GHSA-gppm-hq3p-h4rp: Git credentials are exposed in Atlantis logs

GHSA-gr3c-q7xf-47vh: XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

GHSA-8m24-3cfx-9fjw: sp1 has insufficient observation of cumulative sum

GHSA-j857-2pwm-jjmm: Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

**Package**

maven org.apache.heron:heron-api (Maven)

**Affected versions**

< 0.20.5-incubating

**Patched versions**

0.20.5-incubating

Headline

GHSA-95w5-q9vp-5vrm: Heron allows CRLF log injection

Related news

ghsa: Latest News