continuum-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From br...@apache.org
Subject svn commit: r1427661 [2/2] - in /continuum/site-publish: ./ development/ images/
Date Wed, 02 Jan 2013 06:01:34 GMT
Modified: continuum/site-publish/security.html
URL: http://svn.apache.org/viewvc/continuum/site-publish/security.html?rev=1427661&r1=1427660&r2=1427661&view=diff
==============================================================================
--- continuum/site-publish/security.html (original)
+++ continuum/site-publish/security.html Wed Jan  2 06:01:34 2013
@@ -114,6 +114,10 @@ pageTracker._trackPageview();</script>
     <li class="none">
                     <a href="http://vmbuild.apache.org/continuum/" class="externalLink">Live
Demo</a>
           </li>
+              
+    <li class="none">
+              <strong>Security</strong>
+        </li>
           </ul>
               <h5>Community</h5>
             <ul>
@@ -147,7 +151,15 @@ pageTracker._trackPageview();</script>
           </li>
               
     <li class="none">
-                    <a href="license.html">License</a>
+                    <a href="http://www.apache.org/licenses/" class="externalLink">License</a>
+          </li>
+              
+    <li class="none">
+                    <a href="http://www.apache.org/foundation/sponsorship.html" class="externalLink">Sponsor</a>
+          </li>
+              
+    <li class="none">
+                    <a href="http://www.apache.org/foundation/thanks.html" class="externalLink">Thanks</a>
           </li>
           </ul>
               <h5>Continuum Development</h5>
@@ -203,18 +215,19 @@ pageTracker._trackPageview();</script>
     </div>
     <div id="bodyColumn">
       <div id="contentBox">
-        <!-- Licensed to the Apache Software Foundation (ASF) under one --><!--
or more contributor license agreements.  See the NOTICE file --><!-- distributed with
this work for additional information --><!-- regarding copyright ownership.  The ASF
licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!--
"License"); you may not use this file except in compliance --><!-- with the License.
 You may obtain a copy of the License at --><!--  --><!-- http://www.apache.org/licenses/LICENSE-2.0
--><!--  --><!-- Unless required by applicable law or agreed to in writing, --><!--
software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied.  See the License
for the --><!-- specific language governing permissions and limitations --><!--
under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!--
http://maven.apache.org/guides/mini/g
 uide-apt-format.html --><div class="section"><h2>Security Vulnerabilities<a
name="Security_Vulnerabilities"></a></h2><p>Please note that binary patches
are not produced for individual vulnerabilities. To obtain the binary fix for a particular
vulnerability you should upgrade to an Apache Continuum version where that vulnerability has
been fixed.</p><div class="section"><h3>CVE-2011-0533: Apache Continuum
cross-site scripting vulnerability<a name="CVE-2011-0533:_Apache_Continuum_cross-site_scripting_vulnerability"></a></h3><p>A
request that included a specially crafted request parameter could be used to inject arbitrary
HTML or Javascript into the Continuum user management page and project details pages. This
fix is available in version <a href="./download.html"> 1.3.7</a> of Apache Continuum.
All users must upgrade to this version (or higher).</p><p>Versions Affected:</p><ul><li>Continuum
1.3.6</li><li>Continuum 1.4.0 (Beta)</li><li>The unsupported versions
Continuum 1.1 - 1
 .2.3.1 are also affected.</li></ul></div><div class="section"><h3>CVE-2010-3449:
Apache Continuum CSRF vulnerability<a name="CVE-2010-3449:_Apache_Continuum_CSRF_vulnerability"></a></h3><p>Apache
