[SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released

2017-08-10 Thread Daniel Shahaf
I'm happy to announce the release of Apache Subversion 1.9.7. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download.cgi?update=201708081800#recommended-release This is a stable security release of the Apache Subversion open source version control system.

[ANN] Apache Struts: S2-049 Security Bulletin update

2017-08-10 Thread Lukasz Lenart
This is an update of the recently announced Security Bulletin S2-049 - http://struts.apache.org/docs/s2-049.html The bulletin was extended with an additional information when the potential vulnerability can be present in your application. Please re-read the mentioned bulletin and apply required ac

[ANNOUNCE] Apache Subversion 1.8.19 released

2017-08-10 Thread Philip Martin
I'm happy to announce the release of Apache Subversion 1.8.19. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download.cgi?update=201708081800#supported-releases This is a stable bugfix release of the Apache Subversion open source version control system. T

[SECURITY] CVE-2017-7675 Apache Tomcat Security Constraint Bypass

2017-08-10 Thread Mark Thomas
CVE-2017-7675 Apache Tomcat Cache Poisoning Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M21 Apache Tomcat 8.5.0 to 8.5.15 Description: The HTTP/2 implementation bypassed a number of security checks that prevented directory traver

[SECURITY] CVE-2017-7674 Apache Tomcat Cache Poisoning

2017-08-10 Thread Mark Thomas
CVE-2017-7674 Apache Tomcat Cache Poisoning Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M21 Apache Tomcat 8.5.0 to 8.5.15 Apache Tomcat 8.0.0.RC1 to 8.0.44 Apache Tomcat 7.0.41 to 7.0.78 Description: The CORS Filter did not an HTT

[UPDATE][SECURITY] CVE-2017-7675 Apache Tomcat Security Constraint Bypass

2017-08-10 Thread Mark Thomas
CVE-2017-7675 Apache Tomcat Security Constraint Bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M21 Apache Tomcat 8.5.0 to 8.5.15 Description: The HTTP/2 implementation bypassed a number of security checks that prevented direc

[ANNOUNCE] Apache Pulsar 1.19.0-incubating released

2017-08-10 Thread Matteo Merli
The Apache Pulsar team is proud to announce Apache Pulsar version 1.19.0-incubating. This is the first Pulsar release after entering the Apache Incubator. Pulsar is a highly scalable, low latency messaging platform running on commodity hardware. It provides simple pub-sub semantics over topics,