...
- CVE-2017-5649: Apache Geode information disclosure vulnerability
- CVE-2017-9794: Apache Geode gfsh query vulnerability
- CVE-2017-9797: Apache Geode client/server authentication vulnerability
- CVE-2017-9795: Apache Geode OQL method invocation vulnerability
- CVE-2017-9796: Apache Geode OQL bind parameter vulnerability
- CVE-2017-12622: Apache Geode gfsh authorization vulnerability
- CVE-2017-15696 Apache Geode configuration request authorization vulnerability
- CVE-2017-15692 Apache Geode unsafe deserialization in TcpServer
- CVE-2017-15693 Apache Geode unsafe deserialization of application objects
- CVE-2017-15695 Apache Geode remote code execution vulnerability
- CVE-2017-15694 Apache Geode metadata modification vulnerability
- CVE-2019-10091 Apache Geode SSL endpoint verification vulnerability
1.12.0
This release contains a number of improvements and bug fixes.
Changes since last release:
- Introduced a pluggable OQL security framework to restrict which classes and methods that can be called from OQL. The system administrator can change the security posture at runtime. Provided implementations include RestrictedMethodAuthorizer, UnrestrictedMethodAuthorizer, RegExMethodAuthorizer, and JavaBeanAccessorMethodAuthorizer.
- Introduced new endpoints in REST API for Management, including create and delete index, list deployed jars, show PDX configuration, and show supported REST API versions.
Migrated from Spring 4 to Spring 5.
Updated 3rd party libraries to latest security patches.
Fixed an issue where the locator could fail to shutdown completely.
Fixed an exception thrown when executing an equi-join query and both fields are indexed.
Fixed an issue where a backup was not properly aborted if a member of the distributed system was lost during the backup.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12346481
1.11.0
This release contains a number of improvements and bug fixes.
...