1. 19 Dec, 2021 7 commits
  2. 18 Dec, 2021 6 commits
  3. 17 Dec, 2021 9 commits
  4. 16 Dec, 2021 1 commit
  5. 15 Dec, 2021 5 commits
  6. 14 Dec, 2021 8 commits
  7. 13 Dec, 2021 4 commits
    • Matthias Neugebauer's avatar
      Merge remote-tracking branch 'upstream/r/10.x' into wwu/10 · 5d948f50
      Matthias Neugebauer authored
      * upstream/r/10.x:
        Log4Shell in Elasticsearch Installation Guide
        Release notes and changelog for 10.6
        Per discussion on the security ticket, previous exception based system can be worked around using file:///some/path?exclusion.  Now we straight up blacklist file and only allow it if you turn on this flag.
        Release Notes for Opencast 9.10
        Update CXF
        CVE-2021-44228 mitigation.  This can be/should be removed once we've updated to pax-logging-log4j2:1.11.10 or newer.
        Adding exception to the exception to prevent people from using the exception to traverse the path...
        Fixing security issue where any file readable by Opencast could be added to the mediapackage.
        Using org URLs, rather than the SR's underlying hosts.  Org URLs might or might not match the SR's names for them.
        Fixing security issue where system wide digest credentials were being inappropriately sent to unauthenticated servers.
    • Lars Kiesow's avatar
      Merge r/9.x into r/10.x · ba44b466
      Lars Kiesow authored
    • Lars Kiesow's avatar
      Log4Shell in Elasticsearch Installation Guide · 916ebf5d
      Lars Kiesow authored
      This patch explains how to mitigate Log4Shell when installing
      Elasticsearch from the RPM repository.
      This is a short-term fix, before actually patching the RPMs itself.
    • Greg Logan's avatar
      Release notes and changelog for 10.6 · 34794861
      Greg Logan authored