CINXE.COM

Security Advisories | Open Microscopy Environment (OME)

<!doctype html> <html class="no-js" lang="en" dir="ltr"> <head> <!-- Global site tag (gtag.js) - Google Analytics --> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-49953125-6"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-49953125-6'); </script> <meta charset="utf-8" /> <meta http-equiv="x-ua-compatible" content="ie=edge" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="description" content="Get the latest on any security advisories for OME products." /> <meta property="og:image" content="/img/logos/ome-logo_fb.png" /> <meta property="og:type" content="website" /> <meta property="og:url" content="" /> <meta property="og:title" content="The Open Microscopy Environment" /> <meta property="og:description" content="A consortium of universities, research labs, industry and developers producing open-source software and format standards for microscopy data." /> <meta name="twitter:card" content="summary"> <meta name="twitter:title" content="The Open Microscopy Environment"> <meta name="twitter:image" content="https://www.openmicroscopy.org/img/logos/ome-logomark_twitter.png"> <title>Security Advisories | Open Microscopy Environment (OME)</title> <!-- favicon from https://realfavicongenerator.net/ --> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png?v=2"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png?v=2"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png?v=2"> <link rel="manifest" href="/site.webmanifest?v=2"> <link rel="mask-icon" href="/safari-pinned-tab.svg?v=2" color="#5bbad5"> <link rel="shortcut icon" href="/favicon.ico?v=2"> <meta name="msapplication-TileColor" content="#2b5797"> <meta name="theme-color" content="#ffffff"> <!-- Mastodon --> <link rel="me" href="https://fosstodon.org/@ome"/> <link rel="stylesheet" type="text/css" media="all" href="https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,400italic,600italic,700italic"> <link rel="stylesheet" type="text/css" media="all" href="https://fonts.googleapis.com/css?family=Montserrat:400,500"> <link rel="stylesheet" type="text/css" media="all" href="/css/font-awesome.min.css"> <link rel="stylesheet" type="text/css" media="all" href="/css/foundation.min.css"> <link rel="stylesheet" type="text/css" media="all" href="/css/responsive-tables.css"> <link rel="stylesheet" type="text/css" media="all" href="/css/openmicroscopy.css"> </head> <body> <div class="title-bar" data-responsive-toggle="main-menu" data-hide-for="medium"> <button class="menu-icon" type="button" data-toggle></button> <div class="title-bar-title"></div> </div> <!--<div data-sticky-container> <div class="main-nav-bar top-bar" id="main-menu" data-sticky data-options="marginTop:0;">--> <div class="main-nav-bar top-bar" id="main-menu"> <div class="top-bar-left"> <ul class="vertical medium-horizontal dropdown menu" data-responsive-menu="accordion medium-dropdown"> <li class="hide-for-small-only"><a class="logo" href="/index.html"><img src="/img/logos/ome-main-nav.svg" alt="OME logo" /></a></li> <li class="show-for-small-only"><a href="/index.html"><img src="/img/logos/ome-logomark.svg" alt="OME logo" style="height:32px; width:32px;"/></a></li> <li class="has-submenu"><a href="/about/">About Us</a> <ul class="submenu menu vertical" data-submenu> <li><a href="/about/">Overview</a></li> <li><a href="/teams/">OME Teams</a></li> <li><a href="/contributors/">Contributors</a></li> <li><a href="/commercial-partners/">Commercial Partners</a></li> <li><a href="/licensing/">Licensing</a></li> <li><a href="/citing-ome/">Citing OME</a></li> <li><a href="/artwork/">Artwork</a></li> <li><a href="/training/">Training</a></li> <li><a href="/events/ome-community-meeting-2024/">OME 2024</a></li> </ul> </li> <li class="has-submenu"><a href="/news/">News</a> <ul class="submenu