VIR Vulnerability Intelligence Relay

Search

Found 743 results in 102ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-46718 medium 6.5 6.5 apache 2d ago Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended …
CVE-2026-41115 medium 4.3 4.3 apache 2d ago An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on the GROUP resource instead…
CVE-2026-49328 medium 5.3 5.3 apache 3d ago Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal …
CVE-2026-49361 high 7.5 7.5 apache 3d ago Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAX_VALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap…
CVE-2026-49298 high 8.8 8.8 apache 3d ago A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in …
CVE-2026-49270 medium 5.9 5.9 debian debian apache 3d ago Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurabl…
CVE-2026-49267 medium 5.9 5.9 apache 3d ago Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_s…
CVE-2026-49157 high 8.8 8.8 debian debian apache 3d ago Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-ad…
CVE-2026-48827 high 7.1 7.1 debian debian sles apache 3d ago Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to …
CVE-2026-48726 medium 6.5 6.5 apache 3d ago A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` …
CVE-2026-46764 medium 4.3 4.3 apache 3d ago The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the colle…
CVE-2026-46605 medium 4.3 4.3 debian debian apache 3d ago Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apa…
CVE-2026-45505 high 8.8 8.8 debian debian apache 3d ago Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrapp…
CVE-2026-45426 low 3.1 3.1 apache 3d ago Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against …
CVE-2026-45360 high 7.3 7.3 apache 3d ago Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialize…
CVE-2026-44825 high 8.1 8.1 FIX debian debian apache 3d ago Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access…
CVE-2026-42588 high 8.1 8.1 debian debian apache 3d ago Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes th…
CVE-2026-42360 medium 6.5 6.5 apache 3d ago A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be by…
CVE-2026-42359 high 8.8 8.8 apache 3d ago A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names (…
CVE-2026-42358 medium 6.5 6.5 apache 3d ago A bug in Apache Airflow's Variable response masker caused nested-key redaction (triggered by secret-suffixed key names like `password`, `token`, `secret`, `api_key`) to be bypassed when the JSON valu…
CVE-2026-42253 medium 6.1 6.1 debian debian apache 3d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies …
CVE-2026-41084 high 7.5 7.5 apache 3d ago A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization against the `dag_id` resolved from the URL path whi…
CVE-2026-41017 medium 5.9 5.9 apache 3d ago Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy …
CVE-2026-41014 medium 4.3 4.3 apache 3d ago The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerat…
CVE-2026-40963 low 3.1 3.1 apache 3d ago The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated U…
CVE-2026-40961 high 7.2 7.2 apache 3d ago A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-…
CVE-2026-40861 medium 6.5 6.5 apache 3d ago A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg…
CVE-2026-45192 medium 6.5 6.5 apache 3d ago A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connect…
CVE-2026-35563 high 8.5 8.5 debian debian apache 3d ago It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certifica…
CVE-2026-40914 medium 4.3 4.3 apache 7d ago A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routi…
CVE-2025-48977 medium 6.5 6.5 apache 7d ago Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This iss…
CVE-2026-40564 medium 6.5 6.5 apache 9d ago Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so th…
CVE-2026-48589 medium 5.4 5.4 FIX debian debian apache 9d ago Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value coul…
CVE-2026-44598 medium 5.4 5.4 FIX debian debian apache 9d ago With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha…
CVE-2026-43828 medium 6.5 6.5 debian debian apache 9d ago Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommen…
CVE-2026-43827 medium 6.5 6.5 debian debian apache 9d ago Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1…
CVE-2026-42797 medium 4.9 4.9 apache 10d ago Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which a…
CVE-2026-42782 high 7.2 7.2 apache 10d ago Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted c…
CVE-2026-46745 medium 5.3 5.3 apache 10d ago Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache…
CVE-2026-45361 high 8.1 8.1 apache 10d ago Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attac…
CVE-2026-45249 medium 6.1 6.1 apache 10d ago A cross-site scripting (XSS) vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0,…
CVE-2026-44618 medium 5.3 5.3 apache 13d ago Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this is…
CVE-2026-44417 high 7.5 7.5 apache 13d ago The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted use…
CVE-2026-46586 high 8.8 8.8 apache 16d ago Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Ap…
CVE-2026-45187 medium 6.5 6.5 apache 16d ago Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-35086 medium 6.5 6.5 apache 16d ago Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to vers…
CVE-2026-31910 high 7.5 7.5 apache 16d ago Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31909 high 7.5 7.5 apache 16d ago Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, whi…
CVE-2026-31906 medium 6.1 6.1 apache 16d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrad…
CVE-2026-31388 medium 5.3 5.3 apache 16d ago Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixe…
CVE-2026-31387 medium 5.3 5.3 apache 16d ago Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-31380 medium 6.5 6.5 apache 16d ago Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06…
