This is an automated email from the ASF dual-hosted git repository.
shuber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/unomi-site.git
The following commit(s) were added to refs/heads/master by this push:
new 4aff788 Add CVE entries & other minor updates
4aff788 is described below
commit 4aff7882906cf05a313433304332d04ee3eb2f0d
Author: Serge Huber <[email protected]>
AuthorDate: Thu Jun 4 16:44:48 2020 +0200
Add CVE entries & other minor updates
---
src/main/webapp/community.html | 4 +--
src/main/webapp/contribute.html | 6 ++--
src/main/webapp/documentation.html | 8 ++----
src/main/webapp/security/cve-2020-11975.txt | 44 +++++++++++++++++++++++++++++
4 files changed, 52 insertions(+), 10 deletions(-)
diff --git a/src/main/webapp/community.html b/src/main/webapp/community.html
index 135b02c..2c56ac9 100644
--- a/src/main/webapp/community.html
+++ b/src/main/webapp/community.html
@@ -43,8 +43,8 @@ layout: default
<td>Report bugs / discover known issues</td>
</tr>
<tr>
- <td><a target="_blank"
href="https://the-asf.slack.com/messages/CBP2Z98Q7/";>Slack</a></td>
- <td>Report bugs / discover known issues. Note: Please join the
#unomi channel after you <a href="https://s.apache.org/slack-invite";>created an
account</a>. Please do not ask Unomi questions in #general.</td>
+ <td><a target="_blank"
href="https://the-asf.slack.com/messages/CBP2Z98Q7/";>Unomi Slack
channel</a></td>
+ <td>Any topics about Unomi. Note: Please join the #unomi
channel after you <a href="https://s.apache.org/slack-invite";>created an
account</a>. Please do not ask Unomi questions in #general.</td>
</tr>
</tbody>
</table>
diff --git a/src/main/webapp/contribute.html b/src/main/webapp/contribute.html
index f71783e..8afeb63 100644
--- a/src/main/webapp/contribute.html
+++ b/src/main/webapp/contribute.html
@@ -43,10 +43,10 @@ layout: default
<p>The Apache Unomi community welcomes contributions from
anyone!</p>
<p>There are lots of opportunities:</p>
<ul>
- <li>ask or answer questions on [email protected] or Slack</li>
- <li>review proposed design ideas on [email protected]</li>
+ <li>ask or answer questions on the <a
href="community.html">mailing lists</a> or Slack</li>
+ <li>review proposed design ideas on <a
href="community.html">[email protected]</a></li>
<li>improve the documentation</li>
- <li>contribute bug reports</li>
+ <li>contribute <a target="_blank"
href="https://issues.apache.org/jira/browse/UNOMI";>bug reports</a></li>
<li>write new examples</li>
</ul>
diff --git a/src/main/webapp/documentation.html
b/src/main/webapp/documentation.html
index fa35856..28bddad 100644
--- a/src/main/webapp/documentation.html
+++ b/src/main/webapp/documentation.html
@@ -280,7 +280,7 @@ layout: default
</p>
<ol>
<li>Depending on your install, perform either the standalone or
cluster migration</li>
- <li>That’s it !</li>
+ <li>That's it !</li>
</ol>
</div><!-- /.blog-main -->
</div>
@@ -288,12 +288,10 @@ layout: default
<div class="row mb-5 mt-5">
<div class="col">
<h2 class="pb-3 mb-3 border-bottom">Security Advisories</h2>
- <!--
<p>
- CVE- : Apache Unomi
+ CVE-2020-11975 : Remote Code Execution in Apache Unomi
</p>
- <a class="btn btn-outline-primary"
href="security/cve-*.txt">Notes</a>
- -->
+ <a class="btn btn-outline-primary"
href="security/cve-2020-11975.txt">Notes</a>
</div>
</div>
diff --git a/src/main/webapp/security/cve-2020-11975.txt
b/src/main/webapp/security/cve-2020-11975.txt
new file mode 100644
index 0000000..7bd55ff
--- /dev/null
+++ b/src/main/webapp/security/cve-2020-11975.txt
@@ -0,0 +1,44 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+CVE-2020-11975: Remote Code Execution in Apache Unomi
+
+Severity: Critical
+
+Vendor: The Apache Software Foundation
+
+Versions Affected:
+
+This vulnerability affects all versions of Apache Unomi prior to 1.5.1
+
+Description:
+
+Apache Unomi allows conditions to use OGNL scripting which offers the
possibility
+to call static Java classes from the JDK that could execute code with the
+permission level of the running Java process.
+
+This has been fixed in revision:
+
+https://git-wip-us.apache.org/repos/asf?p=unomi.git;h=789ae8e820c507866b9c91590feebffa4e996f5e
+
+Migration:
+
+Apache Unomi users should upgrade to 1.5.1 or later.
+
+Credit: This issue was reported by Yiming Xiang of NSFOCUS.
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEFt9+Vnc4Fy+UXwQCfBnR+70asd8FAl7XwXcACgkQfBnR+70a
+sd9XYRAAjHv3p4IZd/Uy+JRS3+i2fgYEDJGVjLpewDeoLp1pCRc8hUTTeKQXgq+E
+j3YOAbji9rV0fFYyOCQzmMraIDoHzQFt49Oit2gglXnB9fSer5Rk9lOQf1DgaTJz
+Op1Hf/pTwMrrhUQqe4vNRg9NRp7DYyZkObpeXbZaLRarv/NuYsDEXl9A6xDyRabe
+5wLGLep85+OalIhAUAXlI6uLqfzfDbU2jlJgcSpvCstOj9vDpkB+jpZOxi7GsN+X
+An69bWE+otpE9KlIlhu9GD/lRzzNY8r9DkZXE5Mp24smNm8UYr8GutnYEmAQO09u
+Mc9H/hRcnTfiJUeG+pXSNQSRJ+FfgK5Lvp9P4cppo481AGwCTLP01uJu8nsJb/46
+AlDF4xA+d7D8TlbN6NXm4FUrP1/QhKyvPHfvGjrPjEs0TbirMU9ypwsO4ESh0O8B
+6CVDxSKqmBfWjwQ4AYo+Izddsuf9ABSscNRJmfNxMBQZ0MXvGULcboXipVASWjBF
+HS936RtYJY04SQ0aJuTpuN2c8J6S/P+OGzry2ETWuaE5e3nQXWsUry98GQ/qFrK9
+3Jm1QZiP9dv8epZ6my0k+845+F2W1P8vkzy2QpGbnYsjcf3/f5T6U+Nz/k0skMHZ
+iFNa6aoDShfbziW3pYqLiAwJ+zEQFvU0B9nSXIeiwZwg9ZqWCxk=
+=AjB8
+-----END PGP SIGNATURE-----