Continuum doesn't check which form sends credentials. An attacker can create a specially crafted
page and force Continuum administrators to view it and change their credentials. To fix this,
a referrer check was added to the security interceptor for all secured actions. A prompt for
the administrator's password when changing a user account was also set in place. This fix
is available in version <a href="./download.html"> 1.3.7</a> of Apache Continuum.
All users must upgrade to this version (or higher).</p><p>Versions Affected:</p><ul><li>Continuum
1.3.6</li><li>Continuum 1.4.0 (Beta)</li><li>The unsupported versions
Continuum 1.1 - 1.2.3.1 are also affected.</li></ul></div></div>
+        <!-- Licensed to the Apache Software Foundation (ASF) under one --><!--
or more contributor license agreements.  See the NOTICE file --><!-- distributed with
this work for additional information --><!-- regarding copyright ownership.  The ASF
licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!--
"License"); you may not use this file except in compliance --><!-- with the License.
 You may obtain a copy of the License at --><!--  --><!-- http://www.apache.org/licenses/LICENSE-2.0
--><!--  --><!-- Unless required by applicable law or agreed to in writing, --><!--
software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied.  See the License
for the --><!-- specific language governing permissions and limitations --><!--
under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!--
http://maven.apache.org/guides/mini/g
 uide-apt-format.html --><div class="section"><h2>Security Vulnerabilities<a
name="Security_Vulnerabilities"></a></h2><p>Please note that binary patches
are not produced for individual vulnerabilities. To obtain the binary fix for a particular
vulnerability you should upgrade to an Apache Continuum version where that vulnerability has
been fixed.</p><p>For more information about reporting vulnerabilities, see the
<a class="externalLink" href="http://www.apache.org/security/"> Apache Security Team</a>
page.</p><div class="section"><h3>CVE-2011-0533: Apache Continuum cross-site
scripting vulnerability<a name="CVE-2011-0533:_Apache_Continuum_cross-site_scripting_vulnerability"></a></h3><p>A
request that included a specially crafted request parameter could be used to inject arbitrary
HTML or Javascript into the Continuum user management page and project details pages. This
fix is available in version <a href="./download.html"> 1.3.7</a> of Apache Continuum.
All users must upgrade
  to this version (or higher).</p><p>Versions Affected:</p><ul><li>Continuum
1.3.6</li><li>Continuum 1.4.0 (Beta)</li><li>The unsupported versions
Continuum 1.1 - 1.2.3.1 are also affected.</li></ul></div><div class="section"><h3>CVE-2010-3449:
Apache Continuum CSRF vulnerability<a name="CVE-2010-3449:_Apache_Continuum_CSRF_vulnerability"></a></h3><p>Apache
Continuum doesn't check which form sends credentials. An attacker can create a specially crafted
page and force Continuum administrators to view it and change their credentials. To fix this,
a referrer check was added to the security interceptor for all secured actions. A prompt for
the administrator's password when changing a user account was also set in place. This fix
is available in version <a href="./download.html"> 1.3.7</a> of Apache Continuum.
All users must upgrade to this version (or higher).</p><p>Versions Affected:</p><ul><li>Continuum
1.3.6</li><li>Continuum 1.4.0 (Beta)</li><li>The unsupported versions
Contin
 uum 1.1 - 1.2.3.1 are also affected.</li></ul></div></div>
       </div>
     </div>
     <div class="clear">
       <hr/>
     </div>
     <div id="footer">
-      <div class="xright">&#169;  
+      <div class="xright" style="text-align: right">
+        &#169;  
           2003-2013
     
