Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    21 Oct 2025 DevOps
    Spring Framework: STOMP Over WebSocket CSRF Vulnerability

    In Spring Framework versions 6.2.0 through 6.2.11, 6.1.0 through 6.1.23, and 5.3.0 through 5.3.45 a medium severity vulnerability CVE-2025-41254 was detected. STOMP over WebSocket applications may allow an attacker to send unauthorized messages. To address this issue, users should upgrade Spring Framework to versions 6.2.12, 6.1.24, or 5.3.46 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-41254.

    Read more
    Application Development
    20 Oct 2025 DevOps
    Strapi: Sensitive Data Exposure via CORS Misconfiguration

    In Strapi versions prior to 5.20.0 a medium severity vulnerability CVE-2025-53092 was detected. Default installations of Strapi reflect the value of the Origin header back in the Access-Control-Allow-Origin response header without proper validation or whitelisting. This allows an attacker-controlled site to send credentialed requests to the Strapi backend, potentially exposing sensitive data. To address this issue, users should upgrade Strapi to version 5.20.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53092.

    Read more
    Application Development
    20 Oct 2025 DevOps
    Strapi: Missing Maximum Password Length Validation

    In Strapi versions prior to 5.10.3 a medium severity vulnerability CVE-2025-25298 was detected. The @strapi/core package does not enforce a maximum password length when using bcryptjs for password hashing. Passwords longer than 72 bytes are silently truncated, reducing effective entropy and potentially misleading users about password strength. To address this issue, users should upgrade Strapi to version 5.10.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25298.

    Read more
    Application Development
    20 Oct 2025 DevOps
    Strapi: JWT Tokens Not Invalidated After Logout

    In Strapi versions prior to 5.24.1 a medium severity vulnerability CVE-2025-3930 was detected. JWT tokens are not invalidated after logout or account deactivation, allowing an attacker who has stolen or intercepted a token to reuse it until its expiration. The existence of the /admin/renew-token endpoint allows near-expiration tokens to be renewed indefinitely, increasing the potential impact. To address this issue, users should upgrade Strapi to version 5.24.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3930.

    Read more
    Application Development
    20 Oct 2025 Communication and Collaboration
    Mattermost: Guest Users Can Add Team Members to Private Channels

    In Mattermost versions 10.5.x through 10.5.10 and 10.11.x through 10.11.2 a low severity vulnerability CVE-2025-10545 was detected. Improper validation of guest user permissions allows attackers to add any team members to private channels via the /api/v4/channels/{channel_id}/members endpoint. To address this issue, users should upgrade to Mattermost versions 10.5.11, 10.11.3, or 10.12.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10545.

    Read more
    Communication
    20 Oct 2025 Data Management and Analytics
    Apache Spark: Insecure RPC Encryption Allows Man-in-the-Middle Modification

    In Apache Spark versions before 3.4.4, 3.5.2, and 4.0.0 a medium severity vulnerability CVE-2025-55039 was detected. When spark.network.crypto.enabled is true but spark.network.crypto.cipher is not explicitly configured, Spark defaults to AES in CTR mode (AES/CTR/NoPadding), which provides encryption without authentication. This allows a man-in-the-middle attacker to modify encrypted RPC traffic undetected, potentially compromising heartbeat messages or application data and affecting the integrity of Spark workflows. To address this issue, users should upgrade Apache Spark to 3.4.4, 3.5.2, or 4.0.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55039.

    Read more
    Data Analytics
    17 Oct 2025 Communication and Collaboration
    Mattermost: OAuth State Vulnerability Allows Unauthorized Team Joining

    In Mattermost versions 10.5.x through 10.5.10, 10.10.x through 10.10.2, and 10.11.x through 10.11.1 a high severity vulnerability CVE-2025-58073 was detected. Improper validation of the OAuth state parameter allows attackers to join any team on a Mattermost server, bypassing invite restrictions. To address this issue, users should upgrade to Mattermost versions 10.5.11, 10.10.3, 10.11.2, or 10.12.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-58073.

    Read more
    Communication
    17 Oct 2025 Communication and Collaboration
    Mattermost Desktop App: Denial of Service via Basic Authentication Server

    In Mattermost Desktop App versions up to 5.13.0 a medium severity vulnerability CVE-2025-55035 was detected. Improper handling of modal dialogs for servers using basic authentication allows an attacker to deny access to the Desktop App. By tricking a user into configuring a malicious server, a modal popup can be triggered that cannot be closed, effectively causing a denial of service. To address this issue, users should upgrade to Mattermost Desktop App version 5.13.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55035.

    Read more
    Communication
    17 Oct 2025 Communication and Collaboration
    Mattermost: Timing Attack Vulnerability in Sensitive String Comparisons

    In Mattermost versions 10.5.x through 10.5.10 and 10.11.x through 10.11.2 a low severity vulnerability CVE-2025-54499 was detected. Improper handling of sensitive string comparisons without constant-time enforcement allows attackers to exploit timing differences to perform byte-by-byte brute force attacks on Cloud API keys and OAuth client secrets. To address this issue, users should upgrade to Mattermost versions 10.5.11, 10.11.3, or 10.12.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54499.

    Read more
    Communication
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}