Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-95w5-q9vp-5vrm: Heron allows CRLF log injection

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

ghsa
#apache#java#maven

Package

maven org.apache.heron:heron-api (Maven)

Affected versions

< 0.20.5-incubating

Patched versions

0.20.5-incubating

Related news

CVE-2021-42010

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.