This is an automated email from the ASF dual-hosted git repository. vnick pushed a commit to branch working/angularjs-security in repository https://gitbox.apache.org/repos/asf/guacamole-website.git
commit fdba462d575c017d257822ae9996c6f612c0c0ea Author: Virtually Nick <[email protected]> AuthorDate: Tue Jun 11 11:42:26 2024 -0400 Add security page entry for AngularJS vulnerabilities. --- security.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/security.md b/security.md index e60b7267..e4ae523d 100644 --- a/security.md +++ b/security.md @@ -40,6 +40,15 @@ latest would give you an updated image. No, CVE-2021-44228 does not affect Apache Guacamole. Guacamole uses [Logback](http://logback.qos.ch/) as its logging backend, not Log4j. +### Is Apache Guacamole affected by AngularJS vulnerabilities? {#not-affected-angularjs} + +No. Apache Guacamole does currently rely on AngularJS, which has gone +end-of-life and is no longer being actively developed or supported. While +AngularJS has several vulnerabilities, we have verified that Guacamole +is not impacted by any current known vulnerabilities, either because +the affected component is not in use in Guacamole, or because there is +no known exploitation path. + {% assign releases = site.releases | where: 'released', 'true' | sort: 'date' %} {% for release in releases reversed %}
