update release note for 2.2.8

Signed-off-by: Olivier Lamy <olamy@apache.org>
2022-05-31 20:37:20 +10:00 · 2022-05-31 20:37:20 +10:00 · 7d09fb741b
parent f2e32d366b
commit 7d09fb741b
1 changed files with 140 additions and 0 deletions
--- a/archiva-docs/src/site/apt/release-notes.apt.vm
+++ b/archiva-docs/src/site/apt/release-notes.apt.vm
@ -36,7 +36,147 @@ Release Notes for Archiva ${project.version}

 * New in Archiva ${project.version}

+<<<<<<< Updated upstream
  Apache Archiva ${project.version} is a bug fix release:
+=======
+ Apache Archiva ${project.version} is a security fix release:
+
+** Compatibility Changes
+
+  * There are no compatibility changes
+
+** New Feature
+
+  * There are no new features in this release.
+
+** Improvements
+
+  * There are no improvements
+
+** Bug/Security Fix
+
+  * CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability
+
+
+Previous Release Notes
+
+* Release Notes for Archiva 2.2.7
+
+ Apache Archiva 2.2.7 is a security fix release:
+
+ Released: 2022-12-22
+
+** Compatibility Changes
+
+  * [MRM-2021] There is a new flag 'literalVersion=true/false' for service archivaServices/searchService/artifact
+    which allows to change the behaviour for v=LATEST search.
+
+** New Feature
+
+  * There are no new features in this release.
+
+** Improvements
+
+  * There are no improvements
+
+** Bug/Security Fix
+
+  * [MRM-2027] Update of the log4j2 version to 2.17.0
+
+  * [MRM-2020] Fixed the behaviour of the startup script, if ARCHIVA_BASE is set (separating installation and data directory)
+
+  * [MRM-2022] Fixed the handling of X-XSRF-TOKEN header in Javascript calls
+
+
+* Release Notes for Archiva 2.2.6
+
+ Apache Archiva 2.2.6 is a security fix release:
+
+ Released: 2021-12-15
+
+** Compatibility Changes
+
+  * No API changes or known side effects.
+
+** New Feature
+
+  * There are no new features in this release.
+
+** Improvements
+
+  * There are no improvements
+
+** Bug/Security Fix
+
+  * Update of the log4j2 version to mitigate the log4j2 vulnerability (CVE-2021-44228)
+
+  * Deactivated directory listings by the file servlet
+
+
+* Release Notes for Archiva 2.2.5
+
+ Apache Archiva 2.2.5 is a bug fix release:
+
+ Released: 2020-06-19
+
+** Compatibility Changes
+
+  * No API changes or known side effects.
+
+** New Feature
+
+  * There are no new features in this release.
+
+** Improvements
+
+  * There are no improvements
+
+** Bug Fix
+ 
+  * [MRM-2008] Fix for group names with slashes
+
+  * Better handling of LDAP filter 
+
+
+* Release Notes for Archiva 2.2.4
+
+ Apache Archiva 2.2.4 is a bug fix release:
+
+  * Fixes for handling of artifacts
+
+  * Improved validation of REST calls
+
+** Compatibility Changes
+
+ No API changes or known side effects.
+
+ Released: 2019-04-30
+
+** New Feature
+
+  *  There are no new features in this release.
+
+** Improvements
+
+  * Adding additional validation to REST service calls for artifact upload
+
+** Bug Fix
+
+  * [MRM-1972] Stored XSS in Web UI Organization Name
+
+  * [MRM-1966] Repository-purge not working
+
+  * [MRM-1958] Purge by retention count deletes files but leaves history on website.
+
+  * [MRM-1929] Repository purge is not reflected in index
+
+
+* Release Notes for Archiva 2.2.3
+
+** New in Archiva 2.2.3
+
+  Apache Archiva 2.2.3 is a bug fix release:
+>>>>>>> Stashed changes

  * Some fixes for the REST API were added to detect requests from unknown origin