CVE-2022-31166 The Old Core package for XWiki Platform exploits a bug to obtain privilege escalation.

This issue does not affect users of older versions of XWiki Platform. For more information about the issue and how to work around it, see XWiki Platform 13.10.4 and 14.2RC1 bug fix releases

Interoperability with external systems and services

One of the most common mistakes in using XWiki Platform is to use it as-is on external systems and services without taking into account the limitations imposed by these systems, such as the lack of interoperability with those systems.
The only way to ensure a smooth integration with external systems is to have an experienced team that can read between the lines and adapt your behaviors to address potential issues while keeping an eye out for ongoing changes in these systems.

What is the XWiki bug fix release?

The issue does not affect users of older versions of XWiki Platform. For more information about the issue and how to work around it, see XWiki Platform 13.10.4 and 14.2RC1 bug fix releases

Solution

This issue does not affect users of older versions of XWiki Platform. For more information about the issue and how to work around it, see XWiki Platform 13.10.4 and 14.2RC1 bug fix releases

XWiki Enterprise and Professional Issues

XWiki Platform has released a new version with 6 bugs fixed.

The following changes have been made:

- Removed support for the deprecated XWiki Enterprise and Professional versions, including:
- The SDK.
- The JAR file.
- The Dictionary DTD.

Timeline

Published on: 09/07/2022 14:15:00 UTC
Last modified on: 09/13/2022 22:43:00 UTC

References