CVE-2026-31379 medium 6.1 6.1 apache 16d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of…
CVE-2026-31378 medium 6.5 6.5 apache 16d ago Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVE-2026-29226 high 7.3 7.3 apache 16d ago Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.0…
CVE-2026-29220 medium 6.5 6.5 apache 16d ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to v…
CVE-2026-29207 medium 6.5 6.5 apache 16d ago Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24…
CVE-2026-35194 high 8.1 8.1 apache 20d ago Apache Flink: Remote code execution via SQL injection in code generation
CVE-2026-45205 medium 5.3 5.3 FIX debian debian sles apache 21d ago Apache Commons Configuration: StackOverflowError for YAML input with cycles
CVE-2026-43514 low 3.7 3.7 FIX slesdebian debian apache 23d ago Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M…
CVE-2026-43513 high 7.5 7.5 FIX slesdebian debian apache 23d ago Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 …
CVE-2026-42498 high 7.3 7.3 FIX slesdebian debian apache 23d ago Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1…
CVE-2026-41284 high 7.5 7.5 FIX slesdebian debian apache 23d ago Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 t…
CVE-2026-43826 medium 6.5 6.5 apache 24d ago The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embed…
CVE-2026-41018 medium 6.5 6.5 apache 24d ago Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL
CVE-2026-39816 high 8.8 8.8 apache 27d ago Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission
CVE-2026-25077 high 8.8 8.8 apache 27d ago Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an…
CVE-2025-69233 medium 5.3 5.3 apache 27d ago Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limi…
CVE-2025-66467 high 8.1 8.1 apache 27d ago Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, th…
CVE-2025-66172 high 8.1 8.1 apache 27d ago The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e…
CVE-2025-66171 medium 6.5 6.5 apache 27d ago The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e…
CVE-2025-66170 medium 6.5 6.5 apache 27d ago The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plug…
CVE-2026-43975 medium 6.5 6.5 apache 29d ago Apache Wicket has a Path Traversal issue
CVE-2026-43646 high 7.5 7.5 apache 29d ago Apache Wicket has an Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2026-42509 medium 6.1 6.1 apache 29d ago Apache Wicket has a Cross-site Scripting issue
CVE-2026-29168 high 7.3 7.3 FIX debian debian sleswindows windows apache 1mo ago Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's  mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users a…
CVE-2026-43870 high 7.3 7.3 FIX debian debianwindows windows apache 1mo ago Apache Thrift vulnerable to Path Traversal, HTTP Request/Response Splitting, Uncontrolled Resource Consumption
CVE-2026-43868 medium 5.3 5.3 FIX debian debianwindows windows apache 1mo ago Apache Thrift has a Memory Allocation with Excessive Size Value Vulnerability
CVE-2026-43869 high 7.3 7.3 FIX debian debianwindows windows apache 1mo ago Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability
CVE-2026-42440 high 7.5 7.5 FIX debian debian apache 1mo ago Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation
CVE-2026-40563 high 8.1 8.1 apache 1mo ago Apache Atlas has a Code Injection Vulnerability
CVE-2026-33523 medium 6.5 6.5 FIX debian debian sleswindows windows apache 1mo ago HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are rec…
CVE-2026-33007 medium 5.3 5.3 FIX debian debian rhel sles apache 1mo ago A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. …
CVE-2026-33006 medium 4.8 4.8 FIX debian debian sleswindows windows apache 1mo ago A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes th…
CVE-2026-29169 high 7.5 7.5 FIX debian debian sleswindows windows apache 1mo ago A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav o…
CVE-2026-23918 high 8.8 9.8 EXPFIX debian debian sleswindows windows apache 1mo ago Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which f…
CVE-2026-34032 medium 5.3 5.3 FIX debian debian rhel sles apache 1mo ago Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which f…
CVE-2026-33857 medium 5.3 5.3 FIX debian debian rhel sles apache 1mo ago Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the…
CVE-2026-34059 high 7.5 7.5 FIX debian debian rhel sles apache 1mo ago Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
CVE-2026-24072 high 8.8 8.8 FIX debian debian sleswindows windows apache 1mo ago An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgra…
CVE-2026-42404 high 7.2 7.2 apache 1mo ago Apache Neethi doesn't impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API
CVE-2026-42403 high 7.5 7.5 apache 1mo ago Apache Neethi does not properly detect circular references in policy definitions.
CVE-2026-42402 high 7.5 7.5 apache 1mo ago Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization
CVE-2026-41016 medium 5.9 5.9 apache 1mo ago apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider
CVE-2026-41636 high 7.5 7.5 FIX slesdebian debian apache 1mo ago Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion
CVE-2026-41607 medium 6.5 6.5 FIX slesdebian debian apache 1mo ago Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVE-2026-41606 medium 5.3 5.3 FIX slesdebian debian apache 1mo ago Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVE-2026-41605 high 7.3 7.3 FIX slesdebian debian apache 1mo ago Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVE-2026-41604 high 8.2 8.2 FIX slesdebian debian apache 1mo ago Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVE-2026-41603 high 7.4 7.4 FIX slesdebian debian apache 1mo ago Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixe…