This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/james-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 1a5e115a7 Announce ongoing CVEs
1a5e115a7 is described below
commit 1a5e115a7a5aeeedb0026ee3072ba8ad4cec28fb
Author: Benoit TELLIER <btell...@linagora.com>
AuthorDate: Wed Feb 5 18:03:48 2025 +0100
Announce ongoing CVEs
---
content/ci-management.html | 2 +-
content/dependency-analysis.html | 2 +-
content/dependency-info.html | 2 +-
content/dependency-management.html | 2 +-
content/dependency-updates-report.html | 2 +-
content/distribution-management.html | 2 +-
content/feed.xml | 26 ++++++++++++++++++++--
content/issue-management.html | 2 +-
content/james/update/2025/01/29/james-3.7.6.html | 11 ++++++++++
content/james/update/2025/01/29/james-3.8.2.html | 11 ++++++++++
content/licenses.html | 2 +-
content/mailing-lists.html | 2 +-
content/parent-updates-report.html | 2 +-
content/plugin-management.html | 2 +-
content/plugin-updates-report.html | 2 +-
content/plugins.html | 2 +-
content/project-info.html | 2 +-
content/project-reports.html | 2 +-
content/property-updates-report.html | 2 +-
content/rat-report.html | 28 ++++++++++++++++++++----
content/scm.html | 2 +-
content/server/feature-security.html | 28 +++++++++++++++++++++++-
content/summary.html | 2 +-
content/surefire-report.html | 2 +-
content/team.html | 2 +-
25 files changed, 117 insertions(+), 27 deletions(-)
diff --git a/content/ci-management.html b/content/ci-management.html
index 436f16864..a96610c5a 100644
--- a/content/ci-management.html
+++ b/content/ci-management.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/dependency-analysis.html b/content/dependency-analysis.html
index 8ef56c025..bb0df9daf 100644
--- a/content/dependency-analysis.html
+++ b/content/dependency-analysis.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/dependency-info.html b/content/dependency-info.html
index 26e2494c5..6a092c70e 100644
--- a/content/dependency-info.html
+++ b/content/dependency-info.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/dependency-management.html
b/content/dependency-management.html
index 8646821ac..279ce72fb 100644
--- a/content/dependency-management.html
+++ b/content/dependency-management.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/dependency-updates-report.html
b/content/dependency-updates-report.html
index 1585a6ce9..7b122252f 100644
--- a/content/dependency-updates-report.html
+++ b/content/dependency-updates-report.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/distribution-management.html
b/content/distribution-management.html
index 63cfdec61..6ad932596 100644
--- a/content/distribution-management.html
+++ b/content/distribution-management.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/feed.xml b/content/feed.xml
index e8576058d..bc280a71c 100644
--- a/content/feed.xml
+++ b/content/feed.xml
@@ -24,8 +24,8 @@
</description>
<link>http://james.apache.org/</link>
<atom:link href="http://james.apache.org/feed.xml"; rel="self"
type="application/rss+xml"/>
- <pubDate>Wed, 05 Feb 2025 17:20:17 +0100</pubDate>
- <lastBuildDate>Wed, 05 Feb 2025 17:20:17 +0100</lastBuildDate>
+ <pubDate>Wed, 05 Feb 2025 18:02:19 +0100</pubDate>
+ <lastBuildDate>Wed, 05 Feb 2025 18:02:19 +0100</lastBuildDate>
<generator>Jekyll v4.3.3</generator>
<item>
@@ -36,6 +36,17 @@
<p>The Apache James PMC would like to thank all contributors who made
this release possible!</p>
+<h2 id="announcement">Announcement</h2>
+
+<p>This release comprise minor bug fixes enhancing Apache James
stability.</p>
+
+<p>This release fixes the following security issues:</p>
+
+<ul>
+ <li><strong>CVE-2024-37358</strong>: Denial of service
through the use of IMAP literals</li>
+ <li><strong>CVE-2024-45626</strong>: Denial of service
through JMAP HTML to text conversion</li>
+</ul>
+
<h2 id="release-changelog">Release changelog</h2>
<p>The full changes included in this release can be seen in the <a
href="https://github.com/apache/james-project/blob/master/CHANGELOG.md#382">CHANGELOG</a>.</p>
@@ -60,6 +71,17 @@
<p>The Apache James PMC would like to thanks all contributors who made
this release possible!</p>
+<h2 id="announcement">Announcement</h2>
+
+<p>This release comprise minor bug fixes enhancing Apache James
stability.</p>
+
+<p>This release fixes the following security issues:</p>
+
+<ul>
+ <li><strong>CVE-2024-37358</strong>: Denial of service
through the use of IMAP literals</li>
+ <li><strong>CVE-2024-45626</strong>: Denial of service
through JMAP HTML to text conversion</li>
+</ul>
+
<h2 id="release-changelog">Release changelog</h2>
<p>The full changes included in this release can be seen in the <a
