continuum-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From br...@apache.org
Subject svn commit: r1429667 [2/2] - in /continuum/site-publish: ./ development/
Date Mon, 07 Jan 2013 03:58:08 GMT
Modified: continuum/site-publish/security.html
URL: http://svn.apache.org/viewvc/continuum/site-publish/security.html?rev=1429667&r1=1429666&r2=1429667&view=diff
==============================================================================
--- continuum/site-publish/security.html (original)
+++ continuum/site-publish/security.html Mon Jan  7 03:58:08 2013
@@ -68,7 +68,7 @@ pageTracker._trackPageview();</script>
   
   
     
-             Last Published: 04 Jan 2013
+             Last Published: 07 Jan 2013
             </div>
       <div class="clear">
         <hr/>
@@ -92,11 +92,7 @@ pageTracker._trackPageview();</script>
           </li>
               
     <li class="none">
-                    <a href="download.html">Download</a>
-          </li>
-              
-    <li class="none">
-                    <a href="change-log.html">Change Log</a>
+                    <a href="download.cgi">Download</a>
           </li>
               
     <li class="none">
@@ -239,7 +235,7 @@ pageTracker._trackPageview();</script>
     </div>
     <div id="bodyColumn">
       <div id="contentBox">
-        <!-- Licensed to the Apache Software Foundation (ASF) under one --><!--
or more contributor license agreements.  See the NOTICE file --><!-- distributed with
this work for additional information --><!-- regarding copyright ownership.  The ASF
licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!--
"License"); you may not use this file except in compliance --><!-- with the License.
 You may obtain a copy of the License at --><!--  --><!-- http://www.apache.org/licenses/LICENSE-2.0
--><!--  --><!-- Unless required by applicable law or agreed to in writing, --><!--
software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied.  See the License
for the --><!-- specific language governing permissions and limitations --><!--
under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!--
http://maven.apache.org/guides/mini/g
 uide-apt-format.html --><div class="section"><h2>Security Vulnerabilities<a
name="Security_Vulnerabilities"></a></h2><p>Please note that binary patches
are not produced for individual vulnerabilities. To obtain the binary fix for a particular
vulnerability you should upgrade to an Apache Continuum version where that vulnerability has
been fixed.</p><p>For more information about reporting vulnerabilities, see the
<a class="externalLink" href="http://www.apache.org/security/"> Apache Security Team</a>
page.</p><div class="section"><h3>CVE-2011-0533: Apache Continuum cross-site
scripting vulnerability<a name="CVE-2011-0533:_Apache_Continuum_cross-site_scripting_vulnerability"></a></h3><p>A
request that included a specially crafted request parameter could be used to inject arbitrary
HTML or Javascript into the Continuum user management page and project details pages. This
fix is available in version <a href="./download.html"> 1.3.7</a> of Apache Continuum.
All users must upgrade
  to this version (or higher).</p><p>Versions Affected:</p><ul><li>Continuum
1.3.6</li><li>Continuum 1.4.0 (Beta)</li><li>The unsupported versions
Continuum 1.1 - 1.2.3.1 are also affected.</li></ul></div><div class="section"><h3>CVE-2010-3449:
Apache Continuum CSRF vulnerability<a name="CVE-2010-3449:_Apache_Continuum_CSRF_vulnerability"></a></h3><p>Apache
Continuum doesn't check which form sends credentials. An attacker can create a specially crafted
page and force Continuum administrators to view it and change their credentials. To fix this,
a referrer check was added to the security interceptor for all secured actions. A prompt for
the administrator's password when changing a user account was also set in place. This fix
is available in version <a href="./download.html"> 1.3.7</a> of Apache Continuum.
All users must upgrade to this version (or higher).</p><p>Versions Affected:</p><ul><li>Continuum
1.3.6</li><li>Continuum 1.4.0 (Beta)</li><li>The unsupported versions
Contin
 uum 1.1 - 1.2.3.1 are also affected.</li></ul></div></div>
+        <!-- Licensed to the Apache Software Foundation (ASF) under one --><!--
or more contributor license agreements.  See the NOTICE file --><!-- distributed with
this work for additional information --><!-- regarding copyright ownership.  The ASF
licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!--
"License"); you may not use this file except in compliance --><!-- with the License.
 You may obtain a copy of the License at --><!--  --><!-- http://www.apache.org/licenses/LICENSE-2.0
--><!--  --><!-- Unless required by applicable law or agreed to in writing, --><!--
software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied.  See the License
for the --><!-- specific language governing permissions and limitations --><!--
under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!--
http://maven.apache.org/guides/mini/g
 uide-apt-format.html --><div class="section"><h2>Security Vulnerabilities<a
name="Security_Vulnerabilities"></a></h2><p>Please note that binary patches
are not produced for individual vulnerabilities. To obtain the binary fix for a particular
vulnerability you should upgrade to an Apache Continuum version where that vulnerability has
been fixed.</p><p>For more information about reporting vulnerabilities, see the
<a class="externalLink" href="http://www.apache.org/security/"> Apache Security Team</a>
page.</p><div class="section"><h3>CVE-2010-1870: Struts2 remote commands
execution<a name="CVE-2010-1870:_Struts2_remote_commands_execution"></a></h3><p>Apache
Continuum is affected by a vulnerability in the version of the Struts library being used,
which allows a malicious user to run code on the server remotely. More details about the vulnerability
can be found at <a class="externalLink" href="http://struts.apache.org/2.2.1/docs/s2-005.html">http://struts.apache.org/2.2.1/docs/
 s2-005.html</a>.</p><p>Versions Affected:</p><ul><li>Continuum
1.3.1 to Continuum 1.3.8</li><li>Continuum 1.4.0 (Beta)</li></ul><p>All
users are recommended to upgrade to <a href="./download.cgi"> Continuum 1.4.1</a>,
which configures Struts in such a way that it is not affected by this issue.</p></div><div
class="section"><h3>CVE-2011-0533: Apache Continuum cross-site scripting vulnerability<a
name="CVE-2011-0533:_Apache_Continuum_cross-site_scripting_vulnerability"></a></h3><p>A
request that included a specially crafted request parameter could be used to inject arbitrary
HTML or Javascript into the Continuum user management page and project details pages. This
fix is available in version <a href="./download.cgi"> 1.3.7</a> of Apache Continuum.
All users must upgrade to this version (or higher).</p><p>Versions Affected:</p><ul><li>Continuum
1.3.6</li><li>Continuum 1.4.0 (Beta)</li><li>The unsupported versions
Continuum 1.1 - 1.2.3.1 are also affected.</li></ul></div><div cl
 ass="section"><h3>CVE-2010-3449: Apache Continuum CSRF vulnerability<a name="CVE-2010-3449:_Apache_Continuum_CSRF_vulnerability"></a></h3><p>Apache
Continuum doesn't check which form sends credentials. An attacker can create a specially crafted
page and force Continuum administrators to view it and change their credentials. To fix this,
a referrer check was added to the security interceptor for all secured actions. A prompt for
the administrator's password when changing a user account was also set in place. This fix
is available in version <a href="./download.cgi"> 1.3.7</a> of Apache Continuum.
All users must upgrade to this version (or higher).</p><p>Versions Affected:</p><ul><li>Continuum
1.3.6</li><li>Continuum 1.4.0 (Beta)</li><li>The unsupported versions
Continuum 1.1 - 1.2.3.1 are also affected.</li></ul></div></div>
       </div>
     </div>
     <div class="clear">

