Apache Cocoon Subprojects New Releases

2012-07-02 Thread Francesco Chicchiriccò
1.0.0 XML Utilities 2.0.4 Serializers Charsets 1.0.2 Take a look at subprojects site http://cocoon.apache.org/subprojects/ and Maven plugin site http://cocoon.apache.org/2.2/maven-plugins/ for more details. The Apache Cocoon Team. -- Francesco Chicchiriccò ASF Member, Apache Cocoon PMC and Apache

[ANN] Apache Syncope 1.0.0-incubating released

2012-08-14 Thread Francesco Chicchiriccò
After 7 months of work the Apache Syncope team is proud to announce the final release of the first stable version since entering the Apache Incubator. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The

[ANN] Apache Syncope 1.0.2-incubating released

2012-10-08 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.0.2-incubating from the Apache Incubator. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The release will be available within 24h from:

[ANN] Apache Syncope 1.0.4

2012-12-13 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.0.4 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The release will be available within 24h from: http://syncope.apache.org/downloads.html

[ANN] Apache Cocoon Integration Test Framework 1.0.1 and Servlet Service Implementation 1.3.2

2012-12-17 Thread Francesco Chicchiriccò
The Apache Cocoon team is pleased to announce the release of subprojects Cocoon Integration Test Framework 1.0.1 and Servlet Service Implementation 1.3.2. Apache Cocoon is an XML processing framework built around the concepts of separation of concerns and component-based development. Apache

[ANN] Apache Syncope 1.0.6 released

2013-03-29 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.0.7. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The release will be available within 24h from:

[ANN] Apache Syncope 1.1.1 released

2013-05-03 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.1.1. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The release will be available within 24h from:

[ANN] Apache Syncope 1.1.3 released

2013-07-15 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.1.3. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The release will be available within 24h from:

[ANN] Apache Syncope 1.1.4 released

2013-10-01 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.1.4. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The release will be available within 24h from:

[ANN] Apache Syncope 1.1.6 released

2014-02-26 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.1.6. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The release will be available within 24h from:

[ANN] Apache Syncope 1.0.9 and 1.1.7 released

2014-04-15 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.0.9 and 1.1.7. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The releases will be available within 24h from:

[ANN] Apache Syncope 1.1.8 released

2014-07-07 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.1.8. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The release will be available within 24h from:

[ANN] Apache Syncope 1.2.0-M1 released

2014-09-12 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.2.0-M1. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The release will be available within 24h from:

[ANN] Apache Syncope 1.2.0 released

2014-10-07 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.2.0. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The release will be available within 24h from:

[ANN] Apache Syncope 1.2.1 released

2014-11-21 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.2.1. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The release will be available within 24h from:

[ANN] Apache Syncope 1.2.2 released

2015-02-02 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.2.2. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in JEE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.0-M1 released

2015-12-26 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.0-M1. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 1.2.7 released

2016-01-18 Thread Francesco Chicchiriccò
/downloads.html The full change log is available here: http://s.apache.org/syncope127 We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team -- Francesco Chicchiriccò Tirasa

[ANN] Apache Syncope 2.0.0-M2 released

2016-03-24 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.0-M2. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.0-M4 released

2016-06-27 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.0-M4. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology. The releases will be available within 24h from:

[ANN] Apache Syncope 2.0.2 released

2017-01-31 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.2. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 1.2.10 released

2017-01-27 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.2.10. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.0.M5 released

2016-09-05 Thread Francesco Chicchiriccò
://syncope.apache.org/ The Apache Syncope Team -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Involved at The Apache Software Foundation: member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF Committer, OpenJPA Committer, PonyMail PPMC http://home.apache.org/~ilgrosso/

[ANN] Apache Syncope 1.2.9 released

2016-10-10 Thread Francesco Chicchiriccò
/downloads.html The full change log is available here: https://s.apache.org/syncope129 We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://syncope.apache.org/ The Apache Syncope Team -- Francesco Chicchiriccò

[ANN] Apache OpenJPA 2.4.2 released

2017-01-06 Thread Francesco Chicchiriccò
The Apache OpenJPA team is pleased to announce the release of OpenJPA 2.4.2. Apache OpenJPA is a Java persistence project at The Apache Software Foundation that can be used as a stand-alone POJO persistence layer or integrated into any Java EE compliant container and many other lightweight

