james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From adup...@apache.org
Subject james-site git commit: Adding posts about 3.0.1 release
Date Wed, 25 Oct 2017 06:54:58 GMT
Repository: james-site
Updated Branches:
  refs/heads/asf-site 427374bab -> 1b35e747e


Adding posts about 3.0.1 release


Project: http://git-wip-us.apache.org/repos/asf/james-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-site/commit/1b35e747
Tree: http://git-wip-us.apache.org/repos/asf/james-site/tree/1b35e747
Diff: http://git-wip-us.apache.org/repos/asf/james-site/diff/1b35e747

Branch: refs/heads/asf-site
Commit: 1b35e747ee8785e3649afff69b9f68391ee2c1fa
Parents: 427374b
Author: Antoine Duprat <aduprat@linagora.com>
Authored: Wed Oct 25 08:54:42 2017 +0200
Committer: Antoine Duprat <aduprat@linagora.com>
Committed: Wed Oct 25 08:54:42 2017 +0200

----------------------------------------------------------------------
 content/feed.xml                                |  54 ++++---
 content/index.html                              |   5 +-
 .../james/update/2017/10/19/james-3.0.1.html    | 142 +++++++++++++++++++
 content/posts.html                              |  10 ++
 4 files changed, 191 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/james-site/blob/1b35e747/content/feed.xml
----------------------------------------------------------------------
diff --git a/content/feed.xml b/content/feed.xml
index 7723a0a..a031886 100644
--- a/content/feed.xml
+++ b/content/feed.xml
@@ -29,6 +29,42 @@
     <generator>Jekyll v3.4.3</generator>
     
       <item>
+        <title>Security release: Apache James server 3.0.1</title>
+        <description>&lt;p&gt;The Apache James PMCs are glad to announce you
the release
+version 3.0.1 of Apache James server.&lt;/p&gt;
+
+&lt;p&gt;It fixes vulnerability described in CVE-2017-12628. The JMX server, also
+used by the command line client is exposed to a java de-serialization
+issue, and thus can be used to execute arbitrary commands. As James
+exposes JMX socket by default only on local-host, this vulnerability can
+only be used for privilege escalation.&lt;/p&gt;
+
+&lt;p&gt;Release 3.0.1 upgrades the incriminated library.&lt;/p&gt;
+
+&lt;p&gt;Note that you can take additional defensive steps in order to mitigate this
vulnerability:&lt;/p&gt;
+
+&lt;ul&gt;
+  &lt;li&gt;Ensure that you restrict the access to JMX only on local-host&lt;/li&gt;
+  &lt;li&gt;Ensure that you are using a recent Java Run-time Environment. For instance
OpenJDK 8 u111 is vulnerable but OpenJDK 8 u 141 is not.&lt;/li&gt;
+  &lt;li&gt;You can additionally run James in a container to limit damages of potential
exploits&lt;/li&gt;
+  &lt;li&gt;And of course upgrade to the newest 3.0.1 version.&lt;/li&gt;
+&lt;/ul&gt;
+
+&lt;p&gt;Read more about Java deserialization &lt;a href=&quot;https://www.sourceclear.com/blog/Commons-Collections-Deserialization-Vulnerability-Research-Findings/&quot;&gt;issues&lt;/a&gt;.&lt;/p&gt;
+
+</description>
+        <pubDate>Thu, 19 Oct 2017 22:00:22 +0000</pubDate>
+        <link>http://james.apache.org/james/update/2017/10/19/james-3.0.1.html</link>
+        <guid isPermaLink="true">http://james.apache.org/james/update/2017/10/19/james-3.0.1.html</guid>
+        
+        
+        <category>james</category>
+        
+        <category>update</category>
+        
+      </item>
+    
+      <item>
         <title>Hacktoberfest: contribute to James</title>
         <description>&lt;p&gt;The James project joins the &lt;a href=&quot;https://hacktoberfest.digitalocean.com/&quot;&gt;Hactoberfest&lt;/a&gt;!&lt;/p&gt;
 
@@ -209,24 +245,6 @@ features explained with working examples!&lt;/p&gt;
       </item>
     
       <item>
-        <title>Apache James Server 3.0</title>
-        <description>&lt;p&gt;We are currently working on the release.&lt;/p&gt;
-
-&lt;p&gt;Keep an eye on the &lt;a href=&quot;http://james.apache.org/newsarchive.html&quot;&gt;news&lt;/a&gt;,
we are planning to release the next version in November.&lt;/p&gt;
-
-</description>
-        <pubDate>Mon, 19 Sep 2016 21:13:22 +0700</pubDate>
-        <link>http://localhost:4000/james/update/2016/09/19/james-3.0.html</link>
-        <guid isPermaLink="true">http://localhost:4000/james/update/2016/09/19/james-3.0.html</guid>
-        
-        
-        <category>james</category>
-        
-        <category>update</category>
-        
-      </item>
-    
-      <item>
         <title>JMAP implementation</title>
         <description>&lt;p&gt;Full text search via JMAP.&lt;/p&gt;
 

http://git-wip-us.apache.org/repos/asf/james-site/blob/1b35e747/content/index.html
----------------------------------------------------------------------
diff --git a/content/index.html b/content/index.html
index 322bd1f..1bfc834 100644
--- a/content/index.html
+++ b/content/index.html
@@ -150,7 +150,8 @@ WHAT WILL YOU TRY:</b><br>
               <li class="post-template">
                 <span class="icon fa-file-text-o"></span>
                 <span class="details">
-                  <a href="/james/update/2017/10/03/Hacktoberfest.html" alt="Hacktoberfest:
contribute to James"><b>Hacktoberfest: contribute to James - October 03, 2017</b><br><small><p>The
James project joins the <a href="https://hacktoberfest.digitalocean.com/">Hactoberfest</a>!</p>
+                  <a href="/james/update/2017/10/19/james-3.0.1.html" alt="Security release:
Apache James server 3.0.1"><b>Security release: Apache James server 3.0.1 - October
19, 2017</b><br><small><p>The Apache James PMCs are glad to announce
you the release
+version 3.0.1 of Apache James server.</p>
 
 </small></a>
                 </span>
@@ -159,7 +160,7 @@ WHAT WILL YOU TRY:</b><br>
               <li class="post-template">
                 <span class="icon fa-file-text-o"></span>
                 <span class="details">
-                  <a href="/james/update/2017/10/03/BlogPostInstallingJames.html" alt="Blog
post: Easy and secure James installation"><b>Blog post: Easy and secure James installation
- October 03, 2017</b><br><small><p>In a recent <a href="https://medium.com/@thibaut.sautereau/installing-james-3-0-with-spf-verification-421b26b92f11">blog
post</a>, <a href="https://github.com/thithib">Thibaut</a> explains us how
to easily set up a James server on a personal domain.</p>
+                  <a href="/james/update/2017/10/03/Hacktoberfest.html" alt="Hacktoberfest:
contribute to James"><b>Hacktoberfest: contribute to James - October 03, 2017</b><br><small><p>The
James project joins the <a href="https://hacktoberfest.digitalocean.com/">Hactoberfest</a>!</p>
 
