Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN443
_____________________________________________________________________

DATE                : 15/07/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems Apache Jackrabbit versions prior to
                                   2.20.17, 2.22.1.

=====================================================================
https://lists.apache.org/thread/pgl6dk7jtlsx0z24yk3009kfj1910108
_____________________________________________________________________


[IMPORTANT] [ANNOUNCE] Critical Vulnerability in Apache Jackrabbit
Dear Jackrabbit users,

recently, a potentially critical vulnerability was reported to us (CVE 
and details will follow).

We advise users of Jackrabbit 2.20.x (Java 8) and 2.22.x (Java 11) to 
update to the latest versions (2.20.17 and 2.22.1).

For the 2.23 beta branch, the fix is in version 2.23.2-beta.

Earlier branches (2.0.x to 2.19.x) have reached EOL already, and we 
recommend that users of these branches update to 2.20.17 or 2.22.1.

Best regards, the Apache Jackrabbit PMC


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================