Siddesh BG's Build Release Config mgmt Blog

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday, 30 August 2012

Security vulnerabilities in Nexus Pre-2.1 releases

Posted on 04:32 by Unknown

Sonatype posted security vulnerabilities in Nexus releases prior to 2.1 and recommending upgrade to latest release (i.e. 2.1)
We areusing the nexus version  2.0.6 OSS. Considering this alert, I’m planning to upgrade soon.

Here is the quote from sonatype
“Unless you want to risk exposing a secure credential, get hacked via some XML, or suffer a denial of service attack via our Artifactory bridge, you probably want to upgrade to Nexus 2.1 right now.”

Refer the link http://www.sonatype.com/people/2012/08/dogfooding-sonatype-insight-we-found-vulnerabilities-in-nexus/#more-11947for details.

I hope they are not marketing Sonatype Insight with this alert J
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home
View mobile version

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Solution to Project Euler Problem 10 - Find the sum of all the primes below two million
    http://projecteuler.net/problem=10 Problem The sum of the primes below 10 is 2 + 3 + 5 + 7 = 17. Find the sum of all the primes below two mi...
  • Fortify scan automation steps for analyzing c/c++ code (Makefiles)
    I wrote in my previous blog about installing and configuring Fortify client. This blog presents standard steps to automate fortify scan for ...
  • Posting a JIRA bug using Perl Mechanize
    Perl provides modules which can be used as command line browser to automate tasks dependent on web pages. Among them LWP and mechanize are i...
  • jenkins error: java.io.IOException: Authentication method password not supported by the server at this stage
    When I tried to add a node to jenkins/hudson using ssh as launch method, the authentication keeps on failing with the below error. [12/15/11...
  • Unable to resolve target system name - a DNS problem
    I was not able to ping to any machines from my Windows 2003 server. I did following steps to debug & resolve the issue, which was relate...
  • Installing and configuring Fortify on Linux and Windows machines
    Installing Fortify on Linux (RHEL 5 32 bit) Download Fortify archive Fortify-360-2.6.5-Analyzers_and_Apps-Linux-x86.tar.gz and extract it to...
  • Perforce - can't edit exclusive file already opened
    In perforce, whenever a binary file like doc, xls or ppt files are checked out, it is opened in exclusive lock mode. So no other person can ...
  • Perforce and cygwin
    Are you a command-line freak ? Do you want your automated shell scripts to run on Windows ? Do you wish to work with Perforce commands on Cy...
  • Using BUILD_LOG_REGEX in jenkins email notification
    Jenkins provide 'Email-ext' plugin, which  allows to configure every aspect of email notifications. One of my requirement is to send...
  • 0509-036 Cannot load program p4 because of the following errors
    Here is the full description of error ............ bash-3.00# p4 info exec(): 0509-036 Cannot load program p4 because of the following error...

Categories

  • AIX
  • AIX ssh
  • ANT
  • apache
  • appliance
  • awk
  • branching
  • build-failures
  • cgi-perl
  • code-signing
  • commands
  • continuous Integration
  • cvs
  • cygwin
  • DNS
  • Drupal
  • EPM
  • euler
  • Fortify
  • hadoop
  • hpux
  • html
  • InstallShield
  • iptables
  • iso
  • jenkins-hudson
  • Jira
  • kiwi
  • linux
  • Makefile
  • maven
  • Miscellaneous
  • mysql
  • nexus
  • NFS
  • package
  • Perforce
  • Perl
  • php
  • rbuilder
  • rpath
  • rpm
  • rsync
  • Solaris
  • ssh
  • SuseStudio
  • tinderbox
  • unix
  • Visual studio 2008
  • vmware
  • war
  • webserver
  • wget
  • windows
  • xterm

Blog Archive

  • ►  2013 (12)
    • ►  December (1)
    • ►  July (2)
    • ►  April (2)
    • ►  March (2)
    • ►  February (3)
    • ►  January (2)
  • ▼  2012 (43)
    • ►  December (2)
    • ►  November (1)
    • ►  October (4)
    • ►  September (7)
    • ▼  August (5)
      • Security vulnerabilities in Nexus Pre-2.1 releases
      • Secrets of innovation - Carmine Gallo
      • The presentation secrets of steve jobs - Carmine G...
      • How to customize MANIFEST files in WAR using Maven?
      • How to create java war (web archive) file using Ma...
    • ►  July (4)
    • ►  June (2)
    • ►  May (3)
    • ►  April (4)
    • ►  March (3)
    • ►  February (1)
    • ►  January (7)
  • ►  2011 (23)
    • ►  December (4)
    • ►  November (9)
    • ►  October (4)
    • ►  September (1)
    • ►  June (2)
    • ►  May (1)
    • ►  April (1)
    • ►  March (1)
  • ►  2010 (15)
    • ►  December (2)
    • ►  November (1)
    • ►  September (3)
    • ►  April (1)
    • ►  February (6)
    • ►  January (2)
  • ►  2009 (28)
    • ►  November (5)
    • ►  October (3)
    • ►  September (2)
    • ►  August (1)
    • ►  July (1)
    • ►  June (5)
    • ►  May (3)
    • ►  April (1)
    • ►  February (2)
    • ►  January (5)
  • ►  2008 (20)
    • ►  December (6)
    • ►  November (3)
    • ►  October (1)
    • ►  September (1)
    • ►  July (8)
    • ►  June (1)
Powered by Blogger.

About Me

Unknown
View my complete profile