Repository: juddi Updated Branches: refs/heads/master 94da72a84 -> b5ded210e
NOJIRA updating site docs, fixing CLI packaging type, previous was a bundle which causes issues build issues Project: http://git-wip-us.apache.org/repos/asf/juddi/repo Commit: http://git-wip-us.apache.org/repos/asf/juddi/commit/b5ded210 Tree: http://git-wip-us.apache.org/repos/asf/juddi/tree/b5ded210 Diff: http://git-wip-us.apache.org/repos/asf/juddi/diff/b5ded210 Branch: refs/heads/master Commit: b5ded210ebeafee19608ebb26aba0af0ed363002 Parents: 94da72a Author: Alex O'Ree <alexo...@apache.org> Authored: Fri Feb 9 09:05:40 2018 -0500 Committer: Alex O'Ree <alexo...@apache.org> Committed: Fri Feb 9 09:05:40 2018 -0500 ---------------------------------------------------------------------- juddi-client-cli/pom.xml | 2 +- src/site/markdown/security.md | 23 ++++++++++++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/juddi/blob/b5ded210/juddi-client-cli/pom.xml ---------------------------------------------------------------------- diff --git a/juddi-client-cli/pom.xml b/juddi-client-cli/pom.xml index 87c004e..6903358 100644 --- a/juddi-client-cli/pom.xml +++ b/juddi-client-cli/pom.xml @@ -25,7 +25,7 @@ <groupId>org.apache.juddi</groupId> <artifactId>juddi-client-cli</artifactId> <version>3.3.6-SNAPSHOT</version> - <packaging>bundle</packaging> + <packaging>jar</packaging> <name>jUDDI CLI Client</name> <url>http://maven.apache.org</url> http://git-wip-us.apache.org/repos/asf/juddi/blob/b5ded210/src/site/markdown/security.md ---------------------------------------------------------------------- diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index 348d752..54f4c50 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -2,7 +2,28 @@ Title: Security Advisories ## Security Advisories for Apache jUDDI -### CVEID:CVE-2015-5241 +### CVEID : [CVE-2009-4267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267) + +VERSION: 3.0.0 + +PROBLEMTYPE: Information Disclosure + +REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267 + +DISCRIPTION: The jUDDI console doesn't escape line feeds that were passed in the numRows parameter. This affects log integrity, as this allows authenticated users to forge log records. + +Severity: Moderate + +Mitigation: + +3.0.0 users should upgrade to jUDDI 3.0.1 or newer + +Credit: + +This issue was discovered by Marc Schoenefeld of Red Hat Software. + + +### CVEID: [CVE-2015-5241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5241) VERSION: 3.1.2, 3.1.3, 3.1.4, and 3.1.5 that utilize the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console' --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@juddi.apache.org For additional commands, e-mail: commits-h...@juddi.apache.org