Hello all,
ComDev PMC is pleased to announce our next Apache Local Community [1]
ALC Chapter - ALC Shenzhen [2] and Eason Chen as ALC Shenzhen Chapter
lead.
We have the following members in ALC Shenzhen:
Willem Ning Jiang (Mentor)
-- ASF Member
-- Chair, (Servicecomb)
-- PMC (APISIX, Camel, CXF,
Severity: high
Description:
A carefully crafted request body can cause a buffer overflow in the
mod_lua multipart parser (r:parsebody() called from Lua scripts).
The Apache httpd team is not aware of an exploit for the vulnerability
though it might be possible to craft one.
This issue
Severity: moderate
Description:
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests
on) can cause a crash (NULL pointer dereference) or, for configurations
mixing forward and reverse proxy declarations, can allow for requests to
be directed to a declared Unix Domain
The Apache OFBiz community is pleased to announce the new release "Apache
OFBiz 18.12.04".
Apache OFBiz® is an open source product for the automation of enterprise
processes that includes framework components and business applications.
http://ofbiz.apache.org/
"Apache OFBiz 18.12.04" is the
Description:
Apache PLC4X - PLC4C (Only the C language implementation was effected) was
vulnerable to an unsigned integer underflow flaw inside the tcp transport.
Users should update to 0.9.1, which addresses this issue.
However, in order to exploit this vulnerability, a user would have to
Description:
Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows
an attacker to DoS by malicious Parquet files. This issue affects Apache
Parquet-MR version 1.9.0 and later versions.
This issue is being tracked as PARQUET-2094
Mitigation:
1.12.x users should
Apache HTTP Server 2.4.52 Released
December 20, 2021
The Apache Software Foundation and the Apache HTTP Server Project
are pleased to announce the release of version 2.4.52 of the Apache
HTTP Server ("Apache"). This version of Apache is our latest GA
release of