 </small></a>
                 </span>

http://git-wip-us.apache.org/repos/asf/james-site/blob/1b35e747/content/james/update/2017/10/19/james-3.0.1.html
----------------------------------------------------------------------
diff --git a/content/james/update/2017/10/19/james-3.0.1.html b/content/james/update/2017/10/19/james-3.0.1.html
new file mode 100644
index 0000000..c534a04
--- /dev/null
+++ b/content/james/update/2017/10/19/james-3.0.1.html
@@ -0,0 +1,142 @@
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements. See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership. The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License. You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied. See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta charset="utf-8"/>
+        <title>Apache James</title>
+
+        <link rel="stylesheet" type="text/css" href="/assets/css/main.css">
+        <link rel="stylesheet" type="text/css" href="/assets/css/font-awesome.min.css">
+        <link rel="stylesheet" type="text/css" href="/assets/css/ie8.css">
+        <link rel="stylesheet" type="text/css" href="/assets/css/ie9.css">
+        <link rel="shortcut icon" href="/images/james-logo.png">
+    </head>
+<body>
+    <!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements. See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership. The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License. You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied. See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+
+<link href="/assets/css/lightbox.css" rel="stylesheet">
+<div id="wrapper" class="post-page">
+  <div class="apache_ref">
+    <a href="https://www.apache.org" alt="apache foundation link"><img src="https://www.apache.org/foundation/press/kit/asf_logo.svg"
title="apache foundation logo"/></a>
+  </div>
+  <div class="apache_ref_mobile">
+    <a href="https://www.apache.org" alt="apache foundation link">The Apache Software
Foundation</a>
+  </div>
+
+  <header id="header" class="alt">
+    <div class="logo"><a href="/index.html" alt="Apache James"><img src="/images/james.svg"
alt="james logo"/></a></div>
+    <h1 class="hidden">James Enterprise Mail Server</h1>
+    <h2>Emails at the heart of your business logic</h2>
+  </header>
+
+  <!-- Main -->
+    <div id="main">
+
+      <!-- Content -->
+        <section id="content" class="main">
+
+          <h1><span class="icon fa-file-text-o"></span> Security release:
Apache James server 3.0.1</h1>
+          <h2><span class="icon fa-clock-o"></span><b> October 19,
2017</b></h2>
+
+          <br/>
+
+          <div>
+            <p>The Apache James PMCs are glad to announce you the release
+version 3.0.1 of Apache James server.</p>
+
+<p>It fixes vulnerability described in CVE-2017-12628. The JMX server, also
+used by the command line client is exposed to a java de-serialization
+issue, and thus can be used to execute arbitrary commands. As James
+exposes JMX socket by default only on local-host, this vulnerability can
+only be used for privilege escalation.</p>
+
+<p>Release 3.0.1 upgrades the incriminated library.</p>
+
+<p>Note that you can take additional defensive steps in order to mitigate this vulnerability:</p>
+
+<ul>
+  <li>Ensure that you restrict the access to JMX only on local-host</li>
+  <li>Ensure that you are using a recent Java Run-time Environment. For instance OpenJDK
8 u111 is vulnerable but OpenJDK 8 u 141 is not.</li>
+  <li>You can additionally run James in a container to limit damages of potential exploits</li>
+  <li>And of course upgrade to the newest 3.0.1 version.</li>
+</ul>
+
+<p>Read more about Java deserialization <a href="https://www.sourceclear.com/blog/Commons-Collections-Deserialization-Vulnerability-Research-Findings/">issues</a>.</p>
+
+
+
+          </div>
+          <footer class="major special">
+            <hr>
+            <center>
+              <ul class="actions">
+                <li><a href="/index.html" class="button">Back to homepage</a></li>
+                <li><a href="/posts.html" class="button">Read More Posts</a></li>
+              </ul>
+            </center>
+          </footer>
+        </section>
+    </div>
+    <footer id="footer" class="major">
+      <section>
+        <h2>James</h2>
+        <ul class="no-padding">
+          <li class="no-padding"><a href="../#intro" class="active">About</a></li>
+          <li class="no-padding"><a href="../#first">Get Started</a></li>
+          <li class="no-padding"><a href="../#posts">Last Posts</a></li>
+          <li class="no-padding"><a href="../#second">Community</a></li>
+          <li class="no-padding"><a href="https://james.apache.org/"><span
class="fa fa-external-link"></span> Documentation</a></li>
+        </ul>
+      </section>
+      <section>
+        <h2>Connect</h2>
+        <ul class="icons">
+          <li><a href="http://twitter.com/ApacheJames" class="icon fa-twitter alt"><span
class="label">Twitter</span></a></li>
+          <li><a href="https://github.com/apache/james-project" class="icon fa-github
alt"><span class="label">GitHub</span></a></li>
+          <li><a href="http://james.apache.org/mail.html" class="icon fa-envelope-o
alt"><span class="label">Mailing-list</span></a></li>
+        </ul>
+      </section>
+      <section>
+        <h2>Copyright</h2>
+        <a href="http://www.apache.org/">Apache Licence Copyright</a><br/>
+        &copy;Untitled. Design: <a href="https://html5up.net">HTML5 UP</a>
+      </section>
+    </footer>
+</div>
+
+</body>
+</html>

http://git-wip-us.apache.org/repos/asf/james-site/blob/1b35e747/content/posts.html
----------------------------------------------------------------------
diff --git a/content/posts.html b/content/posts.html
index 1575f4c..00985e4 100644
--- a/content/posts.html
+++ b/content/posts.html
@@ -65,6 +65,16 @@
               <li class="post-template">
                 <span class="icon fa-lg fa-file-text-o"></span>
                 <span class="details">
+                  <a href="/james/update/2017/10/19/james-3.0.1.html" alt="Security release:
Apache James server 3.0.1"><b>Security release: Apache James server 3.0.1 - October
19, 2017</b><small><p>The Apache James PMCs are glad to announce you the
release
+version 3.0.1 of Apache James server.</p>
+
+</small></a>
+                </span>
+              </li>
+            
+              <li class="post-template">
+                <span class="icon fa-lg fa-file-text-o"></span>
+                <span class="details">
                   <a href="/james/update/2017/10/03/Hacktoberfest.html" alt="Hacktoberfest:
contribute to James"><b>Hacktoberfest: contribute to James - October 03, 2017</b><small><p>The
James project joins the <a href="https://hacktoberfest.digitalocean.com/">Hactoberfest</a>!</p>
 
 </small></a>


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message