Author: ilgrosso
Date: Mon Jul 22 09:45:37 2024
New Revision: 1919453
URL: http://svn.apache.org/viewvc?rev=1919453&view=rev
Log:
Site update
Modified:
syncope/site/integration.html
syncope/site/release-process.html
syncope/site/security.html
Modified: syncope/site/integration.html
URL:
http://svn.apache.org/viewvc/syncope/site/integration.html?rev=1919453&r1=1919452&r2=1919453&view=diff
==============================================================================
--- syncope/site/integration.html (original)
+++ syncope/site/integration.html Mon Jul 22 09:45:37 2024
@@ -91,7 +91,7 @@
<p>
</p>
-<div class="source"><pre class="prettyprint"><a class="externalLink"
href="https://ci-builds.apache.org./job/Syncope/";>https://ci-builds.apache.org./job/Syncope/</a></pre></div>
+<div class="source"><pre class="prettyprint"><a class="externalLink"
href="https://ci-builds.apache.org/job/Syncope/";>https://ci-builds.apache.org./job/Syncope/</a></pre></div>
</section>
Modified: syncope/site/release-process.html
URL:
http://svn.apache.org/viewvc/syncope/site/release-process.html?rev=1919453&r1=1919452&r2=1919453&view=diff
==============================================================================
--- syncope/site/release-process.html (original)
+++ syncope/site/release-process.html Mon Jul 22 09:45:37 2024
@@ -706,7 +706,7 @@ svn commit -m "Promoting the stagin
<li>
Deploy the updated Docker images to <a class="externalLink"
href="https://hub.docker.com/";>DockerHub</a> by adjusting the GIT tag
- name then running the <a class="externalLink"
href="https://ci-builds.apache.org./job/Syncope/job/Syncope-Release-Docker/";>dedicated
Jenkins job</a>.
+ name then running the <a class="externalLink"
href="https://ci-builds.apache.org/job/Syncope/job/Syncope-Release-Docker/";>dedicated
Jenkins job</a>.
</li>
</ol>
</section>
Modified: syncope/site/security.html
URL:
http://svn.apache.org/viewvc/syncope/site/security.html?rev=1919453&r1=1919452&r2=1919453&view=diff
==============================================================================
--- syncope/site/security.html (original)
+++ syncope/site/security.html Mon Jul 22 09:45:37 2024
@@ -100,6 +100,64 @@
<p>If you want to report a vulnerability, please follow <a
class="externalLink" href="https://www.apache.org/security/";>the
procedure</a>.</p>
<section>
+<h3><a
name="CVE-2024-38503:_HTML_tags_can_be_injected_into_Console_or_Enduser_text_fields"></a>CVE-2024-38503:
HTML tags can be injected into Console or Enduser text fields</h3>
+
+<p>When editing a user, group or any object in the Syncope Console, HTML tags
could be added to any text field and could lead to potential exploits.
+The same vulnerability was found in the Syncope Enduser, when editing
“Personal Information” or “User Requests”.</p>
+
+
+<p>
+ <b>Severity</b>
+ </p>
+
+<p>Moderate</p>
+
+
+<p>
+ <b>Affects</b>
+ </p>
+
+<p>
+ </p>
+<ul>
+
+<li>3.0 through 3.0.7</li>
+
+<li>2.1 through 2.1.14</li>
+ </ul>
+
+
+
+<p>
+ <b>Solution</b>
+ </p>
+
+<p>
+ </p>
+<ul>
+
+<li>Users are recommended to upgrade to version 3.0.8, which fixes this
issue.</li>
+ </ul>
+
+
+
+<p>
+ <b>Fixed in</b>
+ </p>
+
+<p>
+ </p>
+<ul>
+
+<li>Release 3.0.8</li>
+ </ul>
+
+
+
+<p>Read the <a class="externalLink"
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38503";>full CVE
advisory</a>.</p>
+ </section>
+
+ <section>
<h3><a
name="CVE-2020-11977:_Remote_Code_Execution_via_Flowable_workflow_definition"></a>CVE-2020-11977:
Remote Code Execution via Flowable workflow definition</h3>
<p>When the Flowable extension is enabled, an administrator with workflow
entitlements can use Shell Service Tasks to perform malicious operations,
including but not limited
