[ANNOUNCE] Apache JSPWiki 2.9.1-incubating released

2013-05-15 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.9.1-incubating from the Apache Incubator. This is the second release of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard J2EE components. The release is available here:

[ANNOUNCE] Apache JSPWiki 2.10.0 released

2014-02-01 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.10.0. This is the 2.10.0 release of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here: http://www.apache.org/dyn/closer.cgi/jspwiki/

[ANNOUNCE] Apache JSPWiki 2.10.1 released

2014-05-29 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.10.1. This is the second release on the 2.10 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here:

[ANNOUNCE] Apache JSPWiki 2.10.2 released

2016-02-21 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.10.2. This is the third release on the 2.10 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here:

[ANNOUNCE] Apache JSPWiki 2.10.4 released

2018-06-02 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.10.4. This is the fourth release on the 2.10 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here:

[ANNOUNCE] Apache JSPWiki 2.10.5 released

2018-09-04 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.10.5. This is the fifth release on the 2.10 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here:

[CVE-2019-0224] Apache JSPWiki Cross-site scripting vulnerability

2019-03-26 Thread Juan Pablo Santos Rodríguez
Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache JSPWiki up to 2.11.0.M2 Description: A carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to

[CVE-2019-0225] Apache JSPWiki Local File Inclusion (limited ROOT folder) vulnerability leads to user information disclosure

2019-03-26 Thread Juan Pablo Santos Rodríguez
Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache JSPWiki up to 2.11.0.M2 Description: A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki, which could be used by an attacker to obtain registered

[ANNOUNCE] Apache JSPWiki 2.11.0.M2 released

2019-03-09 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.0.M2. This is the second release towards the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. M# releases are as production-ready as any other JSPWiki

[ANNOUNCE] Apache JSPWiki 2.11.0.M1 released

2019-01-30 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.0.M1. This is the first release towards the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. M# releases are as production-ready as any other JSPWiki

[CVE-2019-10076] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki

2019-05-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M3 Description A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking. Mitigation Apache JSPWiki users should

[ANNOUNCE] Apache JSPWiki 2.11.0.M4 released

2019-05-20 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.0.M4. This is the fourth release towards the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. M# releases are as production-ready as any other JSPWiki

[CVE-2019-10077] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki

2019-05-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M3 Description A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking. Mitigation Apache JSPWiki users should upgrade to

[CVE-2019-10078] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki

2019-05-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M3 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking. Initial reporting indicated

[ANNOUNCE] Apache JSPWiki 2.11.0.M5 released

2019-09-20 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.0.M5. This is the fifth release towards the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. M# releases are as production-ready as any other JSPWiki

[CVE-2019-10089] Apache JSPWiki Cross-site scripting vulnerability on WYSIWYG editor

2019-09-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M4 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript

[CVE-2019-10087] Apache JSPWiki Cross-site scripting vulnerability in Page Revision History

2019-09-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M4 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute

[CVE-2019-12407] Apache JSPWiki Cross-site scripting vulnerability related to the remember parameter

2019-09-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M4 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the

[CVE-2019-12404] Apache JSPWiki Cross-site scripting vulnerability on InfoContent.jsp

2019-09-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M4 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in

[CVE-2019-10090] Apache JSPWiki Cross-site scripting vulnerability on plain editor

2019-09-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M4 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript

[ANNOUNCE] Apache JSPWiki 2.11.0.M6 released

2019-12-21 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.0.M6. This is the sixth release towards the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. M# releases are as production-ready as any other JSPWiki

[ANNOUNCE] Apache JSPWiki 2.11.0.M7 released

2020-05-31 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.0.M7. This is the seventh release towards the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. M# releases are as production-ready as any other JSPWiki

[ANNOUNCE] Apache JSPWiki 2.11.0.M8 released

2020-12-20 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.0.M8. This is the eighth release towards the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. M# releases are as production-ready as any other JSPWiki

[ANNOUNCE] Apache JSPWiki 2.11.1 released

2021-12-19 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.1. This is the second release on the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here:

[CVE-2021-44140] Apache JSPWiki Arbitrary file deletion on logout

2021-11-23 Thread Juan Pablo Santos Rodríguez
Severity Critical Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M8 Description Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance by using a carefuly crafted http request on logout, given that those files are reachable to the

[CVE-2021-40369] Apache JSPWiki Cross-site scripting vulnerability on Denounce plugin

2021-11-23 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M8 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute

[ANNOUNCE] Apache JSPWiki 2.11.0 released

2021-11-23 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.0. This is the first release after eight milestones on the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here:

[CVE-2022-24947] Apache JSPWiki CSRF Account Takeover

2022-02-24 Thread Juan Pablo Santos Rodríguez
Severity Critical Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.1 Description Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Mitigation Apache JSPWiki users should upgrade to 2.11.2 or later.

[CVE-2022-24948] Apache JSPWiki Cross-site scripting vulnerability on User Preferences screen

2022-02-24 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.1 Description A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to

[ANNOUNCE] Apache JSPWiki 2.11.2 released

2022-02-25 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.2. This is the third release on the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. The release is available here: