Author: ggregory
Date: Wed Jun 11 14:31:47 2025
New Revision: 1090327
Log:
Add security page
Added:
websites/production/commons/content/proper/commons-io/security.html
Added: websites/production/commons/content/proper/commons-io/security.html
==============================================================================
--- websites/production/commons/content/proper/commons-io/security.html (added)
+++ websites/production/commons/content/proper/commons-io/security.html Wed Jun
11 14:31:47 2025
@@ -0,0 +1,329 @@
+<!DOCTYPE html>
+<!--
+ | Generated by Apache Maven Doxia Site Renderer 2.0.0 from
src/site/xdoc/security.xml at 11 Jun 2025
+ | Rendered using Apache Commons Skin
+-->
+<html xmlns="http://www.w3.org/1999/xhtml"; lang="en">
+ <head>
+ <meta charset="UTF-8" />
+ <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+ <meta name="author" content="Apache Commons Team" />
+ <title>Apache Commons Security Reports â Apache Commons
IO</title>
+
+ <link rel="stylesheet" href="./css/bootstrap.min.css" type="text/css" />
+ <link rel="stylesheet" href="./css/site.css" type="text/css" />
+ <link rel="stylesheet" href="./css/print.css" media="print" />
+
+ <script type="text/javascript" src="./js/jquery.min.js"></script>
+ <script type="text/javascript" src="./js/bootstrap.min.js"></script>
+ <script type="text/javascript" src="./js/prettify.min.js"></script>
+ <script type="text/javascript" src="./js/site.js"></script>
+
+
+ </head>
+
+ <body class="composite">
+ <a href="https://commons.apache.org/"; id="bannerLeft">
+ <img
class="logo-left" src=" ./images/commons-logo.png
+" alt="Apache Commons logo"/>
+ </a>
+ <a href="index.html"
id="bannerRight">
+ <img
class="logo-right" src=" images/logo.png
+" alt="Commons IO"/>
+ </a>
+ <div class="clear"></div>
+
+ <div class="navbar">
+ <div class="navbar-inner">
+ <div class="container-fluid">
+ <a class="brand"
href="https://commons.apache.org/proper/commons-io/";>Apache Commons IO
™</a>
+ <ul class="nav">
+ <li id="publishDate">Last Published: 12 Apr 2025</li>
+ <li class="divider">|</li> <li id="projectVersion">Version:
2.20.0-SNAPSHOT</li>
+ </ul>
+ <div class="pull-right"> <ul class="nav">
+ <li>
+ <a href="https://www.apachecon.com/"; class="externalLink"
title="ApacheCon">
+ ApacheCon</a>
+ </li>
+ <li>
+ <a href="https://www.apache.org"; class="externalLink"
title="Apache">
+ Apache</a>
+ </li>
+ <li>
+ <a href="../../" title="Commons">
+ Commons</a>
+ </li>
+ </ul>
+</div>
+ </div>
+ </div>
+ </div>
+
+ <div class="container-fluid">
+ <table class="layout-table">
+ <tr>
+ <td class="sidebar">
+ <div class="well sidebar-nav">
+ <ul class="nav nav-list">
+ <li class="nav-header">Commons IO</li>
+ <li class="none">
+ <a href="index.html" title="About">
+ About</a>
+ </li>
+ <li class="none">
+ <a href="mail-lists.html" title="Asking Questions">
+ Asking Questions</a>
+ </li>
+ <li class="none">
+ <a href="changes.html" title="Release History">
+ Release History</a>
+ </li>
+ <li class="none">
+ <a href="issue-management.html" title="Issue Tracking">
+ Issue Tracking</a>
+ </li>
+ <li class="none">
+ <a href="dependency-info.html" title="Dependency Management">
+ Dependency Management</a>
+ </li>
+ <li class="none">
+ <a href="scm.html" title="Sources">
+ Sources</a>
+ </li>
+ <li class="none active">
+ <a href="security.html" title="Security">
+ Security</a>
+ </li>
+ <li class="none">
+ <a href="https://www.apache.org/licenses/LICENSE-2.0";
class="externalLink" title="License">
+ License</a>
+ </li>
+ <li class="none">
