1. Documentation
2. 10.3 (Latest) 10.2 10.1 10.0 9.10 9.9 9.8 9.7 9.6 9.5 9.4 9.3 9.2 9.1 9.0 8.2 8.1 8.0 7.6
3. Support
4. Security Advisories

Security advisories

This page serves as an important resource for our security-conscious customers and users. Identified critical vulnerabilities which may affect the RapidMiner platform are documented here, along with remediation steps to fix said vulnerabilities. - In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

• In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

• A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding

• Remote code execution vulnerability in Apache Log4j2