chg: mention CVE for 3.97.1

[exim-website.git] / templates / web / index.xsl

diff --git a/templates/web/index.xsl b/templates/web/index.xsl
index 7604d2c5716fadbfeb22fd37e3343088f0ec540b..33c36cd7f25c343ee923c7c725835485605c9880 100644 (file)
--- a/templates/web/index.xsl
+++ b/templates/web/index.xsl
@@ -47,15 +47,19 @@
 
          <p id="version_info">
             <xsl:text>The current version is </xsl:text> <xsl:value-of select="/content/current_version"/><xsl:text>.</xsl:text> <br/>
-           <xsl:text>If necessary, we publish maintenance releases. These releases are mainly intended for package maintainers.</xsl:text>
        </p>
 
-       <!--
        <p>
-       <xsl:text>This is a security release. You should upgrade as soon as possible. Please see </xsl:text>
-        <a href="static/doc/security/CVE-2023-zdi.txt">this document for more detailed information.</a>
+       <xsl:text>This is a security release. It addresses the SMTP smuggling attack to which SMTP servers may be vulnerable. See </xsl:text>
+       <a href="https://bugs.exim.org/show_bug.cgi?id=3063">our bugtracker (Bug 3063)</a>
+       <xsl:text> for further information. Exim got </xsl:text>
+       <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-51766">CVE-2023-51766</a>
+       <xsl:text> assigned for this issue.</xsl:text>
        </p>
-       -->
+
+       <p>
+           <xsl:text>If necessary, we publish maintenance releases. These releases are mainly intended for package maintainers.</xsl:text>
+        </p>
 
         <!--
          <p>