This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/archiva-web-content.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 8426440 Fixing wrong line in security info
8426440 is described below
commit 842644008ff9f86fd04a979fcc5080a695a2752d
Author: Martin Stockhammer <[email protected]>
AuthorDate: Fri Jun 19 20:47:43 2020 +0200
Fixing wrong line in security info
---
security.html | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/security.html b/security.html
index 957e448..f74ddec 100644
--- a/security.html
+++ b/security.html
@@ -160,7 +160,6 @@
<p>Mitigation:</p>
<ul>
<li>Upgrade to <a href="./download.cgi"> Archiva 2.2.5 or higher</a></li>
-<li>Make sure, that communication between Archiva server and browser is secure
by using TLS and only certain users are assigned to admin role.</li></ul></div>
<div class="section">
<h3><a
name="CVE-2019-0213:_Apache_Archiva_XSS_may_be_stored_in_central_UI_configuration"></a><a
name="CVE-2019-0213">CVE-2019-0213</a>: Apache Archiva XSS may be stored in
central UI configuration</h3>
<p>It may be possible to store malicious XSS code into central configuration
entries, i.e. the logo URL. The vulnerability is considered as minor risk, as
only users with admin role can change the configuration, or the communication
between the browser and the Archiva server must be compromised. </p>
@@ -274,4 +273,4 @@
</div>
</footer>
</body>
-</html>
\ No newline at end of file
+</html>
