Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove a bunch of CVE link clutter #2570

Merged
merged 1 commit into from
Nov 22, 2024
Merged

Remove a bunch of CVE link clutter #2570

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions _posts/2016-11-18-release-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,5 @@ Curious what’s new that you might find helpful as a cloud.gov application deve
### Security
You can [restage](https://docs.cloudfoundry.org/devguide/deploy-apps/start-restart-restage.html#restage) your application to incorporate the latest security fixes and ensure you’re running the most recent language version supported.

- The PHP buildpack update addresses [USN-3095-1](https://www.ubuntu.com/usn/usn-3095-1/) (assorted PHP vulnerabilities) with PHP 5.6.27 and 7.0.12. The associated CVEs are [CVE-2016-7124](https://ubuntu.com/security/CVE-2016-7124), [CVE-2016-7125](https://ubuntu.com/security/CVE-2016-7125), [CVE-2016-7127](https://ubuntu.com/security/CVE-2016-7127), [CVE-2016-7128](https://ubuntu.com/security/CVE-2016-7128), [CVE-2016-7129](https://ubuntu.com/security/CVE-2016-7129), [CVE-2016-7130](https://ubuntu.com/security/CVE-2016-7130), [CVE-2016-7131](https://ubuntu.com/security/CVE-2016-7131), [CVE-2016-7132](https://ubuntu.com/security/CVE-2016-7132), [CVE-2016-7133](https://ubuntu.com/security/CVE-2016-7133), [CVE-2016-7134](https://ubuntu.com/security/CVE-2016-7134), [CVE-2016-7411](https://ubuntu.com/security/CVE-2016-7411), [CVE-2016-7412](https://ubuntu.com/security/CVE-2016-7412), [CVE-2016-7413](https://ubuntu.com/security/CVE-2016-7413), [CVE-2016-7414](https://ubuntu.com/security/CVE-2016-7414), [CVE-2016-7416](https://ubuntu.com/security/CVE-2016-7416), [CVE-2016-7417](https://ubuntu.com/security/CVE-2016-7418), [CVE-2016-7418](https://ubuntu.com/security/CVE-2016-7418)
- The Node buildpack update addresses [USN-3087-1](https://www.ubuntu.com/usn/usn-3087-1/) (assorted OpenSSL vulnerabilities) with node 6.8.1 and 6.9.0. The associated CVEs are [CVE-2016-2177](https://ubuntu.com/security/CVE-2016-2177), [CVE-2016-2178](https://ubuntu.com/security/CVE-2016-2178), [CVE-2016-2179](https://ubuntu.com/security/CVE-2016-2179), [CVE-2016-2180](https://ubuntu.com/security/CVE-2016-2180), [CVE-2016-2181](https://ubuntu.com/security/CVE-2016-2181), [CVE-2016-2182](https://ubuntu.com/security/CVE-2016-2182), [CVE-2016-2183](https://ubuntu.com/security/CVE-2016-2183), [CVE-2016-6302](https://ubuntu.com/security/CVE-2016-6302), [CVE-2016-6303](https://ubuntu.com/security/CVE-2016-6303), [CVE-2016-6304](https://ubuntu.com/security/CVE-2016-6304), [CVE-2016-6306](https://ubuntu.com/security/CVE-2016-6306)
- The PHP buildpack update addresses [USN-3095-1](https://www.ubuntu.com/usn/usn-3095-1/) (assorted PHP vulnerabilities) with PHP 5.6.27 and 7.0.12. The associated CVEs are CVE-2016-7124, CVE-2016-7125, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7133, CVE-2016-7134, CVE-2016-7411, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418
- The Node buildpack update addresses [USN-3087-1](https://www.ubuntu.com/usn/usn-3087-1/) (assorted OpenSSL vulnerabilities) with node 6.8.1 and 6.9.0. The associated CVEs are CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306
8 changes: 4 additions & 4 deletions _posts/2016-11-30-release-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Curious what’s new that you might find helpful as a cloud.gov application deve
### Security
The base filesystem used for running your application has been updated to address several security vulnerabilities. You can [restage your application](http://cli.cloudfoundry.org/en-US/cf/restage.html) to ensure you [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and are running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).

- [USN-3116-1: DBus vulnerabilities](https://www.ubuntu.com/usn/usn-3116-1/). The associated CVE is [CVE-2015-0245](https://ubuntu.com/security/CVE-2015-0245)
- [USN-3117-1: GD library vulnerabilities](https://www.ubuntu.com/usn/usn-3117-1/). The associated CVEs are [CVE-2016-6911](https://ubuntu.com/security/CVE-2016-6911), [CVE-2016-7568](https://ubuntu.com/security/CVE-2016-7568), [CVE-2016-8670](https://ubuntu.com/security/CVE-2016-8670)
- [USN-3119-1: Bind vulnerability](https://www.ubuntu.com/usn/usn-3119-1/). The associated CVE is [CVE-2016-8864](https://ubuntu.com/security/CVE-2016-8864)
- [USN-3123-1: curl vulnerabilities](https://www.ubuntu.com/usn/usn-3123-1/). The associated CVEs are [CVE-2016-7141](https://ubuntu.com/security/CVE-2016-7141), [CVE-2016-7167](https://ubuntu.com/security/CVE-2016-7167), [CVE-2016-8615](https://ubuntu.com/security/CVE-2016-8615), [CVE-2016-8616](https://ubuntu.com/security/CVE-2016-8616), [CVE-2016-8617](https://ubuntu.com/security/CVE-2016-8617), [CVE-2016-8618](https://ubuntu.com/security/CVE-2016-8618), [CVE-2016-8619](https://ubuntu.com/security/CVE-2016-8619), [CVE-2016-8620](https://ubuntu.com/security/CVE-2016-8620), [CVE-2016-8621](https://ubuntu.com/security/CVE-2016-8621), [CVE-2016-8622](https://ubuntu.com/security/CVE-2016-8622), [CVE-2016-8623](https://ubuntu.com/security/CVE-2016-8623), [CVE-2016-8624](https://ubuntu.com/security/CVE-2016-8624)
- [USN-3116-1: DBus vulnerabilities](https://www.ubuntu.com/usn/usn-3116-1/). The associated CVE is CVE-2015-0245
- [USN-3117-1: GD library vulnerabilities](https://www.ubuntu.com/usn/usn-3117-1/). The associated CVEs are CVE-2016-6911, CVE-2016-7568, CVE-2016-8670
- [USN-3119-1: Bind vulnerability](https://www.ubuntu.com/usn/usn-3119-1/). The associated CVE is CVE-2016-8864
- [USN-3123-1: curl vulnerabilities](https://www.ubuntu.com/usn/usn-3123-1/). The associated CVEs are CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624
10 changes: 5 additions & 5 deletions _posts/2016-12-14-release-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ The Cloud Foundry upgrade included updates for the base filesystem used for runn