[ANN] Apache Syncope 2.0.3

2017-04-18 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.3. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.4

2017-07-06 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.4. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.6

2017-10-12 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.6. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.5

2017-09-10 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.5. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.9

2018-07-03 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.9. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.7

2017-12-26 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.7. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.10

2018-08-20 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.10. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.1.1

2018-08-20 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.1.1. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.1.0

2018-07-09 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.1.0. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[SECURITY] CVE-2018-1321: Remote code execution by administrators with report and template entitlements

2018-03-20 Thread Francesco Chicchiriccò
CVE-2018-1321: Remote code execution by administrators with report and template entitlements Severity: Medium Vendor: The Apache Software Foundation Versions Affected: * Releases prior to 1.2.11 * Releases prior to 2.0.8 The unsupported Releases 1.0.x, 1.1.x may be also affected.

[ANN] Apache Syncope 1.2.11

2018-03-20 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 1.2.11. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[SECURITY] CVE-2018-1322: Information disclosure via FIQL and ORDER BY sorting

2018-03-20 Thread Francesco Chicchiriccò
CVE-2018-1322: Information disclosure via FIQL and ORDER BY sorting Severity: Medium Vendor: The Apache Software Foundation Versions Affected: * Releases prior to 1.2.11 * Releases prior to 2.0.8 The unsupported Releases 1.0.x, 1.1.x may be also affected. Description: An administrator with

[ANN] Apache Syncope 2.0.8

2018-03-20 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.8. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.11

2018-11-06 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.11. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.1.2

2018-11-06 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.1.2. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[SECURITY] CVE-2018-17184 Apache Syncope

2018-11-06 Thread Francesco Chicchiriccò
CVE-2018-17184: Stored XSS Description: A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements

[SECURITY] CVE-2018-17186 Apache Syncope

2018-11-06 Thread Francesco Chicchiriccò
CVE-2018-17186: XXE on BPMN definitions Description: An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. Severity: Medium Vendor: The Apache Software Foundation Affects:

[ANN] Apache Syncope 2.1.3

2019-01-21 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.1.3 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.12

2019-01-21 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.12. Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.1.4

2019-04-23 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.1.4 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.13

2019-04-23 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.13 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.0.14

2019-09-16 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.14 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from: https://syncope.apache.org/downloads

[ANN] Apache Syncope 2.1.5

2019-09-16 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.1.5 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from: https://syncope.apache.org/downloads

[ANN] Apache Syncope 2.1.6

2020-05-02 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.1.6 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from: https://syncope.apache.org/downloads

[CVE-2020-1959] Multiple Remote Code Execution Vulnerabilities

2020-05-02 Thread Francesco Chicchiriccò
Description: A Server-Side Template Injection was identified in Syncope enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When

[ANN] Apache Syncope 2.0.15

2020-05-02 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.15 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[CVE-2020-1961] Apache Syncope Server-Side Template Injection on mail templates

2020-05-03 Thread Francesco Chicchiriccò
Description: Vulnerability to Server-Side Template Injection on Mail templates enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered. Severity: Important Vendor: The Apache Software Foundation Affects: 2.0.X releases prior to 2.0.15

[CVE-2019-17557] Apache Syncope Enduser UI XSS

2020-05-03 Thread Francesco Chicchiriccò
Description: It was found that the EndUser UI login page reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string. Severity: Medium Vendor: The Apache Software Foundation Affects: 2.0.X releases prior to 2.0.15

[CVE-2020-11977] Apache Syncope: Remote Code Execution via Flowable workflow definition

2020-09-14 Thread Francesco Chicchiriccò
Description: When the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution. Severity: Low Vendor: The Apache Software Foundation Affects:

[ANN] Apache Syncope 2.0.16

2020-09-14 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.0.16 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[ANN] Apache Syncope 2.1.7

2020-09-14 Thread Francesco Chicchiriccò
The Apache Syncope team is pleased to announce the release of Syncope 2.1.7 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from: https://syncope.apache.org/downloads