The Apache Jackrabbit community is pleased to announce the release of
Apache Jackrabbit Oak 1.22.11. The release is available for download at:
http://jackrabbit.apache.org/downloads.html
See the full release notes below for details about this release:
Release Notes -- Apache
The Apache Fineract project is pleased to announce the release of
Apache Fineract 1.6.0.
The release is available for download from
https://fineract.apache.org/#downloads
Fineract provides a reliable, robust, and affordable solution for
entrepreneurs, financial institutions, and service
Severity: high
Description:
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly
sanitize user-provided params, making them susceptible to OS Command Injection
from the web UI.
Mitigation:
This can be mitigated by ensuring `[core] load_examples` is set to `False`.
Severity
Critical
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.1
Description
Apache JSPWiki user preferences form is vulnerable to CSRF attacks,
which can lead to account takeover.
Mitigation
Apache JSPWiki users should upgrade to 2.11.2 or later.
Severity
Medium
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.1
Description
A carefully crafted user preferences for submission could trigger an
XSS vulnerability on Apache JSPWiki, related to the user preferences
screen, which could allow the attacker to
