diff --git a/docs/.vuepress/components/ELSTechnology.vue b/docs/.vuepress/components/ELSTechnology.vue index cfebc43c7..37e13fdd0 100644 --- a/docs/.vuepress/components/ELSTechnology.vue +++ b/docs/.vuepress/components/ELSTechnology.vue @@ -275,6 +275,11 @@ const techData = [ versions: "3.0.0", link: "./java-libraries/", }, + { + name: "Elasticsearch", + versions: "7.16.3", + link: "./elasticsearch/", + }, { name: "excel-streaming-reader", versions: "5.0.2", @@ -320,6 +325,11 @@ const techData = [ versions: "5.11.10.Final", link: "./hibernate/", }, + { + name: "HPPC", + versions: "0.8.1", + link: "./java-libraries/", + }, { name: "HtmlUnit", versions: "2.70.0", @@ -597,7 +607,7 @@ const techData = [ }, { name: "Eclipse Jetty", - versions: "8.2.0.v20160908 | 9.2.16.v20160414 | 9.4.24.v20191120 | 9.4.48.v20220622 | 9.4.53.v20231009 | 9.4.57.v20241219 | 9.4.58.v20250814 | 9.4.59 | 9.4.60 | 10.0.26 | 10.0.27 | 10.0.28 | 11.0.19 | 11.0.26 | 11.0.27 | 11.0.28", + versions: "7.6.0.v20120127 | 8.2.0.v20160908 | 9.2.16.v20160414 | 9.4.24.v20191120 | 9.4.41.v20210516 | 9.4.48.v20220622 | 9.4.50.v20221201 | 9.4.53.v20231009 | 9.4.57.v20241219 | 9.4.58.v20250814 | 9.4.59 | 9.4.60 | 9.4.61 | 9.4.62 | 10.0.26 | 10.0.27 | 10.0.28 | 10.0.29 | 10.0.30 | 11.0.19 | 11.0.26 | 11.0.27 | 11.0.28 | 11.0.29 | 11.0.30", link: "./jetty/", }, { @@ -673,7 +683,7 @@ const techData = [ }, { name: "axios", - versions: "0.15.3 | 0.18.1 | 0.19.2 | 0.21.1 | 0.21.4 | 0.24.0 | 0.27.2 | 0.33.0", + versions: "0.15.3 | 0.18.1 | 0.19.2 | 0.21.1 | 0.21.4 | 0.24.0 | 0.26.1 | 0.27.2 | 0.33.0 | 1.6.2 | 1.6.8", link: "./javascript-libraries/", }, { @@ -1323,7 +1333,7 @@ const techData = [ }, { name: "pdfjs-dist", - versions: "2.16.105 | 3.11.174", + versions: "2.14.305 | 2.16.105 | 3.11.174", link: "./javascript-libraries/", }, { @@ -2131,12 +2141,17 @@ const techData = [ { name: "Zend Framework 1", versions: "1.12.10", - link: "./zendframework-zf1/", + link: "./zendframework/", + }, + { + name: "Zend Framework", + versions: "2.4.13", + link: "./zendframework/", }, { name: "Zend HTTP", versions: "2.5.6", - link: "./zendframework-zend-http/", + link: "./zendframework/", }, ], }, diff --git a/docs/.vuepress/config-client/sidebar.ts b/docs/.vuepress/config-client/sidebar.ts index 38d048353..4a44d6371 100644 --- a/docs/.vuepress/config-client/sidebar.ts +++ b/docs/.vuepress/config-client/sidebar.ts @@ -170,6 +170,10 @@ export default { path: '/els-for-libraries/apache-velocity-engine/', icon: '/images/velocity-logo.webp', }, + { + path: '/els-for-libraries/elasticsearch/', + icon: '/images/TuxCare_color_icon.webp', + }, { path: '/els-for-libraries/hibernate/', icon: '/images/hibernate.webp', @@ -345,11 +349,7 @@ export default { icon: '/images/symfony-logo.webp', }, { - path: '/els-for-libraries/zendframework-zf1/', - icon: '/images/zf1.webp', - }, - { - path: '/els-for-libraries/zendframework-zend-http/', + path: '/els-for-libraries/zendframework/', icon: '/images/zf1.webp', }, { diff --git a/docs/.vuepress/routes.json b/docs/.vuepress/routes.json index 4461072f0..03d429eec 100644 --- a/docs/.vuepress/routes.json +++ b/docs/.vuepress/routes.json @@ -221,5 +221,7 @@ "/els-for-libraries/symfony-process/": "/els-for-libraries/symfony/", "/els-for-libraries/apache-lucene/": "/els-for-libraries/apache-lucene-and-solr/", "/els-for-libraries/grafana/": "/els-for-applications/grafana/", - "/els-for-libraries/loki/": "/els-for-applications/loki/" + "/els-for-libraries/loki/": "/els-for-applications/loki/", + "/els-for-libraries/zendframework-zf1/": "/els-for-libraries/zendframework/", + "/els-for-libraries/zendframework-zend-http/": "/els-for-libraries/zendframework/" } diff --git a/docs/els-for-libraries/elasticsearch/README.md b/docs/els-for-libraries/elasticsearch/README.md new file mode 100644 index 000000000..55badb9c0 --- /dev/null +++ b/docs/els-for-libraries/elasticsearch/README.md @@ -0,0 +1,164 @@ +# Elasticsearch + +TuxCare's Endless