Posts tagged 'security'

ASF Security Report: 2022

Synopsis: This report explores the state of security across all of The Apache Software Foundation (ASF) projects for the calendar year 2022. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues. Released : January 2023 Author: Mark Cox, VP Security Background The... [Read more...]

CVE-2022-42889: interpolations that allow RCE disa...

On 2022-10-13, the Apache Commons Text team disclosed CVE-2022-42889 . Key takeaways: If you rely on software that uses a version of commons-text prior to 1.10.0, you are likely still not vulnerable: you are only affected when this software uses the StringSubstitutor API without properly sanitizing any untrusted input. If your... [Read more...]

Apache Isis version 2.0.0-M9 Released

The Apache Isis team is pleased to announce the release of Apache Isis 2.0.0-M9. This is primarily a security release, to fix an XSS vulnerability (CVE-2022-42466).  There are one or two other small improvements and bug fixes. Full release notes are available on the Apache Isis website at [1]. You can access this release directly from the Maven... [Read more...]

Encryption and decryption with Groovy

Inspired by this recent blog entry , here is an example showing how to encrypt and decrypt with Groovy. Using the JDK crypto classes First, we need some text to encrypt. We'll use an excerpt of the one from the aforementioned blog post: var text = 'Contrary to popular belief, Lorem Ipsum is not simply random text. \ It has roots in... [Read more...]

Foundation Statement at 8 February 2022 Senate Com...

‚ÄúResponding to and Learning from the Log4Shell Vulnerability‚ÄĚ Opening Statement by David Nalley President, Apache Software Foundation Senate Committee on Homeland Security and Government Affairs February 8, 2022     Chairman Peters, Ranking Member Portman, and distinguished members of the Committee: thank you for... [Read more...]


Today's active blogs

Popular blog tags

Related sites