- [CVE-2016-6659: UAA Privilege Escalation](https://pivotal.io/security/cve-2016-6659).
- [CVE-2016-6816: Apache Tomcat Information Disclosure, UAA Tomcat updated to 8.0.39](https://tomcat.apache.org/security-9.html).
- [USN-3142-1: ImageMagick vulnerabilities](https://www.ubuntu.com/usn/USN-3142-1/). The associated CVEs are [CVE-2016-7799](https://ubuntu.com/security/CVE-2016-7799), [CVE-2016-7906](https://ubuntu.com/security/CVE-2016-7906), [CVE-2016-8677](https://ubuntu.com/security/CVE-2016-8677), [CVE-2016-8862](https://ubuntu.com/security/CVE-2016-8862), [CVE-2016-9556](https://ubuntu.com/security/CVE-2016-9556).
- [USN-3139-1: Vim vulnerability](https://www.ubuntu.com/usn/USN-3139-1/). The associated CVE is [CVE-2016-1248](https://ubuntu.com/security/CVE-2016-1248).
- [USN-3134-1: Python vulnerabilities](https://www.ubuntu.com/usn/USN-3134-1/). The associated CVEs are [CVE-2016-0772](https://ubuntu.com/security/CVE-2016-0772), [CVE-2016-1000110](https://ubuntu.com/security/CVE-2016-1000110), [CVE-2016-5636](https://ubuntu.com/security/CVE-2016-5636), [CVE-2016-5699](https://ubuntu.com/security/CVE-2016-5699).
- [USN-3132-1: tar vulnerability](https://www.ubuntu.com/usn/USN-3132-1/). The associated CVE is [CVE-2016-6321](https://ubuntu.com/security/CVE-2016-6321).
- [USN-3131-1: ImageMagick vulnerabilities](https://www.ubuntu.com/usn/USN-3131-1/). The associated CVEs are [CVE-2014-8354](https://ubuntu.com/security/CVE-2014-8354), [CVE-2014-8355](https://ubuntu.com/security/CVE-2014-8355), [CVE-2014-8562](https://ubuntu.com/security/CVE-2014-8562), [CVE-2014-8716](https://ubuntu.com/security/CVE-2014-8716), [CVE-2014-9805](https://ubuntu.com/security/CVE-2014-9805), [CVE-2014-9806](https://ubuntu.com/security/CVE-2014-9806), [CVE-2014-9807](https://ubuntu.com/security/CVE-2014-9807), [CVE-2014-9808](https://ubuntu.com/security/CVE-2014-9808), [CVE-2014-9809](https://ubuntu.com/security/CVE-2014-9809), [CVE-2014-9810](https://ubuntu.com/security/CVE-2014-9810), [CVE-2014-9811](https://ubuntu.com/security/CVE-2014-9811), [CVE-2014-9812](https://ubuntu.com/security/CVE-2014-9812), [CVE-2014-9813](https://ubuntu.com/security/CVE-2014-9813), [CVE-2014-9814](https://ubuntu.com/security/CVE-2014-9814), [CVE-2014-9815](https://ubuntu.com/security/CVE-2014-9815), [CVE-2014-9816](https://ubuntu.com/security/CVE-2014-9816), [CVE-2014-9817](https://ubuntu.com/security/CVE-2014-9817), [CVE-2014-9818](https://ubuntu.com/security/CVE-2014-9818), [CVE-2014-9819](https://ubuntu.com/security/CVE-2014-9819), [CVE-2014-9820](https://ubuntu.com/security/CVE-2014-9820), [CVE-2014-9821](https://ubuntu.com/security/CVE-2014-9821), [CVE-2014-9822](https://ubuntu.com/security/CVE-2014-9822), [CVE-2014-9823](https://ubuntu.com/security/CVE-2014-9823), [CVE-2014-9826](https://ubuntu.com/security/CVE-2014-9826), [CVE-2014-9828](https://ubuntu.com/security/CVE-2014-9828), [CVE-2014-9829](https://ubuntu.com/security/CVE-2014-9829), [CVE-2014-9830](https://ubuntu.com/security/CVE-2014-9830), [CVE-2014-9831](https://ubuntu.com/security/CVE-2014-9831), [CVE-2014-9833](https://ubuntu.com/security/CVE-2014-9833), [CVE-2014-9834](https://ubuntu.com/security/CVE-2014-9834), [CVE-2014-9835](https://ubuntu.com/security/CVE-2014-9835), [CVE-2014-