The Apache FOP Project

The Apache™ XML Graphics Project

The Apache™ XML Graphics Project - Security

Published Vulnerabilities

The Apache™ XML Graphics Project has collected its Security related information for all of its sub-projects to this page.

Apache™ Batik Project - Apache Batik Security

Fixed in Batik 1.13

medium: SSRF vulnerability CVE-2019-17566

Issue Public: 2020-06-15

Update Released: 2020-05-13 (Batik 1.13)

Affects: 1.12 and earlier

Fixed in Batik 1.10

medium: Deserialization vulnerability CVE-2018-8013

Issue Public: 2018-05-23

Update Released: 2018-05-23 (Batik 1.10)

Affects: 1.9.1 and earlier

Fixed in Batik 1.9

medium: XXE vulnerability CVE-2017-5662

Issue Public: 2017-04-18

Update Released: 2017-04-10 (Batik 1.9)

Affects: 1.8 and earlier

Fixed in Batik 1.8, 1.7.1 and 1.6.1

medium: XXE vulnerability CVE-2015-0250

Issue Public: 2012-07-25

Update Released: 2015-03-17 (Batik 1.8) and 2015-05-10 (Batik 1.7.1 and 1.6.1)

Affects: 1.7, 1.6 and earlier

Apache™ FOP Project - Apache FOP Security

Fixed in FOP 2.2

medium: XXE vulnerability CVE-2017-5661

Issue Public: 2017-04-18

Update Released: 2017-04-10 (FOP 2.2)

Affects: 2.1 and earlier

Apache™ XML Graphics Commons Project - Apache XML Graphics Commons Security

At the time of the most recent update, the Apache XML Graphics Commons Project has no published vulnerabilities.

Reporting New Security Problems with the Apache XML Graphics Sub Projects

Please report problems to the private security mailing list of the ASF Security Team, before disclosing them in a public forum. See the page of the ASF Security Team for further information and contact information.

IMPORTANT

VERY IMPORTANT

Security Standards

Apache XML Graphics Project vulnerabilities are labeled with CVE (Common Vulnerabilities and Exposures) identifiers.