diff options
| author | Mickael Istria | 2021-10-07 11:26:07 +0000 |
|---|---|---|
| committer | Mickael Istria | 2021-10-07 11:26:07 +0000 |
| commit | 47e5088b92d8ecda9b3cf6e9bc559392bd0426ba (patch) | |
| tree | d864cba40534e5e138a29e9f1363217da7aefd1a | |
| parent | d46f0c0f17b21e98ab98991b8176d7483d37d6e4 (diff) | |
| download | news-47e5088b92d8ecda9b3cf6e9bc559392bd0426ba.tar.gz news-47e5088b92d8ecda9b3cf6e9bc559392bd0426ba.tar.xz news-47e5088b92d8ecda9b3cf6e9bc559392bd0426ba.zip | |
Add N&N about p2 warning when installating from http or using md5
| -rw-r--r-- | 4.22/platform_isv.html | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/4.22/platform_isv.html b/4.22/platform_isv.html index 1f06495b..5b67f0c9 100644 --- a/4.22/platform_isv.html +++ b/4.22/platform_isv.html @@ -90,9 +90,30 @@ try { <li>On last tree item removal.</li> </ul> </td> + </tr> <!-- *********************** End of SWT *********************** --> + <!-- *********************** p2 *********************** --> + + <tr> + <td id="p2" class="section" colspan="2"><h2>p2 Changes</h2></td> + </tr> + + <tr id="logUnsafe"> <!-- https://bugs.eclipse.org/bugs/show_bug.cgi?id=576429 https://bugs.eclipse.org/bugs/show_bug.cgi?id=576428 --> + <td class="title">Log unsafe transport or verification technologies used at installation</td> + <td class="content"> + When installing from a repository, p2 now logs a warning in case some technologies used for the installation are considered unsafe. + Here are the cases covered so far and that will trigger a logged warning: + <ul> + <li><code>http</code> repositories are used (<code>http</code> repositories expose to CVE-2021-41033)</li> + <li>Artifact checksums are either missing, or none of the available digest algorithms is considered safe (eg md5).</li> + </ul> + </td> + </tr> + <!-- *********************** End of p2 *********************** --> + + </tbody> </table> <!-- ****************** END OF N&N TABLE ****************** --> |