New release 2.2.5
diff --git a/pom.xml b/pom.xml
index 2b67f7d..73242f9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,8 +38,8 @@
     <archivaLastSerieVersionDate>1 July 2014</archivaLastSerieVersionDate>
-    <archivaReleaseVersion>2.2.4</archivaReleaseVersion>
-    <archivaReleaseDate>30th April 2019</archivaReleaseDate>
+    <archivaReleaseVersion>2.2.5</archivaReleaseVersion>
+    <archivaReleaseDate>17th June 2020</archivaReleaseDate>
diff --git a/src/site/apt/developers/releasing.apt b/src/site/apt/developers/releasing.apt
index 9dceb26..e0d6f14 100644
--- a/src/site/apt/developers/releasing.apt
+++ b/src/site/apt/developers/releasing.apt
@@ -74,7 +74,8 @@
     your settings.xml for {{archiva-repository.releases}}.
     Prepare your environment:
-    For Archiva 2.x you have to use JDK 7 and set memory settings.
+    For Archiva 2.x you have to use two different JDKs for the process. JDK 7 is used for the prepare release (compile) 
+    and JDK 8 for uploading (supported SSL versions)
@@ -90,8 +91,14 @@
     Check that it has been properly tagged. The tag name must be.. archiva-[VERSION].
-    If all works fine, execute 
+    You can rollback with `mvn release:rollback`.
+    If all works fine, set JDK 8 and execute the release:perform task
+export PATH=$JAVA_HOME/bin:$PATH
 mvn release:perform
@@ -105,8 +112,12 @@
 ARCHV="2.2.4" # Enter the new archiva version
 wget ${RELEASE_URL}/org/apache/archiva/archiva-jetty/${ARCHV}/archiva-jetty-${ARCHV}-bin.tar.gz
+wget ${RELEASE_URL}/org/apache/archiva/archiva-jetty/${ARCHV}/archiva-jetty-${ARCHV}-bin.tar.gz.asc
+wget ${RELEASE_URL}/org/apache/archiva/archiva-jetty/${ARCHV}/archiva-jetty-${ARCHV}
+wget ${RELEASE_URL}/org/apache/archiva/archiva-jetty/${ARCHV}/archiva-jetty-${ARCHV}
 # Verify the signatures:
 gpg -v archiva-jetty-${ARCHV}
+gpg -v archiva-jetty-${ARCHV}-bin.tar.gz.asc
     The documentation is deployed as part of the process to the final location for review in the vote:
@@ -149,11 +160,12 @@
 # Move also the POM and Redback and Redback Component releases, if there are new ones.
+  Merge the archiva-releases-stage to archiva-releases on
   To sync the jars to Maven Central, you need to merge the repository archiva-releases-stage to "Central Rsync Repository"
   Mark the appropriate release version in JIRA as complete.
   Update the archiva site ({{}}) for the versions and release notes URL:
   Mostly these properties of the pom.xml should be edited:
diff --git a/src/site/apt/security.apt b/src/site/apt/security.apt
index aed31e0..d99b63f 100644
--- a/src/site/apt/security.apt
+++ b/src/site/apt/security.apt
@@ -36,6 +36,22 @@
+* {CVE-2020-9495}: Apache Archiva login service is vulnerable to LDAP injection
+  By providing special values to the archiva login form a attacker is able to retrieve user attribute data from the connected LDAP server.
+  With certain characters it is possible to modify the LDAP filter used to query the users on the connected LDAP server.
+  By measuring the response time, arbitrary attribute data can be retrieved from LDAP user objects.
+  Versions Affected:
+    * All versions before 2.2.5
+  Mitigation:
+    * Upgrade to {{{./download.cgi} Archiva 2.2.5 or higher}}
+    * Make sure, that communication between Archiva server and browser is secure by using TLS and only certain users
+       are assigned to admin role.
 * {CVE-2019-0213}: Apache Archiva XSS may be stored in central UI configuration
diff --git a/src/site/xdoc/index.xml.vm b/src/site/xdoc/index.xml.vm
index bd9ffcf..6992b17 100644
--- a/src/site/xdoc/index.xml.vm
+++ b/src/site/xdoc/index.xml.vm
@@ -40,7 +40,7 @@
           <div class="hero-unit">
             <span class="bignumber badge badge-warning">NEW</span>
             <p><strong>${archivaReleaseDate}: The new Apache Archiva release version ${archivaReleaseVersion} is ready for download <a href=""/> </strong>. 
-               This is a bugfix release. Please have a look at the <a href="">release notes</a> for further information. 
+               This is a bugfix release. Please have a look at the <a href="">release notes</a> for further information. 
                As this release contains <strong>security fixes</strong>, we recommend to update to the new version immediately. </p>