Author: jbonofre
Date: Sun Jan 6 06:14:46 2019
New Revision: 1850524
URL: http://svn.apache.org/viewvc?rev=1850524&view=rev
Log:
[scm-publish] Updating main website contents
Added:
karaf/site/production/security/cve-2018-11788.txt
Modified:
karaf/site/production/archives.html
karaf/site/production/community.html
karaf/site/production/documentation.html
karaf/site/production/download.html
karaf/site/production/index.html
karaf/site/production/news.html
karaf/site/production/privacy.html
karaf/site/production/projects.html
karaf/site/production/stories.html
Modified: karaf/site/production/archives.html
URL:
http://svn.apache.org/viewvc/karaf/site/production/archives.html?rev=1850524&r1=1850523&r2=1850524&view=diff
==============================================================================
--- karaf/site/production/archives.html (original)
+++ karaf/site/production/archives.html Sun Jan 6 06:14:46 2019
@@ -883,7 +883,7 @@
<p class="pt-2"><a class="btn btn-primary" href="documentation.html"
role="button">Read Documentation »</a></p>
</div>
<p class="float-right"><a href="#">Back to top</a></p>
- <p>© 2018 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
+ <p>© 2018-2019 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
<a href="privacy.html">Privacy Policy</a> -
<a target="_blank"
href="https://www.apache.org/events/current-event.html"; title="Apache
Events">Apache Events</a> -
<a target="_blank" href="https://www.apache.org/licenses/";
title="Licenses">Licenses</a> -
Modified: karaf/site/production/community.html
URL:
http://svn.apache.org/viewvc/karaf/site/production/community.html?rev=1850524&r1=1850523&r2=1850524&view=diff
==============================================================================
--- karaf/site/production/community.html (original)
+++ karaf/site/production/community.html Sun Jan 6 06:14:46 2019
@@ -138,7 +138,7 @@
</ul>
<p>
If you'd rather have a more gentle introduction to working on
the Karaf project, try looking at the test coverage report and help us get it
even more green by supplying more test cases to get us closer to 100% coverage.
- </p>
+ </p>
</div>
</div>
@@ -146,8 +146,8 @@
<div class="col">
<h4 class="pb-3 mb-4">Report bugs and feature requests</h4>
<p>Did you find a bug or want something implemented? Please
report an issue in our <a
href="https://issues.apache.org/jira/browse/KARAF";>issue tracker</a>. When
creating a bug make sure you document the steps to reproduce the issue and
provide all necessary information like OS, versions your use, logs. When
creating a feature request document your requirements first. Try to not
directly describe the solution.</p>
-
- <p>If you want to dive into development yourself then you can
also browse for open issues or features that need to be implemented. Take
ownership of an issue and try fix it. Before doing a bigger change describe the
concept/design of what you plan to do. If unsure if the design is good or will
be accepted discuss it on the dev list.</p>
+
+ <p>If you want to dive into development yourself then you can
also browse for open issues or features that need to be implemented. Take
ownership of an issue and try fix it. Before doing a bigger change describe the
concept/design of what you plan to do. If unsure if the design is good or will
be accepted discuss it on the dev list.</p>
</div>
</div>
@@ -177,7 +177,7 @@
<li>If your PR has conflicts with the master then rebase
the branch. PRs with conflicts are unlikely to be applied</li>
<li>Do not change too much in a PR. The smaller the PR the
easier it is to apply and the faster it will be done</li>
<li>Sometimes PRs get lost. Do not hesitate to ask on the
dev list if your PR seems to be ignored</li>
- </ul>
+ </ul>
</div>
</div>
@@ -189,7 +189,7 @@
When reviewing check if the changes are done in a clean way
and are tested with a unit and possibly integration test. Check that the build
does not report more test failures than before. If you are not a committer then
write a comment if you recommend a merge or not. Provide good instructions for
the contributor how to improve his PR if it is not yet ok. Make sure you do a
review timely. By commenting that you do a review you kind of block others from
applying the change.</p>
<p class="alert alert-primary" role="alert">
NB: Jenkins performs a build for each pull request. You can
trigger a new build on a pull request using "retest this please" in a PR
comment.
