openHAB Community

XXE vulnerabilities in multiple add-ons

Setup, Configuration and Use News & Important Changes

Kai (Kai Kreuzer) January 27, 2021, 10:02pm 1

All,

We fixed a security vulnerability in multiple add-ons and shipped this fix with the patch releases 2.5.12 and 3.0.1.

Please use this topic in case you have any questions about it.

Cheers,
Kai

9 Likes

openHAB 2.5.x Patch Releases

openHAB 3.0 is out!

Kai (Kai Kreuzer) January 27, 2021, 10:05pm 2

Details on the XXE attack can be found at XML External Entity (XXE) Processing | OWASP.