revise based on feedback

jodygarnett · jodygarnett · commit 8a78c35e6291 · 2025-06-10T07:17:42.000-07:00
diff --git a/_posts/2024-06-18-geoserver-2-24-4-released.md b/_posts/2024-06-18-geoserver-2-24-4-released.md
@@ -31,15 +31,14 @@ Thanks to Peter Smythe (AfriGIS) for making this release.
 
 This release addresses security vulnerabilities and is considered an essential upgrade for production systems.
 
-* [CVE-2024-36401](https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv) Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical 9.8)
+* [CVE-2024-36401](https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv) Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical)
   
   For more information see the following [statement]({% post_url 2024-09-12-cve-2024-36401 %}).
 
-* [CVE-2024-34696](https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf) GeoServer About Status lists sensitive Environmental Variables (Moderate 4.5)
+* [CVE-2024-34696](https://github.com/geoserver/geoserver/security/advisories/GHSA-j59v-vgcr-hxvf) GeoServer About Status lists sensitive Environmental Variables (Moderate)
 
-* [CVE-2024-29198](https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw) Unauthenticated SSRF via TestWfsPost (High 7.5)
-
-* [CVE-2021-40822](https://github.com/geoserver/geoserver/security/advisories/GHSA-68cf-j696-wvv9) SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx (High 7.5)
+* [CVE-2024-29198](https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw) Unauthenticated SSRF via TestWfsPost (High)  
+  [CVE-2021-40822](https://github.com/geoserver/geoserver/security/advisories/GHSA-68cf-j696-wvv9) SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx (High)
 
 The use of the CVE system allows the GeoServer team to reach a wider audience than blog posts.  See project [security policy](https://github.com/geoserver/geoserver/blob/main/SECURITY.md) for more information on how security vulnerabilities are managed.
 
diff --git a/_posts/2024-06-18-geoserver-2-25-2-released.md b/_posts/2024-06-18-geoserver-2-25-2-released.md
@@ -30,17 +30,16 @@ Thanks to Jody Garnett (GeoCat) for making this release on behalf of GeoCat cust
 
 This release addresses security vulnerabilities and is considered an essential upgrade for production systems.
 
-* [CVE-2024-36401](https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv) Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical 9.8)
+* [CVE-2024-36401](https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv) Remote Code Execution (RCE) vulnerability in evaluating property name expressions (Critical)
 
   For more information see the following [statement]({% post_url 2024-09-12-cve-2024-36401 %}).
 
-* [CVE-2024-24749](https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3) Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat (Moderate 5.9)
-* [CVE-2024-35230](https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6) Welcome and About GeoServer pages communicate version and revision information (Moderate 5.3)
-
-* [CVE-2024-29198](https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw) Unauthenticated SSRF via TestWfsPost (* [CVE-2024-29198](https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw) Unauthenticated SSRF via TestWfsPost (High) 7.5)
-
-* [CVE-2021-40822](https://github.com/geoserver/geoserver/security/advisories/GHSA-68cf-j696-wvv9) SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx (High 7.5)
+* [CVE-2024-24749](https://github.com/geoserver/geoserver/security/advisories/GHSA-jhqx-5v5g-mpf3) Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat (Moderate)
+* [CVE-2024-35230](https://github.com/geoserver/geoserver/security/advisories/GHSA-6pfc-w86r-54q6) Welcome and About GeoServer pages communicate version and revision information (Moderate)
 
+* [CVE-2024-29198](https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw) Unauthenticated SSRF via TestWfsPost (* [CVE-2024-29198](https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw) Unauthenticated SSRF via TestWfsPost (High)  
+  [CVE-2021-40822](https://github.com/geoserver/geoserver/security/advisories/GHSA-68cf-j696-wvv9) SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx (High)
+  
 The use of the CVE system allows the GeoServer team to reach a wider audience than blog posts. See the project [security policy](https://github.com/geoserver/geoserver/blob/main/SECURITY.md) for more information on how security vulnerabilities are managed.
 
