From fdba462d575c017d257822ae9996c6f612c0c0ea Mon Sep 17 00:00:00 2001
From: Virtually Nick <vnick@apache.org>
Date: Tue, 11 Jun 2024 11:42:26 -0400
Subject: [PATCH] Add security page entry for AngularJS vulnerabilities.

---
 security.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/security.md b/security.md
index e60b72678..e4ae523d1 100644
--- a/security.md
+++ b/security.md
@@ -40,6 +40,15 @@ latest would give you an updated image.
 No, CVE-2021-44228 does not affect Apache Guacamole. Guacamole uses
 [Logback](http://logback.qos.ch/) as its logging backend, not Log4j.
 
+### Is Apache Guacamole affected by AngularJS vulnerabilities? {#not-affected-angularjs}
+
+No. Apache Guacamole does currently rely on AngularJS, which has gone
+end-of-life and is no longer being actively developed or supported. While
+AngularJS has several vulnerabilities, we have verified that Guacamole
+is not impacted by any current known vulnerabilities, either because
+the affected component is not in use in Guacamole, or because there is
+no known exploitation path.
+
 {% assign releases = site.releases  | where: 'released', 'true' | sort: 'date' %}
 {% for release in releases reversed %}