merge back release notes from branch

Signed-off-by: Olivier Lamy <olamy@apache.org>
author: Olivier Lamy <olamy@apache.org> 2022-10-10 08:16:50 +1000
committer: Olivier Lamy <olamy@apache.org> 2022-10-10 08:16:50 +1000
commit: 115383d41e4638a77fe8cc30ec721c1dcb44492f (patch)
tree: e82f3c4ea72657e815b76a6deacb81d0d902376e
parent: 9cc969ac9ab918d6646b28071a0ed3374530ef80 (diff)
download: archiva-115383d41e4638a77fe8cc30ec721c1dcb44492f.tar.gz
archiva-115383d41e4638a77fe8cc30ec721c1dcb44492f.zip
1 files changed, 15 insertions, 1 deletions
diff --git a/archiva-docs/src/site/apt/release-notes.apt.vm b/archiva-docs/src/site/apt/release-notes.apt.vm
index 8c4e5fcfb..5a16b6e48 100644
--- a/archiva-docs/src/site/apt/release-notes.apt.vm
+++ b/archiva-docs/src/site/apt/release-notes.apt.vm
@@ -52,11 +52,25 @@ Release Notes for Archiva ${project.version}
 
 ** Bug/Security Fix
 
-  * CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability
+  * [MRM-2051}: upgrade dom4j (v2 branch)
+  * upgrade spring 4.2.9
+  * [MRM-2050]: upgrade commons-fileupload and commons-io due to cves
+  * [MRM-2049]: upgrade httpclient due to cves
+  * [MRM-2048]- upgrade xerces due to CVE
 
 
 Previous Release Notes
 
+* Release Notes for Archiva 2.2.8
+
+ Apache Archiva 2.2.8 is a security fix release:
+
+ Released: 2022-05-25
+
+88 Bug/Security Fix
+
+  * CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability
+
 * Release Notes for Archiva 2.2.7
 
  Apache Archiva 2.2.7 is a security fix release:
author	Olivier Lamy <olamy@apache.org>	2022-10-10 08:16:50 +1000
committer	Olivier Lamy <olamy@apache.org>	2022-10-10 08:16:50 +1000
commit	115383d41e4638a77fe8cc30ec721c1dcb44492f (patch)
tree	e82f3c4ea72657e815b76a6deacb81d0d902376e
parent	9cc969ac9ab918d6646b28071a0ed3374530ef80 (diff)
download	archiva-115383d41e4638a77fe8cc30ec721c1dcb44492f.tar.gz archiva-115383d41e4638a77fe8cc30ec721c1dcb44492f.zip