[ANNOUNCE] Release Apache Traffic Control 4.1.0

2020-06-18 Thread Rawlin Peters
The Apache Traffic Control team is proud to announce the release of Apache Traffic Control 4.1.0, which contains various new features and bug fixes. Apache Traffic Control allows you to build a large scale content delivery network using open source. Built around Apache Traffic Server as the

Subject: [CVE-2020-9483] Apache SkyWalking SQL injection vulnerability

2020-06-18 Thread Sheng Wu
[CVEID]:CVE-2020-9483 [PRODUCT]:Apache SkyWalking [VERSION]:Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 [PROBLEMTYPE]:SQL Injection [DESCRIPTION]: When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability,

CVE-2020-11969 Apache TomEE - useJMX attribute on ActiveMQ resource adapter URI causes authenticated JMX port to be open

2020-06-18 Thread Jonathan Gallimore
CVE-2020-11969: Apache TomEE - useJMX attribute on ActiveMQ resource adapter URI causes authenticated JMX port to be open Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache TomEE 8.0.0-M1 - 8.0.1 Apache TomEE 7.1.0 - 7.1.2 Apache TomEE 7.0.0-M1 - 7.0.7 Apache TomEE