can reset any other user's password.I couldn't find an announcement on any of the Archiva mailing lists, so I figured I'd send one myself.
Release notes can be found here: https://archiva.apache.org/docs/2.2.8/release-notes.html - Bram
It seems like Apache Archiva 2.2.8 was released on 25 May 2022, with a
critical security fix for CVE-2022-29405 -- where any registered user
- 2.2.8 security release Bram Van Dam
- Re: 2.2.8 security release Olivier Lamy
