…rafted URLs could lead to exposure of sensitive information.
PR Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
[X] Title of the PR starts with installer/product name (e.g. [ansible/artifactory])
[X] CHANGELOG.md updated
[ ] Variables and other changes are documented in the README.md
What this PR does / why we need it:
Below Information is specifically for the Artifactory Version 7.59.9 and above:
The security of your data is the highest priority for JFrog. As such, and in the spirit of open communication, we are writing to inform you of a newly-discovered security vulnerability that affects JFrog Artifactory.
Description
Due to this vulnerability, in some circumstances, user interaction with specially-crafted URLs could lead to data exposure unless corrective action is taken.
For JFrog Self-hosted installations
Versions affected
JFrog Artifactory versions 7.59 and above.
Remediation
The JFrog team has taken immediate action and released fixes for the affected JFrog Artifactory self-hosted versions with the following patches:
7.59.18, 7.63.18, 7.68.19, 7.71.8
JIRA Issue: JA-7492- Fixed a security issue whereby, interacting with specially crafted URLs could lead to exposure of sensitive information.
To fix this issue, you must upgrade your version of JFrog Artifactory to one of the remediating versions.
This PR also includes a fix for #357
Special notes for your reviewer:
Anuraj Nair is in on this one.
…rafted URLs could lead to exposure of sensitive information.
PR Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
[ansible/artifactory])What this PR does / why we need it:
Below Information is specifically for the Artifactory Version 7.59.9 and above:
The security of your data is the highest priority for JFrog. As such, and in the spirit of open communication, we are writing to inform you of a newly-discovered security vulnerability that affects JFrog Artifactory.
Description
Due to this vulnerability, in some circumstances, user interaction with specially-crafted URLs could lead to data exposure unless corrective action is taken.
For JFrog Self-hosted installations
Versions affected JFrog Artifactory versions 7.59 and above.
Remediation The JFrog team has taken immediate action and released fixes for the affected JFrog Artifactory self-hosted versions with the following patches: 7.59.18, 7.63.18, 7.68.19, 7.71.8
JIRA Issue: JA-7492- Fixed a security issue whereby, interacting with specially crafted URLs could lead to exposure of sensitive information.
To fix this issue, you must upgrade your version of JFrog Artifactory to one of the remediating versions.
This PR also includes a fix for #357
Special notes for your reviewer: Anuraj Nair is in on this one.