- </p>
+ </p>
</div>
</div>
@@ -197,7 +197,7 @@
<div class="col">
<h4 class="pb-3 mb-4">Apply pull requests</h4>
<p>This can obviously only be done by a committer. Do the
following steps.</p>
-
+
<ul class="community">
<li>As one time config, you can rename your git remote and
add apache one :<br/>
<code>> git remote add apache
https://gitbox.apache.org/repos/asf/karaf.git</code><br/><br/>
@@ -214,7 +214,7 @@
<code>username [email protected]:username/karaf.git
(fetch)</code><br>
<code>username [email protected]:username/karaf.git
(push)</code>
</li>
-
+
<li>Checkout the PR :<br/>
<code>> git fetch --all</code><br>
<code>> git checkout -b pr-xxx github/pr/xxx</code>
@@ -229,7 +229,7 @@
<li>Make sure you document the fix in jira by adding the
fix versions and resolve the jira issue.</li>
<li>You can delete the PR branch : <br>
<code>> git branch -D pr-xxx</code>.</li>
- </ul>
+ </ul>
</div>
</div>
@@ -251,7 +251,7 @@
<p>If you are experiencing problems using Karaf then please
report your problem to our <a
href="https://issues.apache.org/jira/browse/KARAF";>issue tracker</a>.
You may also find it useful to discuss your issues with the
community on the mailing lists or IRC.</p>
</div>
- </div>
+ </div>
<div class="row mb-5 mt-5">
<div class="col">
@@ -487,7 +487,7 @@
</tr>
</tbody>
</table>
- </div>
+ </div>
</main>
<!-- FOOTER -->
@@ -497,12 +497,12 @@
<p class="pt-2"><a class="btn btn-primary" href="documentation.html"
role="button">Read Documentation »</a></p>
</div>
<p class="float-right"><a href="#">Back to top</a></p>
- <p>© 2018 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
- <a href="privacy.html">Privacy Policy</a> -
- <a target="_blank"
href="https://www.apache.org/events/current-event.html"; title="Apache
Events">Apache Events</a> -
- <a target="_blank" href="https://www.apache.org/licenses/";
title="Licenses">Licenses</a> -
- <a target="_blank" href="https://www.apache.org/security/";
title="Security">Security</a> -
- <a target="_blank"
href="https://www.apache.org/foundation/sponsorship.html";
title="Sponsorship">Sponsorship</a> -
+ <p>© 2018-2019 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
+ <a href="privacy.html">Privacy Policy</a> -
+ <a target="_blank"
href="https://www.apache.org/events/current-event.html"; title="Apache
Events">Apache Events</a> -
+ <a target="_blank" href="https://www.apache.org/licenses/";
title="Licenses">Licenses</a> -
+ <a target="_blank" href="https://www.apache.org/security/";
title="Security">Security</a> -
+ <a target="_blank"
href="https://www.apache.org/foundation/sponsorship.html";
title="Sponsorship">Sponsorship</a> -
<a target="_blank"
href="https://www.apache.org/foundation/thanks.html";
title="Thanks">Thanks</a><br/>
Apache Karaf, Karaf, Apache, the Apache feather logo, and the Apache
Karaf project logo are trademarks of The Apache Software Foundation.</p>
</footer>
Modified: karaf/site/production/documentation.html
URL:
http://svn.apache.org/viewvc/karaf/site/production/documentation.html?rev=1850524&r1=1850523&r2=1850524&view=diff
==============================================================================
--- karaf/site/production/documentation.html (original)
+++ karaf/site/production/documentation.html Sun Jan 6 06:14:46 2019
@@ -350,6 +350,10 @@
<h2 class="pb-3 mb-4 font-italic border-bottom"><i class="fas
fa-lock"></i> Security Advisories</h2>
<div class="pb-4 mb-3">
+ <p>CVE-2014-0219 : Apache Karaf enables a shutdown port on the
loopback interface, which allows local users to cause a denial of service
(shutdown) by sending a shutdown command to all listening high ports.</p>
+ <a class="btn btn-outline-primary"
href="security/cve-2014-0219.txt">Notes »</a>
+ </div>
+ <div class="pb-4 mb-3">
<p>CVE-2016-8750 : Apache Karaf's LDAPLoginModule is
vulnerable to LDAP injection.</p>
<a class="btn btn-outline-primary"
href="security/cve-2016-8750.txt">Notes »</a>
</div><!-- /.blog-post -->
@@ -361,10 +365,10 @@
<p>CVE-2018-11787 : Unsecure access to Gogo shell in the webconsole.</p>
<a class="btn
btn-outline-primary" href="security/cve-2018-11787.txt">Notes »</a>
</div>
- <div class="pb-4 mb-3">
- <p>CVE-2014-0219 : Apache Karaf enables a shutdown port on the
loopback interface, which allows local users to cause a denial of service
(shutdown) by sending a shutdown command to all listening high ports.</p>
- <a class="btn btn-outline-primary"
href="security/cve-2014-0219.txt">Notes »</a>
