Build Update for mmoayyed/syncope
-
Build: #69
Status: Failed
Duration: 54 secs
Commit: 9727f51 (travis)
Author: Misagh Moayyed
Message: switch to bionic arm64
View the changeset:
Build Update for mmoayyed/syncope
-
Build: #71
Status: Still Failing
Duration: 4 mins and 16 secs
Commit: 36a94d2 (travis)
Author: Misagh Moayyed
Message: install maven
View the changeset:
The Apache Syncope team is pleased to announce the release of Syncope 2.1.6
Apache Syncope is an Open Source system for managing digital identities in
enterprise environments, implemented in Java EE technology .
The release will be available within 24h from:
https://syncope.apache.org/downloads
The Apache Syncope team is pleased to announce the release of Syncope 2.0.15
Apache Syncope is an Open Source system for managing digital identities in
enterprise environments, implemented in Java EE technology .
The release will be available within 24h from:
Hi all,
after 72 hours, the vote for Syncope 2.1.6 [1] *passes* with 6 PMC + 1 non-PMC
votes.
+1 (PMC / binding)
* Fabio Martelli
* Jean-Baptiste Onofré
* Andrea Patricelli
* Matteo Alessandroni
* Colm O hEigeartaigh
* Francesco Chicchiriccò
+1 (non binding)
* Lorenzo Di Cola
0
-1
Thanks
Description:
A Server-Side Template Injection was identified in Syncope enabling attackers
to inject arbitrary Java EL expressions, leading to an
unauthenticated Remote Code Execution (RCE) vulnerability.
Apache Syncope uses Java Bean Validation (JSR 380) custom constraint
validators. When
Hi all,
after 72 hours, the vote for Syncope 2.0.15 [1] *passes* with 6 PMC + 1 non-PMC
votes.
+1 (PMC / binding)
* Fabio Martelli
* Andrea Patricelli
* Matteo Alessandroni
* Marco Di Sabatino
* Colm O hEigeartaigh
* Francesco Chicchiriccò
+1 (non binding)
* Lorenzo Di Cola
0
-1
Thanks to
Build Update for mmoayyed/syncope
-
Build: #70
Status: Still Failing
Duration: 53 secs
Commit: 08ae027 (travis)
Author: Misagh Moayyed
Message: switch to bionic arm64
View the changeset:
Description:
Vulnerability to Server-Side Template Injection on Mail templates enabling
attackers to inject arbitrary JEXL expressions, leading to Remote
Code Execution (RCE) was discovered.
Severity: Important
Vendor: The Apache Software Foundation
Affects:
2.0.X releases prior to 2.0.15
Description:
It was found that the EndUser UI login page reflects the successMessage
parameters.
By this mean, a user accessing the Enduser UI could execute javascript code
from URL query string.
Severity: Medium
Vendor: The Apache Software Foundation
Affects:
2.0.X releases prior to 2.0.15
10 matches
Mail list logo