diff --git a/docs/.vuepress/components/ELSTechnology.vue b/docs/.vuepress/components/ELSTechnology.vue
index cfebc43c7..37e13fdd0 100644
--- a/docs/.vuepress/components/ELSTechnology.vue
+++ b/docs/.vuepress/components/ELSTechnology.vue
@@ -275,6 +275,11 @@ const techData = [
versions: "3.0.0",
link: "./java-libraries/",
},
+ {
+ name: "Elasticsearch",
+ versions: "7.16.3",
+ link: "./elasticsearch/",
+ },
{
name: "excel-streaming-reader",
versions: "5.0.2",
@@ -320,6 +325,11 @@ const techData = [
versions: "5.11.10.Final",
link: "./hibernate/",
},
+ {
+ name: "HPPC",
+ versions: "0.8.1",
+ link: "./java-libraries/",
+ },
{
name: "HtmlUnit",
versions: "2.70.0",
@@ -597,7 +607,7 @@ const techData = [
},
{
name: "Eclipse Jetty",
- versions: "8.2.0.v20160908 | 9.2.16.v20160414 | 9.4.24.v20191120 | 9.4.48.v20220622 | 9.4.53.v20231009 | 9.4.57.v20241219 | 9.4.58.v20250814 | 9.4.59 | 9.4.60 | 10.0.26 | 10.0.27 | 10.0.28 | 11.0.19 | 11.0.26 | 11.0.27 | 11.0.28",
+ versions: "7.6.0.v20120127 | 8.2.0.v20160908 | 9.2.16.v20160414 | 9.4.24.v20191120 | 9.4.41.v20210516 | 9.4.48.v20220622 | 9.4.50.v20221201 | 9.4.53.v20231009 | 9.4.57.v20241219 | 9.4.58.v20250814 | 9.4.59 | 9.4.60 | 9.4.61 | 9.4.62 | 10.0.26 | 10.0.27 | 10.0.28 | 10.0.29 | 10.0.30 | 11.0.19 | 11.0.26 | 11.0.27 | 11.0.28 | 11.0.29 | 11.0.30",
link: "./jetty/",
},
{
@@ -673,7 +683,7 @@ const techData = [
},
{
name: "axios",
- versions: "0.15.3 | 0.18.1 | 0.19.2 | 0.21.1 | 0.21.4 | 0.24.0 | 0.27.2 | 0.33.0",
+ versions: "0.15.3 | 0.18.1 | 0.19.2 | 0.21.1 | 0.21.4 | 0.24.0 | 0.26.1 | 0.27.2 | 0.33.0 | 1.6.2 | 1.6.8",
link: "./javascript-libraries/",
},
{
@@ -1323,7 +1333,7 @@ const techData = [
},
{
name: "pdfjs-dist",
- versions: "2.16.105 | 3.11.174",
+ versions: "2.14.305 | 2.16.105 | 3.11.174",
link: "./javascript-libraries/",
},
{
@@ -2131,12 +2141,17 @@ const techData = [
{
name: "Zend Framework 1",
versions: "1.12.10",
- link: "./zendframework-zf1/",
+ link: "./zendframework/",
+ },
+ {
+ name: "Zend Framework",
+ versions: "2.4.13",
+ link: "./zendframework/",
},
{
name: "Zend HTTP",
versions: "2.5.6",
- link: "./zendframework-zend-http/",
+ link: "./zendframework/",
},
],
},
diff --git a/docs/.vuepress/config-client/sidebar.ts b/docs/.vuepress/config-client/sidebar.ts
index 38d048353..4a44d6371 100644
--- a/docs/.vuepress/config-client/sidebar.ts
+++ b/docs/.vuepress/config-client/sidebar.ts
@@ -170,6 +170,10 @@ export default {
path: '/els-for-libraries/apache-velocity-engine/',
icon: '/images/velocity-logo.webp',
},
+ {
+ path: '/els-for-libraries/elasticsearch/',
+ icon: '/images/TuxCare_color_icon.webp',
+ },
{
path: '/els-for-libraries/hibernate/',
icon: '/images/hibernate.webp',
@@ -345,11 +349,7 @@ export default {
icon: '/images/symfony-logo.webp',
},
{
- path: '/els-for-libraries/zendframework-zf1/',
- icon: '/images/zf1.webp',
- },
- {
- path: '/els-for-libraries/zendframework-zend-http/',
+ path: '/els-for-libraries/zendframework/',
icon: '/images/zf1.webp',
},
{
diff --git a/docs/.vuepress/routes.json b/docs/.vuepress/routes.json
