NOJIRA updating site docs, fixing CLI packaging type, previous was a …

…bundle which causes issues build issues
apache · Feb 9, 2018 · b5ded21 · b5ded21
1 parent 94da72a
commit b5ded21
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 2 deletions.
diff --git a/juddi-client-cli/pom.xml b/juddi-client-cli/pom.xml
@@ -25,7 +25,7 @@
     <groupId>org.apache.juddi</groupId>
     <artifactId>juddi-client-cli</artifactId>
     <version>3.3.6-SNAPSHOT</version>
-    <packaging>bundle</packaging>
+    <packaging>jar</packaging>
 
     <name>jUDDI CLI Client</name>
     <url>http://maven.apache.org</url>

diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md
@@ -2,7 +2,28 @@ Title: Security Advisories
 
 ## Security Advisories for Apache jUDDI
 
-### CVEID:CVE-2015-5241
+### CVEID : [CVE-2009-4267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267)
+
+VERSION:  3.0.0
+
+PROBLEMTYPE: Information Disclosure
+
+REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267
+
+DISCRIPTION: The jUDDI console doesn't escape line feeds that were passed in the numRows parameter. This affects log integrity, as this allows authenticated users to forge log records.
+
+Severity: Moderate
+
+Mitigation:
+
+3.0.0 users should upgrade to jUDDI 3.0.1 or newer
+
+Credit:
+
+This issue was discovered by Marc Schoenefeld of Red Hat Software.
+
+
+### CVEID: [CVE-2015-5241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5241)
 
 VERSION: 3.1.2, 3.1.3, 3.1.4, and 3.1.5 that utilize the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'