9836](https://ubuntu.com/security/CVE-2014-9836), [CVE-2014-9837](https://ubuntu.com/security/CVE-2014-9837), [CVE-2014-9838](https://ubuntu.com/security/CVE-2014-9838), [CVE-2014-9839](https://ubuntu.com/security/CVE-2014-9839), [CVE-2014-9840](https://ubuntu.com/security/CVE-2014-9840), [CVE-2014-9841](https://ubuntu.com/security/CVE-2014-9841), [CVE-2014-9843](https://ubuntu.com/security/CVE-2014-9843), [CVE-2014-9844](https://ubuntu.com/security/CVE-2014-9844), [CVE-2014-9845](https://ubuntu.com/security/CVE-2014-9845), [CVE-2014-9846](https://ubuntu.com/security/CVE-2014-9846), [CVE-2014-9847](https://ubuntu.com/security/CVE-2014-9847), [CVE-2014-9848](https://ubuntu.com/security/CVE-2014-9848), [CVE-2014-9849](https://ubuntu.com/security/CVE-2014-9849), [CVE-2014-9850](https://ubuntu.com/security/CVE-2014-9850), [CVE-2014-9851](https://ubuntu.com/security/CVE-2014-9851), [CVE-2014-9853](https://ubuntu.com/security/CVE-2014-9853), [CVE-2014-9854](https://ubuntu.com/security/CVE-2014-9854), [CVE-2014-9907](https://ubuntu.com/security/CVE-2014-9907), [CVE-2015-8894](https://ubuntu.com/security/CVE-2015-8894), [CVE-2015-8895](https://ubuntu.com/security/CVE-2015-8895), [CVE-2015-8896](https://ubuntu.com/security/CVE-2015-8896), [CVE-2015-8897](https://ubuntu.com/security/CVE-2015-8897), [CVE-2015-8898](https://ubuntu.com/security/CVE-2015-8898), [CVE-2015-8900](https://ubuntu.com/security/CVE-2015-8900), [CVE-2015-8901](https://ubuntu.com/security/CVE-2015-8901), [CVE-2015-8902](https://ubuntu.com/security/CVE-2015-8902), [CVE-2015-8903](https://ubuntu.com/security/CVE-2015-8903), [CVE-2015-8957](https://ubuntu.com/security/CVE-2015-8957), [CVE-2015-8958](https://ubuntu.com/security/CVE-2015-8958), [CVE-2015-8959](https://ubuntu.com/security/CVE-2015-8959), [CVE-2016-4562](https://ubuntu.com/security/CVE-2016-4562), [CVE-2016-4563](https://ubuntu.com/security/CVE-2016-4563), [CVE-2016-4564](https://ubuntu.com/security/CVE-2016-4564), [CVE-2016-5010](https://ubuntu.com/security/CVE-2016-5010), [CVE-2016-5687](https://ubuntu.com/security/CVE-2016-5687), [CVE-2016-5688](https://ubuntu.com/security/CVE-2016-5688), [CVE-2016-5689](https://ubuntu.com/security/CVE-2016-5689), [CVE-2016-5690](https://ubuntu.com/security/CVE-2016-5690), [CVE-2016-5691](https://ubuntu.com/security/CVE-2016-5691), [CVE-2016-5841](https://ubuntu.com/security/CVE-2016-5841), [CVE-2016-5842](https://ubuntu.com/security/CVE-2016-5842), [CVE-2016-6491](https://ubuntu.com/security/CVE-2016-6491), [CVE-2016-6823](https://ubuntu.com/security/CVE-2016-6823), [CVE-2016-7101](https://ubuntu.com/security/CVE-2016-7101), [CVE-2016-7513](https://ubuntu.com/security/CVE-2016-7513), [CVE-2016-7514](https://ubuntu.com/security/CVE-2016-7514), [CVE-2016-7515](https://ubuntu.com/security/CVE-2016-7515), [CVE-2016-7516](https://ubuntu.com/security/CVE-2016-7516), [CVE-2016-7517](https://ubuntu.com/security/CVE-2016-7517), [CVE-2016-7518](https://ubuntu.com/security/CVE-2016-7518), [CVE-2016-7519](https://ubuntu.com/security/CVE-2016-7519), [CVE-2016-7520](https://ubuntu.com/security/CVE-2016-7520), [CVE-2016-7521](https://ubuntu.com/security/CVE-2016-7521), [CVE-2016-7522](https://ubuntu.com/security/CVE-2016-7522), [CVE-2016-7523](https://ubuntu.com/security