(logging-site) branch asf-staging updated: Automatic Site Publish by Buildbot

Sun, 17 Aug 2025 04:06:50 -0700 

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/logging-site.git


The following commit(s) were added to refs/heads/asf-staging by this push:
     new a4304067 Automatic Site Publish by Buildbot
a4304067 is described below

commit a430406769fca32dd139e52bfb136ae17d394643
Author: buildbot <[email protected]>
AuthorDate: Sun Aug 17 11:05:14 2025 +0000

    Automatic Site Publish by Buildbot
---
 content/feed.xml      |  2 +-
 content/security.html | 32 +++++++++++++++++++-------------
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/content/feed.xml b/content/feed.xml
index 1e8eefa0..b16e80bc 100644
--- a/content/feed.xml
+++ b/content/feed.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?><feed 
xmlns="http://www.w3.org/2005/Atom"; ><generator uri="https://jekyllrb.com/"; 
version="4.4.1">Jekyll</generator><link href="/feed.xml" rel="self" 
type="application/atom+xml" /><link href="/" rel="alternate" type="text/html" 
/><updated>2025-08-15T14:47:05+00:00</updated><id>/feed.xml</id><title 
type="html">Apache Software Foundation - Logging 
Services</title><subtitle>Write an awesome description for your new site here. 
You can edit this line in _ [...]
+<?xml version="1.0" encoding="utf-8"?><feed 
xmlns="http://www.w3.org/2005/Atom"; ><generator uri="https://jekyllrb.com/"; 
version="4.4.1">Jekyll</generator><link href="/feed.xml" rel="self" 
type="application/atom+xml" /><link href="/" rel="alternate" type="text/html" 
/><updated>2025-08-17T11:05:13+00:00</updated><id>/feed.xml</id><title 
type="html">Apache Software Foundation - Logging 
Services</title><subtitle>Write an awesome description for your new site here. 
You can edit this line in _ [...]
 
 <p>A <strong>Vulnerability Exploitability eXchange (VEX)</strong> is a 
machine-readable file used to indicate whether vulnerabilities in an 
application’s third-party dependencies are actually exploitable.</p>
 
