Clik here to view.
Configuring Kerberos for Kafka in Talend Open Studio for ESB
A few years back I wrote a blog post about how to create a job in Talend Open Studio for Big Data to read data from an Apache Kafka topic using kerberos. This job made use of the "tKafkaConnection" and...
View ArticleNew CVE (CVE-2021-40690) released for Apache Santuario - XML Security for Java
A new CVE has been released for Apache Santuario - XML Security for Java which is fixed in the latest 2.2.3 and 2.1.7 releases:Bypass of the secureValidation property (CVE-2021-40690) - All versions of...
View ArticleNew Apache CXF releases and CVEs published
Apache CXF has released versions 3.5.5 and 3.4.10. Notable security upgrades in these releases include picking up a fix for CVE-2022-40152 in Woodstox, and a fix for CVE-2022-40150 in Jettison. In...
View ArticleOpenSSF Scorecard
OpenSSF Scorecard is a tool that assesses your project against a number of security best practices and assigns a score (out of 10). It is a really useful thing to run on any open-source project you...
View ArticleOpenSSF Allstar
In the previous blog post, I looked at how to use OpenSSF Scorecard to improve the security posture of your open-source GitHub projects. This is a really useful tool when working at the level of...
View ArticleOpen Source Software Composition Analysis
Software Composition Analysis (SCA) is the process of figuring out which third-party dependencies are used in your project. It's an essential part of the software security process as it helps you to...
View ArticlePublishing SBOMs for open-source projects
Software Bill of Materials (SBOMs) are a recent hot topic, in part due to an executive order by the US government which references making an SBOM available on a public site. Making a signed SBOM...
View ArticleCVE-2023-44483 in Apache Santuario - XML Security for Java
A new CVE has been published for the recent Apache Santuario - XML Security for Java releases (4.0.0, 3.0.3, 2.3.4 and 2.2.6):CVE-2023-44483: Apache Santuario: Private Key disclosure in debug-log...
View ArticleImproving license detection when generating SBOMs
I blogged last year about generating a Software Bill of Material (SBOM) for an Apache Maven project using the cyclonedx-maven-plugin. It's ideal to generate an SBOM at build time in this way, as you...
View Article