September 2021 - java-sig-commits - Fedora Mailing-Lists

[Bug 1595453] CVE-2018-12538 jetty: HttpSessions access/hijack in the FileSystem's storage for the FileSessionDataStore.

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1595453 Joshua Mulliken <jmullike(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aboyko(a)redhat.com, | |chazlett(a)redhat.com, | |drieden(a)redhat.com, | |krathod(a)redhat.com, | |pdrozd(a)redhat.com, | |pjindal(a)redhat.com, | |sthorger(a)redhat.com -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1595453

2 years, 8 months

1
0
0 / 0

[Bug 1806398] CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1806398 Joshua Mulliken <jmullike(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pdrozd(a)redhat.com, | |sthorger(a)redhat.com -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1806398

2 years, 8 months

1
0
0 / 0

[Bug 1948001] CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1948001 errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2021:3660 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1948001

2 years, 8 months

1
0
0 / 0

[Bug 1948001] CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1948001 --- Comment #24 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: EAP 7.4.1 release Via RHSA-2021:3660 https://access.redhat.com/errata/RHSA-2021:3660 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1948001

2 years, 8 months

1
0
0 / 0

[Bug 1948001] CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1948001 errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2021:3658 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1948001

2 years, 8 months

1
0
0 / 0

[Bug 1948001] CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1948001 --- Comment #23 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2021:3658 https://access.redhat.com/errata/RHSA-2021:3658 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1948001

2 years, 8 months

1
0
0 / 0

[Bug 1948001] CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1948001 errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2021:3656 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1948001

2 years, 8 months

1
0
0 / 0

[Bug 1948001] CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1948001 --- Comment #22 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2021:3656 https://access.redhat.com/errata/RHSA-2021:3656 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1948001

2 years, 8 months

1
0
0 / 0

[Bug 1948001] CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1948001 --- Doc Text *updated* by RaTasha Tillery-Smith <rtillery(a)redhat.com> --- A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1948001

2 years, 8 months

1
0
0 / 0

[Bug 1972764] New: lucene-8.9.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1972764 Bug ID: 1972764 Summary: lucene-8.9.0 is available Product: Fedora Version: rawhide Status: NEW Component: lucene Keywords: FutureFeature, Triaged Assignee: akurtako(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, dbhole(a)redhat.com, dchen(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com, lef(a)fedoraproject.org, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 8.9.0 Current version/release in rawhide: 8.8.2-1.fc35 URL: http://lucene.apache.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/7178/ -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 8 months

1
3
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits September 2021