Apache Month in Review: April 2020

2020-04-30 Thread Sally Khudairi
[this announcement is available online at https://s.apache.org/Apr2020 ] Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in April: New this month -- - Announcing New ASF Board of Directors https://s.apache.org/Board2020 - ASF

[CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities

2020-04-30 Thread jler...@apache.org
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to CSRF attacks Mitigation: Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470 Credit: Initially known by the OFBiz security team

[CVE-2019-12425] Apache OFBiz Host Header Injection

2020-04-30 Thread jler...@apache.org
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts Mitigation: Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583 Credit: Pradeep

[CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities

2020-04-30 Thread jler...@apache.org
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to CSRF attacks Mitigation: Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470 Credit: Initially known by the OFBiz security team

[ANN] Apache Tomcat Native 1.2.24 released

2020-04-30 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.24 stable. The key features of this release are: - Improvements to the build system - Update Windows binaries to APR 1.7.0 and OpenSSL 1.1.1g Please refer to the change log for the complete list of changes:

The Apache Software Foundation Welcomes 34 New Members

2020-04-30 Thread Sally Khudairi
[this announcement is available online at https://s.apache.org/q14mx ] The Apache Software Foundation (ASF) welcomes the following new Members who were elected during the annual ASF Members' Meeting on 31 March - 2 April 2020: John Andrunas, Paul Angus, Zaheda Bhorat, Timothy Chen, Andrea

[ANNOUNCE] Apache OFBiz 17.12.03 release

2020-04-30 Thread Jacopo Cappellato
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 17.12.03". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 17.12.03" is the