Dear ServiceComb Developers,
As you know, the Apache Software Foundation takes our users' security
seriously, and defines sensible release and security processes to make sure
potential security issues are dealt with responsibly. These indirectly also
protect our committers, shielding individuals
Hello Aryan,
Thank you for helping us stay secure. You might want to review
https://security.apache.org/blog/credits/ , where we list some classes of
common reports that we consider invalid up-front. If the issue does not
fall in any of those categories, as you can read on
Dear Hive Developers,
As you know, the Apache Software Foundation takes our users' security
seriously, and defines sensible release and security processes to make sure
potential security issues are dealt with responsibly. These indirectly also
protect our committers, shielding individuals from
Hello,
We are aware that our email system currently does not support DKIM/DMARC.
Because of our heavy use of mailinglists supporting DKIM/DMARC would be
nontrivial.
We appreciate you taking the time to notify us of this issue, but as a non
profit volunteer-based open source organization we don't
Hello Manohara,
Thank you for your question. When an advisory is published for a
dependency, more often than not, the project does not use the dependency in
a way that is affected by the problem described in the advisory. For this
reason we don't accept the simple fact that an advisory exists for
Dear Zeppelin community,
As you know, the Apache Software Foundation really cares about our users'
security, and protects them by defining sensible release and security
processes. These indirectly also protect our committers, shielding
individuals from personal liability. Additionally, we have a
Dear Zeppelin community,
As you know, the Apache Software Foundation really cares about our users'
security, and protects them by defining sensible release and security
processes. These indirectly also protect our committers, shielding
individuals from personal liability. Additionally, we have a
Dear Geode Developers,
As you know, the Apache Software Foundation really cares about our users'
security, and protects them by defining sensible release and security
processes. These indirectly also protect our committers, shielding
individuals from personal liability. We also have security
Hello Kang Hou et al,
Thanks for your patience on this issue. After some discussion and
consideration, we have decided not to treat this behavior as a
security vulnerability.
The problem you describe only arises when untrusted input is passed to
Commons Text. Because Commons Text is a low-level
Hi,
I noticed there was some confusion online as to whether this issue is
fixed in 2.17 (https://www.openwall.com/lists/oss-security/2022/08/26/4).
Unless anyone objects I'll amend the CVE text to make it explicit that
users are recommended to update to 2.17 or later.
Luckily with the new CVE
Hi;
You recently contacted the Apache security team. As explained in
[1], the e-mail address you used should only be used for reporting
undisclosed security vulnerabilities in Apache products and managing the
process of fixing such vulnerabilities. Your e-mail does not meet that
criteria.
You
Please note that when you send mail to dev@shenyu it becomes public
immediately. This is not the correct way to report a security issue.
Please see https://apache.org/security/ for the correct way to report
possible security issues.
Regards, Mark
On Tue, Nov 23, 2021 at 9:20 AM gregory draperi
Dear r00t4dm;
Jonathan from Tomee PMC has already responded to you: We do not
provide further help or guidance to verify vulnerabilities. We use
secur...@apache.org only for the reporting of new vulnerabilities.
Best Regards, Mark.
On Wed, Dec 23, 2020 at 4:32 AM r00t 4dm wrote:
>
> Ok,
ty Engineer
> CVE Content Team
> kt...@mitre.org
>
> -----Original Message-----
> From: m...@gsuite.cloud.apache.org On Behalf
> Of Apache Security Team
> Sent: Wednesday, September 30, 2020 3:06 AM
> To: Ian Maxon
> Cc: Kelly Todd ; dev@asterixdb.apache.org;
&g
am
> > kt...@mitre.org
> >
> > -Original Message-
> > From: Ian Maxon
> > Sent: Friday, September 18, 2020 11:32 AM
> > To: Kelly Todd
> > Cc: Apache Security Team ;
> > priv...@asterixdb.apache.org; ima...@apache.org; CVE Request
> >
The following three issues were fixed in previous releases of Apache
Zeppelin but had not been disclosed. This email is being sent by the
ASF Security Team on behalf of Apache Zeppelin.
[CVEID]:CVE-2017-12619
[PRODUCT]:Apache Zeppelin
[VERSION]:Apache Zeppelin prior to 0.7.3 (released September
16 matches
Mail list logo
