| Title: The Apache(tm) XML Graphics Project - Community |
| |
| #The Apache™ XML Graphics Project - Security |
| |
| ## Published Vulnerabilities { #PublishedVulnerabilities} |
| |
| The *Apache™ XML Graphics Project* has collected its Security related information for all of its sub-projects to this page. |
| |
| ### Apache™ Batik Project - Apache Batik Security { #BatikSecurity} |
| |
| **Fixed in Batik 1.14** |
| |
| medium: SSRF vulnerability CVE-2020-11987 |
| |
| Issue Public: 2021-02-24 |
| |
| Update Released: 2021-01-20 (Batik 1.14) |
| |
| Affects: 1.13 and earlier |
| |
| **Fixed in Batik 1.13** |
| |
| medium: SSRF vulnerability CVE-2019-17566 |
| |
| Issue Public: 2020-06-15 |
| |
| Update Released: 2020-05-13 (Batik 1.13) |
| |
| Affects: 1.12 and earlier |
| |
| **Fixed in Batik 1.10** |
| |
| medium: Deserialization vulnerability CVE-2018-8013 |
| |
| Issue Public: 2018-05-23 |
| |
| Update Released: 2018-05-23 (Batik 1.10) |
| |
| Affects: 1.9.1 and earlier |
| |
| **Fixed in Batik 1.9** |
| |
| medium: XXE vulnerability CVE-2017-5662 |
| |
| Issue Public: 2017-04-18 |
| |
| Update Released: 2017-04-10 (Batik 1.9) |
| |
| Affects: 1.8 and earlier |
| |
| **Fixed in Batik 1.8, 1.7.1 and 1.6.1** |
| |
| medium: XXE vulnerability CVE-2015-0250 |
| |
| Issue Public: 2012-07-25 |
| |
| Update Released: 2015-03-17 (Batik 1.8) and 2015-05-10 (Batik 1.7.1 and 1.6.1) |
| |
| Affects: 1.7, 1.6 and earlier |
| |
| ### Apache™ FOP Project - Apache FOP Security { #FOPSecurity} |
| |
| **Fixed in FOP 2.2** |
| |
| medium: XXE vulnerability CVE-2017-5661 |
| |
| Issue Public: 2017-04-18 |
| |
| Update Released: 2017-04-10 (FOP 2.2) |
| |
| Affects: 2.1 and earlier |
| |
| ### Apache™ XML Graphics Commons Project - Apache XML Graphics Commons Security { #XMLGraphicsCommonsSecurity} |
| |
| **Fixed in Commons 2.6** |
| |
| medium: XXE vulnerability CVE-2020-11988 |
| |
| Issue Public: 2021-02-24 |
| |
| Update Released: 2021-01-20 (Commons 2.6) |
| |
| Affects: 2.4 and earlier |
| |
| ##Reporting New Security Problems with the Apache XML Graphics Sub Projects { #ReportingSecurityProblems} |
| |
| Please report problems to the private security mailing list of the ASF Security Team, before disclosing them in a public forum. See the page of the [ASF Security Team](https://www.apache.org/security/) for further information and contact information. |
| |
| **IMPORTANT** |
| |
| * **The ASF Security Team cannot accept regular bug reports or other queries. We ask that you use our [bug reporting page](http://xmlgraphics.apache.org/commons/bugs.html) for those.** |
| * **All mail sent to the Security Team that does not relate to security problems in Apache software will be ignored.** |
| |
| **VERY IMPORTANT** |
| |
| * **Do not submit security reports regarding vulnerabilities to our bug reporting system. This may inadvertently publicize the security vulnerability. Instead follow the steps on the [ASF Security Page](https://www.apache.org/security/).** |
| |
| ##Security Standards { #SecurityStandards} |
| |
| Apache XML Graphics Project vulnerabilities are labeled with [CVE](http://cve.mitre.org/) (Common Vulnerabilities and Exposures) identifiers. |