CVE-2022-32287: Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives

Severity: low Description: A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache

[ANNOUNCE] Apache UIMA Java SDK version 3.3.1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Apache UIMA team is pleased to announce the release of Apache UIMA Java SDK, version 3.3.1. Apache UIMA is a component architecture and framework for the analysis of unstructured content like text, video and audio

[ANNOUNCE] Apache Curator 5.4.0 released

Hello, The Apache Curator team is pleased to announce the release of version 5.4.0. Apache Curator is a Java/JVM client library for Apache ZooKeeper[1], a distributed coordination service. Apache Curator includes a high-level API framework and utilities to make using Apache ZooKeeper much

CVE-2022-33684: Apache Pulsar: Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack

Severity: high Description: The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the