update security page
Signed-off-by: Olivier Lamy <olamy@apache.org>
diff --git a/src/site/apt/security.apt b/src/site/apt/security.apt
index 3b6a113..775a2d5 100644
--- a/src/site/apt/security.apt
+++ b/src/site/apt/security.apt
@@ -36,6 +36,8 @@
%{toc|fromDepth=2|toDepth=2}
+* {CVE-2022-29405}: Apache Archiva Arbitrary user password reset vulnerability
+
* {CVE-2021-45105}: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
This may be used by attackers, if users changed the default Archiva log4j2.xml configuration.