CVE-2024-26579: Apache Inlong JDBC Vulnerability
Severity: important Affected versions: - Apache InLong 1.7.0 through 1.10 Description: Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707 Credit: L0ne1y (finder) Ming (finder) References: https://inlong.apache.org https://www.cve.org/CVERecord?id=CVE-2024-26579
CVE-2024-32113: Apache OFBiz: Path traversal leading to RCE
Severity: important
Affected versions:
- Apache OFBiz before 18.12.13
Description:
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Credit:
Qiyi Zhang (RacerZ) @secsys from Fudan (finder)
References:
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://issues.apache.org/jira/browse/OFBIZ-13006
https://lists.apache.org/thread/np8vgzr06z6cwm3tz7cs3609bdrj8526
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-32113
[ANN] Apache Tomcat 11.0.0-M20 (alpha) available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M20 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specifications. Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is available to aid this process. Apache Tomcat 11.0.0-M20 is a milestone release of the 11.0.x branch and has been made to provide users with early access to the new features in Apache Tomcat 11.0.x so that they may provide feedback. The notable changes compared to 11.0.0-M19 include: - Add OpenSSL FFM classes to tomcat-embed-core.jar - Refactor HTTP header parsing to use common parsing code and fix non-blocking reads of chunked request bodies including trailer fields - Add more timescale options to AccessLogValve and ExtendedAccessLogValve Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-11.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-11.cgi Migration guides from Apache Tomcat 8.5.x, 9.0.x and 10.1.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team
[ANNOUNCE] Apache Sedona 1.5.2 released
Dear all, We are happy to report that we have released Apache Sedona 1.5.2. Thank you again for your help. Apache Sedona is a cluster computing system for processing large-scale spatial data. Vote thread (Permalink from https://lists.apache.org/list.html): https://lists.apache.org/thread/xy8y0956c5b7kbxm6zyd52wrwyymzw2y Vote result thread (Permalink from https://lists.apache.org/list.html): https://lists.apache.org/thread/5ltjjts58rqyjmd956m301rco1tnqp05 Website: http://sedona.apache.org/ Release notes: https://github.com/apache/sedona/blob/sedona-1.5.2/docs/setup/release-notes.md Download links: https://github.com/apache/sedona/releases/tag/sedona-1.5.2 Additional resources: Mailing list: d...@sedona.apache.org Twitter: https://twitter.com/ApacheSedona Gitter: https://gitter.im/apache/sedona Regards, Apache Sedona Team
