The Apache Qpid (https://qpid.apache.org) community is pleased to announce
the immediate availability of Apache Qpid Proton-J 0.34.0.
Apache Qpid Proton-J is a messaging library for the Advanced Message Queuing
Protocol 1.0 (AMQP 1.0, ISO/IEC 19464, https://www.amqp.org). It can be used
in a wide
Severity:
High
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 18.12.06
Description:
The Birt viewer version 4.5.0 has a security issue that allows this exploit.
We waited long for https://github.com/eclipse/birt/issues/625
to resolve but eventually decided to
Severity:
High
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 18.12.06
Description:
The Birt viewer version 4.5.0 has a security issue that allows this exploit.
We waited long for https://github.com/eclipse/birt/issues/625
to resolve but eventually decided to
Severity:
High
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 18.12.06
Description:
The Birt viewer version 4.5.0 has a security issue that allows this exploit.
We waited long for https://github.com/eclipse/birt/issues/625
to resolve but eventually decided to
Severity:
Low (only on shared servers)
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 18.12.06
Description:
The OFBiz Solr plugin is configured by default to automatically make a
RMI request on localhost, port 1099. By hosting a malicious RMI server
on localho
Severity:
High (SSTI then possible RCE)
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 18.12.06
Description:
As an ecommerce anonymous client, an external attacker can insert a malicious
content in a message “Subject” field from the "Contact us" page. Then a p
The Apache OFBiz Project Team would like to inform you that OFBiz 18.12.06
is the last release of the 18.12 branch, which has reached its end of life and
won't be longer officially supported.
https://ofbiz.apache.org/release-notes-18.12.06.html
This announcement takes place on 2022-09-02 and sta
Description:
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous
Airflow components when running with the `--deamon` flag which could result in
a race condition giving world-writable files in the Airflow home directory and
allowing local users to expose arbitrary fi
Description:
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver
session backend was susceptible to session fixation.
Credit:
The Apache Airflow PMC would like to thank Kai Zhao for reporting this issue.
Welcome, September --we’re opening the month with another great
week.Here’s what the Apache community has been up to:
ApacheCon™ – the ASF's official global conference series, bringing
Tomorrow's Technology Today since 1998.
- Registrations are open for ApacheCon North America, 2022
https://www.a
10 matches
Mail list logo