[this newsletter is available online at https://s.apache.org/cgxvx ]
We're wrapping up another great week with the following activities from the
Apache community:
ASF Annual Report – a look back at our many achievements during the 2021 Fiscal
Year
- Press release
Severity: critical
Description: An XML external entity (XXE) injection vulnerability was
discovered in the Any23 StreamUtils.java file and is known to affect Any23
versions < 2.5. XML external entity injection (also known as XXE) is a web
security vulnerability that allows an attacker to
Description:
A Remote Code Execution (RCE) vulnerability was discovered in the Any23
YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE
vulnerabilities allow a malicious actor to execute any code of their choice on
a remote machine over LAN, WAN, or internet. RCE belongs