This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/jena-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new d1d370e63 Updated site from main
(536c85e4e286fa5e08c802099f8ac051688c9f42)
d1d370e63 is described below
commit d1d370e637079517ba996ecf53990e17fa809377
Author: jenkins <[email protected]>
AuthorDate: Mon Jul 21 18:30:07 2025 +0000
Updated site from main (536c85e4e286fa5e08c802099f8ac051688c9f42)
---
content/index.json | 2 +-
content/security/advisories.html | 14 ++++++++++++++
content/sitemap.xml | 4 ++--
3 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/content/index.json b/content/index.json
index 00ed9d137..e04ee4a36 100644
--- a/content/index.json
+++ b/content/index.json
@@ -1 +1 @@
-[{"categories":null,"contents":"This page is historical \u0026ldquo;for
information only\u0026rdquo; - there is no Apache release of Eyeball and the
code has not been updated for Jena3.\nThe original source code is available. So
you\u0026rsquo;ve got Eyeball installed and you\u0026rsquo;ve run it on one of
your files, and Eyeball doesn\u0026rsquo;t like it. You\u0026rsquo;re not sure
why, or what to do about it. Here\u0026rsquo;s what\u0026rsquo;s going
on.\nEyeball inspects your model a [...]
\ No newline at end of file
+[{"categories":null,"contents":"This page is historical \u0026ldquo;for
information only\u0026rdquo; - there is no Apache release of Eyeball and the
code has not been updated for Jena3.\nThe original source code is available. So
you\u0026rsquo;ve got Eyeball installed and you\u0026rsquo;ve run it on one of
your files, and Eyeball doesn\u0026rsquo;t like it. You\u0026rsquo;re not sure
why, or what to do about it. Here\u0026rsquo;s what\u0026rsquo;s going
on.\nEyeball inspects your model a [...]
\ No newline at end of file
diff --git a/content/security/advisories.html b/content/security/advisories.html
index 430f0ca05..6466ee7b9 100644
--- a/content/security/advisories.html
+++ b/content/security/advisories.html
@@ -183,6 +183,20 @@ and relevant <a
href="#cves-in-jena-dependencies">Dependency CVEs</a>.</p>
addressed by the project. Per our policy above we advise users to always
utilise
the latest Jena release available.</p>
<p>Please refer to the individual CVE links for further details and
mitigations.</p>
+<p><strong>CVE-2025-50151 - Configuration files uploaded by administrative
users are not check properly</strong></p>
+<p><a
href="https://www.cve.org/CVERecord?id=CVE-2025-50151";>CVE-2025-50151</a>
affects Jena
+Fuseki in versions up to 5.4.0.</p>
+<p>Configuration files could be uploaded by users with administrator access
via the
+network. The file paths in configuration files were not validated and could
+refer to directories and files outside of the Fuseki server instance.</p>
+<p>This configuration file upload feature has been removed in Jena Fuseki
5.5.0.</p>
+<p><strong>CVE-2025-49656 - Administrative users can create files outside the
server directory space via the admin UI</strong></p>
+<p><a
href="https://www.cve.org/CVERecord?id=CVE-2025-49656";>CVE-2025-49656</a>
affects Jena
+Fuseki in versions up to 5.4.0.</p>
+<p>Users with administrator access can create databases that refer to files
outside
+the files area of the Fuseki server.</p>
+<p>Users are recommended to upgrade to version 5.5.0 where path names are
validated
+and restricted to the files area of the Fuseki server instance.</p>
<p><strong>CVE-2023-32200 - Exposure of execution in script engine
expressions</strong></p>
<p><a
href="https://www.cve.org/CVERecord?id=CVE-2023-32200";>CVE-2023-32200</a>
affects Jena
3.7.0 through Jena 4.8.0 and relates to the <a
href="https://jena.apache.org/documentation/query/javascript-functions.html";>Javascript
SPARQL
diff --git a/content/sitemap.xml b/content/sitemap.xml
index 3990d4d62..86f4e28a6 100644
--- a/content/sitemap.xml
+++ b/content/sitemap.xml
@@ -60,7 +60,7 @@
<lastmod>2024-10-18T14:24:57+01:00</lastmod>
</url><url>
<loc>https://jena.apache.org/security/advisories.html</loc>
- <lastmod>2024-10-18T14:24:57+01:00</lastmod>
+ <lastmod>2025-07-21T19:08:25+01:00</lastmod>
</url><url>
<loc>https://jena.apache.org/documentation/shacl/</loc>
<lastmod>2023-04-09T15:11:22+02:00</lastmod>
@@ -533,7 +533,7 @@
<lastmod>2023-02-12T15:23:22+01:00</lastmod>
</url><url>
<loc>https://jena.apache.org/security.html</loc>
- <lastmod>2024-10-18T14:24:57+01:00</lastmod>
+ <lastmod>2025-07-21T19:08:25+01:00</lastmod>
</url><url>
<loc>https://jena.apache.org/documentation/fuseki2/fuseki-security.html</loc>
<lastmod>2025-07-15T11:51:08+01:00</lastmod>
