layout | title | permalink |
---|---|---|
page |
Security Reports |
/security/ |
This page lists all security vulnerabilities fixed in released versions of Apache Guacamole. Each vulnerability is listed with a description of the problem, its associated CVE number, and the Guacamole release in which the vulnerability was fixed.
If you believe you have discovered a security problem in Apache Guacamole, please follow responsible disclosure practices and report discovered security issues privately, either to the private security mailing list of the ASF Security Team or the [email protected] mailing list, before disclosing or discussing the issue in a public forum.
No. CVE-2023-5129 (aka CVE-2023-4863) deals specifically with decoding WebP images, not encoding.
You would also receive updates to libwebp from your distribution as the library itself is not bundled within Guacamole. If using our Docker images, the images are automatically rebuilt nightly to bring in updates from the maintainer of the base image (Alpine Linux), and a pull of the latest would give you an updated image.
No, CVE-2021-44228 does not affect Apache Guacamole. Guacamole uses Logback as its logging backend, not Log4j.
{% assign releases = site.releases | where: 'released', 'true' | sort: 'date' %} {% for release in releases reversed %}
{% assign reports = site.security | where: 'fixed', release.title | sort: 'title' %}
{% capture title %} Fixed in Apache Guacamole {{ release.title }} {% endcapture %}
{% include cve-list.html title=title reports=reports %}
{% endfor %}
{% assign releases = site.legacy-releases | sort: 'date' %} {% for release in releases reversed %}
{% assign reports = site.security | where: 'fixed', release.title | sort: 'title' %}
{% capture title %} Fixed in Guacamole {{ release.title }} (pre-Apache release) {% endcapture %}
{% include cve-list.html title=title reports=reports %}
{% endfor %}
{% assign reports = site.security | where: 'fixed', '0.6.3' | sort: 'title' %} {% capture title %} Fixed in Guacamole 0.6.3 (pre-Apache release) {% endcapture %} {% include cve-list.html title=title reports=reports %}