Re: (pulsar-site) branch main updated: Use alternative format for linefeed in markdown

> On Mar 12, 2024, at 3:32 PM, Lari Hotari wrote: > > On 2024/03/12 21:44:52 Dave Fisher wrote: >> Putting a blank line in between should do the same. > > There seem to be differences. > > A blank line in between will create separate paragraphs, example here: >

Re: (pulsar-site) branch main updated: Use alternative format for linefeed in markdown

On 2024/03/12 21:44:52 Dave Fisher wrote: > Putting a blank line in between should do the same. There seem to be differences. A blank line in between will create separate paragraphs, example here: https://pulsar.apache.org/security/CVE-2022-24280/ This is the result with :

Re: (pulsar-site) branch main updated: Use alternative format for linefeed in markdown

Putting a blank line in between should do the same. Best, Dave > On Mar 12, 2024, at 2:41 PM, lhot...@apache.org wrote: > > This is an automated email from the ASF dual-hosted git repository. > > lhotari pushed a commit to branch main > in repository

CVE-2024-28098: Apache Pulsar: Improper Authorization For Topic-Level Policy Management

Affected versions: - Apache Pulsar 2.7.1 before 2.10.6 - Apache Pulsar 2.11.0 before 2.11.4 - Apache Pulsar 3.0.0 before 3.0.3 - Apache Pulsar 3.1.0 before 3.1.3 - Apache Pulsar 3.2.0 before 3.2.1 Description: The vulnerability allows authenticated users with only produce or consume

CVE-2024-27894: Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying

Affected versions: - Apache Pulsar 2.4.0 before 2.10.6 - Apache Pulsar 2.11.0 before 2.11.4 - Apache Pulsar 3.0.0 before 3.0.3 - Apache Pulsar 3.1.0 before 3.1.3 - Apache Pulsar 3.2.0 before 3.2.1 Description: The Pulsar Functions Worker includes a capability that permits authenticated users

CVE-2024-27317: Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification

Affected versions: - Apache Pulsar 2.4.0 before 2.10.6 - Apache Pulsar 2.11.0 before 2.11.4 - Apache Pulsar 3.0.0 before 3.0.3 - Apache Pulsar 3.1.0 before 3.1.3 - Apache Pulsar 3.2.0 before 3.2.1 Description: In Pulsar Functions Worker, authenticated users can upload functions in jar or nar

CVE-2024-27135: Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution

Severity: high Affected versions: - Apache Pulsar 2.4.0 before 2.10.6 - Apache Pulsar 2.11.0 before 2.11.4 - Apache Pulsar 3.0.0 before 3.0.3 - Apache Pulsar 3.1.0 before 3.1.3 - Apache Pulsar 3.2.0 before 3.2.1 Description: Improper input validation in the Pulsar Function Worker allows a

CVE-2022-34321: Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint

Affected versions: - Apache Pulsar 2.6.0 before 2.10.6 - Apache Pulsar 2.11.0 before 2.11.3 - Apache Pulsar 3.0.0 before 3.0.2 - Apache Pulsar 3.1.0 before 3.1.1 Description: Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint

AdvertisedListenersMultiBrokerLeaderElectionTest has become really flaky in CI

Hi all, A lot of builds fail in AdvertisedListenersMultiBrokerLeaderElectionTest.shouldProvideConsistentAnswerToTopicLookupsUsingAdminApi . I have added https://github.com/apache/pulsar/issues/22239 to track this issue. This test was added in https://github.com/apache/pulsar/pull/21894 and