Hi folks,
The Apache APISIX community is glad to announce that Apache APISIX 3.1.0
has been released.
Apache APISIX is a cloud-native microservices API gateway, delivering the
ultimate performance, security, open-source and scalable platform for all
your APIs and microservices.
Apache APISIX is
Severity: important
Description:
Diagnosis Controller miss parameter validation, so user may attacked by command
injection via HTTP Request.
Work Arounds:
Users of Kylin 2.x & Kylin 3.x & 4.x should upgrade to 4.0.3 or apply patch
https://github.com/apache/kylin/pull/2011
Severity: important
Description:
In the fix for CVE-2022-24697, a blacklist is used to filter user input
commands. But there is a risk of being bypassed. The user can control the
command by controlling the kylin.engine.spark-cmd parameter of conf.
Work Arounds:
Users of Kylin 2.x & Kylin 3.x