The Apache Kylin team is pleased to announce the immediate availability of
the 2.5.1 release.
This is a bug fix release after 2.5.0, with 30 bug fixes and enhancements;
All of the changes in this release can be found in:
https://kylin.apache.org/docs/release_notes.html
You can download the source
CVE-2018-17184: Stored XSS
Description:
A malicious user with enough administration entitlements can inject
html-like elements containing JavaScript statements into Connector
names, Report names, AnyTypeClass keys and Policy descriptions.
When another user with enough administration entitlements
CVE-2018-17186: XXE on BPMN definitions
Description:
An administrator with workflow definition entitlements can use DTD to
perform malicious operations, including but not limited to file read,
file write, and code execution.
Severity: Medium
Vendor: The Apache Software Foundation
Affects:
R
The Apache Syncope team is pleased to announce the release of Syncope 2.1.2.
Apache Syncope is an Open Source system for managing digital identities
in enterprise environments, implemented in Java EE technology .
The release will be available within 24h from:
http://syncope.apache.org/download
The Apache Syncope team is pleased to announce the release of Syncope
2.0.11.
Apache Syncope is an Open Source system for managing digital identities
in enterprise environments, implemented in Java EE technology .
The release will be available within 24h from:
http://syncope.apache.org/downlo
The Apache Jackrabbit community is pleased to announce the release of
Apache Jackrabbit Oak. The release is available for download at:
http://jackrabbit.apache.org/downloads.html
See the full release notes below for details about this release:
Release Notes -- Apache Jackrabbit Oak -- Versi