index 4461072f0..03d429eec 100644
--- a/docs/.vuepress/routes.json
+++ b/docs/.vuepress/routes.json
@@ -221,5 +221,7 @@
"/els-for-libraries/symfony-process/": "/els-for-libraries/symfony/",
"/els-for-libraries/apache-lucene/": "/els-for-libraries/apache-lucene-and-solr/",
"/els-for-libraries/grafana/": "/els-for-applications/grafana/",
- "/els-for-libraries/loki/": "/els-for-applications/loki/"
+ "/els-for-libraries/loki/": "/els-for-applications/loki/",
+ "/els-for-libraries/zendframework-zf1/": "/els-for-libraries/zendframework/",
+ "/els-for-libraries/zendframework-zend-http/": "/els-for-libraries/zendframework/"
}
diff --git a/docs/els-for-libraries/elasticsearch/README.md b/docs/els-for-libraries/elasticsearch/README.md
new file mode 100644
index 000000000..55badb9c0
--- /dev/null
+++ b/docs/els-for-libraries/elasticsearch/README.md
@@ -0,0 +1,164 @@
+# Elasticsearch
+
+TuxCare's Endless Lifecycle Support (ELS) for Elasticsearch provides security patches and selected bug fixes that are integral to the stable operation of applications running on the Elasticsearch Java client libraries.
+
+## Supported Versions
+
+* Elasticsearch 7.16.3
+
+Other versions upon request.
+
+## Installation
+
+
+
+* **Maven** or **Gradle** build tool installed
+* Nexus repository access credentials (username and password) — contact [sales@tuxcare.com](mailto:sales@tuxcare.com)
+* To browse available artifacts, visit TuxCare [Nexus](https://nexus.repo.tuxcare.com/#browse/browse:els_java) and click Sign in in the top right corner. You may need to refresh the page after logging in.
+
+
+
+
+
+1. **Navigate to the build tool directory**
+ * Windows
+ ```text
+ Maven: C:\Users\{username}\.m2
+ Gradle: C:\Users\{username}\.gradle
+ ```
+ * macOS
+ ```text
+ Maven: /Users/{username}/.m2
+ Gradle: /Users/{username}/.gradle
+ ```
+ * Linux
+ ```text
+ Maven: /home/{username}/.m2
+ Gradle: /home/{username}/.gradle
+ ```
+
+2. **Configure credentials**
+
+ :::tip
+ For Maven, you may choose any valid `` value instead of `tuxcare-registry`, but the same value must be used in both `settings.xml` and `pom.xml`.
+ :::
+
+
+
+ Replace `USERNAME` and `PASSWORD` with your TuxCare credentials (see [Prerequisites](#prerequisites) above).
+
+3. **Add the TuxCare repository**
+
+ Add the TuxCare Elasticsearch repository and plugins to your build configuration.
+
+
+
+ * To fully switch from the official Elasticsearch repository, replace it with the TuxCare repository.
+ * To keep both, add TuxCare after the official one.
+
+ :::tip
+ Example **[Maven](https://github.com/cloudlinux/securechain-java/tree/main/examples/maven)** and **[Gradle](https://github.com/cloudlinux/securechain-java/tree/main/examples/gradle)** projects are available on GitHub. Ensure the required environment variables are set.
+ :::
+
+4. **Update dependencies**
+
+ Replace Elasticsearch dependencies with TuxCare-maintained versions. You can find artifact versions on [Nexus](https://nexus.repo.tuxcare.com/#browse/browse:els_java) — sign in with your TuxCare credentials.