/CVE-2016-7523), [CVE-2016-7524](https://ubuntu.com/security/CVE-2016-7524), [CVE-2016-7525](https://ubuntu.com/security/CVE-2016-7525), [CVE-2016-7526](https://ubuntu.com/security/CVE-2016-7526), [CVE-2016-7527](https://ubuntu.com/security/CVE-2016-7527), [CVE-2016-7528](https://ubuntu.com/security/CVE-2016-7528), [CVE-2016-7529](https://ubuntu.com/security/CVE-2016-7529), [CVE-2016-7530](https://ubuntu.com/security/CVE-2016-7530), [CVE-2016-7531](https://ubuntu.com/security/CVE-2016-7531), [CVE-2016-7532](https://ubuntu.com/security/CVE-2016-7532), [CVE-2016-7533](https://ubuntu.com/security/CVE-2016-7533), [CVE-2016-7534](https://ubuntu.com/security/CVE-2016-7534), [CVE-2016-7535](https://ubuntu.com/security/CVE-2016-7535), [CVE-2016-7536](https://ubuntu.com/security/CVE-2016-7536), [CVE-2016-7537](https://ubuntu.com/security/CVE-2016-7537), [CVE-2016-7538](https://ubuntu.com/security/CVE-2016-7538), [CVE-2016-7539](https://ubuntu.com/security/CVE-2016-7539), [CVE-2016-7540](https://ubuntu.com/security/CVE-2016-7540).
- [USN-3142-1: ImageMagick vulnerabilities](https://www.ubuntu.com/usn/USN-3142-1/). The associated CVEs are CVE-2016-7799, CVE-2016-7906, CVE-2016-8677, CVE-2016-8862, CVE-2016-9556.
- [USN-3139-1: Vim vulnerability](https://www.ubuntu.com/usn/USN-3139-1/). The associated CVE is CVE-2016-1248.
- [USN-3134-1: Python vulnerabilities](https://www.ubuntu.com/usn/USN-3134-1/). The associated CVEs are CVE-2016-0772, CVE-2016-1000110, CVE-2016-5636, CVE-2016-5699.
- [USN-3132-1: tar vulnerability](https://www.ubuntu.com/usn/USN-3132-1/). The associated CVE is CVE-2016-6321.
- [USN-3131-1: ImageMagick vulnerabilities](https://www.ubuntu.com/usn/USN-3131-1/). The associated CVEs are CVE-2014-8354, CVE-2014-8355, CVE-2014-8562, CVE-2014-8716, CVE-2014-9805, CVE-2014-9806, CVE-2014-9807, CVE-2014-9808, CVE-2014-9809, CVE-2014-9810, CVE-2014-9811, CVE-2014-9812, CVE-2014-9813, CVE-2014-9814, CVE-2014-9815, CVE-2014-9816, CVE-2014-9817, CVE-2014-9818, CVE-2014-9819, CVE-2014-9820, CVE-2014-9821, CVE-2014-9822, CVE-2014-9823, CVE-2014-9826, CVE-2014-9828, CVE-2014-9829, CVE-2014-9830, CVE-2014-9831, CVE-2014-9833, CVE-2014-9834, CVE-2014-9835, CVE-2014-9836, CVE-2014-9837, CVE-2014-9838, CVE-2014-9839, CVE-2014-9840, CVE-2014-9841, CVE-2014-9843, CVE-2014-9844, CVE-2014-9845, CVE-2014-9846, CVE-2014-9847, CVE-2014-9848, CVE-2014-9849, CVE-2014-9850, CVE-2014-9851, CVE-2014-9853, CVE-2014-9854, CVE-2014-9907, CVE-2015-8894, CVE-2015-8895, CVE-2015-8896, CVE-2015-8897, CVE-2015-8898, CVE-2015-8900, CVE-2015-8901, CVE-2015-8902, CVE-2015-8903, CVE-2015-8957, CVE-2015-8958, CVE-2015-8959, CVE-2016-4562, CVE-2016-4563, CVE-2016-4564, CVE-2016-5010, CVE-2016-5687, CVE-2016-5688, CVE-2016-5689, CVE-2016-5690, CVE-2016-5691, CVE-2016-5841, CVE-2016-5842, CVE-2016-6491, CVE-2016-6823, CVE-2016-7101, CVE-2016-7513, CVE-2016-7514, CVE-2016-7515, CVE-2016-7516, CVE-2016-7517, CVE-2016-7518, CVE-2016-7519, CVE-2016-7520, CVE-2016-7521, CVE-2016-7522, CVE-2016-7523, CVE-2016-7524, CVE-2016-7525, CVE-2016-7526, CVE-2016-7527, CVE-2016-7528, CVE-2016-7529, CVE-2016-7530, CVE-2016-7531, CVE-2016-7532, CVE-2016-7533, CVE-2016-7534, CVE-2016-7535, CVE-2016-7536, CVE-2016-7537, CVE-2016-7538, CVE-2016-7539, CVE-2016-7540.

