This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new 487d9faeea [DOCUMENTATION] CVE-2023-51518 CVE-2023-51747
CVE-2024-21742 (#2047)
487d9faeea is described below
commit 487d9faeead180a7cd14656632a4ba68c18da554
Author: Benoit TELLIER <btell...@linagora.com>
AuthorDate: Fri Feb 23 21:19:23 2024 +0100
[DOCUMENTATION] CVE-2023-51518 CVE-2023-51747 CVE-2024-21742 (#2047)
---
CHANGELOG.md | 4 ++++
src/homepage/_posts/2024-01-08-mime4j-0.8.10.markdown | 2 ++
src/homepage/_posts/2024-01-09-james-3.7.5.markdown | 5 +++++
src/homepage/_posts/2024-01-09-james-3.8.1.markdown | 5 +++++
4 files changed, 16 insertions(+)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 45d22c95d6..42466a0210 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -69,6 +69,8 @@ No changes yet.
### Security
+- **CVE-2023-51747**: SMTP smuggling in Apache James
+- **CVE-2023-51518**: Privilege escalation via JMX pre-authentication
deserialisation
- [FIX] JMX password auto-detection
- [FIX] Enforce CRLF as part of SMTP DATA transaction (#1876)
- [FIX] Set up JMX auth for Spring
@@ -379,6 +381,8 @@ No changes yet.
### Security
+- **CVE-2023-51747**: SMTP smuggling in Apache James
+- **CVE-2023-51518**: Privilege escalation via JMX pre-authentication
deserialisation
- [FIX] JMX password auto-detection
- [FIX] Enforce CRLF as part of SMTP DATA transaction (#1876)
- [FIX] Set up JMX auth for Spring
diff --git a/src/homepage/_posts/2024-01-08-mime4j-0.8.10.markdown
b/src/homepage/_posts/2024-01-08-mime4j-0.8.10.markdown
index b655fd8e54..4e042b49cc 100644
--- a/src/homepage/_posts/2024-01-08-mime4j-0.8.10.markdown
+++ b/src/homepage/_posts/2024-01-08-mime4j-0.8.10.markdown
@@ -11,6 +11,8 @@ Early adopters can [download it][download], any issue can be
reported on our iss
The full changes included in this release can be seen in the
[CHANGELOG][CHANGELOG].
+This release fixes `CVE-2024-21742: Mime4J DOM header injection`.
+
The Apache James PMC would like to thanks all contributors who made this
release possible!
[CHANGELOG]: https://github.com/apache/james-mime4j/blob/master/CHANGELOG.md
diff --git a/src/homepage/_posts/2024-01-09-james-3.7.5.markdown
b/src/homepage/_posts/2024-01-09-james-3.7.5.markdown
index 688c54b8a9..9cd52f9cbe 100644
--- a/src/homepage/_posts/2024-01-09-james-3.7.5.markdown
+++ b/src/homepage/_posts/2024-01-09-james-3.7.5.markdown
@@ -15,6 +15,11 @@ The Apache James PMC would like to thanks all contributors
who made this release
This release comprise minor bug fixes enhancing Apache James stability.
+This release fixes the following security issues:
+
+ - **CVE-2023-51747**: SMTP smuggling in Apache James
+ - **CVE-2023-51518**: Privilege escalation via JMX pre-authentication
deserialisation
+
## Release changelog
The full changes included in this release can be seen in the
[CHANGELOG][CHANGELOG].
diff --git a/src/homepage/_posts/2024-01-09-james-3.8.1.markdown
b/src/homepage/_posts/2024-01-09-james-3.8.1.markdown
index 850f66c41f..f9d6d1d2b5 100644
--- a/src/homepage/_posts/2024-01-09-james-3.8.1.markdown
+++ b/src/homepage/_posts/2024-01-09-james-3.8.1.markdown
@@ -15,6 +15,11 @@ The Apache James PMC would like to thank all contributors
who made this release
This release comprise minor bug fixes enhancing Apache James stability.
+This release fixes the following security issues:
+
+ - **CVE-2023-51747**: SMTP smuggling in Apache James
+ - **CVE-2023-51518**: Privilege escalation via JMX pre-authentication
deserialisation
+
## Release changelog
The full changes included in this release can be seen in the
[CHANGELOG][CHANGELOG].
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org
For additional commands, e-mail: notifications-h...@james.apache.org