+
+
+
+5. **Verify and build**
+
+ Verify the setup:
+
+
+
+ Build the project:
+
+
+
+ The build tool should be able to identify and resolve dependencies from the TuxCare ELS for Elasticsearch repository.
+
+
+
+
+## What's Next?
+
+
+
+*  [CVE Tracker](https://tuxcare.com/cve-tracker/?product=Elasticsearch) — Track vulnerability fixes and updates
+*  [Available fixes](https://tuxcare.com/cve-tracker/fixes?product=Elasticsearch) — Patched versions and changelogs
+*  [Supported components](https://tuxcare.com/cve-tracker/products?product=Elasticsearch) — Full list of product parts covered by ELS
+*  [VEX feed](https://security.tuxcare.com/vex/cyclonedx/els_lang_java/org.elasticsearch/) — Vulnerability Exploitability eXchange feed
+*  [Source code](/els-for-libraries/managing-els-repository/#javaSources) — Access source JARs in Nexus
+*  [Package updates](/els-for-libraries/managing-els-repository/#java) — Update an installed package to a newer TuxCare release
+
+
+
+
diff --git a/docs/els-for-libraries/java-libraries/README.md b/docs/els-for-libraries/java-libraries/README.md
index e38e4814c..51238c1ac 100644
--- a/docs/els-for-libraries/java-libraries/README.md
+++ b/docs/els-for-libraries/java-libraries/README.md
@@ -37,6 +37,7 @@ Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fix
* **Google OAuth Client** 1.25.0
* **H2 Database** 1.4.200
* **Hazelcast** 4.2.8
+* **HPPC** 0.8.1
* **HtmlUnit** 2.70.0
* **iText** 2.1.7
* **JasperReports** 3.7.4
diff --git a/docs/els-for-libraries/javascript-libraries/README.md b/docs/els-for-libraries/javascript-libraries/README.md
index 0d58982fb..0140edef1 100644
--- a/docs/els-for-libraries/javascript-libraries/README.md
+++ b/docs/els-for-libraries/javascript-libraries/README.md
@@ -13,7 +13,7 @@ Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fix
* **ansi-html** 0.0.7
* **ansi-regex** 3.0.0
* **async** 2.6.1, 2.6.3
-* **axios** 0.15.3, 0.18.1, 0.19.2, 0.21.1, 0.21.4, 0.24.0, 0.27.2, 0.33.0
+* **axios** 0.15.3, 0.18.1, 0.19.2, 0.21.1, 0.21.4, 0.24.0, 0.26.1, 0.27.2, 0.33.0, 1.6.2, 1.6.8
* **azure-identity** 4.0.1
* **babel-helpers** 7.15.4, 7.24.0, 7.24.1, 7.25.6, 7.26.0
* **babel-plugin-transform-modules-systemjs** 7.15.4, 7.23.9, 7.24.1, 7.25.0
@@ -123,7 +123,7 @@ Endless Lifecycle Support (ELS) for Libraries from TuxCare provides security fix
* **parse-git-config** 3.0.0
* **parsejson** 0.0.3
* **path-to-regexp** 0.1.3, 0.1.12
-* **pdfjs-dist** 2.16.105, 3.11.174
+* **pdfjs-dist** 2.14.305, 2.16.105, 3.11.174
* **picocolors** 0.2.1
* **picomatch** 2.3.1, 4.0.2
* **prismjs** 1.27.0, 1.29.0
diff --git a/docs/els-for-libraries/jetty/README.md b/docs/els-for-libraries/jetty/README.md
index f22098006..d30857699 100644
--- a/docs/els-for-libraries/jetty/README.md
+++ b/docs/els-for-libraries/jetty/README.md
@@ -4,7 +4,7 @@ TuxCare's Endless Lifecycle Support (ELS) for Eclipse Jetty provides security pa
## Supported Versions
-* Eclipse Jetty 8.2.0.v20160908, 9.2.16.v20160414, 9.4.24.v20191120, 9.4.48.v20220622, 9.4.53.v20231009, 9.4.57.v20241219, 9.4.58.v20250814, 9.4.59, 9.4.60, 10.0.26, 10.0.27, 10.0.28, 11.0.19, 11.0.26, 11.0.27, 11.0.28
