Putting a blank line in between should do the same. Best, Dave
> On Mar 12, 2024, at 2:41 PM, lhot...@apache.org wrote: > > This is an automated email from the ASF dual-hosted git repository. > > lhotari pushed a commit to branch main > in repository https://gitbox.apache.org/repos/asf/pulsar-site.git > > > The following commit(s) were added to refs/heads/main by this push: > new 582235f14b1d Use alternative format for linefeed in markdown > 582235f14b1d is described below > > commit 582235f14b1ddfdd91eb734adc5574e12fd12e55 > Author: Lari Hotari <lhot...@users.noreply.github.com> > AuthorDate: Tue Mar 12 23:41:07 2024 +0200 > > Use alternative format for linefeed in markdown > --- > security/CVE-2022-34321.md | 8 ++++---- > security/CVE-2023-30428.md | 10 +++++----- > security/CVE-2023-30429.md | 8 ++++---- > security/CVE-2023-31007.md | 10 +++++----- > security/CVE-2023-37544.md | 10 +++++----- > security/CVE-2023-37579.md | 8 ++++---- > security/CVE-2023-51437.md | 8 ++++---- > security/CVE-2024-27135.md | 10 +++++----- > security/CVE-2024-27317.md | 10 +++++----- > security/CVE-2024-27894.md | 10 +++++----- > security/CVE-2024-28098.md | 10 +++++----- > 11 files changed, 51 insertions(+), 51 deletions(-) > > diff --git a/security/CVE-2022-34321.md b/security/CVE-2022-34321.md > index e067bdf8664a..93c705ce9141 100644 > --- a/security/CVE-2022-34321.md > +++ b/security/CVE-2022-34321.md > @@ -15,10 +15,10 @@ This issue affects Apache Pulsar versions from 2.6.0 to > 2.10.5, from 2.11.0 to 2 > > The known risks include exposing sensitive information such as connected > client IP and unauthorized logging level manipulation which could lead to a > denial-of-service condition by significantly increasing the proxy's logging > overhead. When deployed via the Apache Pulsar Helm chart within Kubernetes > environments, the actual client IP might not be revealed through the load > balancer's default behavior, which typically obscures the original source IP > addresses when externalTrafficPolicy is b [...] > > -2.10 Pulsar Proxy users should upgrade to at least 2.10.6.\ > -2.11 Pulsar Proxy users should upgrade to at least 2.11.3.\ > -3.0 Pulsar Proxy users should upgrade to at least 3.0.2.\ > -3.1 Pulsar Proxy users should upgrade to at least 3.1.1.\ > +2.10 Pulsar Proxy users should upgrade to at least 2.10.6.<br/> > +2.11 Pulsar Proxy users should upgrade to at least 2.11.3.<br/> > +3.0 Pulsar Proxy users should upgrade to at least 3.0.2.<br/> > +3.1 Pulsar Proxy users should upgrade to at least 3.1.1.<br/> > > Users operating versions prior to those listed above should upgrade to the > aforementioned patched versions or newer versions. Additionally, it's > imperative to recognize that the Apache Pulsar Proxy is not intended for > direct exposure to the internet. The architectural design of Pulsar Proxy > assumes that it will operate within a secured network environment, > safeguarded by appropriate perimeter defenses. > > diff --git a/security/CVE-2023-30428.md b/security/CVE-2023-30428.md > index 8a3df45a4da5..045c31dc760e 100644 > --- a/security/CVE-2023-30428.md > +++ b/security/CVE-2023-30428.md > @@ -15,11 +15,11 @@ The vulnerability is exploitable when an attacker can > connect directly to the Pu > > There are two known risks for affected users. First, an attacker could > produce garbage messages to any topic in the cluster. Second, an attacker > could produce messages to the topic level policies topic for other tenants > and influence topic settings that could lead to exfiltration and/or deletion > of messages for other tenants. > > -2.8 Pulsar Broker users and earlier are unaffected.\ > -2.9 Pulsar Broker users should upgrade to one of the patched versions.\ > -2.10 Pulsar Broker users should upgrade to at least 2.10.4.\ > -2.11 Pulsar Broker users should upgrade to at least 2.11.1.\ > -3.0 Pulsar Broker users are unaffected.\ > +2.8 Pulsar Broker users and earlier are unaffected.<br/> > +2.9 Pulsar Broker users should upgrade to one of the patched versions.<br/> > +2.10 Pulsar Broker users should upgrade to at least 2.10.4.<br/> > +2.11 Pulsar Broker users should upgrade to at least 2.11.1.<br/> > +3.0 Pulsar Broker users are unaffected.<br/> > > ## Credit: > > diff --git a/security/CVE-2023-30429.md b/security/CVE-2023-30429.md > index edd12a0f8ca7..ab7f05d88c60 100644 > --- a/security/CVE-2023-30429.md > +++ b/security/CVE-2023-30429.md > @@ -15,10 +15,10 @@ When a client connects to the Pulsar Function Worker via > the Pulsar Proxy where > > The recommended mitigation for impacted users is to upgrade the Pulsar > Function Worker to a patched version. > > -2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\ > -2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\ > -3.0 Pulsar Function Worker users are unaffected.