href="https://github.com/apache/james-project/blob/master/CHANGELOG.md#376">CHANGELOG</a>.</p>
diff --git a/content/issue-management.html b/content/issue-management.html
index 78a4f885a..7c8fbcba2 100644
--- a/content/issue-management.html
+++ b/content/issue-management.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/james/update/2025/01/29/james-3.7.6.html
b/content/james/update/2025/01/29/james-3.7.6.html
index 914e8d810..1ff682d49 100644
--- a/content/james/update/2025/01/29/james-3.7.6.html
+++ b/content/james/update/2025/01/29/james-3.7.6.html
@@ -81,6 +81,17 @@
<p>The Apache James PMC would like to thanks all contributors who made this
release possible!</p>
+<h2 id="announcement">Announcement</h2>
+
+<p>This release comprise minor bug fixes enhancing Apache James stability.</p>
+
+<p>This release fixes the following security issues:</p>
+
+<ul>
+ <li><strong>CVE-2024-37358</strong>: Denial of service through the use of
IMAP literals</li>
+ <li><strong>CVE-2024-45626</strong>: Denial of service through JMAP HTML to
text conversion</li>
+</ul>
+
<h2 id="release-changelog">Release changelog</h2>
<p>The full changes included in this release can be seen in the <a
href="https://github.com/apache/james-project/blob/master/CHANGELOG.md#376";>CHANGELOG</a>.</p>
diff --git a/content/james/update/2025/01/29/james-3.8.2.html
b/content/james/update/2025/01/29/james-3.8.2.html
index 53ad414f1..e9f89e7d0 100644
--- a/content/james/update/2025/01/29/james-3.8.2.html
+++ b/content/james/update/2025/01/29/james-3.8.2.html
@@ -81,6 +81,17 @@
<p>The Apache James PMC would like to thank all contributors who made this
release possible!</p>
+<h2 id="announcement">Announcement</h2>
+
+<p>This release comprise minor bug fixes enhancing Apache James stability.</p>
+
+<p>This release fixes the following security issues:</p>
+
+<ul>
+ <li><strong>CVE-2024-37358</strong>: Denial of service through the use of
IMAP literals</li>
+ <li><strong>CVE-2024-45626</strong>: Denial of service through JMAP HTML to
text conversion</li>
+</ul>
+
<h2 id="release-changelog">Release changelog</h2>
<p>The full changes included in this release can be seen in the <a
href="https://github.com/apache/james-project/blob/master/CHANGELOG.md#382";>CHANGELOG</a>.</p>
diff --git a/content/licenses.html b/content/licenses.html
index f14d089a9..ee99021fa 100644
--- a/content/licenses.html
+++ b/content/licenses.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/mailing-lists.html b/content/mailing-lists.html
index 155c2220e..8b0fecbeb 100644
--- a/content/mailing-lists.html
+++ b/content/mailing-lists.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/parent-updates-report.html
b/content/parent-updates-report.html
index f4c7403b3..e59ad776a 100644
--- a/content/parent-updates-report.html
+++ b/content/parent-updates-report.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/plugin-management.html b/content/plugin-management.html
index bdd2a590b..a9f3ff006 100644
--- a/content/plugin-management.html
+++ b/content/plugin-management.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/plugin-updates-report.html
b/content/plugin-updates-report.html
index f7418ad63..44fe20cca 100644
--- a/content/plugin-updates-report.html
+++ b/content/plugin-updates-report.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/plugins.html b/content/plugins.html
index 4c122d758..edccc52e6 100644
--- a/content/plugins.html
+++ b/content/plugins.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/project-info.html b/content/project-info.html
index 82b7799d3..ff936fe66 100644
--- a/content/project-info.html
+++ b/content/project-info.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/project-reports.html b/content/project-reports.html
index 2d3d1a80e..34979cd95 100644
--- a/content/project-reports.html
+++ b/content/project-reports.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/property-updates-report.html
b/content/property-updates-report.html
index 2d8970d9b..e4f8f6843 100644
--- a/content/property-updates-report.html
+++ b/content/property-updates-report.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/rat-report.html b/content/rat-report.html
index d21b1bd3d..d833e6071 100644
--- a/content/rat-report.html
+++ b/content/rat-report.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
@@ -149,14 +149,14 @@
*****************************************************
Summary
-------
-Generated at: 2025-02-05T17:16:17+01:00
+Generated at: 2025-02-05T18:01:23+01:00
Notes: 40
Binaries: 537
Archives: 9
-Standards: 8661
+Standards: 8663
-Apache Licensed: 7424
+Apache Licensed: 7426
Generated Documents: 2
JavaDocs are generated, thus a license header is optional.