+ <a
href="https://www.apache.org/foundation/policies/conduct.html";
class="externalLink" title="Code of Conduct">
+ Code of Conduct</a>
+ </li>
+ <li class="none">
+ <a href="download_io.cgi" title="Download">
+ Download</a>
+ </li>
+
<li class="expanded">
+ <a href="" title="Javadoc">
+ Javadoc</a>
+ <ul>
+ <li class="none">
+ <a href="apidocs/index.html" title="Javadoc Current">
+ Javadoc Current</a>
+ </li>
+ <li class="none">
+ <a href="https://javadoc.io/doc/commons-io/commons-io";
class="externalLink" title="Javadoc Archive">
+ Javadoc Archive</a>
+ </li>
+ </ul>
+ </li>
+ <li class="none">
+ <a href="description.html" title="Users guide">
+ Users guide</a>
+ </li>
+ <li class="none">
+ <a href="bestpractices.html" title="Best practices">
+ Best practices</a>
+ </li>
+ <li class="none">
+ <a href="building.html" title="Building">
+ Building</a>
+ </li>
+ <li class="none">
+ <a href="proposal.html" title="Proposal">
+ Proposal</a>
+ </li>
+ </ul>
+ <ul class="nav nav-list">
+ <li class="nav-header">Project
Documentation</li>
+
<li class="collapsed">
+ <a href="project-info.html" title="Project Information">
+ Project Information</a>
+ </li>
+
<li class="collapsed">
+ <a href="project-reports.html" title="Project Reports">
+ Project Reports</a>
+ </li>
+ </ul>
+ <ul class="nav nav-list">
+ <li class="nav-header">Commons</li>
+ <li class="none">
+ <a href="../../" title="Home">
+ Home</a>
+ </li>
+ <li class="none">
+ <a href="https://www.apache.org/licenses/";
class="externalLink" title="License">
+ License</a>
+ </li>
+
<li class="collapsed">
+ <a href="../../components.html" title="Components">
+ Components</a>
+ </li>
+
<li class="collapsed">
+ <a href="../../sandbox/index.html" title="Sandbox">
+ Sandbox</a>
+ </li>
+
<li class="collapsed">
+ <a href="../../dormant/index.html" title="Dormant">
+ Dormant</a>
+ </li>
+ </ul>
+ <ul class="nav nav-list">
+ <li class="nav-header">General Information</li>
+ <li class="none">
+ <a href="../../security.html" title="Security">
+ Security</a>
+ </li>
+ <li class="none">
+ <a href="../../volunteering.html" title="Volunteering">
+ Volunteering</a>
+ </li>
+ <li class="none">
+ <a href="../../patches.html" title="Contributing Patches">
+ Contributing Patches</a>
+ </li>
+ <li class="none">
+ <a href="../../building.html" title="Building Components">
+ Building Components</a>
+ </li>
+ <li class="none">
+ <a href="../../commons-parent-pom.html" title="Commons
Parent POM">
+ Commons Parent POM</a>
+ </li>
+ <li class="none">
+ <a href="../../build-plugin/index.html" title="Commons Build
Plugin">
+ Commons Build Plugin</a>
+ </li>
+ <li class="none">
+ <a href="../../release-plugin/index.html" title="Commons
Release Plugin">
+ Commons Release Plugin</a>
+ </li>
+ <li class="none">
+ <a href="../../site-publish.html" title="Site Publication">
+ Site Publication</a>
+ </li>
+ <li class="none">
+ <a href="../../releases/index.html" title="Releasing
Components">
+ Releasing Components</a>
+ </li>
+ <li class="none">
+ <a
href="https://cwiki.apache.org/confluence/display/commons/FrontPage";
class="externalLink" title="Wiki">
+ Wiki</a>
+ </li>
+ </ul>
+ <ul class="nav nav-list">
+ <li class="nav-header">ASF</li>
+ <li class="none">
+ <a
href="https://www.apache.org/foundation/how-it-works.html"; class="externalLink"
title="How the ASF works">
+ How the ASF works</a>
+ </li>
+ <li class="none">
+ <a href="https://www.apache.org/foundation/getinvolved.html";
class="externalLink" title="Get Involved">
+ Get Involved</a>
