Security Bulletins
Below are notifications for security and privacy events within Netflix Open Source applications.
| Date | Type | Subject |
|---|---|---|
| June 20, 2019 | Informational | Dial Reference code implementation has Denial of Service |
| January 10, 2018 | Important | Unauthenticated Server-Side Request Forgery in Hystrix-Dashboard |
| April 14, 2017 | Important | Spinnaker Orca RCE and arbitrary file and URL access |
| August 31, 2016 | Important | zuul.filter.admin.enabled Defaults to True |
| June 6, 2016 | Important | Heap Overflow in Dynomite YAML Configuration Parser |
| February 22, 2015 | Important | External Entity Injection 'XXE' in Recipes-rss Open-Source Application |
Below are notifications for security vulnerabilities in third-party software.
| Date | Type | Subject |
|---|---|---|
| August 13, 2019 | Important | HTTP/2 Denial of Service Advisory |
| June 17, 2019 | Important | Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities |