The Apache Geode community is pleased to announce the availability of
Apache Geode Kafka Connector 1.1.0.
Apache Geode is a data management platform that provides a database-like
consistency model, reliable transaction processing and a shared-nothing
architecture to maintain very low latency
Hello
The Apache NiFi team would like to announce the release of Apache NiFi 1.15.3.
This is a bug fix and security focused release.
Apache NiFi is an easy to use, powerful, and reliable system to
process and distribute
data. Apache NiFi was made for dataflow. It supports highly
configurable
Severity: Critical
Description:
CVE-2020-9493 identified a deserialization issue that was present in Apache
Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x
where the same issue exists.
Mitigation:
Upgrade to Apache Log4j 2 and Apache Chainsaw 2.1.0.
Credit:
Severity: high
Description:
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a
configuration parameter where the values to be inserted are converters from
PatternLayout. The message converter, %m, is likely to always be included. This
allows attackers to manipulate the
Severity: high
Description:
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of
untrusted data when the attacker has write access to the Log4j configuration or
if the configuration references an LDAP service the attacker has access to. The
attacker can provide a
[this announcement is available online at https://s.apache.org/4s3ci ]
Wilmington, DE —18 January 2022— The Apache Software Foundation (ASF), the
all-volunteer developers, stewards, and incubators of more than 350 Open Source
projects and initiatives, announced today Apache® Hop™ as a Top-Level
Severity: moderate
Description:
When using Knox SSO in affected releases, a request could be crafted to
redirect a user to a malicious page due to improper URL parsing.
A request that included a specially crafted
request parameter could be used to redirect the user to a page controlled
by an
