This is an automated email from the ASF dual-hosted git repository. pkarwasz pushed a commit to branch fix/new-cves in repository https://gitbox.apache.org/repos/asf/logging-site.git
commit d8ccf83b818f8532b24e916aa089e32455966ea4 Author: Piotr P. Karwasz <[email protected]> AuthorDate: Fri Apr 10 15:30:07 2026 +0200 Fix other typos --- src/site/antora/modules/ROOT/pages/_vulnerabilities.adoc | 2 +- src/site/static/cyclonedx/vdr.xml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/site/antora/modules/ROOT/pages/_vulnerabilities.adoc b/src/site/antora/modules/ROOT/pages/_vulnerabilities.adoc index 856cdbc3..173fcb86 100644 --- a/src/site/antora/modules/ROOT/pages/_vulnerabilities.adoc +++ b/src/site/antora/modules/ROOT/pages/_vulnerabilities.adoc @@ -334,7 +334,7 @@ This issue was originally reported by Samuli Leinonen and independently reported |Summary |Missing TLS hostname verification in Socket appender |CVSS 4.x Score & Vector |6.3 MEDIUM (CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N) |Components affected |Log4j Core -|Versions affected |`[2.0-beta9, 2.25.3) ∪ [3.0.0-alpha1, 3.0.0-beta3]Ba` +|Versions affected |`[2.0-beta9, 2.25.3) ∪ [3.0.0-alpha1, 3.0.0-beta3]` |Versions fixed |`2.25.3` |=== diff --git a/src/site/static/cyclonedx/vdr.xml b/src/site/static/cyclonedx/vdr.xml index 83c6b76f..9d92b634 100644 --- a/src/site/static/cyclonedx/vdr.xml +++ b/src/site/static/cyclonedx/vdr.xml @@ -632,7 +632,7 @@ This may prevent applications that consume these logs from correctly interpretin <ref>log4cxx</ref> <versions> <version> - <range><![CDATA[vers:semver>=0.11.0|<1.5.0]]></range> + <range><![CDATA[vers:semver/>=0.11.0|<1.5.0]]></range> </version> </versions> </target> @@ -640,7 +640,7 @@ This may prevent applications that consume these logs from correctly interpretin <ref>log4cxx-conan</ref> <versions> <version> - <range><![CDATA[vers:semver>=0.11.0|<1.5.0]]></range> + <range><![CDATA[vers:semver/>=0.11.0|<1.5.0]]></range> </version> </versions> </target> @@ -671,7 +671,7 @@ This may prevent applications that consume these logs from correctly interpretin <cwe>117</cwe> </cwes> <description><![CDATA[When using `HTMLLayout`, logger names are not properly escaped when writing out to the HTML file. -If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order to hide information from logs or steal data from the user. +If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or JavaScript in order to hide information from logs or steal data from the user. In order to activate this, the following sequence must occur: * Log4cxx is configured to use `HTMLLayout`. @@ -698,7 +698,7 @@ Because logger names are generally constant strings, we assess the impact to use <ref>log4cxx</ref> <versions> <version> - <range><![CDATA[vers:semver<1.5.0]]></range> + <range><![CDATA[vers:semver/<1.5.0]]></range> </version> </versions> </target> @@ -706,7 +706,7 @@ Because logger names are generally constant strings, we assess the impact to use <ref>log4cxx-conan</ref> <versions> <version> - <range><![CDATA[vers:semver<1.5.0]]></range> + <range><![CDATA[vers:semver/<1.5.0]]></range> </version> </versions> </target>
