archiva-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From br...@apache.org
Subject svn commit: r1431860 - in /archiva/site: pom.xml src/site/apt/security.apt
Date Fri, 11 Jan 2013 03:32:35 GMT
Author: brett
Date: Fri Jan 11 03:32:35 2013
New Revision: 1431860

URL: http://svn.apache.org/viewvc?rev=1431860&view=rev
Log:
update site for 1.3.6 release

Modified:
    archiva/site/pom.xml
    archiva/site/src/site/apt/security.apt

Modified: archiva/site/pom.xml
URL: http://svn.apache.org/viewvc/archiva/site/pom.xml?rev=1431860&r1=1431859&r2=1431860&view=diff
==============================================================================
--- archiva/site/pom.xml (original)
+++ archiva/site/pom.xml Fri Jan 11 03:32:35 2013
@@ -37,11 +37,11 @@
   <properties>
     <archivaPreviewVersion>1.4-M3</archivaPreviewVersion>
     <archivaPreviewDate>07 October 2012</archivaPreviewDate>
-    <archivaReleaseVersion>1.3.5</archivaReleaseVersion>
-    <archivaReleaseDate>17 May 2011</archivaReleaseDate>
+    <archivaReleaseVersion>1.3.6</archivaReleaseVersion>
+    <archivaReleaseDate>11 January 2013</archivaReleaseDate>
     <supportedVersions></supportedVersions>
-    <!-- Dropped 1.2.x support in December 2010. 1.3 - 1.3.4 unsupported due to sec. vulnerability
-->
-    <unsupportedVersions>1.3.4,1.3.3,1.3.2,1.3.1,1.3,1.2.2,1.2.1,1.2,1.1.3,1.1.2,1.1.1,1.1,1.0.2,1.0.1,1.0
+    <!-- Dropped 1.2.x support in December 2010. 1.3 - 1.3.5 unsupported due to sec. vulnerability
-->
+    <unsupportedVersions>1.3.5,1.3.4,1.3.3,1.3.2,1.3.1,1.3,1.2.2,1.2.1,1.2,1.1.3,1.1.2,1.1.1,1.1,1.0.2,1.0.1,1.0
     </unsupportedVersions>
     <siteUrl>http://archiva.apache.org/</siteUrl>
     <site.cache.path>${user.home}</site.cache.path>

Modified: archiva/site/src/site/apt/security.apt
URL: http://svn.apache.org/viewvc/archiva/site/src/site/apt/security.apt?rev=1431860&r1=1431859&r2=1431860&view=diff
==============================================================================
--- archiva/site/src/site/apt/security.apt (original)
+++ archiva/site/src/site/apt/security.apt Fri Jan 11 03:32:35 2013
@@ -28,6 +28,28 @@ Security Vulnerabilities
   Please note that binary patches are not produced for individual vulnerabilities. To obtain
the binary fix for a particular 
   vulnerability you should upgrade to an Apache Archiva version where that vulnerability
has been fixed.
 
+  For more information about reporting vulnerabilities, see the
+  {{{http://www.apache.org/security/} Apache Security Team}} page.
+
+* CVE-2010-1870: Struts2 remote commands execution
+
+  Apache Archiva is affected by a vulnerability in the version of the Struts
+  library being used, which allows a malicious user to run code on the
+  server remotely. More details about the vulnerability can be found at
+  {{http://struts.apache.org/2.2.1/docs/s2-005.html}}.
+
+  Versions Affected:
+
+    * Archiva 1.2 to Archiva 1.3.5
+
+    []
+
+  All users are recommended to upgrade to {{{./download.cgi} Archiva
+  1.3.6}}, which configures Struts in such a way that it is not affected by 
+  this issue.
+
+  Archiva 1.4-M3 and later is not affected by this issue.
+
 * CVE-2011-1077: Multiple XSS issues
 
   Apache Archiva is vulnerable to multiple XSS issues, both stored (persistent) and reflected
(non-persistent). Javascript which



Mime
View raw message