-          The Apache Software Foundation
-          
+                  <a href="http://www.apache.org/">The Apache Software Foundation</a>
+                
   
 
   
@@ -222,7 +235,9 @@ pageTracker._trackPageview();</script>
   
   
     
-   - <a href="http://continuum.apache.org/privacy-policy.html">Privacy Policy</a></div>
+   - <a href="http://continuum.apache.org/privacy-policy.html">Privacy Policy</a><br/>
+        Apache Continuum, Continuum, Apache, the Apache feather logo, and the Apache Continuum
project logo are trademarks of The Apache Software Foundation.
+      </div>
       <div class="clear">
         <hr/>
       </div>

Modified: continuum/site-publish/source-repository.html
URL: http://svn.apache.org/viewvc/continuum/site-publish/source-repository.html?rev=1427661&r1=1427660&r2=1427661&view=diff
==============================================================================
--- continuum/site-publish/source-repository.html (original)
+++ continuum/site-publish/source-repository.html Wed Jan  2 06:01:34 2013
@@ -114,6 +114,10 @@ pageTracker._trackPageview();</script>
     <li class="none">
                     <a href="http://vmbuild.apache.org/continuum/" class="externalLink">Live
Demo</a>
           </li>
+              
+    <li class="none">
+                    <a href="security.html">Security</a>
+          </li>
           </ul>
               <h5>Community</h5>
             <ul>
@@ -147,7 +151,15 @@ pageTracker._trackPageview();</script>
         </li>
               
     <li class="none">
-                    <a href="license.html">License</a>
+                    <a href="http://www.apache.org/licenses/" class="externalLink">License</a>
+          </li>
+              
+    <li class="none">
+                    <a href="http://www.apache.org/foundation/sponsorship.html" class="externalLink">Sponsor</a>
+          </li>
+              
+    <li class="none">
+                    <a href="http://www.apache.org/foundation/thanks.html" class="externalLink">Thanks</a>
           </li>
           </ul>
               <h5>Continuum Development</h5>
@@ -235,11 +247,12 @@ http-proxy-port = 3128
       <hr/>
     </div>
     <div id="footer">
-      <div class="xright">&#169;  
+      <div class="xright" style="text-align: right">
+        &#169;  
           2003-2013
     
-          The Apache Software Foundation
-          
+                  <a href="http://www.apache.org/">The Apache Software Foundation</a>
+                
   
 
   
@@ -247,7 +260,9 @@ http-proxy-port = 3128
   
   
     
-   - <a href="http://continuum.apache.org/privacy-policy.html">Privacy Policy</a></div>
+   - <a href="http://continuum.apache.org/privacy-policy.html">Privacy Policy</a><br/>
+        Apache Continuum, Continuum, Apache, the Apache feather logo, and the Apache Continuum
project logo are trademarks of The Apache Software Foundation.
+      </div>
       <div class="clear">
         <hr/>
       </div>

Modified: continuum/site-publish/team-list.html
URL: http://svn.apache.org/viewvc/continuum/site-publish/team-list.html?rev=1427661&r1=1427660&r2=1427661&view=diff
==============================================================================
--- continuum/site-publish/team-list.html (original)
+++ continuum/site-publish/team-list.html Wed Jan  2 06:01:34 2013
@@ -114,6 +114,10 @@ pageTracker._trackPageview();</script>
     <li class="none">
                     <a href="http://vmbuild.apache.org/continuum/" class="externalLink">Live
Demo</a>
           </li>
+              
+    <li class="none">
+                    <a href="security.html">Security</a>
+          </li>
           </ul>
               <h5>Community</h5>
             <ul>
@@ -147,7 +151,15 @@ pageTracker._trackPageview();</script>
           </li>
               
     <li class="none">
-                    <a href="license.html">License</a>
+                    <a href="http://www.apache.org/licenses/" class="externalLink">License</a>
+          </li>
+              
+    <li class="none">
+                    <a href="http://www.apache.org/foundation/sponsorship.html" class="externalLink">Sponsor</a>
+          </li>
+              
+    <li class="none">
+                    <a href="http://www.apache.org/foundation/thanks.html" class="externalLink">Thanks</a>
           </li>
           </ul>
               <h5>Continuum Development</h5>
@@ -262,11 +274,12 @@ window.onLoad = init();
       <hr/>
     </div>
     <div id="footer">
-      <div class="xright">&#169;  
+      <div class="xright" style="text-align: right">
+        &#169;  
           2003-2013
     
-          The Apache Software Foundation
-          
+                  <a href="http://www.apache.org/">The Apache Software Foundation</a>
+                
   
 
   
@@ -274,7 +287,9 @@ window.onLoad = init();
   
   
     
-   - <a href="http://continuum.apache.org/privacy-policy.html">Privacy Policy</a></div>
+   - <a href="http://continuum.apache.org/privacy-policy.html">Privacy Policy</a><br/>
+        Apache Continuum, Continuum, Apache, the Apache feather logo, and the Apache Continuum
project logo are trademarks of The Apache Software Foundation.
+      </div>
       <div class="clear">
         <hr/>
       </div>



Mime
View raw message