+ </li>
+ <li class="none">
+ <a href="https://www.apache.org/dev/"; class="externalLink"
title="Developer Resources">
+ Developer Resources</a>
+ </li>
+ <li class="none">
+ <a
href="https://www.apache.org/foundation/policies/conduct.html";
class="externalLink" title="Code of Conduct">
+ Code of Conduct</a>
+ </li>
+ <li class="none">
+ <a
href="https://privacy.apache.org/policies/privacy-policy-public.html";
class="externalLink" title="Privacy">
+ Privacy</a>
+ </li>
+ <li class="none">
+ <a href="https://www.apache.org/foundation/sponsorship.html";
class="externalLink" title="Sponsorship">
+ Sponsorship</a>
+ </li>
+ <li class="none">
+ <a href="https://www.apache.org/foundation/thanks.html";
class="externalLink" title="Thanks">
+ Thanks</a>
+ </li>
+ </ul>
+ </div>
+ <div id="poweredBy">
+
<a
href="https://www.apache.org/events/current-event.html"; title="ApacheCon"
class="builtBy">
+ <img class="builtBy" alt="ApacheCon"
src="https://www.apache.org/events/current-event-125x125.png"; />
+ </a>
+
<a href="https://maven.apache.org/"; title="Maven"
class="builtBy">
+ <img class="builtBy" alt="Maven"
src="https://maven.apache.org/images/logos/maven-feather.png"; />
+ </a>
+ </div>
+ </td>
+ <td class="content">
+
+
+ <section><a id="About_Security"></a>
+<h1>About Security</h1>
+
+<p>
+ For information about reporting or asking questions about security,
please see
+ <a href="https://commons.apache.org/security.html";
class="externalLink">Apache Commons Security</a>
+ .
+ </p>
+
+<p>This page lists all security vulnerabilities fixed in released versions of
this component.
+ </p>
+
+<p>Please note that binary patches are never provided. If you need to apply a
source code patch, use the building instructions for the component version
+ that you are using.
+ </p>
+
+<p>
+ If you need help on building this component or other help on following
the instructions to mitigate the known vulnerabilities listed here, please send
+ your questions to the
+ public
+ <a href="mail-lists.html">user mailing list</a>
+ .
+ </p>
+
+<p>If you have encountered an unlisted security vulnerability or other
unexpected behavior that has security impact, or if the descriptions here are
+ incomplete, please report
+ them privately to the Apache Security Team. Thank you.
+ </p>
+ </section>
+ <section><a id="Security_Vulnerabilities"></a>
+<h1>Security Vulnerabilities</h1>
+ <section><a id="CVE-2024-47554"></a>
+<h2>CVE-2024-47554</h2>
+
+<ul>
+
+<li>CVE-2024-47554: Uncontrolled Resource Consumption vulnerability in Apache
Commons IO.</li>
+
+<li>Severity: Low</li>
+
+<li>Vendor: The Apache Software Foundation</li>
+
+<li>Versions Affected: Apache Commons IO 2.0 before 2.14.0.</li>
+
+<li>Description: The org.apache.commons.io.input.XmlStreamReader class may
excessively consume CPU resources when processing maliciously crafted input.
+ </li>
+
+<li>Mitigation: Users are recommended to upgrade to version 2.14.0 or later,
which fixes the issue.</li>
+
+<li>Credit: CodeQL (tool).</li>
+ </ul>
+ </section>
+ </section>
+
+
+ </td>
+ </tr>
+ </table>
+ </div>
+
+ <div class="footer">
+ <p>Copyright © 2002-2025
+ <a href="https://www.apache.org/";>The Apache Software
Foundation</a>.
+ All Rights Reserved.</p>
+ </div>
+ </body>
+
+</html>
![https://www.apache.org/events/current-event-125x125.png"](https://www.apache.org/events/current-event-125x125.png"){kind=link}
![https://maven.apache.org/images/logos/maven-feather.png"](https://maven.apache.org/images/logos/maven-feather.png"){kind=link}