[ANNOUNCE] Apache Subversion 1.12.2 released
I'm happy to announce the release of Apache Subversion 1.12.2. Please choose the mirror closest to you by visiting: https://subversion.apache.org/download.cgi#recommended-release This is a stable bugfix release of the Apache Subversion open source version control system. SHA-512 checksums are available at: https://www.apache.org/dist/subversion/subversion-1.12.2.tar.bz2.sha512 https://www.apache.org/dist/subversion/subversion-1.12.2.tar.gz.sha512 https://www.apache.org/dist/subversion/subversion-1.12.2.zip.sha512 PGP Signatures are available at: https://www.apache.org/dist/subversion/subversion-1.12.2.tar.bz2.asc https://www.apache.org/dist/subversion/subversion-1.12.2.tar.gz.asc https://www.apache.org/dist/subversion/subversion-1.12.2.zip.asc For this release, the following people have provided PGP signatures: Julian Foad [4096R/1FB064B84EECC493] with fingerprint: 6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493 Branko Čibej [4096R/1BCA6586A347943F] with fingerprint: BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F Stefan Sperling [2048R/4F7DBAA99A59B973] with fingerprint: 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 Johan Corveleyn [4096R/B59CE6D6010C8AAD] with fingerprint: 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD Release notes for the 1.12.x release series may be found at: https://subversion.apache.org/docs/release-notes/1.12.html You can find the list of changes between 1.12.2 and earlier versions at: https://svn.apache.org/repos/asf/subversion/tags/1.12.2/CHANGES Questions, comments, and bug reports to us...@subversion.apache.org. Thanks, - The Subversion Team -- To unsubscribe, please see: https://subversion.apache.org/mailing-lists.html#unsubscribing
[ANNOUNCE] Apache Subversion 1.10.6 released
I'm happy to announce the release of Apache Subversion 1.10.6. Please choose the mirror closest to you by visiting: https://subversion.apache.org/download.cgi#supported-releases This is a stable bugfix release of the Apache Subversion open source version control system. SHA-512 checksums are available at: https://www.apache.org/dist/subversion/subversion-1.10.6.tar.bz2.sha512 https://www.apache.org/dist/subversion/subversion-1.10.6.tar.gz.sha512 https://www.apache.org/dist/subversion/subversion-1.10.6.zip.sha512 PGP Signatures are available at: https://www.apache.org/dist/subversion/subversion-1.10.6.tar.bz2.asc https://www.apache.org/dist/subversion/subversion-1.10.6.tar.gz.asc https://www.apache.org/dist/subversion/subversion-1.10.6.zip.asc For this release, the following people have provided PGP signatures: Julian Foad [4096R/1FB064B84EECC493] with fingerprint: 6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493 Branko Čibej [4096R/1BCA6586A347943F] with fingerprint: BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F Stefan Sperling [2048R/4F7DBAA99A59B973] with fingerprint: 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 Johan Corveleyn [4096R/B59CE6D6010C8AAD] with fingerprint: 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD Release notes for the 1.10.x release series may be found at: https://subversion.apache.org/docs/release-notes/1.10.html You can find the list of changes between 1.10.6 and earlier versions at: https://svn.apache.org/repos/asf/subversion/tags/1.10.6/CHANGES Questions, comments, and bug reports to us...@subversion.apache.org. Thanks, - The Subversion Team -- To unsubscribe, please see: https://subversion.apache.org/mailing-lists.html#unsubscribing
[ANNOUNCE] Apache Subversion 1.9.12 released