+* Eclipse Jetty 7.6.0.v20120127, 8.2.0.v20160908, 9.2.16.v20160414, 9.4.24.v20191120, 9.4.41.v20210516, 9.4.48.v20220622, 9.4.50.v20221201, 9.4.53.v20231009, 9.4.57.v20241219, 9.4.58.v20250814, 9.4.59, 9.4.60, 9.4.61, 9.4.62, 10.0.26, 10.0.27, 10.0.28, 10.0.29, 10.0.30, 11.0.19, 11.0.26, 11.0.27, 11.0.28, 11.0.29, 11.0.30
## Installation
diff --git a/docs/els-for-libraries/zendframework-zend-http/README.md b/docs/els-for-libraries/zendframework-zend-http/README.md
deleted file mode 100644
index 54069f1a9..000000000
--- a/docs/els-for-libraries/zendframework-zend-http/README.md
+++ /dev/null
@@ -1,164 +0,0 @@
-# Zend HTTP
-
-Endless Lifecycle Support (ELS) for Zend HTTP from TuxCare provides security fixes for Zend HTTP library versions that have reached their end-of-life. This allows you to continue running your applications without vulnerability concerns, even after official support has ended.
-
-## Supported Versions
-
-* **Zend HTTP** 2.5.6
-
-Other versions upon request.
-
-## Installation
-
-
-
-* Nexus repository access credentials (username and password) — contact [sales@tuxcare.com](mailto:sales@tuxcare.com)
-* To browse available artifacts, visit TuxCare [Nexus](https://nexus.repo.tuxcare.com/#browse/browse:els_php) and click Sign in in the top right corner. You may need to refresh the page after logging in.
-
-
-
-
-
-1. Locate the `auth.json` file
-
- Composer reads credentials from a per-user `auth.json`. Create or edit the file at:
-
- * **Linux/macOS**:
-
- ```
- ~/.composer/auth.json
- ```
-
- * **Windows**:
-
- ```
- %APPDATA%\Composer\auth.json
- ```
-
-2. Add your TuxCare credentials
-
- Use either the Composer CLI or edit `auth.json` directly to add credentials for `nexus.repo.tuxcare.com`:
-
-
-
- Replace `USERNAME` and `PASSWORD` with your TuxCare credentials (see [Prerequisites](#prerequisites) above).
-
-3. Register the TuxCare repository
-
- Add the `els_php` Composer repository either via CLI or by editing `composer.json`:
-
-
-
-4. Install Zend HTTP
-
- Install the TuxCare-maintained Zend HTTP release that matches your project:
-
-
-
- **Check the exact version listed in your TuxCare Nexus account to ensure you receive the most recent patched release.**
-
- :::tip
-
- If you edited `composer.json` manually, run `composer update` to install the package:
-
- ```
- composer update
- ```
-
- Composer will resolve dependencies against the TuxCare repository and install the patched releases.
-
- :::
-
-
-
-### Composer Repository Configuration
-
-If you encounter dependency resolution errors like:
-
-`packages from higher priority repository do not match your constraint`
-
-it usually means your project requires a package version that is not yet available in the TuxCare repository.
-
-**Solution**: Update your `composer.json` to set the TuxCare repository as non-canonical:
-
-```
-{
- "repositories": [
- {
- "type": "composer",
- "url": "https://nexus.repo.tuxcare.com/repository/els_php/",
- "canonical": false
- }
- ]
-}
-```
-
-This allows Composer to fall back to Packagist for packages not available in the TuxCare repository, while still preferring TuxCare patches when available.
-
-## Resolved CVEs
-
-Fixes for the following vulnerabilities are available in ELS for Zend HTTP from TuxCare:
-
-| CVE ID | Fixed in version |
-|-----------------------|--------------------|
-| CVE-2021-3007 | 2.5.6-p2+tuxcare |
-| GHSA-cg8w-5jrc-675g | 2.5.6-p2+tuxcare |
-
-## What's Next?
