Title: The Apache(tm) XML Graphics Project - Community

#The Apache&trade; XML Graphics Project - Security

## Published Vulnerabilities { #PublishedVulnerabilities}

The *Apache&trade; XML Graphics Project* has collected its Security related information for all of its sub-projects to this page.

### Apache&trade; Batik Project - Apache Batik Security { #BatikSecurity}

**Fixed in Batik 1.13**

medium: SSRF vulnerability CVE-2019-17566

Issue Public: 2020-06-15

Update Released: 2020-05-13 (Batik 1.13)

Affects: 1.12 and earlier

**Fixed in Batik 1.10**

medium: Deserialization vulnerability CVE-2018-8013

Issue Public: 2018-05-23

Update Released: 2018-05-23 (Batik 1.10)

Affects: 1.9.1 and earlier

**Fixed in Batik 1.9**

medium: XXE vulnerability CVE-2017-5662

Issue Public: 2017-04-18

Update Released: 2017-04-10 (Batik 1.9)

Affects: 1.8 and earlier

**Fixed in Batik 1.8, 1.7.1 and 1.6.1**

medium: XXE vulnerability CVE-2015-0250

Issue Public: 2012-07-25

Update Released: 2015-03-17 (Batik 1.8) and 2015-05-10 (Batik 1.7.1 and 1.6.1)

Affects: 1.7, 1.6 and earlier

### Apache&trade; FOP Project - Apache FOP Security { #FOPSecurity}

**Fixed in FOP 2.2**

medium: XXE vulnerability CVE-2017-5661

Issue Public: 2017-04-18

Update Released: 2017-04-10 (FOP 2.2)

Affects: 2.1 and earlier

### Apache&trade; XML Graphics Commons Project - Apache XML Graphics Commons Security { #XMLGraphicsCommonsSecurity}

At the time of the most recent update, the [Apache  XML Graphics Commons Project](http://xmlgraphics.apache.org/commons/) has no published vulnerabilities.

##Reporting New Security Problems with the Apache XML Graphics Sub Projects { #ReportingSecurityProblems}

Please report problems to the private security mailing list of the ASF Security Team, before disclosing them in a public forum. See the page of the [ASF Security Team](https://www.apache.org/security/) for further information and contact information.

**IMPORTANT**

  * **The ASF Security Team cannot accept regular bug reports or other queries. We ask that you use our [bug reporting page](http://xmlgraphics.apache.org/commons/bugs.html) for those.**
  * **All mail sent to the Security Team that does not relate to security problems in Apache software will be ignored.**

**VERY IMPORTANT**

  * **Do not submit security reports regarding vulnerabilities to our bug reporting system. This may inadvertently publicize the security vulnerability. Instead follow the steps on the [ASF Security Page](https://www.apache.org/security/).**

##Security Standards { #SecurityStandards}

Apache XML Graphics Project vulnerabilities are labeled with [CVE](http://cve.mitre.org/) (Common Vulnerabilities and Exposures) identifiers.