@@ -3032,6 +3032,8 @@ Archives:
AL src/homepage/_site/james/update/2021/03/16/james-3.6.0.html
AL src/homepage/_site/james/update/2021/07/02/mime4j-0.8.5.html
AL src/homepage/_site/james/update/2021/12/02/james-3.6.1.html
+ AL src/homepage/_site/james/update/2025/01/29/james-3.8.2.html
+ AL src/homepage/_site/james/update/2025/01/29/james-3.7.6.html
AL src/homepage/_site/james/update/2017/06/23/jsieve-0.7.html
AL src/homepage/_site/james/update/2017/06/16/mime4j-0.8.1.html
AL src/homepage/_site/james/update/2017/05/16/james-3.0.0-rc1.html
@@ -17914,6 +17916,15 @@ Early adopters can [download it][download], any issue
can be reported on our iss
The Apache James PMC would like to thanks all contributors who made this
release possible!
+## Announcement
+
+This release comprise minor bug fixes enhancing Apache James stability.
+
+This release fixes the following security issues:
+
+- **CVE-2024-37358**: Denial of service through the use of IMAP literals
+- **CVE-2024-45626**: Denial of service through JMAP HTML to text conversion
+
## Release changelog
The full changes included in this release can be seen in the
[CHANGELOG][CHANGELOG].
@@ -19223,6 +19234,15 @@ Early adopters can [download it][download], any issue
can be reported on our iss
The Apache James PMC would like to thank all contributors who made this
release possible!
+## Announcement
+
+This release comprise minor bug fixes enhancing Apache James stability.
+
+This release fixes the following security issues:
+
+- **CVE-2024-37358**: Denial of service through the use of IMAP literals
+- **CVE-2024-45626**: Denial of service through JMAP HTML to text conversion
+
## Release changelog
The full changes included in this release can be seen in the
[CHANGELOG][CHANGELOG].
diff --git a/content/scm.html b/content/scm.html
index 30ba6af49..d2d4b4f77 100644
--- a/content/scm.html
+++ b/content/scm.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/server/feature-security.html
b/content/server/feature-security.html
index a41467609..994b6a858 100644
--- a/content/server/feature-security.html
+++ b/content/server/feature-security.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="../index.html" id="bannerLeft"
title="james-logo.png">
@@ -273,6 +273,32 @@
<a class="externalLink"
href="https://apache.org/security/committers.html#vulnerability-handling";>vulnerability
handling</a>.
</section>
+ <section>
+<h3><a
name="CVE-2024-37358:_Denial_of_service_through_the_use_of_IMAP_literals"></a>CVE-2024-37358:
Denial of service through the use of IMAP literals</h3>
+
+<p> Apache James prior to versions 3.8.2 or 3.7.6 allows an attacker
+ to trigger a denial of service by exploiting IMAP literals.</p>
+
+
+<p><b>Severity</b>: Moderate</p>
+
+
+<p><b>Mitigation</b>: Update to Apache James 3.8.2 or 3.7.6 onward.</p>
+ </section>
+
+ <section>
+<h3><a
name="CVE-2024-45626:_Denial_of_service_through_JMAP_HTML_to_text_conversion"></a>CVE-2024-45626:
Denial of service through JMAP HTML to text conversion</h3>
+
+<p> Apache James prior to versions 3.8.2 or 3.7.6 allows logged in attacker
+ to trigger a denial of service by exploiting html to text
conversion.</p>
+
+
+<p><b>Severity</b>: Moderate</p>
+
+
+<p><b>Mitigation</b>: Update to Apache James 3.8.2 or 3.7.6 onward.</p>
+ </section>
+
<section>
<h3><a name="CVE-2024-21742:_Mime4J_DOM_header_injection"></a>CVE-2024-21742:
Mime4J DOM header injection</h3>
diff --git a/content/summary.html b/content/summary.html
index 0426959e1..ff66aa70e 100644
--- a/content/summary.html
+++ b/content/summary.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/surefire-report.html b/content/surefire-report.html
index 9cea278c3..4ae70125e 100644
--- a/content/surefire-report.html
+++ b/content/surefire-report.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
diff --git a/content/team.html b/content/team.html
index d333898c6..b17273c9d 100644
--- a/content/team.html
+++ b/content/team.html
@@ -39,7 +39,7 @@
<meta name="Date-Revision-yyyymmdd" content="20250205" />
<meta http-equiv="Content-Language" content="en" />
- </head>
+ </head>
<body class="composite">
<div id="banner">
<a href="index.html" id="bannerLeft"
title="james-logo.png">
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org
For additional commands, e-mail: notifications-h...@james.apache.org
