Hi all,
The Apache Kyuubi community is pleased to announce that
Apache Kyuubi Shaded 0.4.0 has been released!
The full release notes are available at:
Release Notes: https://kyuubi.apache.org/shaded-release/0.4.0.html
To learn more about Apache Kyuubi, please see
https://kyuubi.apache.org/
Dear community,
The Apache Groovy team is pleased to announce version 4.0.21
of Apache Groovy which includes support for running Groovy on JDK 23.
Apache Groovy is a multi-faceted programming language for the JVM.
Further details can be found at the https://groovy.apache.org website.
This
The Apache Jackrabbit community is pleased to announce the release of
Apache Jackrabbit Oak 1.62.0. The release is available for download at:
http://jackrabbit.apache.org/downloads.html
See the full release notes below for details about this release:
Release Notes -- Apache Jackrabbit
Severity: moderate
Affected versions:
- Apache Zeppelin 0.10.1 before 0.11.0
Description:
Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes
in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before
0.11.0.
Users are recommended to upgrade to
Severity: moderate
Affected versions:
- Apache Zeppelin 0.10.1 before 0.11.0
Description:
Improper Input Validation vulnerability in Apache Zeppelin when creating a new
note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before
0.11.0.
Users are recommended to upgrade to
Severity: moderate
Affected versions:
- Apache Zeppelin SAP 0.8.0 before 0.11.0
Description:
Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue
affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.
As this project is retired, we do not plan to release a version that
Dear community,
The Apache Groovy team is pleased to announce version 5.0.0-alpha-8
of Apache Groovy which includes support for running Groovy on JDK 23.
Apache Groovy is a multi-faceted programming language for the JVM.
Further details can be found at the https://groovy.apache.org website.
Severity: low
Affected versions:
- Apache Zeppelin through 0.9.0
Description:
Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache
Zeppelin allows an attacker to submit malicious request. This issue affects
Apache Zeppelin Apache Zeppelin version 0.9.0 and prior
Severity: low
Affected versions:
- Apache Zeppelin 0.9.0 before 0.11.0
Description:
Improper Input Validation vulnerability in Apache Zeppelin.
By adding relative path indicators(E.g ..), attackers can see the contents for
any files in the filesystem that the server account can access.
This
The Apache Commons team is pleased to announce Apache Commons IO 2.16.1.
The Apache Commons IO library contains utility classes, stream
implementations, file filters,
file comparators, endian transformation classes, and much more.
Java 8 is required.
Fixed Bugs
--
o
Severity: moderate
Affected versions:
- Apache Zeppelin 0.8.2 before 0.11.1
Description:
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can call updating cron API with invalid or improper privileges so
that the notebook can run with the privileges.
This issue
Severity: moderate
Affected versions:
- Apache Zeppelin before 0.11.1
Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in
Apache Zeppelin.
The attacker can inject sensitive configuration or malicious code when
connecting MySQL database via JDBC driver.
Severity: moderate
Affected versions:
- Apache Zeppelin 0.8.2 before 0.11.1
Description:
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can execute malicious queries by setting improper configuration
properties to LDAP search filter.
This issue affects Apache
The Apache Pulsar team is proud to announce DotPulsar version 3.2.0.
Pulsar is a highly scalable, low-latency messaging platform running on
commodity hardware. It provides simple pub-sub semantics over topics,
guaranteed at least once delivery of messages, automatic cursor management=
for
Severity: moderate
Affected versions:
- Apache Zeppelin 0.8.2 before 0.11.1
Description:
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can execute shell scripts or malicious code by overriding
configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES.
Severity: moderate
Affected versions:
- Apache Zeppelin 0.8.2 before 0.11.1
Description:
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can modify helium.json and exposure XSS attacks to normal users.
This issue affects Apache Zeppelin: from 0.8.2
16 matches
Mail list logo