Repository: james-site Updated Branches: refs/heads/asf-site 427374bab -> 1b35e747e
Adding posts about 3.0.1 release Project: http://git-wip-us.apache.org/repos/asf/james-site/repo Commit: http://git-wip-us.apache.org/repos/asf/james-site/commit/1b35e747 Tree: http://git-wip-us.apache.org/repos/asf/james-site/tree/1b35e747 Diff: http://git-wip-us.apache.org/repos/asf/james-site/diff/1b35e747 Branch: refs/heads/asf-site Commit: 1b35e747ee8785e3649afff69b9f68391ee2c1fa Parents: 427374b Author: Antoine Duprat <[email protected]> Authored: Wed Oct 25 08:54:42 2017 +0200 Committer: Antoine Duprat <[email protected]> Committed: Wed Oct 25 08:54:42 2017 +0200 ---------------------------------------------------------------------- content/feed.xml | 54 ++++--- content/index.html | 5 +- .../james/update/2017/10/19/james-3.0.1.html | 142 +++++++++++++++++++ content/posts.html | 10 ++ 4 files changed, 191 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/james-site/blob/1b35e747/content/feed.xml ---------------------------------------------------------------------- diff --git a/content/feed.xml b/content/feed.xml index 7723a0a..a031886 100644 --- a/content/feed.xml +++ b/content/feed.xml @@ -29,6 +29,42 @@ <generator>Jekyll v3.4.3</generator> <item> + <title>Security release: Apache James server 3.0.1</title> + <description><p>The Apache James PMCs are glad to announce you the release +version 3.0.1 of Apache James server.</p> + +<p>It fixes vulnerability described in CVE-2017-12628. The JMX server, also +used by the command line client is exposed to a java de-serialization +issue, and thus can be used to execute arbitrary commands. As James +exposes JMX socket by default only on local-host, this vulnerability can +only be used for privilege escalation.</p> + +<p>Release 3.0.1 upgrades the incriminated library.</p> + +<p>Note that you can take additional defensive steps in order to mitigate this vulnerability:</p> + +<ul> + <li>Ensure that you restrict the access to JMX only on local-host</li> + <li>Ensure that you are using a recent Java Run-time Environment. For instance OpenJDK 8 u111 is vulnerable but OpenJDK 8 u 141 is not.</li> + <li>You can additionally run James in a container to limit damages of potential exploits</li> + <li>And of course upgrade to the newest 3.0.1 version.</li> +</ul> + +<p>Read more about Java deserialization <a href="https://www.sourceclear.com/blog/Commons-Collections-Deserialization-Vulnerability-Research-Findings/">issues</a>.</p> + +</description> + <pubDate>Thu, 19 Oct 2017 22:00:22 +0000</pubDate> + <link>http://james.apache.org/james/update/2017/10/19/james-3.0.1.html</link> + <guid isPermaLink="true">http://james.apache.org/james/update/2017/10/19/james-3.0.1.html</guid> + + + <category>james</category> + + <category>update</category> + + </item> + + <item> <title>Hacktoberfest: contribute to James</title> <description><p>The James project joins the <a href="https://hacktoberfest.digitalocean.com/">Hactoberfest</a>!</p> @@ -209,24 +245,6 @@ features explained with working examples!</p> </item> <item> - <title>Apache James Server 3.0</title> - <description><p>We are currently working on the release.</p> - -<p>Keep an eye on the <a href="http://james.apache.org/newsarchive.html">news</a>, we are planning to release the next version in November.</p> - -</description> - <pubDate>Mon, 19 Sep 2016 21:13:22 +0700</pubDate> - <link>http://localhost:4000/james/update/2016/09/19/james-3.0.html</link> - <guid isPermaLink="true">http://localhost:4000/james/update/2016/09/19/james-3.0.html</guid> - - - <category>james</category> - - <category>update</category> - - </item> - - <item> <title>JMAP implementation</title> <description><p>Full text search via JMAP.