continuum-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From br...@apache.org
Subject svn commit: r1602447 - in /continuum/site: pom.xml src/site/apt/security.apt
Date Fri, 13 Jun 2014 14:46:47 GMT
Author: brett
Date: Fri Jun 13 14:46:47 2014
New Revision: 1602447

URL: http://svn.apache.org/r1602447
Log:
1.4.2 release

Modified:
    continuum/site/pom.xml
    continuum/site/src/site/apt/security.apt

Modified: continuum/site/pom.xml
URL: http://svn.apache.org/viewvc/continuum/site/pom.xml?rev=1602447&r1=1602446&r2=1602447&view=diff
==============================================================================
--- continuum/site/pom.xml (original)
+++ continuum/site/pom.xml Fri Jun 13 14:46:47 2014
@@ -123,8 +123,8 @@
 
   <properties>
     <checkoutDirectory>site-publish</checkoutDirectory>
-    <gaVersion>1.4.1</gaVersion>
-    <gaDate>7 January 2013</gaDate>
+    <gaVersion>1.4.2</gaVersion>
+    <gaDate>13 June 2014</gaDate>
   </properties>
   <distributionManagement>
     <!-- Site base required here for site:stage to calculate correct URLs -->

Modified: continuum/site/src/site/apt/security.apt
URL: http://svn.apache.org/viewvc/continuum/site/src/site/apt/security.apt?rev=1602447&r1=1602446&r2=1602447&view=diff
==============================================================================
--- continuum/site/src/site/apt/security.apt (original)
+++ continuum/site/src/site/apt/security.apt Fri Jun 13 14:46:47 2014
@@ -31,6 +31,22 @@ Security Vulnerabilities
   For more information about reporting vulnerabilities, see the
   {{{http://www.apache.org/security/} Apache Security Team}} page.
 
+* CVE-2013-2251: Apache Struts Remote Command Execution
+
+  Apache Continuum is affected by a vulnerability in the version of the Struts
+  library being used, which allows a malicious user to run code on the
+  server remotely. More details about the vulnerability can be found at
+  {{http://struts.apache.org/2.3.x/docs/s2-016.html}}.
+
+  Versions Affected:
+
+    * Continuum 1.3.1 to Continuum 1.4.1
+
+    []
+
+  All users are recommended to upgrade to {{{./download.cgi} Continuum
+  1.4.2}}, which are not affected by this issue. 
+
 * CVE-2010-1870: Struts2 remote commands execution
 
   Apache Continuum is affected by a vulnerability in the version of the



Mime
View raw message