From: Olivier Lamy <olamy@apache.org>
Date: Sun, 9 Oct 2022 22:16:50 +0000 (+1000)
Subject: merge back release notes from branch
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=115383d41e4638a77fe8cc30ec721c1dcb44492f;p=archiva.git

merge back release notes from branch

Signed-off-by: Olivier Lamy <olamy@apache.org>
---

diff --git a/archiva-docs/src/site/apt/release-notes.apt.vm b/archiva-docs/src/site/apt/release-notes.apt.vm
index 8c4e5fcfb..5a16b6e48 100644
--- a/archiva-docs/src/site/apt/release-notes.apt.vm
+++ b/archiva-docs/src/site/apt/release-notes.apt.vm
@@ -52,11 +52,25 @@ Release Notes for Archiva ${project.version}
 
 ** Bug/Security Fix
 
-  * CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability
+  * [MRM-2051}: upgrade dom4j (v2 branch)
+  * upgrade spring 4.2.9
+  * [MRM-2050]: upgrade commons-fileupload and commons-io due to cves
+  * [MRM-2049]: upgrade httpclient due to cves
+  * [MRM-2048]- upgrade xerces due to CVE
 
 
 Previous Release Notes
 
+* Release Notes for Archiva 2.2.8
+
+ Apache Archiva 2.2.8 is a security fix release:
+
+ Released: 2022-05-25
+
+88 Bug/Security Fix
+
+  * CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability
+
 * Release Notes for Archiva 2.2.7
 
  Apache Archiva 2.2.7 is a security fix release: