[apisix-website] branch master updated: blog: add release notes for 3.4.1 patch release (#1642)

Tue, 25 Jul 2023 02:59:48 -0700 

This is an automated email from the ASF dual-hosted git repository.

alinsran pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-website.git


The following commit(s) were added to refs/heads/master by this push:
     new c2816abb30c blog: add release notes for 3.4.1 patch release (#1642)
c2816abb30c is described below

commit c2816abb30ceac7f0096e0d1c23a7c1a9c7a5775
Author: Traky Deng <trakyd...@gmail.com>
AuthorDate: Tue Jul 25 17:59:31 2023 +0800

    blog: add release notes for 3.4.1 patch release (#1642)
    
    Co-authored-by: Yilia <114121331+yilial...@users.noreply.github.com>
---
 .../blog/2023/07/21/release-apache-apisix-3.4.1.md | 36 ++++++++++++++++++++++
 .../blog/2023/07/21/release-apache-apisix-3.4.1.md | 36 ++++++++++++++++++++++
 2 files changed, 72 insertions(+)

diff --git a/blog/en/blog/2023/07/21/release-apache-apisix-3.4.1.md 
b/blog/en/blog/2023/07/21/release-apache-apisix-3.4.1.md
new file mode 100644
index 00000000000..d49251a2464
--- /dev/null
+++ b/blog/en/blog/2023/07/21/release-apache-apisix-3.4.1.md
@@ -0,0 +1,36 @@
+---
+title: "Release Apache APISIX 3.4.1"
+authors:
+  - name: "Guohao Wang"
+    title: "Author"
+    url: "https://github.com/Sn0rt";
+    image_url: "https://avatars.githubusercontent.com/u/2706161?v=4";
+  - name: "Traky Deng"
+    title: "Technical Writer"
+    url: "https://github.com/kayx23";
+    image_url: "https://avatars.githubusercontent.com/u/39619599?v=4";
+keywords:
+- Apache APISIX
+- API Gateway
+- API Management Platform
+- New Release
+- Cloud Native
+description: The Apache APISIX 3.4.0 version is released on July 21, 2023. 
This version fixes a security vulnerability in JWT.
+tags: [Community]
+---
+
+We are pleased to present Apache APISIX 3.4.1 with a security patch for JWT.
+
+<!--truncate-->
+
+## Fix
+
+### Upgrade `lua-resty-jwt` dependency version
+
+Upgrade `lua-resty-jwt` dependency version from `0.2.4` to `0.2.5` to mitigate 
the risk of authentication bypass in APISIX `jwt-auth` plugin.
+
+The issue is reported in [#9809](https://github.com/apache/apisix/issues/9809) 
and fixed in [PR #9837](https://github.com/apache/apisix/pull/9837).
+
+## Changelog
+
+Read the changelog of this release 
[here](https://github.com/apache/apisix/blob/release/3.4/CHANGELOG.md#341).
diff --git a/blog/zh/blog/2023/07/21/release-apache-apisix-3.4.1.md 
b/blog/zh/blog/2023/07/21/release-apache-apisix-3.4.1.md
new file mode 100644
index 00000000000..0d002aa187c
--- /dev/null
+++ b/blog/zh/blog/2023/07/21/release-apache-apisix-3.4.1.md
@@ -0,0 +1,36 @@
+---
+title: "Apache APISIX 3.4.1 正式发布"
+authors:
+  - name: "Guohao Wang"
+    title: "Author"
+    url: "https://github.com/Sn0rt";
+    image_url: "https://avatars.githubusercontent.com/u/2706161?v=4";
+  - name: "Traky Deng"
+    title: "Technical Writer"
+    url: "https://github.com/kayx23";
+    image_url: "https://avatars.githubusercontent.com/u/39619599?v=4";
+keywords:
+- Apache APISIX
+- API Gateway
+- API Management Platform
+- New Release
+- Cloud Native
+description: Apache APISIX 3.4.0 版本于 2023 年 7 月 21 日发布。该版本修复了 JWT 中一个安全漏洞。
+tags: [Community]
+---
+
+我们很高兴地宣布 Apache APISIX 3.4.1 版本已经发布,其中包含了针对 JWT 的安全补丁。
+
+<!--truncate-->
+
+## 修复
+
+### 升级 `lua-resty-jwt` 依赖版本
+
+为了解决 APISIX `jwt-auth` 插件中身份验证绕过的安全风险,将 `lua-resty-jwt` 的依赖版本从 `0.2.4` 升级到 
`0.2.5`。
+
+该问题在 [issue #9809](https://github.com/apache/apisix/issues/9809) 中进行了报告,并在 [PR 
#9837](https://github.com/apache/apisix/pull/9837) 中得到修复。
+
+## 更新日志
+
+完整的更新日志请参见[这里](https://github.com/apache/apisix/blob/release/3.4/CHANGELOG.md#341)。

Reply via email to