This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch main-site-stg-out
in repository https://gitbox.apache.org/repos/asf/logging-site.git
The following commit(s) were added to refs/heads/main-site-stg-out by this push:
new 4ebbf284 Add website content generated from
`d289b0481674efec4919d9e7ab2236ee13082f14`
4ebbf284 is described below
commit 4ebbf28442e6b0ba2e5b83599ee8d6ed6dee959b
Author: ASF Logging Services RM <[email protected]>
AuthorDate: Fri Apr 17 09:23:53 2026 +0000
Add website content generated from
`d289b0481674efec4919d9e7ab2236ee13082f14`
---
cyclonedx/vdr.xml | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
sitemap.xml | 42 ++++++++++++++---------------
2 files changed, 99 insertions(+), 22 deletions(-)
diff --git a/cyclonedx/vdr.xml b/cyclonedx/vdr.xml
index 9d92b634..f7f0739a 100644
--- a/cyclonedx/vdr.xml
+++ b/cyclonedx/vdr.xml
@@ -40,7 +40,7 @@
<bom xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns="http://cyclonedx.org/schema/bom/1.6";
xsi:schemaLocation="http://cyclonedx.org/schema/bom/1.6
https://cyclonedx.org/schema/bom-1.6.xsd";
- version="6"
+ version="7"
serialNumber="urn:uuid:dfa35519-9734-4259-bba1-3e825cf4be06">
<metadata>
@@ -1059,6 +1059,83 @@ Alternatively, users can set the
`mail.smtp.ssl.checkserveridentity` system prop
</affects>
</vulnerability>
+ <vulnerability>
+ <id>CVE-2018-1285</id>
+ <source>
+ <name>NVD</name>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2018-1285</url>
+ </source>
+ <references>
+ <reference>
+ <id>LOG4NET-575</id>
+ <source>
+ <name>Issue tracker</name>
+
<url>https://issues.apache.org/jira/browse/LOG4NET-575</url>
+ </source>
+ </reference>
+ <reference>
+ <id>Security fix commit</id>
+ <source>
+ <name>Source code repository</name>
+
<url>https://github.com/apache/logging-log4net/commit/3242db510c27e825af7164415402f5012df521a2</url>
+ </source>
+ </reference>
+ <reference>
+ <id>Pull request</id>
+ <source>
+ <name>Pull request that fixes the issue</name>
+
<url>https://github.com/apache/logging-log4net/pull/64</url>
+ </source>
+ </reference>
+ </references>
+ <ratings>
+ <rating>
+ <source>
+ <name>NVD</name>
+
<url><![CDATA[https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1]]></url>
+ </source>
+ <score>9.8</score>
+ <severity>high</severity>
+ <method>CVSSv3</method>
+ <vector>AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</vector>
+ </rating>
+ </ratings>
+ <cwes>
+ <cwe>611</cwe>
+ </cwes>
+ <description><![CDATA[Apache log4net versions before 2.0.10 do not
disable XML external entities
+ when parsing log4net configuration files. This allows for XXE-based
attacks
+ in applications that accept attacker-controlled log4net configuration
files.]]></description>
+ <recommendation><![CDATA[Users are advised to upgrade to Apache
Log4net version `2.0.10`, which fixes this issue.]]></recommendation>
+ <analysis>
+ <state>not_affected</state>
+ <justification>protected_by_mitigating_control</justification>
+ <detail><![CDATA[According to the current threat model, this is no
longer considered a
+ vulnerability. The attack requires an attacker-controlled log4net
configuration
+ file, which is outside the scope of the threat model.]]></detail>
+ </analysis>
+ <created>2020-05-11T00:00:00Z</created>
+ <published>2020-05-11T00:00:00Z</published>
+ <updated>2026-04-17T00:00:00Z</updated>
+ <credits>
+ <individuals>
+ <individual>
+ <name>Karthik Kumar Balasundaram</name>
+ </individual>
+ </individuals>
+ </credits>
+ <affects>
+ <target>
+ <ref>log4net</ref>
+ <versions>
+ <version>
+ <range><![CDATA[vers:nuget/>=0|<2.0.10]]></range>
+ </version>
+ </versions>
+ </target>
+ </affects>
+ </vulnerability>
+
<vulnerability>
<id>CVE-2017-5645</id>
<source>
diff --git a/sitemap.xml b/sitemap.xml
index ad6793ca..8404eca1 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -2,86 +2,86 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";>
<url>
<loc>https://logging.apache.org/blog/20231117-flume-joins-logging-services.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20231128-new-pmc-member.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20231202-apache-common-logging-1.3.0.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20231214-announcing-support-from-the-stf.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20231218-20-years-of-innovation.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20240725-Log4j-At-Community-Over-Code-2024.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20240808-welcome-to-the-pmc-jan.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20240812-log4j-bug-bounty.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20250728-introduction-to-vex-files.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/index.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/charter.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/download.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/guidelines.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/index.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/processes.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/security.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/security/faq.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/support.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/team-list.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/what-is-logging.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/xml/ns/index.html</loc>
-<lastmod>2026-04-17T08:18:35.485Z</lastmod>
+<lastmod>2026-04-17T09:23:50.008Z</lastmod>
</url>
</urlset>