- </div>
+ <div class="pb-4 mb-3">
+
<p>CVE-2018-11788 : XXE vulnerability found on Apache Karaf.</p>
+ <a class="btn
btn-outline-primary" href="security/cve-2018-11788.txt">Notes »</a>
+ </div>
</div><!-- /.blog-main -->
</div>
@@ -573,7 +577,7 @@
<p class="pt-2"><a class="btn btn-primary" href="documentation.html"
role="button">Read Documentation »</a></p>
</div>
<p class="float-right"><a href="#">Back to top</a></p>
- <p>© 2018 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
+ <p>© 2018-2019 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
<a href="privacy.html">Privacy Policy</a> -
<a target="_blank"
href="https://www.apache.org/events/current-event.html"; title="Apache
Events">Apache Events</a> -
<a target="_blank" href="https://www.apache.org/licenses/";
title="Licenses">Licenses</a> -
Modified: karaf/site/production/download.html
URL:
http://svn.apache.org/viewvc/karaf/site/production/download.html?rev=1850524&r1=1850523&r2=1850524&view=diff
==============================================================================
--- karaf/site/production/download.html (original)
+++ karaf/site/production/download.html Sun Jan 6 06:14:46 2019
@@ -584,7 +584,7 @@
<p class="pt-2"><a class="btn btn-primary" href="documentation.html"
role="button">Read Documentation »</a></p>
</div>
<p class="float-right"><a href="#">Back to top</a></p>
- <p>© 2018 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
+ <p>© 2018-2019 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
<a href="privacy.html">Privacy Policy</a> -
<a target="_blank"
href="https://www.apache.org/events/current-event.html"; title="Apache
Events">Apache Events</a> -
<a target="_blank" href="https://www.apache.org/licenses/";
title="Licenses">Licenses</a> -
Modified: karaf/site/production/index.html
URL:
http://svn.apache.org/viewvc/karaf/site/production/index.html?rev=1850524&r1=1850523&r2=1850524&view=diff
==============================================================================
--- karaf/site/production/index.html (original)
+++ karaf/site/production/index.html Sun Jan 6 06:14:46 2019
@@ -337,7 +337,7 @@
<p class="pt-2"><a class="btn btn-primary" href="documentation.html"
role="button">Read Documentation »</a></p>
</div>
<p class="float-right"><a href="#">Back to top</a></p>
- <p>© 2018 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
+ <p>© 2018-2019 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
<a href="privacy.html">Privacy Policy</a> -
<a target="_blank"
href="https://www.apache.org/events/current-event.html"; title="Apache
Events">Apache Events</a> -
<a target="_blank" href="https://www.apache.org/licenses/";
title="Licenses">Licenses</a> -
Modified: karaf/site/production/news.html
URL:
http://svn.apache.org/viewvc/karaf/site/production/news.html?rev=1850524&r1=1850523&r2=1850524&view=diff
==============================================================================
--- karaf/site/production/news.html (original)
+++ karaf/site/production/news.html Sun Jan 6 06:14:46 2019
@@ -1358,7 +1358,7 @@
<p class="pt-2"><a class="btn btn-primary" href="documentation.html"
role="button">Read Documentation »</a></p>
</div>
<p class="float-right"><a href="#">Back to top</a></p>
- <p>© 2018 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
+ <p>© 2018-2019 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
<a href="privacy.html">Privacy Policy</a> -
<a target="_blank"
href="https://www.apache.org/events/current-event.html"; title="Apache
Events">Apache Events</a> -
<a target="_blank" href="https://www.apache.org/licenses/";
title="Licenses">Licenses</a> -
Modified: karaf/site/production/privacy.html
URL:
http://svn.apache.org/viewvc/karaf/site/production/privacy.html?rev=1850524&r1=1850523&r2=1850524&view=diff
==============================================================================
--- karaf/site/production/privacy.html (original)
+++ karaf/site/production/privacy.html Sun Jan 6 06:14:46 2019
@@ -86,9 +86,9 @@
We use the gathered information to help us make our site more
useful to visitors and to better understand how and when our site is used. We
do not track or collect personally identifiable information or associate
gathered data with any personally identifying information from other
sources.<br/>
<br/>
By using this website, you consent to the collection of this
data in the manner and for the purpose described above.