2 changes: 1 addition & 1 deletion _posts/2016-12-28-release-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,4 @@ Curious what’s new that you might find helpful as a cloud.gov application deve
### Security
The Cloud Foundry upgrade included updates for the base filesystem used for running your application, addressing several security vulnerabilities in that filesystem. You can [restage your application](https://cli.cloudfoundry.org/en-US/cf/restage.html) to ensure you [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and are running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).

- [USN-3156-1: APT vulnerability](https://www.ubuntu.com/usn/USN-3156-1/). The associated CVE is [CVE-2016-1252](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1252).
- [USN-3156-1: APT vulnerability](https://www.ubuntu.com/usn/USN-3156-1/). The associated CVE is CVE-2016-1252.
2 changes: 1 addition & 1 deletion _posts/2017-02-01-release-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ Curious what’s new that you might find helpful as a cloud.gov application deve
### Security
We upgraded the Cloud Foundry deployment to [v251](https://github.com/cloudfoundry/cf-release/releases/tag/v251). The base filesystem used for running your application has been updated to address several security vulnerabilities. You should [restage your application](http://cli.cloudfoundry.org/en-US/cf/restage.html) to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and ensure you’re running the most recent language version supported by your buildpack.

- [USN-3172-1: Bind vulnerabilities](https://www.ubuntu.com/usn/USN-3172-1/). The associated CVEs are [CVE-2016-9131](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9131), [CVE-2016-9147](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9147), [CVE-2016-9444](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9444).
- [USN-3172-1: Bind vulnerabilities](https://www.ubuntu.com/usn/USN-3172-1/). The associated CVEs are CVE-2016-9131, CVE-2016-9147, CVE-2016-9444.

### See also

Expand Down
2 changes: 1 addition & 1 deletion _posts/2017-07-18-release-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ You should [restage your application](http://cli.cloudfoundry.org/en-US/cf/resta

#### Additional upgrades
* [RootFS cflinuxfs2 1.138.0](https://github.com/cloudfoundry/cflinuxfs2/releases/tag/1.138.0), which addresses this security vulnerability:
* [CVE-2017-11103](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11103), service impersonation attack only affecting applications using or embedding Heimdal code before 7.4.
* CVE-2017-11103, service impersonation attack only affecting applications using or embedding Heimdal code before 7.4.
* [Diego v1.22.0](https://github.com/cloudfoundry/diego-release/releases/tag/v1.22.0)
* Stemcell
* Buildpack updates:
Expand Down
2 changes: 1 addition & 1 deletion _posts/2022-01-21-release-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ The cloud.gov team is working on providing change logs so everyone can see new f
### java-buildpack - 4.47* up from 4.46*
* Bump java-buildpack to 4.47*

This release focuses on dependency updates, primarily that fix the latest Apache Log4j2 vulnerability, [CVE-2021-45105](https://github.com/advisories/GHSA-p6xc-xr62-6r2g), in dependencies used by the Java buildpack.
This release focuses on dependency updates, primarily that fix the latest Apache Log4j2 vulnerability, CVE-2021-45105, in dependencies used by the Java buildpack.

In particular, the following dependencies have been updated to include Log4j 2.17.0 and have been patched in this release:

Expand Down
2 changes: 1 addition & 1 deletion _posts/2022-02-04-release-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ Other notable changes:

* We have bumped the Apache SkyWalking version to 8.8.0. This is the latest supported version at the time of publishing. Please be aware of this change if you are using the Apache SkyWalking agent as this is a major version increase.
* [#926](https://github.com/cloudfoundry/java-buildpack/pull/926) resolves a classpath problem when using the Luna Security Provider on Java 9+.
* This release pulls in new versions of App Dynamic and New Relic that include patches for [CVE-2021-44832](https://github.com/advisories/GHSA-8489-44mv-ggj8).
* This release pulls in new versions of App Dynamic and New Relic that include patches for CVE-2021-44832.

### Ruby Buildpack v1.8.50 - up from v1.8.49

Expand Down
2 changes: 1 addition & 1 deletion _posts/2023-11-27-release-notes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ This section is for the platform operators at `cloud.gov` to highlight changes t

* Updates golang package golang-1-linux to 1.21.4
* Fixed CVEs:
* [CVE-2023-39325](https://github.com/advisories/GHSA-4374-p667-p6c8): rapid stream resets can cause excessive work ([CVE-2023-44487](https://github.com/advisories/GHSA-qppj-fm5r-hxr3))
* CVE-2023-39325: rapid stream resets can cause excessive work (CVE-2023-44487)

### CAPI - v1.165.0 up from v1.164.0

Expand Down
Loading
Loading