</p> http://git-wip-us.apache.org/repos/asf/james-site/blob/1b35e747/content/index.html ---------------------------------------------------------------------- diff --git a/content/index.html b/content/index.html index 322bd1f..1bfc834 100644 --- a/content/index.html +++ b/content/index.html @@ -150,7 +150,8 @@ WHAT WILL YOU TRY:</b><br> <li class="post-template"> <span class="icon fa-file-text-o"></span> <span class="details"> - <a href="/james/update/2017/10/03/Hacktoberfest.html" alt="Hacktoberfest: contribute to James"><b>Hacktoberfest: contribute to James - October 03, 2017</b><br><small><p>The James project joins the <a href="https://hacktoberfest.digitalocean.com/";>Hactoberfest</a>!</p> + <a href="/james/update/2017/10/19/james-3.0.1.html" alt="Security release: Apache James server 3.0.1"><b>Security release: Apache James server 3.0.1 - October 19, 2017</b><br><small><p>The Apache James PMCs are glad to announce you the release +version 3.0.1 of Apache James server.</p> </small></a> </span> @@ -159,7 +160,7 @@ WHAT WILL YOU TRY:</b><br> <li class="post-template"> <span class="icon fa-file-text-o"></span> <span class="details"> - <a href="/james/update/2017/10/03/BlogPostInstallingJames.html" alt="Blog post: Easy and secure James installation"><b>Blog post: Easy and secure James installation - October 03, 2017</b><br><small><p>In a recent <a href="https://medium.com/@thibaut.sautereau/installing-james-3-0-with-spf-verification-421b26b92f11";>blog post</a>, <a href="https://github.com/thithib";>Thibaut</a> explains us how to easily set up a James server on a personal domain.</p> + <a href="/james/update/2017/10/03/Hacktoberfest.html" alt="Hacktoberfest: contribute to James"><b>Hacktoberfest: contribute to James - October 03, 2017</b><br><small><p>The James project joins the <a href="https://hacktoberfest.digitalocean.com/";>Hactoberfest</a>!</p> </small></a> </span> http://git-wip-us.apache.org/repos/asf/james-site/blob/1b35e747/content/james/update/2017/10/19/james-3.0.1.html ---------------------------------------------------------------------- diff --git a/content/james/update/2017/10/19/james-3.0.1.html b/content/james/update/2017/10/19/james-3.0.1.html new file mode 100644 index 0000000..c534a04 --- /dev/null +++ b/content/james/update/2017/10/19/james-3.0.1.html @@ -0,0 +1,142 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<!DOCTYPE html> +<html> + <head> + <meta charset="utf-8"/> + <title>Apache James</title> + + <link rel="stylesheet" type="text/css" href="/assets/css/main.css"> + <link rel="stylesheet" type="text/css" href="/assets/css/font-awesome.min.css"> + <link rel="stylesheet" type="text/css" href="/assets/css/ie8.css"> + <link rel="stylesheet" type="text/css" href="/assets/css/ie9.css"> + <link rel="shortcut icon" href="/images/james-logo.png"> + </head> +<body> + <!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> + +<link href="/assets/css/lightbox.css" rel="stylesheet"> +<div id="wrapper" class="post-page"> + <div class="apache_ref"> + <a href="https://www.apache.org"; alt="apache foundation link"><img src="https://www.apache.org/foundation/press/kit/asf_logo.svg"; title="apache foundation logo"/></a> + </div> + <div class="apache_ref_mobile"> + <a href="https://www.apache.org"; alt="apache foundation link">The Apache Software Foundation</a> + </div> + + <header id="header" class="alt"> + <div class="logo"><a href="/index.html" alt="Apache James"><img src="/images/james.svg" alt="james logo"/></a></div> + <h1 class="hidden">James Enterprise Mail Server</h1> + <h2>Emails at the heart of your business logic</h2> + </header> + + <!-- Main --> + <div id="main"> + + <!-- Content --> + <section id="content" class="main"> + + <h1><span class="icon fa-file-text-o"></span> Security release: Apache James server 3.0.1</h1> + <h2><span class="icon fa-clock-o"></span><b> October 19, 2017</b></h2> + + <br/> + + <div> + <p>The Apache James PMCs are glad to announce you the release +version 3.0.1 of Apache James server.</p> + +<p>It fixes vulnerability described in CVE-2017-12628. The JMX server, also +used by the command line client is exposed to a java de-serialization +issue, and thus can be used to execute arbitrary commands. As James +exposes JMX socket by default only on local-host, this vulnerability can +only be used for privilege escalation.</p> + +<p>Release 3.0.1 upgrades the incriminated library.</p> + +<p>Note that you can take additional defensive steps in order to mitigate this vulnerability:</p> + +<ul> + <li>Ensure that you restrict the access to JMX only on local-host</li> + <li>Ensure that you are using a recent Java Run-time Environment. For instance OpenJDK 8 u111 is vulnerable but OpenJDK 8 u 141 is not.</li> + <li>You can additionally run James in a container to limit damages of potential exploits</li> + <li>And of course upgrade to the newest 3.0.1 version.</li> +</ul> + +<p>Read more about Java deserialization <a href="https://www.sourceclear.com/blog/Commons-Collections-Deserialization-Vulnerability-Research-Findings/";>issues</a>.</p> + + + + </div> + <footer class="major special"> + <hr> + <center> + <ul class="actions"> + <li><a href="/index.html" class="button">Back to homepage</a></li> + <li><a href="/posts.html" class="button">Read More Posts</a></li> + </ul> + </center> + </footer> + </section> + </div> + <footer id="footer" class="major"> + <section> + <h2>James</h2> + <ul class="no-padding"> + <li class="no-padding"><a href="../#intro" class="active">About</a></li> + <li class="no-padding"><a href="../#first">Get Started</a></li> + <li class="no-padding"><a href="../#posts">Last Posts</a></li> + <li class="no-padding"><a href="../#second">Community</a></li> + <li class="no-padding"><a href="https://james.apache.org/";><span class="fa fa-external-link"></span> Documentation</a></li> + </ul> + </section> + <section> + <h2>Connect</h2> + <ul class="icons"> + <li><a href="http://twitter.com/ApacheJames"; class="icon fa-twitter alt"><span class="label">Twitter</span></a></li> + <li><a href="https://github.com/apache/james-project"; class="icon fa-github alt"><span class="label">GitHub</span></a></li> + <li><a href="http://james.apache.org/mail.html"; class="icon fa-envelope-o alt"><span class="label">Mailing-list</span></a></li> + </ul> + </section> + <section> + <h2>Copyright</h2> + <a href="http://www.apache.org/";>Apache Licence Copyright</a><br/> + ©Untitled. Design: <a href="https://html5up.net";>HTML5 UP</a> + </section> + </footer> +</div> + +</body> +</html> http://git-wip-us.apache.org/repos/asf/james-site/blob/1b35e747/content/posts.html ---------------------------------------------------------------------- diff --git a/content/posts.html b/content/posts.html index 1575f4c..00985e4 100644 --- a/content/posts.html +++ b/content/posts.html @@ -65,6 +65,16 @@ <li class="post-template"> <span class="icon fa-lg fa-file-text-o"></span> <span class="details"> + <a href="/james/update/2017/10/19/james-3.0.1.html" alt="Security release: Apache James server 3.0.1"><b>Security release: Apache James server 3.0.1 - October 19, 2017</b><small><p>The Apache James PMCs are glad to announce you the release +version 3.0.1 of Apache James server.</p> + +</small></a> + </span> + </li> + + <li class="post-template"> + <span class="icon fa-lg fa-file-text-o"></span> + <span class="details"> <a href="/james/update/2017/10/03/Hacktoberfest.html" alt="Hacktoberfest: contribute to James"><b>Hacktoberfest: contribute to James - October 03, 2017</b><small><p>The James project joins the <a href="https://hacktoberfest.digitalocean.com/";>Hactoberfest</a>!</p> </small></a> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
![https://www.apache.org/foundation/press/kit/asf_logo.svg"](https://www.apache.org/foundation/press/kit/asf_logo.svg"){kind=link}