menu vertical" data-submenu> <li><a href="/news/">Overview</a></li> <li><a href="/announcements/">Announcements</a></li> <li><a href="/events/">Events</a></li> <li><a href="/minutes/">Minutes</a></li> <li><a href="/security/">Security</a></li> <li><a href="/careers/">Careers</a></li> <li><a href="/blog/">Blog</a></li> </ul> </li> </ul> </div> <div class="top-bar-right"> <ul class="vertical medium-horizontal dropdown menu" data-responsive-menu="accordion medium-dropdown"> <li class="has-submenu"><a href="/products/">Products</a> <ul class="submenu menu vertical" data-submenu> <li><a href="/products/">Overview</a></li> <li><a href="/omero/">OMERO</a></li> <li><a href="/bio-formats/">Bio-Formats</a></li> <li><a href="/ome-files/">OME Files</a></li> </ul> </li> <li class="has-submenu"><a href="/support/">Support</a> <ul class="submenu menu vertical" data-submenu> <li><a href="/support/">Overview</a></li> <li><a href="/security/">Security</a></li> <li><a href="/training/">Training</a></li> </ul> </li> <li><a href="/docs/">Docs</a></li> <li class="hide-for-small-only"><a href="/explore/" class="button btn-indigo" style="color: #eceff1; margin-left: 10px;">Explore</a></li> <li class="show-for-small-only"><a href="/explore/">Explore</a></li> </ul> </div> </div> <!--</div> make header sticky? --> <a name="top-of-page"></a> <div class="callout large primary" id="bg-image-security"> <div class="row column text-center"> <h1>Security Advisories</h1> <p>Known vulnerabilities, workarounds, and resolutions</p> </div> </div> <hr class="invisible"> <div class="text-center"> <a id="back-to-top" href="/security/"><i class="fa fa-arrow-left"></i> back to Security</a> </div> <!-- begin Security --> <hr class="whitespace"> <div id="secvul-posts" class="row"> <table> <thead> <tr> <th width="200">Release Date</th> <th>Advisories</th> <th width="200">Fixed In</th> </tr> </thead> <tbody> <tr> <td>May 21, 2024</td> <td><a href="/security/advisories/2024-35180">CVE-2024-35180 ("JSONP callback")</a></td> <td>OMERO.web 5.26.0</td> </tr> <tr> <td>May 5, 2023</td> <td><a href="/security/advisories/2023-31047">CVE-2023-31047 ("Django file upload validation") Assessment</a></td> <td>OMERO.web 5.20.0</td> </tr> <tr> <td>April 1, 2022</td> <td><a href="/2022/04/01/spring-framework-issue.html">CVE-2022-22965 ("Spring Framework RCE") Assessment</a></td> <td>N/A</td> </tr> <tr> <td>December 13, 2021</td> <td><a href="/security/advisories/2021-SV4">2021-SV4 log4j in loci_tools.jar </a></td> <td>bioformats_package.jar</td> </tr> <tr> <td>December 13, 2021</td> <td><a href="/2021/12/13/log4j-issue.html" target="_blank">CVE-2021-44228 ("Log4Shell") Assessment</a></td> <td>N/A</td> </tr> <tr> <td>October 14, 2021</td> <td><a href="/security/advisories/2021-SV3">2021-SV3 XSS vectors</a></td> <td>OMERO.web 5.11.0, OMERO.figure 4.4.1.</td> </tr> <tr> <td>March 17, 2021</td> <td><a href="/security/advisories/2021-SV2">2021-SV2 URL validation on login</a></td> <td>OMERO.web 5.9.0</td> </tr> <tr> <td>March 17, 2021</td> <td><a href="/security/advisories/2021-SV1">2021-SV1 User Context</a></td> <td>OMERO.web 5.9.0</td> </tr> <tr> <td>March 25, 2020</td> <td><a href="/security/advisories/2019-SV6-group-owner-context/">2019-SV6 Group Owner Context</a></td> <td>OMERO.server 5.6.1</td> </tr> <tr> <td>March 25, 2020</td> <td><a href="/security/advisories/2019-SV5-bypass-filters/">2019-SV5 Bypass Filters</a></td> <td>OMERO.server 5.6.1</td> </tr> <tr> <td>March 25, 2020</td> <td><a href="/security/advisories/2019-SV4-web-referrer-leakage/">2019-SV4 Web Referrer Leakage</a></td> <td>OMERO.web 5.9.0</td> </tr> <tr> <td>March 25, 2020</td> <td><a href="/security/advisories/2019-SV3-user-privacy/">2019-SV3 User Privacy</a></td> <td>OMERO.server 5.6.1</td> </tr> <tr> <td>March 25, 2020</td> <td><a