jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From resc...@apache.org
Subject svn commit: r1874199 - in /jackrabbit/site/trunk/src/site/markdown: downloads.md index.md
Date Wed, 19 Feb 2020 15:00:29 GMT
Author: reschke
Date: Wed Feb 19 15:00:29 2020
New Revision: 1874199

URL: http://svn.apache.org/viewvc?rev=1874199&view=rev
Log:
oak 1.4.26

Modified:
    jackrabbit/site/trunk/src/site/markdown/downloads.md
    jackrabbit/site/trunk/src/site/markdown/index.md

Modified: jackrabbit/site/trunk/src/site/markdown/downloads.md
URL: http://svn.apache.org/viewvc/jackrabbit/site/trunk/src/site/markdown/downloads.md?rev=1874199&r1=1874198&r2=1874199&view=diff
==============================================================================
--- jackrabbit/site/trunk/src/site/markdown/downloads.md (original)
+++ jackrabbit/site/trunk/src/site/markdown/downloads.md Wed Feb 19 15:00:29 2020
@@ -57,6 +57,22 @@ See the `LICENSE.txt` file contained in
 
 
 
+<a class='anchor' name='oak1.4'></a>
+Apache Jackrabbit Oak 1.4.26 (February 19th, 2020)
+--------------------------------------------------
+Apache Jackrabbit Oak 1.4.26 is an incremental feature release based on
+and compatible with earlier stable Jackrabbit Oak 1.x
+releases. Jackrabbit Oak 1.4.x releases are considered stable and
+targeted for production use.
+
+See the [full release notes](https://www.apache.org/dist/jackrabbit/oak/1.4.26/RELEASE-NOTES.txt)
for more details.
+
+* [jackrabbit-oak-1.4.26-src.zip](https://www.apache.org/dyn/closer.lua/jackrabbit/oak/1.4.26/jackrabbit-oak-1.4.26-src.zip)
+    (10M, source zip, [pgp](https://www.apache.org/dist/jackrabbit/oak/1.4.26/jackrabbit-oak-1.4.26-src.zip.asc),
[sha512](https://www.apache.org/dist/jackrabbit/oak/1.4.26/jackrabbit-oak-1.4.26-src.zip.sha512))
+
+
+
+
 <a class='anchor' name='v2.21'></a>
 Apache Jackrabbit 2.21.0 (February 14th, 2020)
 ----------------------------------------------
@@ -156,23 +172,6 @@ See the [full release notes](https://www
 
 
 
-
-<a class='anchor' name='oak1.4'></a>
-Apache Jackrabbit Oak 1.4.25 (January 20th, 2020)
--------------------------------------------------
-Apache Jackrabbit Oak 1.4.25 is an incremental feature release based on
-and compatible with earlier stable Jackrabbit Oak 1.x
-releases. Jackrabbit Oak 1.4.x releases are considered stable and
-targeted for production use.
-
-See the [full release notes](https://www.apache.org/dist/jackrabbit/oak/1.4.25/RELEASE-NOTES.txt)
for more details.
-
-* [jackrabbit-oak-1.4.25-src.zip](https://www.apache.org/dyn/closer.lua/jackrabbit/oak/1.4.25/jackrabbit-oak-1.4.25-src.zip)
-    (10M, source zip, [pgp](https://www.apache.org/dist/jackrabbit/oak/1.4.25/jackrabbit-oak-1.4.25-src.zip.asc),
[sha512](https://www.apache.org/dist/jackrabbit/oak/1.4.25/jackrabbit-oak-1.4.25-src.zip.sha512))
-
-
-
-
 
 <a class='anchor' name='v2.20'></a>
 Apache Jackrabbit 2.20.0 (January 7th, 2020)

Modified: jackrabbit/site/trunk/src/site/markdown/index.md
URL: http://svn.apache.org/viewvc/jackrabbit/site/trunk/src/site/markdown/index.md?rev=1874199&r1=1874198&r2=1874199&view=diff
==============================================================================
--- jackrabbit/site/trunk/src/site/markdown/index.md (original)
+++ jackrabbit/site/trunk/src/site/markdown/index.md Wed Feb 19 15:00:29 2020
@@ -35,6 +35,26 @@ more information.
 Apache Jackrabbit is a project of the [Apache Software Foundation](http://www.apache.org/)
 
 ## Apache Jackrabbit News
+#### February 19th, 2020: CVE-2020-1940: Apache Jackrabbit Oak sensitive information disclosure
vulnerability (updated)
+We just fixed a recently reported vulnerability in Apache Jackrabbit Oak:
+The optional [initial password change and password expiration features](https://jackrabbit.apache.org/oak/docs/security/user/expiry.html)
are prone to a
+sensitive information disclosure vulnerability. The code mandates the changed password to
+be passed as an additional attribute to the credentials object but does not remove it upon
+processing during the first phase of the authentication. In combination with additional,
+independent authentication mechanisms, this may lead to the new password being disclosed.
+Mitigation: 1.12.0 - 1.22.0 should be upgraded to [1.24.0](downloads.html#latest). 1.10.x
should be upgraded to [1.10.8](downloads.html#oak1.10).
+1.8.x should be upgraded to [1.8.20](downloads.html#oak1.8).
+1.6.x should be upgraded to [1.6.20](downloads.html#oak1.6).
+1.4.x should be upgraded to [1.4.26](downloads.html#oak1.4).
+For older maintained and affected branches (1.2.x), patches
+are available and releases will follow. See [OAK-8870](https://issues.apache.org/jira/browse/OAK-8870)
+for more information.
+
+#### February 19th, 2020: Apache Jackrabbit Oak 1.4.26 released
+Jackrabbit Oak 1.4.26 is a patch release that contains fixes and
+improvements over the previous 1.4.x release.  See the
+[downloads](downloads.html#oak1.4) page for more details.
+
 #### February 14th, 2020: Apache Jackrabbit 2.21.0 released
 Apache Jackrabbit 2.21.0 is an unstable release cut directly from trunk, with a
 focus on new features and other improvements. See the



Mime
View raw message