The Apache(tm) XML Graphics Project - Security

The Apache(tm) XML Graphics Project - Security
XML Graphics Commons
Overview
Documentation
Tools for Adobe PostScript
Image Loader Framework
XML Graphics Commons Components Wiki
Information
Bugs
Changes
Code Repositories
Mailing Lists
Apache™ XML Graphics
Project Overview
Who We Are
Legal Stuff
Project Charter
Mailing Lists
Code Repositories
ASF Sponsorship Program
ASF Thanks
Licenses
Apache XML Graphics Security
ASF Security
Sub Projects
Apache Batik
Apache FOP
Apache XML Graphics Commons
Search Apache XML Graphics
ApacheCon N. America
ApacheCon NA
Hope to see you there!
ApacheCon Europe
ApacheCon Europe
Hope to see you there!
Support the Apache Software Foundation
The Apache™ XML Graphics Project
The Apache™ XML Graphics Project - Security
Published Vulnerabilities
The
Apache™ XML Graphics Project
has collected its Security related information for all of its sub-projects to this page.
Apache™ Batik Project - Apache Batik Security
Fixed in Batik 1.17
medium: SSRF vulnerability CVE-2022-44729
Issue Public: 2023-08-22
Update Released: 2023-08-22 (Batik 1.17)
Fixed in Batik 1.17
medium: SSRF vulnerability CVE-2022-44730
Issue Public: 2023-08-22
Update Released: 2023-08-22 (Batik 1.17)
Fixed in Batik 1.16
medium: SSRF vulnerability CVE-2022-42890
Issue Public: 2022-10-25
Update Released: 2022-10-25 (Batik 1.16)
Fixed in Batik 1.16
medium: SSRF vulnerability CVE-2022-41704
Issue Public: 2022-10-25
Update Released: 2022-10-25 (Batik 1.16)
Fixed in Batik 1.15
medium: SSRF vulnerability CVE-2022-38398
Issue Public: 2022-09-22
Update Released: 2022-09-22 (Batik 1.15)
Fixed in Batik 1.15
medium: SSRF vulnerability CVE-2022-38648
Issue Public: 2022-09-22
Update Released: 2022-09-22 (Batik 1.15)
Fixed in Batik 1.15
medium: SSRF vulnerability CVE-2022-40146
Issue Public: 2022-09-22
Update Released: 2022-09-22 (Batik 1.15)
Fixed in Batik 1.14
medium: SSRF vulnerability CVE-2020-11987
Issue Public: 2021-02-24
Update Released: 2021-01-20 (Batik 1.14)
Affects: 1.13 and earlier
Fixed in Batik 1.13
medium: SSRF vulnerability CVE-2019-17566
Issue Public: 2020-06-15
Update Released: 2020-05-13 (Batik 1.13)
Affects: 1.12 and earlier
Fixed in Batik 1.10
medium: Deserialization vulnerability CVE-2018-8013
Issue Public: 2018-05-23
Update Released: 2018-05-23 (Batik 1.10)
Affects: 1.9.1 and earlier
Fixed in Batik 1.9
medium: XXE vulnerability CVE-2017-5662
Issue Public: 2017-04-18
Update Released: 2017-04-10 (Batik 1.9)
Affects: 1.8 and earlier
Fixed in Batik 1.8, 1.7.1 and 1.6.1
medium: XXE vulnerability CVE-2015-0250
Issue Public: 2012-07-25
Update Released: 2015-03-17 (Batik 1.8) and 2015-05-10 (Batik 1.7.1 and 1.6.1)
Affects: 1.7, 1.6 and earlier
Apache™ FOP Project - Apache FOP Security
Fixed in FOP 2.10
medium: XXE vulnerability CVE-2024-28168
Issue Public: 2024-10-9
Update Released: 2024-10-9 (FOP 2.10)
Fixed in FOP 2.2
medium: XXE vulnerability CVE-2017-5661
Issue Public: 2017-04-18
Update Released: 2017-04-10 (FOP 2.2)
Affects: 2.1 and earlier
Apache™ XML Graphics Commons Project - Apache XML Graphics Commons Security
Fixed in Commons 2.6
medium: XXE vulnerability CVE-2020-11988
Issue Public: 2021-02-24
Update Released: 2021-01-20 (Commons 2.6)
Affects: 2.4 and earlier
Reporting New Security Problems with the Apache XML Graphics Sub Projects
Please report problems to the private security mailing list of the ASF Security Team, before disclosing them in a public forum. See the page of the
ASF Security Team
for further information and contact information.
IMPORTANT
The ASF Security Team cannot accept regular bug reports or other queries. We ask that you use our
bug reporting page
for those.
All mail sent to the Security Team that does not relate to security problems in Apache software will be ignored.
VERY IMPORTANT
Do not submit security reports regarding vulnerabilities to our bug reporting system. This may inadvertently publicize the security vulnerability. Instead follow the steps on the
ASF Security Page
Security Standards
Apache XML Graphics Project vulnerabilities are labeled with
CVE
(Common Vulnerabilities and Exposures) identifiers.
Copyright © 2025 The Apache Software Foundation, Licensed under
the
Apache License, Version 2.0
Apache, Apache XML Graphics, Apache FOP, Apache Batik, the Apache logo, and the
Apache XML Graphics logos are trademarks of
The Apache
Software Foundation
. All other marks mentioned may be trademarks or registered
trademarks of their respective owners.