-
-
-
-*  [CVE Tracker](https://tuxcare.com/cve-tracker/?q=zendframework%2Fzend-http) — Track vulnerability fixes and updates
-*  [Available fixes](https://tuxcare.com/cve-tracker/fixes?q=zendframework%2Fzend-http) — Patched versions and changelogs
-*  [VEX feed](https://security.tuxcare.com/vex/cyclonedx/els_lang_php/zendframework/zend-http/) — Vulnerability Exploitability eXchange feed
-*  [Package updates](/els-for-libraries/managing-els-repository/#PHP) — Upgrade to a newer version
-
-
-
-
diff --git a/docs/els-for-libraries/zendframework-zf1/README.md b/docs/els-for-libraries/zendframework/README.md
similarity index 66%
rename from docs/els-for-libraries/zendframework-zf1/README.md
rename to docs/els-for-libraries/zendframework/README.md
index 66a59c1d3..7ee4203d7 100644
--- a/docs/els-for-libraries/zendframework-zf1/README.md
+++ b/docs/els-for-libraries/zendframework/README.md
@@ -1,10 +1,12 @@
-# Zend Framework 1
+# Zend Framework
-Endless Lifecycle Support (ELS) for Zend Framework 1 from TuxCare provides security fixes for Zend Framework 1 versions that have reached their end-of-life. This allows you to continue running your applications without vulnerability concerns, even after official support has ended.
+Endless Lifecycle Support (ELS) for Zend Framework from TuxCare provides security fixes for end-of-life Zend Framework packages. This allows you to continue running your applications without vulnerability concerns, even after official support has ended.
## Supported Versions
* **Zend Framework 1** 1.12.10
+* **Zend Framework** 2.4.13
+* **Zend HTTP** 2.5.6
Other versions upon request.
@@ -23,14 +25,14 @@ Other versions upon request.
Composer reads credentials from a per-user `auth.json`. Create or edit the file at:
- * **Linux/macOS**:
-
+ * **Linux/macOS**:
+
```
~/.composer/auth.json
```
* **Windows**:
-
+
```
%APPDATA%\Composer\auth.json
```
@@ -55,25 +57,51 @@ Other versions upon request.
{ title: 'composer.json', content: composerjson }
]" />
-4. Install Zend Framework 1
+4. Install the package
+
+ Select your package, then install the TuxCare-maintained release that matches your project:
+
+
+
+
+
+
+
+
- Install the TuxCare-maintained Zend Framework 1 release that matches your project:
+
+
+
+
+
+
+
+
+
+
+
**Check the exact version listed in your TuxCare Nexus account to ensure you receive the most recent patched release.**
:::tip
If you edited `composer.json` manually, run `composer update` to install the package:
-
+
```
composer update
```
-
+
Composer will resolve dependencies against the TuxCare repository and install the patched releases.
