CVE-2023-45725: Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents

2023-12-12 Thread Nick Vatamaniuc
Severity: moderate Affected versions: - Apache CouchDB through 3.3.2 - IBM Cloudant before 8413 Description: Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document funct

[ANN] Apache Tomcat 9.0.84 available

2023-12-12 Thread Rémy Maucherat
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.84. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.84 is a bugfix and feat

[ANN] Apache Tomcat 11.0.0-M15 (alpha) available

2023-12-12 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M15 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

Apache Tomcat 10.1.17 Available

2023-12-12 Thread Christopher Schultz
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.17. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specificati

[ANN] Apache Tomcat 8.5.97 available

2023-12-12 Thread Christopher Schultz
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.97. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.97 is a bugfix and fea

[ANNOUNCE] Apache Jackrabbit 2.21.21 released

2023-12-12 Thread Julian Reschke
The Apache Jackrabbit community is pleased to announce the release of Apache Jackrabbit 2.21.21. The release is available for download at: http://jackrabbit.apache.org/downloads.html See the full release notes below for details about this release: Release Notes -- Apache Jackrabbit -- Ve

[ANNOUNCE] Apache Airflow Providers prepared on December 08, 2023 are released

2023-12-12 Thread Elad Kalif
Dear community, I'm happy to announce that new versions of Airflow Providers packages were just released. https://pypi.org/project/apache-airflow-providers-airbyte/3.5.0/ https://pypi.org/project/apache-airflow-providers-alibaba/2.7.0/ https://pypi.org/project/apache-airflow-providers-amazon/8.1