diff --git a/content/security.html b/content/security.html
index e8c3ef9b..af4eabe4 100644
--- a/content/security.html
+++ b/content/security.html
@@ -458,11 +458,11 @@ We only extend this mathematical notation with set union 
operator (i.e., <code>
 </tr>
 <tr>
 <th class="tableblock halign-left valign-top"><p class="tableblock">Versions 
affected</p></th>
-<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>[2.0-beta7, 2.3.2) ∪ [2.4, 2.12.4) ∪ [2.13.0, 
2.17.1)</code></p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>[2.0-beta7, 2.3.1) ∪ [2.4, 2.12.3) ∪ [2.13.0, 
2.17.0)</code></p></td>
 </tr>
 <tr>
 <th class="tableblock halign-left valign-top"><p class="tableblock">Versions 
fixed</p></th>
-<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>2.3.2</code> (for Java 6), <code>2.12.4</code> (for 
Java 7), or <code>2.17.1</code> (for Java 8 and later)</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>2.3.1</code> (for Java 6), <code>2.12.3</code> (for 
Java 7), or <code>2.17.0</code> (for Java 8 and later)</p></td>
 </tr>
 </tbody>
 </table>
@@ -476,7 +476,7 @@ This issue is fixed by limiting JNDI data source names to 
the <code>java</code>
 <div class="sect3">
 <h4 id="CVE-2021-44832-mitigation">Mitigation</h4>
 <div class="paragraph">
-<p>Upgrade to <code>2.3.2</code> (for Java 6), <code>2.12.4</code> (for Java 
7), or <code>2.17.1</code> (for Java 8 and later).</p>
+<p>Upgrade to <code>2.3.1</code> (for Java 6), <code>2.12.3</code> (for Java 
7), or <code>2.17.0</code> (for Java 8 and later).</p>
 </div>
 <div class="paragraph">
 <p>In prior releases confirm that if the JDBC Appender is being used it is not 
configured to use any protocol other than <code>java</code>.</p>
@@ -489,6 +489,9 @@ This issue is fixed by limiting JNDI data source names to 
the <code>java</code>
 <li>
 <p><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-44832";>CVE-2021-44832</a></p>
 </li>
+<li>
+<p><a 
href="https://issues.apache.org/jira/browse/LOG4J2-3242";>LOG4J2-3242</a></p>
+</li>
 </ul>
 </div>
 </div>
@@ -598,11 +601,11 @@ Applications using only the <code>log4j-api</code> JAR 
file without the <code>lo
 </tr>
 <tr>
 <th class="tableblock halign-left valign-top"><p class="tableblock">Versions 
affected</p></th>
-<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>[2.0-beta9, 2.3.1) ∪ [2.4, 2.12.3) ∪ [2.13.0, 
2.17.0)</code></p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>[2.0-beta9, 2.3.1) ∪ [2.4, 2.12.3) ∪ [2.13.0, 
2.16.0)</code></p></td>
 </tr>
 <tr>
 <th class="tableblock halign-left valign-top"><p class="tableblock">Versions 
fixed</p></th>
-<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>2.3.1</code> (for Java 6), <code>2.12.3</code> (for 
Java 7), and <code>2.17.0</code> (for Java 8 and later)</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>2.3.1</code> (for Java 6), <code>2.12.3</code> (for 
Java 7), and <code>2.16.0</code> (for Java 8 and later)</p></td>
 </tr>
 </tbody>
 </table>
@@ -625,7 +628,7 @@ Applications using only the <code>log4j-api</code> JAR file 
without the <code>lo
 <div class="sect3">
 <h4 id="CVE-2021-45046-mitigation">Mitigation</h4>
 <div class="paragraph">
-<p>Upgrade to Log4j <code>2.3.1</code> (for Java 6), <code>2.12.3</code> (for 
Java 7), or <code>2.17.0</code> (for Java 8 and later).</p>
+<p>Upgrade to Log4j <code>2.3.1</code> (for Java 6), <code>2.12.3</code> (for 
Java 7), or <code>2.16.0</code> (for Java 8 and later).</p>
 </div>
 </div>
 <div class="sect3">
@@ -673,11 +676,11 @@ Applications using only the <code>log4j-api</code> JAR 
file without the <code>lo
 </tr>
 <tr>
 <th class="tableblock halign-left valign-top"><p class="tableblock">Versions 
affected</p></th>
-<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>[2.0-beta9, 2.3.1) ∪ [2.4, 2.12.3) ∪ [2.13.0, 
2.17.0)</code></p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>[2.0-beta9, 2.3.1) ∪ [2.4, 2.12.2) ∪ [2.13.0, 
2.15.0)</code></p></td>
 </tr>
 <tr>
 <th class="tableblock halign-left valign-top"><p class="tableblock">Versions 
fixed</p></th>
-<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>2.3.1</code> (for Java 6), <code>2.12.3</code> (for 
Java 7), and <code>2.17.0</code> (for Java 8 and later)</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>2.3.1</code> (for Java 6), <code>2.12.2</code> (for 
Java 7), and <code>2.15.0</code> (for Java 8 and later)</p></td>
 </tr>
 </tbody>
 </table>
@@ -723,7 +726,7 @@ Log4j 1 configurations without <code>JMSAppender</code> are 
not impacted by this
 <div class="sect4">
 <h5 id="CVE-2021-44228-mitigation-log4j2">Log4j 2 mitigation</h5>
 <div class="paragraph">
-<p>Upgrade to Log4j <code>2.3.1</code> (for Java 6), <code>2.12.3</code> (for 
Java 7), or <code>2.17.0</code> (for Java 8 and later).</p>
+<p>Upgrade to Log4j <code>2.3.1</code> (for Java 6), <code>2.12.2</code> (for 
Java 7), or <code>2.15.0</code> (for Java 8 and later).</p>
 </div>
 </div>
 </div>
@@ -746,6 +749,9 @@ Log4j 1 configurations without <code>JMSAppender</code> are 
not impacted by this
 <li>
 <p><a 
href="https://issues.apache.org/jira/browse/LOG4J2-3201";>LOG4J2-3201</a></p>
 </li>
+<li>
+<p><a 
href="https://issues.apache.org/jira/browse/LOG4J2-3242";>LOG4J2-3242</a></p>
+</li>
 </ul>
 </div>
 </div>
@@ -772,11 +778,11 @@ Log4j 1 configurations without <code>JMSAppender</code> 
are not impacted by this
 </tr>
 <tr>
 <th class="tableblock halign-left valign-top"><p class="tableblock">Versions 
affected</p></th>
-<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>[2.0-beta1, 2.12.3) ∪ [2.13.1, 2.13.2)</code></p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>[2.0-beta1, 2.3.2) ∪ [2.4, 2.12.3) ∪ [2.13.0, 
2.13.2)</code></p></td>
 </tr>
 <tr>
 <th class="tableblock halign-left valign-top"><p class="tableblock">Versions 
fixed</p></th>
-<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>2.12.3</code> (Java 7) and <code>2.13.2</code> (Java 8 
and later)</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>2.3.2</code> (for Java 6), <code>2.12.3</code> (for 
Java 7) and <code>2.13.2</code> (for Java 8 and later)</p></td>
 </tr>
 </tbody>
 </table>
@@ -797,7 +803,7 @@ Usages of <code>SslConfiguration</code> that are configured 
via system propertie
 <div class="sect3">
 <h4 id="CVE-2020-9488-mitigation">Mitigation</h4>
 <div class="paragraph">
-<p>Upgrade to <code>2.12.3</code> (Java 7) or <code>2.13.2</code> (Java 8 and 
later).</p>
+<p>Upgrade to <code>2.3.2</code> (Java 6), <code>2.12.3</code> (Java 7) or 
<code>2.13.2</code> (Java 8 and later).</p>
 </div>
 <div class="paragraph">
 <p>Alternatively, users can set the 
<code>mail.smtp.ssl.checkserveridentity</code> system property to 
<code>true</code> to enable SMTPS hostname verification for all SMTPS mail 
sessions.</p>
@@ -849,7 +855,7 @@ Usages of <code>SslConfiguration</code> that are configured 
via system propertie
 </tr>
 <tr>
 <th class="tableblock halign-left valign-top"><p class="tableblock">Versions 
fixed</p></th>
-<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>2.8.2</code> (Java 7)</p></td>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>2.8.2</code> (for Java 7 and later)</p></td>
 </tr>
 </tbody>
 </table>

Reply via email to