This is an automated email from the ASF dual-hosted git repository.
angela pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-site.git
The following commit(s) were added to refs/heads/master by this push:
new 6716c8ba4 update news
6716c8ba4 is described below
commit 6716c8ba4e6ae6dd975109d15d6f96298c28dbee
Author: angela <[email protected]>
AuthorDate: Tue Feb 14 12:13:16 2023 +0100
update news
---
src/main/jbake/content/news.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/main/jbake/content/news.md b/src/main/jbake/content/news.md
index 25bff5456..e1ed49a7c 100644
--- a/src/main/jbake/content/news.md
+++ b/src/main/jbake/content/news.md
@@ -5,6 +5,7 @@ tags=news
tableOfContents=false
~~~~~~
+* Vulnerability report and fix: CVE-2023-25141: Apache Sling JCR Base JNDI
injection (February 14th, 2023), see
[https://www.cve.org/CVERecord?id=CVE-2023-25141](https://www.cve.org/CVERecord?id=CVE-2023-25141)
* Vulnerability report and fix: VE-2023-22849: Apache Sling App CMS: XSS in
CMS Reference / UI Components (Feb 3rd, 2023), see
[https://www.cve.org/CVERecord?id=CVE-2023-22849](https://www.cve.org/CVERecord?id=CVE-2023-22849)
* Vulnerability report and fix: CVE-2022-46769: Apache Sling CMS Reflected XSS
Vulnerability (January 1st, 2022), see
[https://www.cve.org/CVERecord?id=CVE-2022-46769](https://www.cve.org/CVERecord?id=CVE-2022-46769)
* Vulnerability report and fix: CVE-2022-43670: Apache Sling CMS Reflected XSS
Vulnerability (November 1st, 2022), see
[http://s.apache.org/CVE-2022-43670](http://s.apache.org/CVE-2022-43670)
