This is an automated email from the ASF dual-hosted git repository.
francischuang pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/calcite-avatica.git
The following commit(s) were added to refs/heads/main by this push:
new 354eaf120 Update website for Avatica 1.22 release
354eaf120 is described below
commit 354eaf120ef7073eb273f7da9def6b43c40dc744
Author: Francis Chuang <[email protected]>
AuthorDate: Thu Jul 28 10:04:47 2022 +1000
Update website for Avatica 1.22 release
---
site/_docs/history.md | 2 +-
site/_posts/2022-07-28-release-1.22.0.md | 37 ++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+), 1 deletion(-)
diff --git a/site/_docs/history.md b/site/_docs/history.md
index 25c80bc2e..a4998524c 100644
--- a/site/_docs/history.md
+++ b/site/_docs/history.md
@@ -28,7 +28,7 @@ For a full list of releases, see
Downloads are available on the
[downloads page]({{ site.baseurl }}/downloads/avatica.html).
-## <a
href="https://github.com/apache/calcite-avatica/releases/tag/rel/avatica-1.22.0";>1.22.0</a>
/ 2022-07-XX
+## <a
href="https://github.com/apache/calcite-avatica/releases/tag/rel/avatica-1.22.0";>1.22.0</a>
/ 2022-07-28
{: #v1-22-0}
Apache Calcite Avatica 1.22.0 is a maintenance release to resolve
`CVE-2022-36364`: Apache Calcite Avatica JDBC driver
diff --git a/site/_posts/2022-07-28-release-1.22.0.md
b/site/_posts/2022-07-28-release-1.22.0.md
new file mode 100644
index 000000000..ad6367a7e
--- /dev/null
+++ b/site/_posts/2022-07-28-release-1.22.0.md
@@ -0,0 +1,37 @@
+---
+layout: news_item
+date: "2022-07-28 08:30:00 +0000"
+author: francischuang
+version: 1.22.0
+categories: [release]
+tag: v1-22-0
+sha: 71fc0ab
+component: avatica
+---
+<!--
+{% comment %}
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to you under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+{% endcomment %}
+-->
+
+Apache Calcite Avatica 1.22.0 is a maintenance release to resolve
`CVE-2022-36364`: Apache Calcite Avatica JDBC driver
+`httpclient_impl` connection property can be used as an RCE vector. Users of
previous versions of Avatica MUST upgrade
+to mitigate this vulnerability. For more info please see the entry in the CVE
database:
+<a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36364";>CVE-2022-36364</a>.
+
+See the list of
+[bug fixes and new features]({{ site.baseurl }}/docs/history.html#v1-22-0)
+for more information.
