[ANNOUNCE] Apache Arrow JavaScript 0.3.0
The Apache Arrow community is pleased to announce the 0.3.0 JavaScript release. This is the second JavaScript release. It can be installed from source or via the apache-arrow package on NPM. * https://www.apache.org/dyn/closer.cgi/arrow/arrow-js-0.3.0/apache-arrow-js-0.3.0.tar.gz * https://www.npmjs.com/package/apache-arrow What is Apache Arrow? - Apache Arrow is a cross-language development platform for in-memory data. It specifies a standardized language-independent columnar memory format for flat and hierarchical data, organized for efficient analytic operations on modern hardware. It also provides computational libraries and zero-copy streaming messaging and interprocess communication. Languages currently supported include C, C++, Java, JavaScript, Python, and Ruby. Please report any feedback to the mailing lists ([1]) Regards, The Apache Arrow community [1]: https://lists.apache.org/list.html?d...@arrow.apache.org
[SECURITY] CVE-2018-1305 Security constraint annotations applied too late
CVE-2018-1305 Security constraint annotations applied too late Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.4 Apache Tomcat 8.5.0 to 8.5.27 Apache Tomcat 8.0.0.RC1 to 8.0.49 Apache Tomcat 7.0.0 to 7.0.84 Description: Security constraints defined by annotations of Servlets were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. Mitigation: Users of the affected versions should apply one of the following mitigations. Upgrade to: - Apache Tomcat 9.0.5 or later - Apache Tomcat 8.5.28 or later - Apache Tomcat 8.0.50 or later - Apache Tomcat 7.0.85 or later Credit: This issue was identified by the Apache Tomcat Security Team. History: 2018-02-23 Original advisory References: [1] http://tomcat.apache.org/security-9.html [2] http://tomcat.apache.org/security-8.html [3] http://tomcat.apache.org/security-7.html