jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-02-03 00:02:00 -05:00
Code Issues Projects Releases Wiki Activity

Merge pull request #24076 from github/repo-sync

Browse Source 
repo sync
This commit is contained in:
Octomerger Bot
2023-02-22 03:01:15 -08:00
committed by GitHub
parent ce120b9594 d42c439a2e
commit cfef1aa81a
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
content/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry.md
View File

@@ -167,7 +167,7 @@ For more information on creating a package, see the [maven.apache.org documentat
## Installing a package
To install an Apache Maven package from {% data variables.product.prodname_registry %}, edit the *pom.xml* file to include the package as a dependency. If you want to install packages from more than one repository, add a `repository` tag for each. For more information on using a *pom.xml* file in your project, see "[Introduction to the POM](https://maven.apache.org/guides/introduction/introduction-to-the-pom.html)" in the Apache Maven documentation.
To install an Apache Maven package from {% data variables.product.prodname_registry %}, edit the *pom.xml* file to include the package as a dependency. If you want to install packages from any repository for a specified repository owner, use a repository URL like `https://{% ifversion fpt or ghec %}maven.pkg.github.com{% else %}maven.HOSTNAME{% endif %}/OWNER/*`. For more information on using a *pom.xml* file in your project, see "[Introduction to the POM](https://maven.apache.org/guides/introduction/introduction-to-the-pom.html)" in the Apache Maven documentation.
{% data reusables.package_registry.authenticate-step %}
2. Add the package dependencies to the `dependencies` element of your project *pom.xml* file, replacing `com.example:test` with your package.

2
data/release-notes/enterprise-server/3-7/6.yml
View File

@@ -4,7 +4,7 @@ sections:
- |
**HIGH**: Updated Git to include fixes from 2.39.2, which address [CVE-2023-22490](https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q) and [CVE-2023-23946](https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh).
- |
**HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/).
**HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-22380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22380).
- Packages have been updated to the latest security versions.
bugs:
- When using a VPC endpoint URL as an AWS S3 URL for GitHub Packages, publication and installation of packages failed.