Lifecycle Support (ELS) for Elasticsearch provides security patches and selected bug fixes that are integral to the stable operation of applications running on the Elasticsearch Java client libraries. + +## Supported Versions + +* Elasticsearch 7.16.3 + +Other versions upon request. + +## Installation + + + +* **Maven** or **Gradle** build tool installed +* Nexus repository access credentials (username and password) — contact [sales@tuxcare.com](mailto:sales@tuxcare.com) +* To browse available artifacts, visit TuxCare [Nexus](https://nexus.repo.tuxcare.com/#browse/browse:els_java) and click Sign in in the top right corner. You may need to refresh the page after logging in. + + + + + +1. **Navigate to the build tool directory** + * Windows + ```text + Maven: C:\Users\{username}\.m2 + Gradle: C:\Users\{username}\.gradle + ``` + * macOS + ```text + Maven: /Users/{username}/.m2 + Gradle: /Users/{username}/.gradle + ``` + * Linux + ```text + Maven: /home/{username}/.m2 + Gradle: /home/{username}/.gradle + ``` + +2. **Configure credentials** + + :::tip + For Maven, you may choose any valid `` value instead of `tuxcare-registry`, but the same value must be used in both `settings.xml` and `pom.xml`. + ::: + + + + Replace `USERNAME` and `PASSWORD` with your TuxCare credentials (see [Prerequisites](#prerequisites) above). + +3. **Add the TuxCare repository** + + Add the TuxCare Elasticsearch repository and plugins to your build configuration. + + + + * To fully switch from the official Elasticsearch repository, replace it with the TuxCare repository. + * To keep both, add TuxCare after the official one. + + :::tip + Example **[Maven](https://github.com/cloudlinux/securechain-java/tree/main/examples/maven)** and **[Gradle](https://github.com/cloudlinux/securechain-java/tree/main/examples/gradle)** projects are available on GitHub. Ensure the required environment variables are set. + ::: + +4. **Update dependencies** + + Replace Elasticsearch dependencies with TuxCare-maintained versions. You can find artifact versions on [Nexus](https://nexus.repo.tuxcare.com/#browse/browse:els_java) — sign in with your TuxCare credentials. + + + +5. **Verify and build** + + Verify the setup: + + + + Build the project: + + + + The build tool should be able to identify and resolve dependencies from the TuxCare ELS for Elasticsearch repository. + + + + +## What's Next? + + + +* ![](/images/eye.webp) [CVE Tracker](https://tuxcare.com/cve-tracker/?product=Elasticsearch) — Track vulnerability fixes and updates +* ![](/images/shield.webp) [Available fixes](https://tuxcare.com/cve-tracker/fixes?product=Elasticsearch) — Patched versions and changelogs +* ![](/images/clipboard-notes.webp) [Supported components](https://tuxcare.com/cve-tracker/products?product=Elasticsearch) — Full list of product parts covered by ELS +* ![](/images/shield-alert.webp) [VEX feed](https://security.tuxcare.com/vex/cyclonedx/els_lang_java/org.elasticsearch/) — Vulnerability Exploitability eXchange feed +* ![](/images/unlock-alt.webp) [Source code](/els-for-libraries/managing-els-repository/#javaSources) — Access source JARs in Nexus +* ![](/images/bolt.webp) [Package updates](/els-for-libraries/managing-els-repository/#java) — Update an installed package to a newer TuxCare release + + + + diff --git a/docs/els-for-libraries/java-libraries/README.md b/docs/els-for-libraries/java-libraries/README.md index e38e4814c..51238c1ac 100644 --- a/docs/els-for-libraries/java-libraries/README.md +++ b/docs/els-for-libraries/java-libraries/README.md @@ -37,6 +37,7 @@ Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fix * **Google OAuth Client** 1.25.0 * **H2 Database** 1.4.200 * **Hazelcast** 4.2.8 +* **HPPC** 0.8.1 * **HtmlUnit** 2.70.0 * **iText** 2.1.7 * **JasperReports** 3.7.4 diff --git a/docs/els-for-libraries/javascript-libraries/README.md b/docs/els-for-libraries/javascript-libraries/README.md index 0d58982fb..0140edef1 100644 --- a/docs/els-for-libraries/javascript-libraries/README.md +++ b/docs/els-for-libraries/javascript-libraries/README.md @@ -13,7 +13,7 @@ Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fix * **ansi-html** 0.0.7 * **ansi-regex** 3.0.0 * **async** 2.6.1, 2.6.3 -* **axios** 0.15.3, 0.18.1, 0.19.2, 0.21.1, 0.21.4, 0.24.0, 0.27.2, 0.33.0 +* **axios** 0.15.3, 0.18.1, 0.19.2, 0.21.1, 0.21.4, 0.24.0, 0.26.1, 0.27.2, 0.33.0, 1.6.2, 1.6.8 * **azure-identity** 4.0.1 * **babel-helpers** 7.15.4, 7.24.0, 7.24.1, 7.25.6, 7.26.0 * **babel-plugin-transform-modules-systemjs** 7.15.4, 7.23.9, 7.24.1, 7.25.0 @@ -123,7 +123,7 @@ Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fix * **parse-git-config** 3.0.0 * **parsejson** 0.0.3 * **path-to-regexp** 0.1.3, 0.1.12 -* **pdfjs-dist** 2.16.105, 3.11.174 +* **pdfjs-dist** 2.14.305, 2.16.105, 3.11.174 * **picocolors** 0.2.1 * **picomatch** 2.3.1, 4.0.2 * **prismjs** 1.27.0, 1.29.0 diff --git a/docs/els-for-libraries/jetty/README.md b/docs/els-for-libraries/jetty/README.md index f22098006..d30857699 100644 --- a/docs/els-for-libraries/jetty/README.md +++ b/docs/els-for-libraries/jetty/README.md @@ -4,7 +4,7 @@ TuxCare's Endless Lifecycle Support (ELS) for Eclipse Jetty provides security pa ## Supported Versions -* Eclipse Jetty 8.2.0.v20160908, 9.2.16.v20160414, 9.4.24.v20191120, 9.4.48.v20220622, 9.4.53.v20231009, 9.4.57.v20241219, 9.4.58.v20250814, 9.4.59, 9.4.60, 10.0.26, 10.0.27, 10.0.28, 11.0.19, 11.0.26, 11.0.27, 11.0.28 +* Eclipse Jetty 7.6.0.v20120127, 8.2.0.v20160908, 9.2.16.v20160414, 9.4.24.v20191120, 9.4.41.v20210516, 9.4.48.v20220622, 9.4.50.v20221201, 9.4.53.v20231009, 9.4.57.v20241219, 9.4.58.v20250814, 9.4.59, 9.4.60, 9.4.61, 9.4.62, 10.0.26, 10.0.27, 10.0.28, 10.0.29, 10.0.30, 11.0.19, 11.0.26, 11.0.27, 11.0.28, 11.0.29, 11.0.30 ## Installation diff --git a/docs/els-for-libraries/zendframework-zend-http/README.md b/docs/els-for-libraries/zendframework-zend-http/README.md deleted file mode 100644 index 54069f1a9..000000000 --- a/docs/els-for-libraries/zendframework-zend-http/README.md +++ /dev/null @@ -1,164 +0,0 @@ -# Zend HTTP - -Endless Lifecycle Support (ELS) for Zend HTTP from TuxCare provides security fixes for Zend HTTP library versions that have reached their end-of-life. This allows you to continue running your applications without vulnerability concerns, even after official support has ended. - -## Supported Versions - -* **Zend HTTP** 2.5.6 - -Other versions upon request. - -## Installation - - - -* Nexus repository access credentials (username and password) — contact [sales@tuxcare.com](mailto:sales@tuxcare.com) -* To browse available artifacts, visit TuxCare [Nexus](https://nexus.repo.tuxcare.com/#browse/browse:els_php) and click Sign in in the top right corner. You may need to refresh the page after logging in. - - - - - -1. Locate the `auth.json` file - - Composer reads credentials from a per-user `auth.json`. Create or edit the file at: - - * **Linux/macOS**: - - ``` - ~/.composer/auth.json - ``` - - * **Windows**: - - ``` - %APPDATA%\Composer\auth.json - ``` - -2. Add your TuxCare credentials - - Use either the Composer CLI or edit `auth.json` directly to add credentials for `nexus.repo.tuxcare.com`: - - - - Replace `USERNAME` and `PASSWORD` with your TuxCare credentials (see [Prerequisites](#prerequisites) above). - -3. Register the TuxCare repository - - Add the `els_php` Composer repository either via CLI or by editing `composer.json`: - - - -4. Install Zend HTTP - - Install the TuxCare-maintained Zend HTTP release that matches your project: - - - - **Check the exact version listed in your TuxCare Nexus account to ensure you receive the most recent patched release.