\ > -Any users running the Pulsar Function Worker for 2.9.* and earlier should > upgrade to one of the above patched versions.\ > +2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.<br/> > +2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.<br/> > +3.0 Pulsar Function Worker users are unaffected.<br/> > +Any users running the Pulsar Function Worker for 2.9.* and earlier should > upgrade to one of the above patched versions.<br/> > > ## Credit: > > diff --git a/security/CVE-2023-31007.md b/security/CVE-2023-31007.md > index 2627b26c0332..421f7e01e1d7 100644 > --- a/security/CVE-2023-31007.md > +++ b/security/CVE-2023-31007.md > @@ -12,11 +12,11 @@ Improper Authentication vulnerability in Apache Software > Foundation Apache Pulsa > > This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, > 2.11.0. > > -2.9 Pulsar Broker users should upgrade to at least 2.9.5.\ > -2.10 Pulsar Broker users should upgrade to at least 2.10.4.\ > -2.11 Pulsar Broker users should upgrade to at least 2.11.1.\ > -3.0 Pulsar Broker users are unaffected.\ > -Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to > one of the above patched versions.\ > +2.9 Pulsar Broker users should upgrade to at least 2.9.5.<br/> > +2.10 Pulsar Broker users should upgrade to at least 2.10.4.<br/> > +2.11 Pulsar Broker users should upgrade to at least 2.11.1.<br/> > +3.0 Pulsar Broker users are unaffected.<br/> > +Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to > one of the above patched versions.<br/> > > ## Credit: > > diff --git a/security/CVE-2023-37544.md b/security/CVE-2023-37544.md > index a46997c73fde..12da9f24b13c 100644 > --- a/security/CVE-2023-37544.md > +++ b/security/CVE-2023-37544.md > @@ -16,11 +16,11 @@ This issue affects Apache Pulsar WebSocket Proxy: from > 2.8.0 through 2.8.*, from > > The known risks include a denial of service due to the WebSocket Proxy > accepting any connections, and excessive data transfer due to misuse of the > WebSocket ping/pong feature. > > -2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5.\ > -2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2.\ > -3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1.\ > -3.1 Pulsar WebSocket Proxy users are unaffected.\ > -Any users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier > should upgrade to one of the above patched versions.\ > +2.10 Pulsar WebSocket Proxy users should upgrade to at least 2.10.5.<br/> > +2.11 Pulsar WebSocket Proxy users should upgrade to at least 2.11.2.<br/> > +3.0 Pulsar WebSocket Proxy users should upgrade to at least 3.0.1.<br/> > +3.1 Pulsar WebSocket Proxy users are unaffected.<br/> > +Any users running the Pulsar WebSocket Proxy for 2.8, 2.9, and earlier > should upgrade to one of the above patched versions.<br/> > > ## Credit: > > diff --git a/security/CVE-2023-37579.md b/security/CVE-2023-37579.md > index 757a47776040..06d111674061 100644 > --- a/security/CVE-2023-37579.md > +++ b/security/CVE-2023-37579.md > @@ -15,10 +15,10 @@ Any authenticated user can retrieve a source's > configuration or a sink's configu > > The recommended mitigation for impacted users is to upgrade the Pulsar > Function Worker to a patched version. > > -2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\ > -2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\ > -3.0 Pulsar Function Worker users are unaffected.\ > -Any users running the Pulsar Function Worker for 2.9.* and earlier should > upgrade to one of the above patched versions.\ > +2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.<br/> > +2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.<br/> > +3.0 Pulsar Function Worker users are unaffected.<br/> > +Any users running the Pulsar Function Worker for 2.9.* and earlier should > upgrade to one of the above patched versions.<br/> > > ## Credit: > > diff --git a/security/CVE-2023-51437.md b/security/CVE-2023-51437.md > index 88fc83b8dd06..6b1f3109df11 100644 > --- a/security/CVE-2023-51437.md > +++ b/security/CVE-2023-51437.md > @@ -14,10 +14,10 @@ Users are recommended to upgrade to version 2.11.3, > 3.0.2, or 3.1.1 which fixes > > Any component matching an above version running the SASL Authentication > Provider is affected. That includes the Pulsar Broker, Proxy, Websocket > Proxy, or Function Worker. > > -2.11 Pulsar users should upgrade to at least 2.11.3.\ > -3.0 Pulsar users should upgrade to at least 3.0.2.\ > -3.1 Pulsar users should upgrade to at least 3.1.1.\ > -Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one > of the above patched versions.\ > +2.11 Pulsar users should upgrade to at least 2.11.3.<br/> > +3.0 Pulsar users should upgrade to at least 3.0.2.<br/> > +3.1 Pulsar users should upgrade to at least 3.1.1.<br/> > +Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one > of the above patched versions.