href="/security/advisories/2019-SV2-group-permissions/">2019-SV2 Group Permissions</a></td> <td>OMERO.server 5.6.1</td> </tr> <tr> <td>March 25, 2020</td> <td><a href="/security/advisories/2019-SV1-reader-used-files/">2019-SV1 Reader Used Files</a></td> <td>OMERO.server 5.6.1</td> </tr> <tr> <td>July 26, 2018</td> <td><a href="/security/advisories/2018-SV3-modify-user-password/">2018-SV3 Modify User Password</a></td> <td>OMERO 5.4.7</td> </tr> <tr> <td>July 26, 2018</td> <td><a href="/security/advisories/2018-SV2-script-name-uuid/">2018-SV2 Script Name UUID</a></td> <td>OMERO 5.4.7</td> </tr> <tr> <td>July 26, 2018</td> <td><a href="/security/advisories/2018-SV1-post-password/">2018-SV1 POST password</a></td> <td>OMERO 5.4.7</td> </tr> <tr> <td>March 7, 2018</td> <td><a href="/security/advisories/2017-SV6-job-file-link/">2017-SV6 Job-File Link</a></td> <td>OMERO 5.4.4</td> </tr> <tr> <td>October 4, 2017</td> <td><a href="/security/advisories/2017-SV4-guest-user/">2017-SV4 Guest User</a></td> <td>OMERO 5.3.5</td> </tr> <tr> <td>September 13, 2017</td> <td><a href="/security/advisories/2017-SV5-filename-2/">2017-SV5 Filename Mutability 2</a></td> <td>OMERO 5.3.4</td> </tr> <tr> <td>March 23, 2017</td> <td><a href="/security/advisories/2017-SV3-delete-script/">2017-SV3 Delete Script</a></td> <td>OMERO 5.2.8</td> </tr> <tr> <td>March 23, 2017</td> <td><a href="/security/advisories/2017-SV2-edit-rw/">2017-SV2 Edit in RW Group</a></td> <td>OMERO 5.2.8</td> </tr> <tr> <td>March 23, 2017</td> <td><a href="/security/advisories/2017-SV1-filename/">2017-SV1 Filename Mutability</a></td> <td>OMERO 5.2.8</td> </tr> <tr> <td>August 02, 2016</td> <td><a href="/security/advisories/2016-SV2-share/">2016-SV2 Share</a></td> <td>OMERO 5.2.5</td> </tr> <tr> <td>May 30, 2016</td> <td><a href="/security/advisories/2016-SV1-cleanse/">2016-SV1 Cleanse</a></td> <td>OMERO 5.2.4</td> </tr> <tr> <td>July 21, 2015</td> <td><a href="https://www.openmicroscopy.org/2015/07/21/java-issue.html" target="_blank">Java TLS Vulnerabilities Prior to 8u51, 7u85 and 6u101</a></td> <td>OMERO 5.1.3</td> </tr> <tr> <td>November 11, 2014</td> <td><a href="/security/advisories/2014-SV4-poodle/">2014-SV4 POODLE</a></td> <td>OMERO 5.0.6</td> </tr> <tr> <td>November 11, 2014</td> <td><a href="/security/advisories/2014-SV3-csrf/">2014-SV3 CSRF</a></td> <td>OMERO 5.0.6</td> </tr> <tr> <td>September 25, 2014</td> <td><a href="/security/advisories/2014-SV2-empty-passwords/">2014-SV2 Empty Passwords</a></td> <td>OMERO 4.4.12, 5.0.5</td> </tr> <tr> <td>September 25, 2014</td> <td><a href="/security/advisories/2014-SV1-unicode-passwords/">2014-SV1 Unicode Passwords</a></td> <td>OMERO 4.4.12, 5.0.5</td> </tr> <tr> <td>August 31, 2012</td> <td><a href="/security/advisories/2012-SV1-ldap-authentication/">2012-SV1 LDAP Authentication</a></td> <td>OMERO 4.3.4, 4.4.3</td> </tr> </tbody> </table> </div> <hr class="invisible"> <!-- begin anchor --> <div class="text-center"> <a id="back-to-top" href="#top-of-page"><i class="fa fa-arrow-up"></i> back to top</a> </div> <!-- end anchor --> <hr class="whitespace"> <div id="footer" class="callout large secondary"> <div class="row"> <div class="small-12 medium-4 columns"> <div class="medium-4"><a href="/index.html"><img class="footer-logo" src="/img/logos/ome-main-nav.svg" alt="OME logo" /></a></div> <p>&copy; 2005-2024 University of Dundee &amp; Open Microscopy Environment. <a href="https://creativecommons.org/licenses/by/4.0/" target="_blank">Creative Commons Attribution 4.0 International License</a></p> <p>OME source code is available under the <a href="https://www.gnu.org/copyleft/gpl.html">GNU General public license</a> or more permissive open source licenses, or through commercial license from <a href="https://www.glencoesoftware.com" target="_blank">Glencoe Software Inc.