Modified: continuum/site-publish/source-repository.html
URL: http://svn.apache.org/viewvc/continuum/site-publish/source-repository.html?rev=1429667&r1=1429666&r2=1429667&view=diff
==============================================================================
--- continuum/site-publish/source-repository.html (original)
+++ continuum/site-publish/source-repository.html Mon Jan  7 03:58:08 2013
@@ -68,7 +68,7 @@ pageTracker._trackPageview();</script>
   
   
     
-             Last Published: 04 Jan 2013
+             Last Published: 07 Jan 2013
             </div>
       <div class="clear">
         <hr/>
@@ -92,11 +92,7 @@ pageTracker._trackPageview();</script>
           </li>
               
     <li class="none">
-                    <a href="download.html">Download</a>
-          </li>
-              
-    <li class="none">
-                    <a href="change-log.html">Change Log</a>
+                    <a href="download.cgi">Download</a>
           </li>
               
     <li class="none">

Modified: continuum/site-publish/team-list.html
URL: http://svn.apache.org/viewvc/continuum/site-publish/team-list.html?rev=1429667&r1=1429666&r2=1429667&view=diff
==============================================================================
--- continuum/site-publish/team-list.html (original)
+++ continuum/site-publish/team-list.html Mon Jan  7 03:58:08 2013
@@ -68,7 +68,7 @@ pageTracker._trackPageview();</script>
   
   
     
-             Last Published: 04 Jan 2013
+             Last Published: 07 Jan 2013
             </div>
       <div class="clear">
         <hr/>
@@ -92,11 +92,7 @@ pageTracker._trackPageview();</script>
           </li>
               
     <li class="none">
-                    <a href="download.html">Download</a>
-          </li>
-              
-    <li class="none">
-                    <a href="change-log.html">Change Log</a>
+                    <a href="download.cgi">Download</a>
           </li>
               
     <li class="none">



Mime
View raw message