- </p>
+ </p>
</div>
- </div>
+ </div>
</main>
<!-- FOOTER -->
@@ -98,12 +98,12 @@
<p class="pt-2"><a class="btn btn-primary" href="documentation.html"
role="button">Read Documentation »</a></p>
</div>
<p class="float-right"><a href="#">Back to top</a></p>
- <p>© 2018 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
- <a href="privacy.html">Privacy Policy</a> -
- <a target="_blank"
href="https://www.apache.org/events/current-event.html"; title="Apache
Events">Apache Events</a> -
- <a target="_blank" href="https://www.apache.org/licenses/";
title="Licenses">Licenses</a> -
- <a target="_blank" href="https://www.apache.org/security/";
title="Security">Security</a> -
- <a target="_blank"
href="https://www.apache.org/foundation/sponsorship.html";
title="Sponsorship">Sponsorship</a> -
+ <p>© 2018-2019 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
+ <a href="privacy.html">Privacy Policy</a> -
+ <a target="_blank"
href="https://www.apache.org/events/current-event.html"; title="Apache
Events">Apache Events</a> -
+ <a target="_blank" href="https://www.apache.org/licenses/";
title="Licenses">Licenses</a> -
+ <a target="_blank" href="https://www.apache.org/security/";
title="Security">Security</a> -
+ <a target="_blank"
href="https://www.apache.org/foundation/sponsorship.html";
title="Sponsorship">Sponsorship</a> -
<a target="_blank"
href="https://www.apache.org/foundation/thanks.html";
title="Thanks">Thanks</a><br/>
Apache Karaf, Karaf, Apache, the Apache feather logo, and the Apache
Karaf project logo are trademarks of The Apache Software Foundation.</p>
</footer>
Modified: karaf/site/production/projects.html
URL:
http://svn.apache.org/viewvc/karaf/site/production/projects.html?rev=1850524&r1=1850523&r2=1850524&view=diff
==============================================================================
--- karaf/site/production/projects.html (original)
+++ karaf/site/production/projects.html Sun Jan 6 06:14:46 2019
@@ -501,7 +501,7 @@
<p class="pt-2"><a class="btn btn-primary" href="documentation.html"
role="button">Read Documentation »</a></p>
</div>
<p class="float-right"><a href="#">Back to top</a></p>
- <p>© 2018 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
+ <p>© 2018-2019 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
<a href="privacy.html">Privacy Policy</a> -
<a target="_blank"
href="https://www.apache.org/events/current-event.html"; title="Apache
Events">Apache Events</a> -
<a target="_blank" href="https://www.apache.org/licenses/";
title="Licenses">Licenses</a> -
Added: karaf/site/production/security/cve-2018-11788.txt
URL:
http://svn.apache.org/viewvc/karaf/site/production/security/cve-2018-11788.txt?rev=1850524&view=auto
==============================================================================
--- karaf/site/production/security/cve-2018-11788.txt (added)
+++ karaf/site/production/security/cve-2018-11788.txt Sun Jan 6 06:14:46 2019
@@ -0,0 +1,33 @@
+CVS-2018-11788: XXE vulnerability found on Apache Karaf
+
+Severity: Moderate
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: all versions of Apache Karaf prior to 4.1.7, 4.2.2.
+
+Description:
+
+Apache Karaf provides a features deployer, which allows users to "hot deploy"
+a features XML by dropping the file directly in the deploy folder.
+
+The features XML is parsed by XMLInputFactory class.
+
+Apache Karaf XMLInputFactory class doesn't contain any mitigation codes
+against XXE.
+This is a potential security risk as an user can inject external XML entities.
+
+The mitigation is to prevent XXE by disabling external entities loading feature
+in XMLInputFactory and XmlUtils.
+
+This has been fixed in revision:
+
+https://gitbox.apache.org/repos/asf?p=karaf.git;h=cc3332e
+https://gitbox.apache.org/repos/asf?p=karaf.git;h=1ffa6d1
+
+Mitigation: Apache Karaf users should upgrade to 4.1.7, 4.2.2
+or later as soon as possible.
+
+JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-5911
+
+Credit: This issue was reported by Brian Wang.
Modified: karaf/site/production/stories.html
URL:
http://svn.apache.org/viewvc/karaf/site/production/stories.html?rev=1850524&r1=1850523&r2=1850524&view=diff
==============================================================================
--- karaf/site/production/stories.html (original)
+++ karaf/site/production/stories.html Sun Jan 6 06:14:46 2019
@@ -176,7 +176,7 @@
<p class="pt-2"><a class="btn btn-primary" href="documentation.html"
role="button">Read Documentation »</a></p>
</div>
<p class="float-right"><a href="#">Back to top</a></p>
- <p>© 2018 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
+ <p>© 2018-2019 <a href="https://www.apache.org";>Apache Software
Foundation</a> -
<a href="privacy.html">Privacy Policy</a> -
<a target="_blank"
href="https://www.apache.org/events/current-event.html"; title="Apache
Events">Apache Events</a> -
<a target="_blank" href="https://www.apache.org/licenses/";
title="Licenses">Licenses</a> -
