(logging-site) branch main-site-stg-out updated: Add website content generated from `f8800625ae83ada2172fe4dbd4a6e8f515a1d9bf`

github-bot Fri, 17 Apr 2026 01:19:26 -0700

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a commit to branch main-site-stg-out
in repository https://gitbox.apache.org/repos/asf/logging-site.git



The following commit(s) were added to refs/heads/main-site-stg-out by this push:
     new 35dcd7c7 Add website content generated from 
`f8800625ae83ada2172fe4dbd4a6e8f515a1d9bf`
35dcd7c7 is described below

commit 35dcd7c78e8bf1dbb06c9bf604d4eef3057a2e43
Author: ASF Logging Services RM <[email protected]>
AuthorDate: Fri Apr 17 08:18:37 2026 +0000

    Add website content generated from 
`f8800625ae83ada2172fe4dbd4a6e8f515a1d9bf`
---
 security.html | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 sitemap.xml   | 42 ++++++++++++++++-----------------
 2 files changed, 97 insertions(+), 21 deletions(-)

diff --git a/security.html b/security.html
index 39f6fbb6..183bfb99 100644
--- a/security.html
+++ b/security.html
@@ -1759,6 +1759,82 @@ Usages of <code>SslConfiguration</code> that are 
configured via system propertie
 </div>
 </div>
 <div class="sect2">
+<h3 id="CVE-2018-1285"><a class="anchor" href="#CVE-2018-1285"></a><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2018-1285";>CVE-2018-1285</a></h3>
+<table class="tableblock frame-all grid-all stretch">
+<colgroup>
+<col style="width: 16.6666%;">
+<col style="width: 83.3334%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p 
class="tableblock">Summary</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">XXE via 
attacker-controlled log4net config files</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">CVSS 3.x 
Score &amp; Vector</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">9.8 HIGH 
(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Components 
affected</p></th>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>log4net</code></p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Versions 
affected</p></th>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>[0,2.0.10)</code></p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Versions 
fixed</p></th>
+<td class="tableblock halign-left valign-top"><p 
class="tableblock"><code>2.0.10</code></p></td>
+</tr>
+</tbody>
+</table>
+<div class="sect3">
+<h4 id="CVE-2018-1285-description"><a class="anchor" 
href="#CVE-2018-1285-description"></a>Description</h4>
+<div class="paragraph">
+<p>Apache log4net versions before 2.0.10 do not disable XML external entities 
when parsing log4net configuration files. This allows for XXE-based attacks in 
applications that accept attacker-controlled log4net configuration files.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="CVE-2018-1285-threat-model"><a class="anchor" 
href="#CVE-2018-1285-threat-model"></a>Threat Model</h4>
+<div class="paragraph">
+<p>According to the current threat model, this is no longer considered a
+vulnerability. The attack requires an attacker-controlled log4net
+configuration file, which is outside the scope of the threat model.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="CVE-2018-1285-mitigation"><a class="anchor" 
href="#CVE-2018-1285-mitigation"></a>Mitigation</h4>
+<div class="paragraph">
+<p>Users are advised to upgrade to Apache Log4net version <code>2.0.10</code>, 
which fixes this issue.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="CVE-2018-1285-credits"><a class="anchor" 
href="#CVE-2018-1285-credits"></a>Credits</h4>
+<div class="paragraph">
+<p>This issue was discovered by Karthik Kumar Balasundaram.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="CVE-2018-1285-references"><a class="anchor" 
href="#CVE-2018-1285-references"></a>References</h4>
+<div class="ulist">
+<ul>
+<li>
+<p><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2018-1285";>CVE-2018-1285</a></p>
+</li>
+<li>
+<p><a 
href="https://issues.apache.org/jira/browse/LOG4NET-575";>LOG4NET-575</a></p>
+</li>
+<li>
+<p><a 
href="https://github.com/apache/logging-log4net/commit/3242db510c27e825af7164415402f5012df521a2";>Security
 fix commit</a></p>
+</li>
+<li>
+<p><a href="https://github.com/apache/logging-log4net/pull/64";>Pull request 
that fixes the issue</a></p>
+</li>
+</ul>
+</div>
+</div>
+</div>
+<div class="sect2">
 <h3 id="CVE-2017-5645"><a class="anchor" href="#CVE-2017-5645"></a><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2017-5645";>CVE-2017-5645</a></h3>
 <table class="tableblock frame-all grid-all stretch">
 <colgroup>
diff --git a/sitemap.xml b/sitemap.xml
index 0cf1e657..ad6793ca 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -2,86 +2,86 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";>
 <url>
 
<loc>https://logging.apache.org/blog/20231117-flume-joins-logging-services.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/blog/20231128-new-pmc-member.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 
<loc>https://logging.apache.org/blog/20231202-apache-common-logging-1.3.0.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 
<loc>https://logging.apache.org/blog/20231214-announcing-support-from-the-stf.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/blog/20231218-20-years-of-innovation.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 
<loc>https://logging.apache.org/blog/20240725-Log4j-At-Community-Over-Code-2024.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/blog/20240808-welcome-to-the-pmc-jan.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/blog/20240812-log4j-bug-bounty.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 
<loc>https://logging.apache.org/blog/20250728-introduction-to-vex-files.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/blog/index.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/charter.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/download.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/guidelines.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/index.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/processes.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/security.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/security/faq.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/support.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/team-list.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/what-is-logging.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 <url>
 <loc>https://logging.apache.org/xml/ns/index.html</loc>
-<lastmod>2026-04-10T14:30:08.677Z</lastmod>
+<lastmod>2026-04-17T08:18:35.485Z</lastmod>
 </url>
 </urlset>

(logging-site) branch main-site-stg-out updated: Add website content generated from `f8800625ae83ada2172fe4dbd4a6e8f515a1d9bf`

Reply via email to