The Apache Druid team is proud to announce the release of Apache Druid
0.17.1.
Druid is a high performance analytics data store for event-driven data.
Apache Druid 0.17.1 is a bug fix release that addresses a string encoding
issue.
Source and binary distributions can be downloaded from:
https://d
Severity: High
Vendor:
The Apache Software Foundation
Versions Affected:
Druid 0.17.0
Description:
When LDAP authentication is enabled:
- Callers of Druid APIs with a valid set of LDAP credentials can bypass the
`credentialsValidator.userSearch` filter barrier that determines if a valid
LDAP use
[this newsletter is available online at https://s.apache.org/Mar2020 ]
Welcome to the third monthly overview of events from the Apache community.
Here's a summary of what happened in March:
New this month --
- Happy 21st Anniversary, ASF! https://s.apache.org/21stAnniversary
- ASF Statement
CVE-2020-1954: Apache CXF JMX Integration is vulnerable to a MITM attack
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
This vulnerability affects all versions of Apache CXF prior to 3.3.6 and
3.2.13.
Description:
Apache CXF has the ability to integrate with JMX
Apache HTTP Server 2.4.43 Released
April 01, 2020
The Apache Software Foundation and the Apache HTTP Server Project
are pleased to announce the release of version 2.4.43 of the Apache
HTTP Server ("Apache"). This version of Apache is our latest GA
release of the ne