** - - :::tip - - If you edited `composer.json` manually, run `composer update` to install the package: - - ``` - composer update - ``` - - Composer will resolve dependencies against the TuxCare repository and install the patched releases. - - ::: - - - -### Composer Repository Configuration - -If you encounter dependency resolution errors like: - -`packages from higher priority repository do not match your constraint` - -it usually means your project requires a package version that is not yet available in the TuxCare repository. - -**Solution**: Update your `composer.json` to set the TuxCare repository as non-canonical: - -``` -{ - "repositories": [ - { - "type": "composer", - "url": "https://nexus.repo.tuxcare.com/repository/els_php/", - "canonical": false - } - ] -} -``` - -This allows Composer to fall back to Packagist for packages not available in the TuxCare repository, while still preferring TuxCare patches when available. - -## Resolved CVEs - -Fixes for the following vulnerabilities are available in ELS for Zend HTTP from TuxCare: - -| CVE ID | Fixed in version | -|-----------------------|--------------------| -| CVE-2021-3007 | 2.5.6-p2+tuxcare | -| GHSA-cg8w-5jrc-675g | 2.5.6-p2+tuxcare | - -## What's Next? - - - -* ![](/images/eye.webp) [CVE Tracker](https://tuxcare.com/cve-tracker/?q=zendframework%2Fzend-http) — Track vulnerability fixes and updates -* ![](/images/bolt.webp) [Available fixes](https://tuxcare.com/cve-tracker/fixes?q=zendframework%2Fzend-http) — Patched versions and changelogs -* ![](/images/shield-alert.webp) [VEX feed](https://security.tuxcare.com/vex/cyclonedx/els_lang_php/zendframework/zend-http/) — Vulnerability Exploitability eXchange feed -* ![](/images/wrench.webp) [Package updates](/els-for-libraries/managing-els-repository/#PHP) — Upgrade to a newer version - - - - diff --git a/docs/els-for-libraries/zendframework-zf1/README.md b/docs/els-for-libraries/zendframework/README.md similarity index 66% rename from docs/els-for-libraries/zendframework-zf1/README.md rename to docs/els-for-libraries/zendframework/README.md index 66a59c1d3..7ee4203d7 100644 --- a/docs/els-for-libraries/zendframework-zf1/README.md +++ b/docs/els-for-libraries/zendframework/README.md @@ -1,10 +1,12 @@ -# Zend Framework 1 +# Zend Framework -Endless Lifecycle Support (ELS) for Zend Framework 1 from TuxCare provides security fixes for Zend Framework 1 versions that have reached their end-of-life. This allows you to continue running your applications without vulnerability concerns, even after official support has ended. +Endless Lifecycle Support (ELS) for Zend Framework from TuxCare provides security fixes for end-of-life Zend Framework packages. This allows you to continue running your applications without vulnerability concerns, even after official support has ended. ## Supported Versions * **Zend Framework 1** 1.12.10 +* **Zend Framework** 2.4.13 +* **Zend HTTP** 2.5.6 Other versions upon request. @@ -23,14 +25,14 @@ Other versions upon request. Composer reads credentials from a per-user `auth.json`. Create or edit the file at: - * **Linux/macOS**: - + * **Linux/macOS**: + ``` ~/.composer/auth.json ``` * **Windows**: - + ``` %APPDATA%\Composer\auth.json ``` @@ -55,25 +57,51 @@ Other versions upon request. { title: 'composer.json', content: composerjson } ]" /> -4. Install Zend Framework 1 +4. Install the package + + Select your package, then install the TuxCare-maintained release that matches your project: + + + + - Install the TuxCare-maintained Zend Framework 1 release that matches your project: + + + + + + **Check the exact version listed in your TuxCare Nexus account to ensure you receive the most recent patched release.** :::tip If you edited `composer.json` manually, run `composer update` to install the package: - + ``` composer update ``` - + Composer will resolve dependencies against the TuxCare repository and install the patched releases. ::: @@ -106,25 +134,42 @@ This allows Composer to fall back to Packagist for packages not available in the ## Resolved CVEs -Fixes for the following vulnerabilities are available in ELS for Zend Framework 1 from TuxCare: +Fixes for the following vulnerabilities are available in ELS for Zend Framework from TuxCare: - + -