Description:
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the
webserver's `/login` endpoint.
Credit:
The Apache Airflow PMC would like to thank Bugra Eskici for reporting this
issue.
References:
https://github.com/apache/airflow/pull/27576
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.69.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.69 is a bugfix and
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.2.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
Severity: low
Description:
** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is
vulnerable to a JDBC Deserialisation attack if the attacker is able to control
the JDBC URL used or cause the underlying database server to return malicious
data. The mySQL JDBC driver in
The Apache Syncope team is pleased to announce the release of Syncope 3.0.0
Apache Syncope is an Open Source system for managing digital identities in
enterprise environments, implemented in Java EE technology .
Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning,
The Apache HttpComponents project is pleased to announce 5.1.5 GA
release of HttpComponents Core.
This is a maintenance release that corrects several minor defects
discovered since release 5.1.4.
This is likely to be the last release in the 5.1 release series. Users
of HttpCore 5.1 are advised
Severity: moderate
Description:
** UNSUPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, an
RPCRouterServlet is available without authentication. This gives an attacker
the possibility to invoke methods on the classpath that meet certain criteria.
Depending on what classes
Dear community,
I'm happy to announce that Airflow 2.4.3 was just released.
The released sources and packages can be downloaded via
https://airflow.apache.org/docs/apache-airflow/stable/installation/installing-from-sources.html
Other installation methods are described in
Severity: low
Description:
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked
secrets in rendered template values for tasks which were not executed (for
example when they were depending on past and previous instances of the task
failed). This issue affects Apache
Severity: low
Description:
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI
access who can trigger DAGs, to execute arbitrary commands via manually
provided run_id parameter. This issue affects Apache Airflow Apache Airflow
versions prior to 2.4.0.
Mitigation:
10 matches
Mail list logo