CVE-2022-41704:
Apache Batik information disclosure vulnerability
Severity:
Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Batik 1.0 - 1.15
Description:
Block loading jars by default to avoid running untrusted code
Mitigation:
[
https://issues.apache.org/jira/browse/BATIK-1345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Simon Steiner updated BATIK-1345:
-
Description:
The user should not be able to run java api's such as:
The Apache XML Graphics team is pleased to announce the availability of
Apache Batik 1.16.
Batik [1] is a Java-based toolkit for applications or applets that want to
use images in the Scalable Vector Graphics (SVG) format for various
purposes, such as display, generation or manipulation.
This is
CVE-2022-42890:
Apache Batik information disclosure vulnerability
Severity:
Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Batik 1.0 - 1.15
Description:
Restrict what java classes can be run thru JavaScript
Mitigation:
Users
Hi,
3+1s, I will make a release
Thanks
-
To unsubscribe, e-mail: batik-dev-unsubscr...@xmlgraphics.apache.org
For additional commands, e-mail: batik-dev-h...@xmlgraphics.apache.org
[
https://issues.apache.org/jira/browse/BATIK-1338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Simon Steiner updated BATIK-1338:
-
Description:
We should block loading jars by default to avoid running untrusted code:
Thank you Simon!
On Tue, Oct 25, 2022 at 1:04 AM Simon Steiner
wrote:
> Hi,
>
> 3+1s, I will make a release
>
> Thanks
>
>
>
>
>
>
>
>
> -
> To unsubscribe, e-mail: general-unsubscr...@xmlgraphics.apache.org
> For additional
Unfortunately Batik 1.16 breaks my application.
My application uses Batik to show and modify SVG graphics. The SVG
graphics are displayed and optionally saved as files. The Java
application calls Javascript functions which dynamically modify the SVG
graphics. The Javascript functions