bd7d
+ src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/24/c8b88b720c3d0ccc6af36fca33843cc755190d36cfbee3898d10c5200d54f4
src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/6f/fa787ac0e92e4cc7baf1185802b4a18c9933d0acddf48e6cd7cd130abd7d78
src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/6b/359d4bf54174615128f062ef36746ad926fedd769a6328ff7a9e9bed5ccfb4
src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/ee/ed075fef298601d8977970147f6e0e948d9b6dba7f3ace9e058376e3094343
@@ -30489,6 +30490,7 @@ Archives:
AL src/homepage/_site/james/update/2009/07/17/jMPT-0.1.html
AL src/homepage/_site/james/update/2009/10/17/jdkim.html
AL src/homepage/_site/james/update/2009/01/16/MAILET-2.4.html
+ AL src/homepage/_site/james/update/2023/03/20/james-3.7.3.html
AL src/homepage/_site/james/update/2017/06/23/jsieve-0.7.html
AL src/homepage/_site/james/update/2017/06/16/mime4j-0.8.1.html
AL src/homepage/_site/james/update/2017/05/16/james-3.0.0-rc1.html
@@ -30659,6 +30661,8 @@ Archives:
!????? src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/f1/076370e6da52bd6c59fc968fa9ad39262523ab4294c309df789431e0f4d4e6
!????? src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/0b/bf343fe7a4912112cc2fd5aae991c5f6f2b2ebaaec175e06f6ec9dd6b5bd7d
B src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/0b/f756d978e7e28dfd03f4491c02c5576fda77b7ea3c1e00ed963b52f80162fe
+ B src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/48/fa81ccd2115838586c5a86c47cf593f47dde2125e33a41f04dc1c49e05736c
+ !????? src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/24/c8b88b720c3d0ccc6af36fca33843cc755190d36cfbee3898d10c5200d54f4
!????? src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/6f/fa787ac0e92e4cc7baf1185802b4a18c9933d0acddf48e6cd7cd130abd7d78
B src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/6f/ca46eac0822ac7845d16091d8d9a0c0516ba80bfc0951e6d829d58f2f62134
B src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/d1/3d36d447e29dd3caeaa5cbef74e51ec7ec82ba8594275409ad409f3ccfadc1
@@ -98479,6 +98483,12 @@ version 3.0.1 of Apache James server.</p>
??I"g<p>The Apache James developers are pleased to announce the 0.8 release of the JSieve library.</p>
?:?ET
+=====================================================
+== File: src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/24/c8b88b720c3d0ccc6af36fca33843cc755190d36cfbee3898d10c5200d54f4
+=====================================================
+??I"\<p>The Apache James developers are pleased to announce James server 3.7.4 release.</p>
+?:?ET
+
=====================================================
== File: src/homepage/.jekyll-cache/Jekyll/Cache/Jekyll--Converters--Markdown/6f/fa787ac0e92e4cc7baf1185802b4a18c9933d0acddf48e6cd7cd130abd7d78
=====================================================
diff --git a/content/server/feature-security.html b/content/server/feature-security.html
index 30362bbb1..8a669d1f2 100644
--- a/content/server/feature-security.html
+++ b/content/server/feature-security.html
@@ -277,6 +277,22 @@
We follow the standard procedures within the ASF regarding
<a class="externalLink" href="https://apache.org/security/committers.html#vulnerability-handling">vulnerability handling</a>.
</section>
+
+ <section>
+<h3><a name="CVE-2023-26269:_Privilege_escalation_through_unauthenticated_JMX"></a>CVE-2023-26269: Privilege escalation through unauthenticated JMX</h3>
+
+<p> Apache James distribution prior to release 3.7.4 allows privilege escalation through the use of JMX.</p>
+
+
+<p><b>Severity</b>: Moderate</p>
+
+
+<p><b>Mitigation</b>:We recommend turning on authentication on. If the CLI is unused we recommend turning JMX off.<br />
+
+ Release 3.7.4 set up implicitly JMX authentication for Guice based products and addresses the underlying JMX exploits.<br />
+
+ Upgrading to Apache James 3.7.4 is thus advised.</p>
+ </section>
<section>
<h3><a name="CVE-2022-45935:_Temporary_File_Information_Disclosure_in_Apache_JAMES"></a>CVE-2022-45935: Temporary File Information Disclosure in Apache JAMES</h3>
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org