:::
@@ -106,25 +134,42 @@ This allows Composer to fall back to Packagist for packages not available in the
## Resolved CVEs
-Fixes for the following vulnerabilities are available in ELS for Zend Framework 1 from TuxCare:
+Fixes for the following vulnerabilities are available in ELS for Zend Framework from TuxCare:
-
+
-
+
-| CVE ID | Severity | Vulnerable versions | Fixed in version |
-|---------------------|----------|---------------------|------------------------|
-| CVE-2016-6233 | Critical | 1.12.10 | 1.12.10-p1+tuxcare |
-| CVE-2016-4861 | Critical | 1.12.10 | 1.12.10-p1+tuxcare |
-| CVE-2015-7695 | Critical | 1.12.10 | 1.12.10-p1+tuxcare |
-| CVE-2015-5723 | High | 1.12.10 | 1.12.10-p1+tuxcare |
-| CVE-2015-5161 | Medium | 1.12.10 | 1.12.10-p1+tuxcare |
-| CVE-2015-3154 | Medium | 1.12.10 | 1.12.10-p1+tuxcare |
-| GHSA-gff2-p6vm-3p8g | Medium | 1.12.10 | 1.12.10-p1+tuxcare |
-| GHSA-6fqw-j3vm-7f66 | Medium | 1.12.10 | 1.12.10-p2+tuxcare |
-| GHSA-848f-mph5-9pm9 | Medium | 1.12.10 | 1.12.10-p2+tuxcare |
-| GHSA-8xhv-gqm4-3w99 | Medium | 1.12.10 | 1.12.10-p2+tuxcare |
-| GHSA-v42g-7q2x-cw32 | Medium | 1.12.10 | 1.12.10-p2+tuxcare |
+| CVE ID | Severity | Vulnerable versions | Fixed in version |
+|---------------|----------|---------------------|--------------------|
+| CVE-2021-3007 | Critical | 2.4.13 | 2.4.13-p1+tuxcare |
+
+
+
+
+
+| CVE ID | Severity | Vulnerable versions | Fixed in version |
+|---------------------|----------|---------------------|---------------------|
+| CVE-2016-6233 | Critical | 1.12.10 | 1.12.10-p1+tuxcare |
+| CVE-2016-4861 | Critical | 1.12.10 | 1.12.10-p1+tuxcare |
+| CVE-2015-7695 | Critical | 1.12.10 | 1.12.10-p1+tuxcare |
+| CVE-2015-5723 | High | 1.12.10 | 1.12.10-p1+tuxcare |
+| CVE-2015-5161 | Medium | 1.12.10 | 1.12.10-p1+tuxcare |
+| CVE-2015-3154 | Medium | 1.12.10 | 1.12.10-p1+tuxcare |
+| GHSA-gff2-p6vm-3p8g | Medium | 1.12.10 | 1.12.10-p1+tuxcare |
+| GHSA-6fqw-j3vm-7f66 | Medium | 1.12.10 | 1.12.10-p2+tuxcare |
+| GHSA-848f-mph5-9pm9 | Medium | 1.12.10 | 1.12.10-p2+tuxcare |
+| GHSA-8xhv-gqm4-3w99 | Medium | 1.12.10 | 1.12.10-p2+tuxcare |
+| GHSA-v42g-7q2x-cw32 | Medium | 1.12.10 | 1.12.10-p2+tuxcare |
+
+
+
+
+
+| CVE ID | Severity | Vulnerable versions | Fixed in version |
+|---------------------|----------|---------------------|--------------------|
+| CVE-2021-3007 | Critical | 2.5.6 | 2.5.6-p2+tuxcare |
+| GHSA-cg8w-5jrc-675g | High | 2.5.6 | 2.5.6-p2+tuxcare |
@@ -134,9 +179,9 @@ Fixes for the following vulnerabilities are available in ELS for Zend Framework
-*  [CVE Tracker](https://tuxcare.com/cve-tracker/?q=zendframework%2Fzendframework1) — Track vulnerability fixes and updates
-*  [Available fixes](https://tuxcare.com/cve-tracker/fixes?q=zendframework%2Fzendframework1) — Patched versions and changelogs
-*  [VEX feed](https://security.tuxcare.com/vex/cyclonedx/els_lang_php/zendframework/zendframework1/) — Vulnerability Exploitability eXchange feed
+*  [CVE Tracker](https://tuxcare.com/cve-tracker/?q=zendframework) — Track vulnerability fixes and updates
+*  [Available fixes](https://tuxcare.com/cve-tracker/fixes?q=zendframework) — Patched versions and changelogs
+*  [VEX feed](https://security.tuxcare.com/vex/cyclonedx/els_lang_php/zendframework/) — Vulnerability Exploitability eXchange feed
*  [Package updates](/els-for-libraries/managing-els-repository/#PHP) — Upgrade to a newer version
@@ -178,4 +223,18 @@ const zf1json =
}
}`
+const zf2json =
+`{
+ "require": {
+ "zendframework/zendframework": "2.4.13-p1+tuxcare"
+ }
+}`
+
+const zendhttpjson =
+`{
+ "require": {
+ "zendframework/zend-http": "2.5.6-p2+tuxcare"
+ }
+}`
+