Severity:
High (SSTI then possible RCE)
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 18.12.06
Description:
As an ecommerce anonymous client, an external attacker can insert a malicious
content in a message “Subject” field from the "Contact us&
The Apache Daffodil community is pleased to announce the
release of version 3.2.0.
Notable changes in this release include Checksum and CRC capability
via DFDL extensions using pluggable Jar files, Log4J support,
miscellaneous bug fixes and improvements.
Detailed release notes and downloads are
Severity:
High
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 17.12.06
Description:
Apache OFBiz has unsafe deserialization prior to 17.12.06.
An unauthenticated attacker can use this vulnerability to successfully take
over Apache OFBiz.
Mitigation:
Upgrade
Vendor:
The Apache Software Foundation
Product:
Apache Druid
Versions Affected:
Apache Druid 0.20.0 and earlier
Description:
Apache Druid includes the ability to execute user-provided JavaScript
code embedded in various types of requests. This functionality is
intended for use in high-trust
The Apache Pulsar team is proud to announce Apache Pulsar version 2.7.0.
Pulsar is a highly scalable, low latency messaging platform running on
commodity hardware. It provides simple pub-sub semantics over topics,
guaranteed at-least-once delivery of messages, automatic cursor management for
[CVEID]:CVE-2020-9483
[PRODUCT]:Apache SkyWalking
[VERSION]:Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0
[PROBLEMTYPE]:SQL Injection
[DESCRIPTION]: When use H2/MySQL/TiDB as Apache SkyWalking storage, the
metadata query through GraphQL protocol, there is a SQL injection
vulnerability,
Hello,
The Apache Curator team is pleased to announce the release of version
5.0.0. Apache Curator is a Java/JVM client library for Apache
ZooKeeper[1], a distributed coordination service. Apache Curator includes a
high-level API framework and utilities to make using Apache ZooKeeper much
The Apache Pulsar team is proud to announce Apache Pulsar version 2.2.0.
This is the first release of Apache Pulsar as an Apache Top Level Project.
Pulsar is a highly scalable, low latency messaging platform running on
commodity hardware. It provides simple pub-sub semantics over topics,
The Apache Pulsar team is proud to announce Apache Pulsar version
1.20.0-incubating.
This is the second Pulsar release after entering the Apache Incubator.
Pulsar is a highly scalable, low latency messaging platform running on
commodity hardware. It provides simple pub-sub semantics over topics,
The Apache Directory Project announces the seventh release of Fortress - 2.0.0
GA.
FORTRESS provides Role-Based Access Control components that are fully ANSI
INCITS 359 compliant and production ready. These may be embedded as a runtime
Java library (fortress-core), secure Apache Tomcat web
The Apache Directory Team is proud to announce the availability of version
1.0.0-RC2 of the Apache Directory LDAP API.
The Apache Directory LDAP API is an ongoing effort to provide an
enhancedLDAP API, as a replacement for JNDI and the existing LDAP API
(jLdap and
Mozilla LDAP API).
This is a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Apache Commons team is pleased to announce the release of Apache
Commons BeanUtils 1.9.3
Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around
reflection and introspection.
commons-beanutils-1.9.3 is a bug fix release,
The Apache Directory team is pleased to announce the release of
ApacheDS 2.0.0-M12, the twelwth milestone towards a 2.0 version.
ApacheDS is an extensible and embeddable directory server entirely
written in Java, which has been certified LDAPv3 compatible by the
Open Group.
Besides LDAP it
Hi.
The Apache Kafka team is pleased to announce the release of Kafka
0.7.1-incubating.
This is the second incubating release of Apache Kafka, a distributed
publish-subscribe messaging system.
You can download the release from:
http://incubator.apache.org/kafka/downloads.html
The full change
14 matches
Mail list logo