<br/> > > For additional details on this attack vector, please refer to > https://codahale.com/a-lesson-in-timing-attacks/ . > > diff --git a/security/CVE-2024-27135.md b/security/CVE-2024-27135.md > index a6795dcd13db..9beec9b5eebe 100644 > --- a/security/CVE-2024-27135.md > +++ b/security/CVE-2024-27135.md > @@ -16,11 +16,11 @@ Improper input validation in the Pulsar Function Worker > allows a malicious authe > > This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 > to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. > > -2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.\ > -2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.\ > -3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.\ > -3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.\ > -3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.\ > +2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.<br/> > +2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.<br/> > +3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.<br/> > +3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.<br/> > +3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.<br/> > > Users operating versions prior to those listed above should upgrade to the > aforementioned patched versions or newer versions. > > diff --git a/security/CVE-2024-27317.md b/security/CVE-2024-27317.md > index bfbf9e60d243..dffc0c23ffca 100644 > --- a/security/CVE-2024-27317.md > +++ b/security/CVE-2024-27317.md > @@ -14,11 +14,11 @@ In Pulsar Functions Worker, authenticated users can > upload functions in jar or n > > This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 > to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. > > -2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.\ > -2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.\ > -3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.\ > -3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.\ > -3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.\ > +2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.<br/> > +2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.<br/> > +3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.<br/> > +3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.<br/> > +3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.<br/> > > Users operating versions prior to those listed above should upgrade to the > aforementioned patched versions or newer versions. > > diff --git a/security/CVE-2024-27894.md b/security/CVE-2024-27894.md > index fff6545c897b..b1a5c8ff3cf7 100644 > --- a/security/CVE-2024-27894.md > +++ b/security/CVE-2024-27894.md > @@ -15,11 +15,11 @@ This vulnerability also applies to the Pulsar Broker when > it is configured with > > This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 > to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. > > -2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.\ > -2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.\ > -3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.\ > -3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.\ > -3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.\ > +2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.<br/> > +2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.<br/> > +3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.<br/> > +3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.<br/> > +3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.<br/> > > Users operating versions prior to those listed above should upgrade to the > aforementioned patched versions or newer versions. > > diff --git a/security/CVE-2024-28098.md b/security/CVE-2024-28098.md > index f727a03eda9a..e1494d586a85 100644 > --- a/security/CVE-2024-28098.md > +++ b/security/CVE-2024-28098.md > @@ -14,11 +14,11 @@ The vulnerability allows authenticated users with only > produce or consume permis > > This issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 > to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. > > -2.10 Apache Pulsar users should upgrade to at least 2.10.6.\ > -2.11 Apache Pulsar users should upgrade to at least 2.11.4.\ > -3.0 Apache Pulsar users should upgrade to at least 3.0.3.\ > -3.1 Apache Pulsar users should upgrade to at least 3.1.3.\ > -3.2 Apache Pulsar users should upgrade to at least 3.2.1.\ > +2.10 Apache Pulsar users should upgrade to at least 2.10.6.<br/> > +2.11 Apache Pulsar users should upgrade to at least 2.11.4.<br/> > +3.0 Apache Pulsar users should upgrade to at least 3.0.3.<br/> > +3.1 Apache Pulsar users should upgrade to at least 3.1.3.<br/> > +3.2 Apache Pulsar users should upgrade to at least 3.2.1.<br/> > > Users operating versions prior to those listed above should upgrade to the > aforementioned patched versions or newer versions. > >