I'm happy to announce the release of Apache Subversion 1.9.12. Please choose the mirror closest to you by visiting: https://subversion.apache.org/download.cgi#supported-releases This is a stable bugfix release of the Apache Subversion open source version control system. SHA-512 checksums are available at: https://www.apache.org/dist/subversion/subversion-1.9.12.tar.bz2.sha512 https://www.apache.org/dist/subversion/subversion-1.9.12.tar.gz.sha512 https://www.apache.org/dist/subversion/subversion-1.9.12.zip.sha512 PGP Signatures are available at: https://www.apache.org/dist/subversion/subversion-1.9.12.tar.bz2.asc https://www.apache.org/dist/subversion/subversion-1.9.12.tar.gz.asc https://www.apache.org/dist/subversion/subversion-1.9.12.zip.asc For this release, the following people have provided PGP signatures: Julian Foad [4096R/1FB064B84EECC493] with fingerprint: 6011 63CF 9D49 9FD7 18CF 582D 1FB0 64B8 4EEC C493 Branko Čibej [4096R/1BCA6586A347943F] with fingerprint: BA3C 15B1 337C F0FB 222B D41A 1BCA 6586 A347 943F Stefan Sperling [2048R/4F7DBAA99A59B973] with fingerprint: 8BC4 DAE0 C5A4 D65F 4044 0107 4F7D BAA9 9A59 B973 Johan Corveleyn [4096R/B59CE6D6010C8AAD] with fingerprint: 8AA2 C10E EAAD 44F9 6972 7AEA B59C E6D6 010C 8AAD Release notes for the 1.9.x release series may be found at: https://subversion.apache.org/docs/release-notes/1.9.html You can find the list of changes between 1.9.12 and earlier versions at: https://svn.apache.org/repos/asf/subversion/tags/1.9.12/CHANGES Questions, comments, and bug reports to us...@subversion.apache.org. Thanks, - The Subversion Team -- To unsubscribe, please see: https://subversion.apache.org/mailing-lists.html#unsubscribing
[ANNOUNCEMENT] Apache Apache Commons Codec 1.13
The Apache Commons project is proud to announce Apache Apache Commons Codec 1.13. The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. This is a feature and fix release. Changes in this version include: New features: o CODEC-236: MurmurHash2 for 32-bit or 64-bit value. Thanks to Viliam Holub. o CODEC-236: MurmurHash3 for 32-bit or 128-bit value. Thanks to Austin Appleby. Fixed Bugs: o CODEC-255: ColognePhonetic handles x incorrectly Thanks to Holger Grote. o CODEC-254: ColognePhonetic does not treat the letter H correctly Thanks to Holger Grote. o CODEC-134: Reject any decode request for a value that is impossible to encode to for Base32/Base64 rather than blindly decoding. Changes: o CODEC-236: Broken direct java.nio.ByteBuffer support in org.apache.commons.codec.binary.Hex. Thanks to Tomas Shestakov, Gary Gregory. For complete information on Apache Commons Codec, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Apache Commons Codec website: Visit https://commons.apache.org/proper/commons-codec/ Download from https://commons.apache.org/proper/commons-codec/download_codec.cgi Gary Gregory On behalf of the Apache Commons Team
[CVE-2018-11779] Apache Storm UI Java deserialization vulnerability
[CVEID]:CVE-2018-11779[PRODUCT]:Apache Storm[VERSION]:Apache Storm 1.1.0 to 1.2.2[PROBLEMTYPE]:CWE-502: Deserialization of Untrusted Data[DESCRIPTION]:In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class. Mitigation: Upgrade to Apache Storm 1.2.3 or later. Credit: Bobby Evans for discovery and fix
[CVE-2018-1320] Apache Storm vulnerable Thrift version
[CVEID]:CVE-2018-1320[PRODUCT]:Apache Storm[VERSION]:Apache Storm 0.9.1-incubating to 1.2.2[PROBLEMTYPE]:CWE-20: Input Validation[DESCRIPTION]:Apache Storm versions 0.9.1-incubating to 1.2.2 use Thrift library versions vulnerable to CVE-2018-1320. Mitigation: Upgrade to Apache Storm 1.2.3 or later. Credit: Arun Mahadevan for discovery and fix
[CVE-2019-0202] Apache Storm Logviewer file system access vulnerability
[CVEID]:CVE-2019-0202[PRODUCT]:Apache Storm[VERSION]:Apache Storm 0.9.1-incubating to 1.2.2[PROBLEMTYPE]:CWE-200: Information Exposure[DESCRIPTION]:The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints. Mitigation: Upgrade to Apache Storm 1.2.3 or later. Credit: Stig Rohde Døssing for discovery and fix