 ## Demo Requests page rewritten
diff --git a/_posts/2025-01-27-geoserver-2-26-2-released.md b/_posts/2025-01-27-geoserver-2-26-2-released.md
@@ -30,7 +30,7 @@ Thanks to Jody Garnett for making this release.
 
 This release addresses security vulnerabilities and is recommended.
 
-* [CVE-2024-38524](https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f) GWC Home Page exposes sensitive server information (Moderate 5.3)
+* [CVE-2024-38524](https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f) GWC Home Page exposes sensitive server information (Moderate)
 
 See project [security policy](https://github.com/geoserver/geoserver/blob/main/SECURITY.md) for more information on how security vulnerabilities are managed. 
 
diff --git a/_posts/2025-02-17-geoserver-2-25-6-released.md b/_posts/2025-02-17-geoserver-2-25-6-released.md
@@ -29,9 +29,9 @@ Thanks to Jody Garnett (GeoCat) and Andrea Aime (GeoSolutions) for making this r
 
 This release addresses several security vulnerabilities, and is a recommended upgrade for production systems.
 
-* [CVE-2025-27505](https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5) Missing Authorization on REST API Index (Moderate 5.3)
+* [CVE-2025-27505](https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5) Missing Authorization on REST API Index (Moderate)
 
-* [CVE-2024-38524](https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f) GWC Home Page exposes sensitive server information (Moderate 5.3)
+* [CVE-2024-38524](https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f) GWC Home Page exposes sensitive server information (Moderate)
 
 See project [security policy](https://github.com/geoserver/geoserver/blob/main/SECURITY.md) for more information on how security vulnerabilities are managed.
 
diff --git a/_posts/2025-04-03-geoserver-2-27-0-released.md b/_posts/2025-04-03-geoserver-2-27-0-released.md
@@ -73,7 +73,7 @@ Finally, thanks to Andrea, Peter and Gabriel for reviewing feedback and addressi
 
 This release addresses several security vulnerabilities, and is a recommended upgrade for production systems.
 
-* [CVE-2025-30145](https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf) Denial-of-service (DoS) Vulnerability in Jiffle process (High 7.5)
+* [CVE-2025-30145](https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf) Denial-of-service (DoS) Vulnerability in Jiffle process (High)
 * [CVE-2025-27505](https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5) Missing Authorization on REST API Index (Moderate)
 * [CVE-2024-29198](https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw) Unauthenticated SSRF via TestWfsPost (Moderate)
 * [CVE-2024-40625](https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2) Coverage REST API Server Side Request Forgery (Moderate)
diff --git a/_posts/2025-05-13-geoserver-2-25-7-released.md b/_posts/2025-05-13-geoserver-2-25-7-released.md
@@ -30,9 +30,9 @@ Thanks to Jody Garnett and Andrea Aime (GeoSolutions) for making this release.
 
 This release addresses security vulnerabilities and is considered an critical update.
 
-* [CVE-2025-30145](https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf) Denial-of-service (DoS) Vulnerability in Jiffle process (High 7.5)
+* [CVE-2025-30145](https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf) Denial-of-service (DoS) Vulnerability in Jiffle process (High)
 
-* [CVE-2025-30220](https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc) XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service (High 8.2)
+* [CVE-2025-30220](https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc) XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service (High)
 
 The use of the CVE system allows the GeoServer team to reach a wider audience than blog posts. See project [security policy](https://github.com/geoserver/geoserver/blob/main/SECURITY.md) for more information on how security vulnerabilities are managed. 
 
diff --git a/_posts/2025-05-13-geoserver-2-26-3-released.md b/_posts/2025-05-13-geoserver-2-26-3-released.md
@@ -30,11 +30,11 @@ Thanks to Jody Garnett and Andrea Aime (GeoSolutions) for making this release.
 
 This release addresses security vulnerabilities and is considered an critical update for existing installations.
 
