[activemq-website] branch asf-site updated: Automatic Site Publish by Buildbot

[git-site-role]

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/activemq-website.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 8c7d283  Automatic Site Publish by Buildbot
8c7d283 is described below

commit 8c7d28380063bc7e8da30cfea80484d30c54dc9d
Author: buildbot <us...@infra.apache.org>
AuthorDate: Wed Jan 27 16:14:45 2021 +0000

    Automatic Site Publish by Buildbot
---
 output/components/artemis/security.html             |  1 +
 .../CVE-2021-26118-announcement.txt                 | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/output/components/artemis/security.html 
b/output/components/artemis/security.html
index e1659a6..396cc89 100644
--- a/output/components/artemis/security.html
+++ b/output/components/artemis/security.html
@@ -97,6 +97,7 @@
 <p>See the main <a href="../../security-advisories">Security Advisories</a> 
page for details for other components and general information such as reporting 
new security issues.</p>
 
 <ul>
+  <li><a 
href="../../security-advisories.data/CVE-2021-26118-announcement.txt">CVE-2021-26118</a>
 - Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin</li>
   <li><a 
href="../../security-advisories.data/CVE-2020-13932-announcement.txt">CVE-2020-13932</a>
 - Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin</li>
   <li><a 
href="../../security-advisories.data/CVE-2017-12174-announcement.txt">CVE-2017-12174</a>
 - Memory exhaustion via UDP and JGroups discovery</li>
   <li><a 
href="../../security-advisories.data/CVE-2016-4978-announcement.txt">CVE-2016-4978</a>
 - Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability</li>
diff --git a/output/security-advisories.data/CVE-2021-26118-announcement.txt 
b/output/security-advisories.data/CVE-2021-26118-announcement.txt
new file mode 100644
index 0000000..b07ac9c
--- /dev/null
+++ b/output/security-advisories.data/CVE-2021-26118-announcement.txt
@@ -0,0 +1,21 @@
+Flaw in ActiveMQ Artemis OpenWire support (CVE-2021-26118)
+PRODUCT AFFECTED:
+This issue affects Apache ActiveMQ Artemis.
+
+PROBLEM:
+While investigating ARTEMIS-2964 it was found that the creation of advisory 
messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 
bypassed policy based access control for the entire session. Production of 
advisory messages was not subject to access control in error.
+
+This issue has been assigned CVE-2021-26118.
+
+This issue is being tracked as 
https://issues.apache.org/jira/browse/ARTEMIS-2964.
+
+WORKAROUND:
+Upgrade to Apache ActiveMQ Artemis 2.16.0
+
+MODIFICATION HISTORY:
+: Initial Publication.
+RELATED LINKS:
+CVE-2021-26118 at cve.mitre.org
+ACKNOWLEDGEMENTS:
+Apache ActiveMQ would like to thank Francesco Marchioni (Red Hat) for 
reporting this issue.
+