This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/archiva-web-content.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 4951ebe Fix for layout
4951ebe is described below
commit 4951ebe55f7c27cef3515e5ddbe8599bd76789f0
Author: Martin Stockhammer <[email protected]>
AuthorDate: Fri Jun 19 20:50:39 2020 +0200
Fix for layout
---
security.html | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security.html b/security.html
index f74ddec..9ec74f2 100644
--- a/security.html
+++ b/security.html
@@ -160,6 +160,9 @@
<p>Mitigation:</p>
<ul>
<li>Upgrade to <a href="./download.cgi"> Archiva 2.2.5 or higher</a></li>
+</ul>
+</div>
+
<div class="section">
<h3><a
name="CVE-2019-0213:_Apache_Archiva_XSS_may_be_stored_in_central_UI_configuration"></a><a
name="CVE-2019-0213">CVE-2019-0213</a>: Apache Archiva XSS may be stored in
central UI configuration</h3>
<p>It may be possible to store malicious XSS code into central configuration
entries, i.e. the logo URL. The vulnerability is considered as minor risk, as
only users with admin role can change the configuration, or the communication
between the browser and the Archiva server must be compromised. </p>
