[accumulo-website] branch main updated: Updates to release notes to mention CVE-2020-17533

[ctubbsii]

This is an automated email from the ASF dual-hosted git repository.

ctubbsii pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/accumulo-website.git


The following commit(s) were added to refs/heads/main by this push:
     new 2c06ce7  Updates to release notes to mention CVE-2020-17533
2c06ce7 is described below

commit 2c06ce79fbffcd0a06ca396ed0430d347f4efa0a
Author: Christopher Tubbs <ctubb...@apache.org>
AuthorDate: Tue Dec 29 00:08:57 2020 -0500

    Updates to release notes to mention CVE-2020-17533
    
    Link to announcement email from the archives (can update link to CVE
    database later, when that link is available with details that are
    currently contained in the announcement email)
---
 _posts/release/2020-12-22-accumulo-1.10.1.md | 15 ++++++++++-----
 _posts/release/2020-12-24-accumulo-2.0.1.md  | 15 ++++++++++-----
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/_posts/release/2020-12-22-accumulo-1.10.1.md 
b/_posts/release/2020-12-22-accumulo-1.10.1.md
index aa2a5c7..64ac3cb 100644
--- a/_posts/release/2020-12-22-accumulo-1.10.1.md
+++ b/_posts/release/2020-12-22-accumulo-1.10.1.md
@@ -13,14 +13,18 @@ detailed changes can be seen in the git history. If 
anything is missing from
 this list, please [contact] us to have it included.
 
 Users of 1.10.0 or earlier are urged to upgrade to 1.10.1 as soon as possible,
-as this is a continuation of the 1.10 LTM release line with important bug
-fixes. Users are also encouraged to consider migrating to a 2.x version when
-one that is suitable for their needs becomes available.
+as this is a continuation of the 1.10 LTM release line with critical bug fixes
+for security bug [CVE-2020-17533]. Users are also encouraged to consider
+migrating to a 2.x version when one that is suitable for their needs becomes
+available.
 
-## Major Bug Fixes
+## Critical Bug Fixes
+
+This release includes critical bug fixes to fix security bugs identified as
+[CVE-2020-17533]:
 
 * {% ghi 1830 %}, {% ghi 1832 %} Throw exceptions when permission checks fail,
-  and improve test coverage for permissions checks
+  and improve test coverage for permissions checks (backport of {% ghi 1828 %})
 
 ### Other Bug Fixes
 
@@ -51,6 +55,7 @@ with `-Denforcer.skip`, as a workaround.
 * [All Changes since 1.10.0][all-changes]
 * [GitHub] - List of issues tracked on GitHub corresponding to this release
 
+[CVE-2020-17533]: 
https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54ff10c6f8ff9d8ed%40%3Cuser.accumulo.apache.org%3E
 [GitHub]: 
https://github.com/apache/accumulo/issues?q=project%3Aapache%2Faccumulo%2F16
 [all-changes]: 
https://github.com/apache/accumulo/compare/rel/1.10.0...apache:rel/1.10.1
 [contact]: {{ site.baseurl }}/contact-us
diff --git a/_posts/release/2020-12-24-accumulo-2.0.1.md 
b/_posts/release/2020-12-24-accumulo-2.0.1.md
index 01ad02a..1187ee2 100644
--- a/_posts/release/2020-12-24-accumulo-2.0.1.md
+++ b/_posts/release/2020-12-24-accumulo-2.0.1.md
@@ -6,16 +6,20 @@ sortableversion: '02.00.01'
 Apache Accumulo 2.0.1 contains bug fixes for 2.0.0.
 
 Since 2.0 is a non-LTM release line, and since an LTM release line has not yet
-been made available for 2.x, this patch backports important bug fixes to 2.0
-that could affect any existing 2.0.0 users. Users that have already migrated to
-2.0.0 are urged to upgrade to 2.0.1 as soon as possible, and users of 1.10 who
-wish to upgrade to 2.0 should upgrade directly to 2.0.1, bypassing 2.0.0.
+been made available for 2.x, this patch backports critical bug fixes to 2.0 to
+address security bug [CVE-2020-17533] that could affect any existing 2.0.0
+users. Users that have already migrated to 2.0.0 are urged to upgrade to 2.0.1
+as soon as possible, and users of 1.10 who wish to upgrade to 2.0 should
+upgrade directly to 2.0.1, bypassing 2.0.0.
 
 These release notes are highlights of the changes since 2.0.0. The full
 detailed changes can be seen in the git history. If anything is missing from
 this list, please [contact] us to have it included.
 
-## Major Bug Fixes
+## Critical Bug Fixes
+
+This release includes critical bug fixes to fix security bugs identified as
+[CVE-2020-17533]:
 
 * {% ghi 1828 %}, {% ghi 1832 %} Throw exceptions when permission checks fail,
   and improve test coverage for permissions checks
@@ -62,6 +66,7 @@ View the [Upgrading Accumulo documentation][upgrade] for 
guidance.
 * [All Changes since 2.0.0][all-changes]
 * [GitHub] - List of issues tracked on GitHub corresponding to this release
 
+[CVE-2020-17533]: 
https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54ff10c6f8ff9d8ed%40%3Cuser.accumulo.apache.org%3E
 [GitHub]: 
https://github.com/apache/accumulo/issues?q=project%3Aapache%2Faccumulo%2F19
 [all-changes]: 
https://github.com/apache/accumulo/compare/rel/2.0.0...apache:rel/2.0.1
 [contact]: {{ site.baseurl }}/contact-us