The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.11.0.
This is the first release after eight milestones on the 2.11 series of
Apache JSPWiki,
a feature-rich and extensible WikiWiki engine built around the standard JEE
components.
The release is available here:
Severity
Critical
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.0.M8
Description
Remote attackers may delete arbitrary files in a system hosting a
JSPWiki instance by using a carefuly crafted http request on logout,
given that those files are reachable to the