Author: buildbot
Date: Sat Feb 23 15:08:32 2013
New Revision: 851680
Log:
Staging update by buildbot for maven
Modified:
websites/staging/maven/trunk/content/ (props changed)
websites/staging/maven/trunk/content/maven-site-1.0-site.jar
websites/staging/maven/trunk/content/security.html
Propchange: websites/staging/maven/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Feb 23 15:08:32 2013
@@ -1 +1 @@
-1449337
+1449339
Modified: websites/staging/maven/trunk/content/maven-site-1.0-site.jar
==============================================================================
Binary files - no diff available.
Modified: websites/staging/maven/trunk/content/security.html
==============================================================================
--- websites/staging/maven/trunk/content/security.html (original)
+++ websites/staging/maven/trunk/content/security.html Sat Feb 23 15:08:32 2013
@@ -230,7 +230,7 @@
</div>
<div id="bodyColumn">
<div id="contentBox">
- <!-- Licensed to the Apache Software Foundation (ASF) under one
--><!-- or more contributor license agreements. See the NOTICE file --><!--
distributed with this work for additional information --><!-- regarding
copyright ownership. The ASF licenses this file --><!-- to you under the
Apache License, Version 2.0 (the --><!-- "License"); you may not use this file
except in compliance --><!-- with the License. You may obtain a copy of the
License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!--
--><!-- Unless required by applicable law or agreed to in writing, --><!--
software distributed under the License is distributed on an --><!-- "AS IS"
BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or
implied. See the License for the --><!-- specific language governing
permissions and limitations --><!-- under the License. --><!-- NOTE: For help
with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/g
uide-apt-format.html --><div class="section"><h2>Security Vulnerabilities<a
name="Security_Vulnerabilities"></a></h2><p>Please note that binary patches are
not produced for individual vulnerabilities. To obtain the binary fix for a
particular vulnerability you should upgrade to an Apache Maven version where
that vulnerability has been fixed.</p><p>For more information about reporting
vulnerabilities, see the <a class="externalLink"
href="http://www.apache.org/security/";> Apache Security Team</a> page.</p><div
class="section"><h3>CVE-2013-0253 Apache Maven<a
name="CVE-2013-0253_Apache_Maven"></a></h3><p>Severity: Medium</p><p>Vendor:
The Apache Software Foundation</p><p>Versions Affected:</p><ul><li>Apache Maven
3.0.4</li><li>Apache Maven Wagon 2.1, 2.2, 2.3</li></ul><p>Description: Apache
Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure SSL mode
by default. This mode disables all SSL certificate checking, including: host
name verification , date validity
, and certificate chain. Not validating the certificate introduces the
possibility of a man-in-the-middle attack.</p><p>All users are recommended to
upgrade to <a href="./download.cgi"> Apache Maven 3.0.5</a> and Apache Maven
Wagon 2.4.</p><p>Credit This issue was identified by Graham
Leggett</p></div></div>
+ <!-- Licensed to the Apache Software Foundation (ASF) under one
--><!-- or more contributor license agreements. See the NOTICE file --><!--
distributed with this work for additional information --><!-- regarding
copyright ownership. The ASF licenses this file --><!-- to you under the
Apache License, Version 2.0 (the --><!-- "License"); you may not use this file
except in compliance --><!-- with the License. You may obtain a copy of the
License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!--
--><!-- Unless required by applicable law or agreed to in writing, --><!--
software distributed under the License is distributed on an --><!-- "AS IS"
BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or
implied. See the License for the --><!-- specific language governing
permissions and limitations --><!-- under the License. --><!-- NOTE: For help
with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/g
uide-apt-format.html --><div class="section"><h2>Security Vulnerabilities<a
name="Security_Vulnerabilities"></a></h2><p>Please note that binary patches are
not produced for individual vulnerabilities. To obtain the binary fix for a
particular vulnerability you should upgrade to an Apache Maven version where
that vulnerability has been fixed.</p><p>For more information about reporting
vulnerabilities, see the <a class="externalLink"
href="http://www.apache.org/security/";> Apache Security Team</a> page.</p><div
class="section"><h3>CVE-2013-0253 Apache Maven<a
name="CVE-2013-0253_Apache_Maven"></a></h3><p>Severity: Medium</p><p>Vendor:
The Apache Software Foundation</p><p>Versions Affected:</p><ul><li>Apache Maven
3.0.4</li><li>Apache Maven Wagon 2.1, 2.2, 2.3</li></ul><p>Description: Apache
Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure SSL mode
by default. This mode disables all SSL certificate checking, including: host
name verification , date validity
, and certificate chain. Not validating the certificate introduces the
possibility of a man-in-the-middle attack.</p><p>All users are recommended to
upgrade to <a href="./download.cgi"> Apache Maven 3.0.5</a> and Apache Maven
Wagon 2.4.</p><p>Credit: This issue was identified by Graham
Leggett</p></div></div>
</div>
</div>
<div class="clear">
