This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-vfs.git
The following commit(s) were added to refs/heads/master by this push:
new d3970c68a Document CVEs fixed in 2.10.0
d3970c68a is described below
commit d3970c68a000229ff684e6e91a00d768a66b83bc
Author: Gary D. Gregory <[email protected]>
AuthorDate: Mon Mar 24 09:25:13 2025 -0400
Document CVEs fixed in 2.10.0
- CVE-2025-27553 Apache Commons VFS: Possible path traversal issue when
using NameScope.DESCENDENT
- CVE-2025-30474 Apache Commons VFS: Failing to find an FTP file can
reveal the URI's password in an error message
---
src/site/xdoc/security.xml | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/site/xdoc/security.xml b/src/site/xdoc/security.xml
index ab0056049..70fdb0f27 100644
--- a/src/site/xdoc/security.xml
+++ b/src/site/xdoc/security.xml
@@ -45,7 +45,11 @@
</p>
</section>
<section name="Security Vulnerabilities">
- <p>None.</p>
+ <p>The following have been fixed in 2.10.0:</p>
+ <ul>
+ <li><a
href="https://www.cve.org/CVERecord?id=CVE-2025-27553";>CVE-2025-27553</a>:
Apache Commons VFS: Possible path traversal issue when using
NameScope.DESCENDENT</li>
+ <li><a
href="https://www.cve.org/CVERecord?id=CVE-2025-30474";>CVE-2025-30474</a>:
Apache Commons VFS: Failing to find an FTP file can reveal the URI's password
in an error message</li>
+ </ul>
</section>
</body>
-</document>
\ No newline at end of file
+</document>
