This is an automated email from the ASF dual-hosted git repository.
angela pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-site.git
The following commit(s) were added to refs/heads/master by this push:
new 294dca120 update news: missing announcement for CVE-2023-26513
294dca120 is described below
commit 294dca120d0f29cdcfc364a672da37fda8213f92
Author: angela <[email protected]>
AuthorDate: Fri Apr 14 12:17:20 2023 +0200
update news: missing announcement for CVE-2023-26513
---
src/main/jbake/content/news.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/main/jbake/content/news.md b/src/main/jbake/content/news.md
index 50c5440a6..6f11fc617 100644
--- a/src/main/jbake/content/news.md
+++ b/src/main/jbake/content/news.md
@@ -6,6 +6,7 @@ tableOfContents=false
~~~~~~
* Vulnerability report and fix: CVE-2022-45064: Apache Sling Engine:
Include-based XSS (April 12th, 2023), see
[https://www.cve.org/CVERecord?id=CVE-2022-45064](https://www.cve.org/CVERecord?id=CVE-2022-45064)
+* Vulnerability report and fix: CVE-2023-26513: Apache Sling Resource Merger:
Requests to certain paths managed by the Apache Sling Resource Merger can lead
to DoS (Mar 20th, 2023), see
[https://www.cve.org/CVERecord?id=CVE-2023-26513](https://www.cve.org/CVERecord?id=CVE-2023-26513)
* Vulnerability report and fix: CVE-2023-25621: Apache Sling does not allow to
handle i18n content in a secure way (Feb 23rd, 2023), see
[https://www.cve.org/CVERecord?id=CVE-2023-25621](https://www.cve.org/CVERecord?id=CVE-2023-25621)
* Vulnerability report and fix: CVE-2023-25141: Apache Sling JCR Base JNDI
injection (February 14th, 2023), see
[https://www.cve.org/CVERecord?id=CVE-2023-25141](https://www.cve.org/CVERecord?id=CVE-2023-25141)
* Vulnerability report and fix: CVE-2023-22849: Apache Sling App CMS: XSS in
CMS Reference / UI Components (Feb 3rd, 2023), see
[https://www.cve.org/CVERecord?id=CVE-2023-22849](https://www.cve.org/CVERecord?id=CVE-2023-22849)
