note security issues
diff --git a/src/site/apt/security.apt b/src/site/apt/security.apt
index 870d687..a43f882 100644
--- a/src/site/apt/security.apt
+++ b/src/site/apt/security.apt
@@ -31,6 +31,44 @@
For more information about reporting vulnerabilities, see the
{{{http://www.apache.org/security/} Apache Security Team}} page.
+* CVE-2013-2251: Apache Archiva Remote Command Execution
+
+ Apache Archiva is affected by a vulnerability in the version of the Struts
+ library being used, which allows a malicious user to run code on the
+ server remotely. More details about the vulnerability can be found at
+ {{http://struts.apache.org/2.3.x/docs/s2-016.html}}.
+
+ Versions Affected:
+
+ * Archiva 1.3 to Archiva 1.3.6
+
+ * The unsupported versions Archiva 1.2 to 1.2.2 are also affected.
+
+ []
+
+ All users are recommended to upgrade to {{{./download.cgi} Archiva 2.0.1
+ or Archiva 1.3.8}}, which are not affected by this issue.
+
+ Archiva 2.0.0 and later is not affected by this issue.
+
+* CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability
+
+ A request that included a specially crafted request parameter could be used
+ to inject arbitrary HTML or Javascript into the Archiva home page.
+
+ Versions Affected:
+
+ * Archiva 1.3 to Archiva 1.3.6
+
+ * The unsupported versions Archiva 1.2 to 1.2.2 are also affected.
+
+ []
+
+ All users are recommended to upgrade to {{{./download.cgi} Archiva 2.0.1
+ or Archiva 1.3.8}}, which are not affected by this issue.
+
+ Archiva 2.0.0 and later is not affected by this issue.
+
* CVE-2010-1870: Struts2 remote commands execution
Apache Archiva is affected by a vulnerability in the version of the Struts
