[Community] try to add a community growth graph to the website

Hi community! We're the maintainers of Apache APISIX . To better present how our community grows, we develop a tool to show contributors growing history on https://github.com/api7/contributor-graph. Since we found it helpful, we think maybe if it could help some o

[CVE-2021-25641] Potential deserialization id tampering from network

Hi, Severity: Medium Vendor: The Dubbo Project Team Versions Affected: Dubbo 2.7.0 to 2.7.8 Dubbo 2.6.0 to 2.6.9 Dubbo all 2.5.x versions (not supported by official team any longer) Description: Each Dubbo server will set a serialization id to tell the clients which serialization protocol it i

[CVE-2021-30181]RCE on customers via Script route poisoning (Nashorn script injection)

Hi Severity: low Vendor: The Dubbo Project Team Versions Affected: Dubbo 2.7.0 to 2.7.9 Dubbo 2.6.0 to 2.6.9 Dubbo all 2.5.x versions (not supported by official team any longer) Description: Apache Dubbo supports Script routing which will enable a customer to route the request to the right se

Re: [CVE-2021-30181]RCE on customers via Script route poisoning (Nashorn script injection)

> Mitigation: > 1. Upgrade to in 2.7.10+ or 2.6,10+ respectively according to the version > your are staying on. > https://github.com/apache/dubbo/releases/tag/dubbo-2.7 > .10 > https://github.com/apache/dubbo/releases/tag/dubbo-2 >

回复：建议给dubbo的外部依赖包做类隔离，以降低接入和升级成本 #7865

我们的做法是dubbo版本都结果裁剪,只保留我们需要的功能.这样依赖会大幅减少.并且dubbo的依赖pom我们也会修正. -- 原始邮件 -- 发件人: "dev"