[CVE-2020-1954] Apache CXF JMX Integration is vulnerable to a MITM attack

2020-04-01 Thread Colm O hEigeartaigh
CVE-2020-1954: Apache CXF JMX Integration is vulnerable to a MITM attack Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: This vulnerability affects all versions of Apache CXF prior to 3.3.6 and 3.2.13. Description: Apache CXF has the ability to integrate with JMX

Apache Month in Review: March 2020

2020-04-01 Thread Sally Khudairi
[this newsletter is available online at https://s.apache.org/Mar2020 ] Welcome to the third monthly overview of events from the Apache community. Here's a summary of what happened in March: New this month -- - Happy 21st Anniversary, ASF! https://s.apache.org/21stAnniversary - ASF

[ANNOUNCEMENT] Apache HTTP Server 2.4.43 Released

2020-04-01 Thread Daniel Ruggeri
Apache HTTP Server 2.4.43 Released April 01, 2020 The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.4.43 of the Apache HTTP Server ("Apache"). This version of Apache is our latest GA release of the

[ANNOUNCE] Apache Druid 0.17.1 release

2020-04-01 Thread Jonathan Wei
The Apache Druid team is proud to announce the release of Apache Druid 0.17.1. Druid is a high performance analytics data store for event-driven data. Apache Druid 0.17.1 is a bug fix release that addresses a string encoding issue. Source and binary distributions can be downloaded from:

[CVE-2020-1958]: Apache Druid LDAP injection vulnerability

2020-04-01 Thread Jonathan Wei
Severity: High Vendor: The Apache Software Foundation Versions Affected: Druid 0.17.0 Description: When LDAP authentication is enabled: - Callers of Druid APIs with a valid set of LDAP credentials can bypass the `credentialsValidator.userSearch` filter barrier that determines if a valid LDAP