The Apache™ XML Graphics Project - Security¶
Published Vulnerabilities¶
The Apache™ XML Graphics Project has collected its Security related information for all of its sub-projects to this page.
Apache™ Batik Project - Apache Batik Security¶
Fixed in Batik 1.13
medium: SSRF vulnerability CVE-2019-17566
Issue Public: 2020-06-15
Update Released: 2020-05-13 (Batik 1.13)
Affects: 1.12 and earlier
Fixed in Batik 1.10
medium: Deserialization vulnerability CVE-2018-8013
Issue Public: 2018-05-23
Update Released: 2018-05-23 (Batik 1.10)
Affects: 1.9.1 and earlier
Fixed in Batik 1.9
medium: XXE vulnerability CVE-2017-5662
Issue Public: 2017-04-18
Update Released: 2017-04-10 (Batik 1.9)
Affects: 1.8 and earlier
Fixed in Batik 1.8, 1.7.1 and 1.6.1
medium: XXE vulnerability CVE-2015-0250
Issue Public: 2012-07-25
Update Released: 2015-03-17 (Batik 1.8) and 2015-05-10 (Batik 1.7.1 and 1.6.1)
Affects: 1.7, 1.6 and earlier
Apache™ FOP Project - Apache FOP Security¶
Fixed in FOP 2.2
medium: XXE vulnerability CVE-2017-5661
Issue Public: 2017-04-18
Update Released: 2017-04-10 (FOP 2.2)
Affects: 2.1 and earlier
Apache™ XML Graphics Commons Project - Apache XML Graphics Commons Security¶
At the time of the most recent update, the Apache XML Graphics Commons Project has no published vulnerabilities.
Reporting New Security Problems with the Apache XML Graphics Sub Projects¶
Please report problems to the private security mailing list of the ASF Security Team, before disclosing them in a public forum. See the page of the ASF Security Team for further information and contact information.
IMPORTANT
- The ASF Security Team cannot accept regular bug reports or other queries. We ask that you use our bug reporting page for those.
- All mail sent to the Security Team that does not relate to security problems in Apache software will be ignored.
VERY IMPORTANT
- Do not submit security reports regarding vulnerabilities to our bug reporting system. This may inadvertently publicize the security vulnerability. Instead follow the steps on the ASF Security Page.
Security Standards¶
Apache XML Graphics Project vulnerabilities are labeled with CVE (Common Vulnerabilities and Exposures) identifiers.