-* [CVE-2025-30220](https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc) XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service (High 8.2)
+* [CVE-2025-30220](https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc) XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service (High)
 
-* [CVE-2025-30145](https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf) Denial-of-service (DoS) Vulnerability in Jiffle process (High 7.5)
+* [CVE-2025-30145](https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf) Denial-of-service (DoS) Vulnerability in Jiffle process (High)
 
-* [CVE-2025-27505](https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5) Missing Authorization on REST API Index (Moderate 5.3)
+* [CVE-2025-27505](https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5) Missing Authorization on REST API Index (Moderate)
 
 The use of the CVE system allows the GeoServer team to reach a wider audience than blog posts. See project [security policy](https://github.com/geoserver/geoserver/blob/main/SECURITY.md) for more information on how security vulnerabilities are managed. 
 
diff --git a/_posts/2025-05-13-geoserver-2-27-1-released.md b/_posts/2025-05-13-geoserver-2-27-1-released.md
@@ -30,7 +30,7 @@ Thanks to Jody Garnett (GeoCat) and Andrea Aime (GeoSolutions) for making this r
 
 This release addresses security vulnerabilities and is considered an critical update for production systems.
 
-* [CVE-2025-30220](https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc) XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service (High 8.2)
+* [CVE-2025-30220](https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc) XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service (High)
 
 See project [security policy](https://github.com/geoserver/geoserver/blob/main/SECURITY.md) for more information on how security vulnerabilities are managed. 
 
diff --git a/_posts/2025-06-10-cve-disclosure.md b/_posts/2025-06-10-cve-disclosure.md
@@ -9,27 +9,27 @@ categories:
 
 The GeoServer community has readied the following CVE vulnerabilities for public disclosure.
 
-* [CVE-2025-30220](https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc) XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service (High 8.2)  
-  2.27.1 | 2.26.3 | 2.25.6
+* [CVE-2025-30220](https://github.com/geoserver/geoserver/security/advisories/GHSA-jj54-8f66-c5pc) XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service (High)  
+  Fixed: 2.27.1 | 2.26.3 | 2.25.6
 
-* [CVE-2025-30145](https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf) Denial-of-service (DoS) Vulnerability in Jiffle process (High 7.5)  
-  2.27.0 | 2.26.3 | 2.25.7
+* [CVE-2025-30145](https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf) Denial-of-service (DoS) Vulnerability in Jiffle process (High)  
+  Fixed: 2.27.0 | 2.26.3 | 2.25.7
   
-* [CVE-2025-27505](https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5) Missing Authorization on REST API Index (Moderate 5.3)  
-  2.26.3 | 2.25.6
+* [CVE-2025-27505](https://github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5) Missing Authorization on REST API Index (Moderate)  
+  Fixed: 2.26.3 | 2.25.6
   
 * [CVE-2024-40625](https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2) Coverage REST API Server Side Request Forgery (Moderate)  
-  2.26.0
+  Fixed: 2.26.0
 
-* [CVE-2024-38524](https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f) GWC Home Page exposes sensitive server information (Moderate 5.3)  
-  2.26.2 | 2.25.6
+* [CVE-2024-38524](https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f) GWC Home Page exposes sensitive server information (Moderate)  
+  Fixed: 2.26.2 | 2.25.6
 
-* [CVE-2024-34711](https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965) Improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) (High 7.3)  
-  2.25.0
+* [CVE-2024-34711](https://github.com/geoserver/geoserver/security/advisories/GHSA-mc43-4fqr-c965) Improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) (High)  
+  Fixed: 2.25.0
 
-* [CVE-2024-29198](https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw) Unauthenticated SSRF via TestWfsPost (High 7.5)  
-  [CVE-2021-40822](https://github.com/geoserver/geoserver/security/advisories/GHSA-68cf-j696-wvv9) SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx (High 7.5)  
-  2.25.2 | 2.24.4
+* [CVE-2024-29198](https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw) Unauthenticated SSRF via TestWfsPost (High)  
+  [CVE-2021-40822](https://github.com/geoserver/geoserver/security/advisories/GHSA-68cf-j696-wvv9) SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx (High)  
+  Fixed: 2.25.2 | 2.24.4
 
 
 The following release announcements have been updated:
