[ANNOUNCE] Apache Tika 1.28.1 released

The Apache Tika project is pleased to announce the release of Apache Tika 1.28.1. The release contents have been pushed out to the main Apache release site and to the Maven Central sync. Apache Tika is a toolkit for detecting and extracting metadata and structured text content from various

The Apache News Round-up: week ending 11 February 2022

Hello, everyone --let's review the Apache community's activities from over the past week: Apache Software Foundation Statement at 8 February 2022 Senate Committee hearing on Homeland Security and Government Affairs https://s.apache.org/485lz ASF Board – management and oversight of the business

[ANNOUNCE] Apache Tika 1.x End-Of-Life (EOL) announcement

The Apache Tika Project Team would like to inform you that the Apache Tika 1.x branch is now in security-only maintenance until September 30, 2022. After that date, we will not make updates or releases from our 1.x branch. We will continue to make security fixes and security-related dependency

CVE-2022-24289: Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions

Severity: moderate Description: Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to 'remote'

[ANNOUNCE] Apache Jackrabbit 2.21.10 released

The Apache Jackrabbit community is pleased to announce the release of Apache Jackrabbit 2.21.10. The release is available for download at: http://jackrabbit.apache.org/downloads.html See the full release notes below for details about this release: Release Notes -- Apache Jackrabbit --

[ANNOUNCE] Apache APISIX 2.12.1 has been released

Hi folks, The Apache APISIX community is glad to announce that Apache APISIX 2.12.1 has been released. Apache APISIX is a cloud-native microservices API gateway, delivering the ultimate performance, security, open-source and scalable platform for all your APIs and microservices. Apache APISIX

CVE-2022-24112: Apache APISIX: apisix/batch-requests plugin allows overwriting the X-REAL-IP header

Severity: high Description: An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API

CVE-2021-44521: Apache Cassandra: Remote code execution for scripted UDFs

Severity: high Description: When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The