From 13fde6ee5350e8f0f60ad25bf95c1a85e2110fff Mon Sep 17 00:00:00 2001 From: Jamie Cansdale Date: Wed, 22 Feb 2023 10:37:16 +0000 Subject: [PATCH 1/2] Suggest easier way to install from multiple Maven repos (#34893) Co-authored-by: hubwriter --- .../working-with-the-apache-maven-registry.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry.md b/content/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry.md index 12689f52fb..0750a71aed 100644 --- a/content/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry.md +++ b/content/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry.md @@ -167,7 +167,7 @@ For more information on creating a package, see the [maven.apache.org documentat ## Installing a package -To install an Apache Maven package from {% data variables.product.prodname_registry %}, edit the *pom.xml* file to include the package as a dependency. If you want to install packages from more than one repository, add a `repository` tag for each. For more information on using a *pom.xml* file in your project, see "[Introduction to the POM](https://maven.apache.org/guides/introduction/introduction-to-the-pom.html)" in the Apache Maven documentation. +To install an Apache Maven package from {% data variables.product.prodname_registry %}, edit the *pom.xml* file to include the package as a dependency. If you want to install packages from any repository for a specified repository owner, use a repository URL like `https://{% ifversion fpt or ghec %}maven.pkg.github.com{% else %}maven.HOSTNAME{% endif %}/OWNER/*`. For more information on using a *pom.xml* file in your project, see "[Introduction to the POM](https://maven.apache.org/guides/introduction/introduction-to-the-pom.html)" in the Apache Maven documentation. {% data reusables.package_registry.authenticate-step %} 2. Add the package dependencies to the `dependencies` element of your project *pom.xml* file, replacing `com.example:test` with your package. From d42c439a2ef13fe941188676e8297926079c1195 Mon Sep 17 00:00:00 2001 From: Alex Cyphus <983880+ACyphus@users.noreply.github.com> Date: Wed, 22 Feb 2023 04:46:06 -0600 Subject: [PATCH 2/2] Add CVE-2023-22380 detail and link to 3.7.6 release notes (#34930) --- data/release-notes/enterprise-server/3-7/6.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/release-notes/enterprise-server/3-7/6.yml b/data/release-notes/enterprise-server/3-7/6.yml index 77d0f36e2c..b7ab45ae1b 100644 --- a/data/release-notes/enterprise-server/3-7/6.yml +++ b/data/release-notes/enterprise-server/3-7/6.yml @@ -4,7 +4,7 @@ sections: - | **HIGH**: Updated Git to include fixes from 2.39.2, which address [CVE-2023-22490](https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q) and [CVE-2023-23946](https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh). - | - **HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/). + **HIGH**: A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was reported via the [GitHub Bug Bounty Program](https://bounty.github.com/) and has been assigned [CVE-2023-22380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22380). - Packages have been updated to the latest security versions. bugs: - When using a VPC endpoint URL as an AWS S3 URL for GitHub Packages, publication and installation of packages failed.