This is an automated email from the ASF dual-hosted git repository.
olamy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-site.git
The following commit(s) were added to refs/heads/master by this push:
new 3cb3e62 update security page
3cb3e62 is described below
commit 3cb3e6218538f3d76f613be128eee24d5c3ad318
Author: Olivier Lamy <[email protected]>
AuthorDate: Tue May 31 20:40:35 2022 +1000
update security page
Signed-off-by: Olivier Lamy <[email protected]>
---
src/site/apt/security.apt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/site/apt/security.apt b/src/site/apt/security.apt
index 3b6a113..775a2d5 100644
--- a/src/site/apt/security.apt
+++ b/src/site/apt/security.apt
@@ -36,6 +36,8 @@ Security Vulnerabilities
%{toc|fromDepth=2|toDepth=2}
+* {CVE-2022-29405}: Apache Archiva Arbitrary user password reset vulnerability
+
* {CVE-2021-45105}: Apache Log4j2 does not always protect from infinite
recursion in lookup evaluation
This may be used by attackers, if users changed the default Archiva
log4j2.xml configuration.
