This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push: new 487d9faeea [DOCUMENTATION] CVE-2023-51518 CVE-2023-51747 CVE-2024-21742 (#2047) 487d9faeea is described below commit 487d9faeead180a7cd14656632a4ba68c18da554 Author: Benoit TELLIER <btell...@linagora.com> AuthorDate: Fri Feb 23 21:19:23 2024 +0100 [DOCUMENTATION] CVE-2023-51518 CVE-2023-51747 CVE-2024-21742 (#2047) --- CHANGELOG.md | 4 ++++ src/homepage/_posts/2024-01-08-mime4j-0.8.10.markdown | 2 ++ src/homepage/_posts/2024-01-09-james-3.7.5.markdown | 5 +++++ src/homepage/_posts/2024-01-09-james-3.8.1.markdown | 5 +++++ 4 files changed, 16 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 45d22c95d6..42466a0210 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -69,6 +69,8 @@ No changes yet. ### Security +- **CVE-2023-51747**: SMTP smuggling in Apache James +- **CVE-2023-51518**: Privilege escalation via JMX pre-authentication deserialisation - [FIX] JMX password auto-detection - [FIX] Enforce CRLF as part of SMTP DATA transaction (#1876) - [FIX] Set up JMX auth for Spring @@ -379,6 +381,8 @@ No changes yet. ### Security +- **CVE-2023-51747**: SMTP smuggling in Apache James +- **CVE-2023-51518**: Privilege escalation via JMX pre-authentication deserialisation - [FIX] JMX password auto-detection - [FIX] Enforce CRLF as part of SMTP DATA transaction (#1876) - [FIX] Set up JMX auth for Spring diff --git a/src/homepage/_posts/2024-01-08-mime4j-0.8.10.markdown b/src/homepage/_posts/2024-01-08-mime4j-0.8.10.markdown index b655fd8e54..4e042b49cc 100644 --- a/src/homepage/_posts/2024-01-08-mime4j-0.8.10.markdown +++ b/src/homepage/_posts/2024-01-08-mime4j-0.8.10.markdown @@ -11,6 +11,8 @@ Early adopters can [download it][download], any issue can be reported on our iss The full changes included in this release can be seen in the [CHANGELOG][CHANGELOG]. +This release fixes `CVE-2024-21742: Mime4J DOM header injection`. + The Apache James PMC would like to thanks all contributors who made this release possible! [CHANGELOG]: https://github.com/apache/james-mime4j/blob/master/CHANGELOG.md diff --git a/src/homepage/_posts/2024-01-09-james-3.7.5.markdown b/src/homepage/_posts/2024-01-09-james-3.7.5.markdown index 688c54b8a9..9cd52f9cbe 100644 --- a/src/homepage/_posts/2024-01-09-james-3.7.5.markdown +++ b/src/homepage/_posts/2024-01-09-james-3.7.5.markdown @@ -15,6 +15,11 @@ The Apache James PMC would like to thanks all contributors who made this release This release comprise minor bug fixes enhancing Apache James stability. +This release fixes the following security issues: + + - **CVE-2023-51747**: SMTP smuggling in Apache James + - **CVE-2023-51518**: Privilege escalation via JMX pre-authentication deserialisation + ## Release changelog The full changes included in this release can be seen in the [CHANGELOG][CHANGELOG]. diff --git a/src/homepage/_posts/2024-01-09-james-3.8.1.markdown b/src/homepage/_posts/2024-01-09-james-3.8.1.markdown index 850f66c41f..f9d6d1d2b5 100644 --- a/src/homepage/_posts/2024-01-09-james-3.8.1.markdown +++ b/src/homepage/_posts/2024-01-09-james-3.8.1.markdown @@ -15,6 +15,11 @@ The Apache James PMC would like to thank all contributors who made this release This release comprise minor bug fixes enhancing Apache James stability. +This release fixes the following security issues: + + - **CVE-2023-51747**: SMTP smuggling in Apache James + - **CVE-2023-51518**: Privilege escalation via JMX pre-authentication deserialisation + ## Release changelog The full changes included in this release can be seen in the [CHANGELOG][CHANGELOG]. --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org