</a><br/>OME, Bio-Formats, OMERO, IDR and their associated logos are trademarks of <a href="https://www.glencoesoftware.com" target="_blank">Glencoe Software Inc.</a>, which holds these marks to protect them on behalf of the OME community.</p> <p class="tiny-print" style="float:left;">[ <a href="/site-map/">Site Map</a> ]</p> <p class="tiny-print" style="float:right;">Version: 2024.11.21</p> </div> <div class="medium-2 columns"> <h6>Learn About Us</h6> <ul class="menu vertical"> <li><a href="/about/">Who We Are</a></li> <li><a href="/teams/">Our Team</a></li> <li><a href="/explore/">What We Can Do</a></li> <li><a href="/news/">What We鈥檙e Up To</a></li> <li><a href="/events/ome-community-meeting-2024/">OME 2024</a></li> <li class="hide-for-large-only">&nbsp;</li> </ul> </div> <div class="medium-2 columns"> <h6>Try Our Products</h6> <ul class="menu vertical"> <li><a href="/omero/downloads/">OMERO <span class="badge">Download</span></a></li> <li><a href="/bio-formats/downloads">Bio-Formats <span class="badge">Download</span></a></li> <li><a href="/ome-files/downloads">OME Files <span class="badge">Download</span></a></li> <li class="hide-for-large-only">&nbsp;</li> </ul> </div> <div class="medium-2 columns"> <h6>Knowledge Base</h6> <ul class="menu vertical"> <li><a href="/support/">Support</a></li> <li><a href="/docs/">Documentation</a></li> <li><a href="https://omero-guides.readthedocs.io/">User Guides</a></li> <li><a href="https://www.openmicroscopy.org/forums">Forum</a></li> <li><a href="https://www.openmicroscopy.org/security/advisories/">Security Advisories</a></li> <li class="hide-for-large-only">&nbsp;</li> </ul> </div> <div class="medium-2 columns end"> <h6>OME Public</h6> <ul class="menu vertical"> <li><a href="https://twitter.com/openmicroscopy" target="_blank"><i class="fa fa-fw fa-twitter"></i> Twitter</a></li> <li><a href="https://www.linkedin.com/company/ome---open-microscopy-environment" target="_blank"><i class="fa fa-fw fa-linkedin"></i> LinkedIn</a></li> <li><a href="https://www.facebook.com/openmicroscopy" target="_blank"><i class="fa fa-fw fa-facebook"></i> Facebook</a></li> <!-- <li><a href="http://webchat.freenode.net/?channels=%23ome&amp;uio=d4" target="_blank"><i class="fa fa-fw fa-comments"></i> IRC</a></li> --> <li><a href="/on-the-web/" target="_blank"><i class="fa fa-globe"></i> On the Web</a></li> <li class="hide-for-large-only">&nbsp;</li> </ul> </div> </div> </div> <script src="https://code.jquery.com/jquery-2.1.4.min.js"></script> <script src="/js/vendor/jquery.js"></script> <script src="/js/vendor/what-input.js"></script> <script src="/js/vendor/foundation.js"></script> <script src="/js/app.js"></script> <script src="/js/responsive-tables.js"></script> <script> $(document).foundation(); try { // helper function to filter out empty paths (trailing slash) var omitEmpty = function(el) { return el.trim() !== ''}; // extract last path bit from url var paths = document.location.pathname.split('/').filter(omitEmpty); var path = paths[paths.length-1]; // helper function to find and set active option var setActiveNavOption = function(el) { var subPaths = el.href.split('/').filter(omitEmpty); var subPath = subPaths[subPaths.length-1]; if (subPath === path) { $(el).addClass('is-active'); return true } return false; } // check if we have a .header-subnav match? var hasSubMenu = false; $(".header-subnav li a").each(function(i, el) { var isMatch = setActiveNavOption(el); if (isMatch) { hasSubMenu = true; return false; } }); // find corresponding path bit for .menu-subnav option if (hasSubMenu && paths.length > 1) { var parentPath = paths[paths.length-2]; if (parentPath !== 'omero') path = parentPath; } // set .menu-subnav option $(".menu-subnav li a").each(function(i, el) { if (setActiveNavOption(el)) return false; }); } catch(ignored) {} </script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10