Failed: mmoayyed/syncope#69 (travis - 9727f51)

Build Update for mmoayyed/syncope - Build: #69 Status: Failed Duration: 54 secs Commit: 9727f51 (travis) Author: Misagh Moayyed Message: switch to bionic arm64 View the changeset:

Still Failing: mmoayyed/syncope#71 (travis - 36a94d2)

Build Update for mmoayyed/syncope - Build: #71 Status: Still Failing Duration: 4 mins and 16 secs Commit: 36a94d2 (travis) Author: Misagh Moayyed Message: install maven View the changeset:

[ANN] Apache Syncope 2.1.6

The Apache Syncope team is pleased to announce the release of Syncope 2.1.6 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from: https://syncope.apache.org/downloads

[ANN] Apache Syncope 2.0.15

The Apache Syncope team is pleased to announce the release of Syncope 2.0.15 Apache Syncope is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology . The release will be available within 24h from:

[RESULT] [VOTE] Apache Syncope 2.1.6

Hi all, after 72 hours, the vote for Syncope 2.1.6 [1] *passes* with 6 PMC + 1 non-PMC votes. +1 (PMC / binding) * Fabio Martelli * Jean-Baptiste Onofré * Andrea Patricelli * Matteo Alessandroni * Colm O hEigeartaigh * Francesco Chicchiriccò +1 (non binding) * Lorenzo Di Cola 0 -1 Thanks

[CVE-2020-1959] Multiple Remote Code Execution Vulnerabilities

Description: A Server-Side Template Injection was identified in Syncope enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When

Re: [VOTE] Apache Syncope 2.0.15

Hi all, after 72 hours, the vote for Syncope 2.0.15 [1] *passes* with 6 PMC + 1 non-PMC votes. +1 (PMC / binding) * Fabio Martelli * Andrea Patricelli * Matteo Alessandroni * Marco Di Sabatino * Colm O hEigeartaigh * Francesco Chicchiriccò +1 (non binding) * Lorenzo Di Cola 0 -1 Thanks to

Still Failing: mmoayyed/syncope#70 (travis - 08ae027)

Build Update for mmoayyed/syncope - Build: #70 Status: Still Failing Duration: 53 secs Commit: 08ae027 (travis) Author: Misagh Moayyed Message: switch to bionic arm64 View the changeset:

[CVE-2020-1961] Server-Side Template Injection on mail templates

Description: Vulnerability to Server-Side Template Injection on Mail templates enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered. Severity: Important Vendor: The Apache Software Foundation Affects: 2.0.X releases prior to 2.0.15

[CVE-2019-17557] Enduser UI XSS

Description: It was found that the EndUser UI login page reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string. Severity: Medium Vendor: The Apache Software Foundation Affects: 2.0.X releases prior to 2.0.15