Messages by Thread
-
[ANNOUNCE] Apache Camel 4.4.2 (LTS) Released
Gregor Zurowski
-
[ANNOUNCE] OpenNLP 2.3.3 released
Martin Wiesner
-
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.2.1 released
David Jensen
-
CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode
Imba Jin
-
CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin
Imba Jin
-
[ANNOUNCE] Apache IoTDB 1.3.1 released
Haonan Hou
-
CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection page
Imba Jin
-
[ANNOUNCE] Apache Airflow Providers prepared on April 16, 2024 are released
Elad Kalif
-
[ANNOUNCE] Apache Pulsar Helm Chart version 3.4.0 Released
Lari Hotari
-
[ANN] Apache Struts 6.4.0
Lukasz Lenart
-
[ANNOUNCEMENT] Apache CloudStack LTS Maintenance Release 4.18.2.0
João Jandre
-
CVE-2024-29733: Apache Airflow FTP Provider: FTP_TLS instance with unverified SSL context
Elad Kalif
-
[ANNOUNCE] Apache Pulsar Client Python 3.5.0 released
Yunze Xu
-
[ANNOUNCE] Apache ServiceComb Java Chassis version 3.1.0 Released
liubao
-
[ANNOUNCE] Apache ServiceComb Java Chassis version 2.8.16 Released
liubao
-
CVE-2024-29217: Apache Answer: XSS vulnerability when changing personal website
Enxin Xie
-
[ANNOUNCE] Apache Commons Imaging 1.0.0-alpha5
Gary Gregory
-
[ANNOUNCE] Apache Geronimo XBean 4.25 released
fpapon
-
[ANNOUNCE] Apache Commons CLI Version 1.7.0
Gary Gregory
-
[ANNOUNCE] Apache Pulsar Node.js client 1.11.0 released
Baodi Shi
-
CVE-2024-31869: Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Ephraim Anierobi
-
[ANNOUNCE] Apache Commons Text Version 1.12.0
Gary Gregory
-
[ANNOUNCE] Apache Hive 1.x EOL
Stamatis Zampetakis
-
[ANN] Apache Tomcat 9.0.88 available
Rémy Maucherat
-
[ANN] Apache Tomcat 11.0.0-M19 (alpha) available
Rémy Maucherat
-
[ANNOUNCE] Apache Airflow Providers prepared on April 13, 2024 are released
Elad Kalif
-
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M10 released
Timothy Bish
-
[ANN] Apache TomEE 9.1.3
Richard Zowalla
-
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.4
Chris Bono
-
[ANNOUNCE] Apache Airflow Providers prepared on April 10, 2024 are released
Elad Kalif
-
[ANNOUNCE] Apache Solr Operator v0.8.1 released
Jason Gerlowski
-
CVE-2024-31391: Apache Solr Operator: Solr-Operator liveness and readiness probes may leak basic auth credentials
Jason Gerlowski
-
CVE-2024-27309: Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Colin McCabe
-
[ANNOUNCE] Apache Geronimo Arthur 1.0.9 released
fpapon
-
[ANN] Apache ActiveMQ "Classic" 5.18.4 has been released!
Jean-Baptiste Onofré
-
[ANNOUNCE] Apache BookKeeper 4.16.5 released
Nicolò Boschi
-
[ANNOUNCE] Apache Superset version 4.0.0 released
Michael S. Molina
-
[ANN] Apache TomEE 10.0.0-M1
Richard Zowalla
-
CVE-2024-31861: Apache Zeppelin: Code injection by Shell interpreter
Jongyoul Lee
-
CVE-2024-31309: Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack
Bryan Call
-
[ANNOUNCE] Apache Daffodil 3.7.0 Released
Steve Lawrence
-
DotPulsar version 3.2.0
David Jensen
-
CVE-2024-31867: Apache Zeppelin: LDAP search filter query Injection Vulnerability
Jongyoul Lee
-
CVE-2024-31864: Apache Zeppelin: Remote code execution by adding malicious JDBC connection string
Jongyoul Lee
-
CVE-2024-31868: Apache Zeppelin: XSS vulnerability in the helium module
Jongyoul Lee
-
CVE-2024-31866: Apache Zeppelin: Interpreter download command does not escape malicious code injection
Jongyoul Lee
-
CVE-2024-31865: Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Jongyoul Lee
-
[ANNOUNCE] Apache Commons IO 2.16.1
Gary Gregory
-
[ANNOUNCE] Apache Kyuubi Shaded released 0.4.0
Cheng Pan
-
[ANNOUNCE] Apache Jackrabbit Oak 1.62.0 released
Julian Reschke
-
[ANNOUNCE] Apache Groovy 4.0.21 released
Paul King
-
[ANNOUNCE] Apache Groovy 5.0.0-alpha-8 released
Paul King
-
CVE-2024-31863: Apache Zeppelin: Replacing other users notebook, bypassing any permissions
Jongyoul Lee
-
CVE-2024-31862: Apache Zeppelin: Denial of service with invalid notebook name
Jongyoul Lee
-
CVE-2022-47894: Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Jongyoul Lee
-
CVE-2021-28656: Apache Zeppelin: CSRF vulnerability in the Credentials page
Jongyoul Lee
-
CVE-2024-31860: Apache Zeppelin: Path traversal vulnerability
Jongyoul Lee
-
[ANNOUNCE] Apache Airflow 2.9.0 Released
Ephraim Anierobi
-
[ANNOUNCE] Apache APISIX 3.9.0 has been released
Abhishek Choudhary
-
[ANNOUNCE] Apache Guacamole 1.5.5 released
Michael Jumper
-
[ANNOUNCE] Apache Storm 2.6.2 Released
Richard Zowalla
-
[ANN] Apache ActiveMQ 6.1.1 has been released!
Jean-Baptiste Onofré
-
CVE-2024-24746: Apache NimBLE: Denial of service in NimBLE Bluetooth stack
Szymon Janc
-
[ANNOUNCE] Apache Kafka 3.6.2
Manikumar
-
[ANNOUNCE] Apache Calcite Avatica 1.25.0 Released
Francis Chuang
-
CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
Eric Covener
-
CVE-2023-38709: Apache HTTP Server: HTTP response splitting
Eric Covener
-
CVE-2024-24795: Apache HTTP Server: HTTP Response Splitting in multiple modules
Eric Covener
-
[ANNOUNCE] Apache Mynewt 1.12.0 and Apache Mynewt NimBLE 1.7.0 released
Szymon Janc
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.59 Released
covener
-
[ADVISORY] Apache CloudStack Security Releases 4.18.1.1 and 4.19.0.1
Rohit Yadav
-
[ANNOUNCE] Release Apache Traffic Control 8.0.1
R S
-
[ANNOUNCE] Apache Traffic Server 9.2.4 and 8.1.10 are released
Bryan Call
-
[ANNOUNCE] Apache Airflow Providers prepared on March 25, 2024 are released
Jarek Potiuk
-
[ANNOUNCE] Apache Commons Collections 4.5.0-M1
Gary Gregory
-
[ANNOUNCE] Apache Commons Imaging 1.0.0-alpha4
Gary Gregory
-
[ANNOUNCE] Apache Tika 2.9.2 released
Tim Allison
-
CVE-2024-29834: Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Lari Hotari
-
[ANNOUNCE] Apache Hive 4.0.0 Released
Ayush Saxena
-
[ANNOUNCE] Apache Pulsar 3.2.2 released
Lari Hotari
-
[ANNOUNCE] Apache Pulsar Client C++ 3.5.1 released
Yunze Xu
-
[ANNOUNCE] Apache Pulsar 3.0.4 released
Lari Hotari
-
[ANNOUNCE] Apache Zeppelin 0.11.1 available
Jongyoul Lee
-
[ANNOUNCE] Apache Johnzon 2.0.1
Markus Jung
-
[ANNOUNCEMENT] Apache SkyWalking Rover 0.6.0 Released
han liu
-
CVE-2024-23539: Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.
Arnout Engelen
-
CVE-2024-23538: Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.
Arnout Engelen
-
CVE-2024-23537: Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role.
Arnout Engelen
-
[ANNOUNCE] Apache SpamAssassin 4.0.1 available
Sidney Markowitz
-
[ANNOUNCE] Apache Jena 5.0.0 released
Andy Seaborne
-
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M20 released
Timothy Bish
-
[ANNOUNCE] Apache Camel 4.5.0 Released
Gregor Zurowski
-
[ANNOUNCE] Apache Jackrabbit 2.21.26-beta released
Julian Reschke
-
[ANNOUNCE] Apache CloudStack CloudMonkey v6.4.0
Rohit Yadav
-
CVE-2024-29735: Apache Airflow: Potentially harmful permission changing by log task handler
Jarek Potiuk
-
[ANNOUNCE] Apache Geronimo BatchEE 1.0.4
fpapon
-
[ANN] Apache Tomcat 10.1.20 Available
Christopher Schultz
-
[ANN] Apache Tomcat 8.5.100 Available
Christopher Schultz
-
[ANNOUNCE] Apache Airflow Helm Chart version 1.13.1 Released
Jedidiah Cunningham
-
[ANNOUNCE] Apache Pinot 1.1.0 released
Vivek Iyer Vaidyanathan Iyer
-
[ANNOUNCE] Apache Flink Kubernetes Operator 1.8.0 released
Maximilian Michels
-
[ANNOUNCE] Apache PDFBox 2.0.31 released
Andreas Lehmkühler
-
[ANNOUNCEMENT] Apache SkyWalking Cloud on Kubernetes 0.9.0 Released
Ye Cao
-
[ANNOUNCE] Apache SystemDS 3.2.0
Janardhan
-
[ANNOUNCE] Apache Pulsar Helm Chart version 3.3.1 Released
Lari Hotari
-
CVE-2024-26307: Apache Doris: Possible race condition
Mingyu Chen
-
CVE-2024-27438: Apache Doris: Downloading arbitrary remote jar files resulting in remote command execution
Mingyu Chen
-
CVE-2024-29131: Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Gary D. Gregory
-
CVE-2024-29133: Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Gary D. Gregory
-
[ANNOUNCE] Apache Commons Configuration 2.10.1
Gary Gregory
-
[ANNOUNCE] Apache Arrow 15.0.2 released
Raúl Cumplido
-
[ANN] Apache Tomcat 11.0.0-M18 (alpha) available
Mark Thomas
-
[ANNOUNCE] Release Apache Hop 2.8.0
Bart Maertens
-
CVE-2024-27439: Apache Wicket: Possible bypass of CSRF protection
Emond Papegaaij
-
[ANNOUNCE] Apache Kyuubi released 1.9.0
Binjie Yang
-
[ANNOUNCE] Apache Wicket 9.17.0 released
Andrea Del Bene
-
CVE-2024-24683: Apache Hop Engine: ID isn't escaped when generating HTML
Hans Van Akelyen
-
[ANNOUNCE] Release Apache SkyWalking Client JS version 0.11.0
xue fan
-
[ANN] Apache ActiveMQ 6.1.0 has been released!
Jean-Baptiste Onofré
-
[ANNOUNCE] Apache Pekko (Incubating) Sbt Paradox 1.0.1 available
Matthew de Detrich
-
[ANNOUNCE] Apache Pulsar Client C++ 3.5.0 released
Yunze Xu
-
[ANNOUNCE] Apache SDAP (incubating) 1.2.0 Released
Stepheny Perez
-
[ANN] Apache Tomcat 9.0.87 available
Rémy Maucherat
-
[ANNOUNCE] Apache YuniKorn v1.5.0 released
Wilfred Spiegelenburg
-
[ANNOUNCE] Apache PDFBox 3.0.2 released
Andreas Lehmkühler
-
CVE-2024-28752: Apache CXF SSRF Vulnerability using the Aegis databinding
Colm O hEigeartaigh
-
[ANNOUNCE] Apache Camel 4.4.1 (LTS) Released
Gregor Zurowski
-
CVE-2024-23944: Apache ZooKeeper: Information disclosure in persistent watcher handling
Andor Molnar
-
[ANNOUNCE] Apache James MIME4J 0.8.11 released
Benoit TELLIER
-
[ANNOUNCE] Apache Jackrabbit Oak 1.22.19 released
Julian Reschke
-
[ANNOUNCE] Apache Groovy 4.0.20 Released
Paul King
-
[ANNOUNCE] Apache Groovy 5.0.0-alpha-7 Released
Paul King
-
[ANNOUNCE] Apache Commons Configuration 2.10.0
Gary Gregory
-
CVE-2024-28746: Apache Airflow: Ignored Airflow Permissions
Ephraim Anierobi
-
[SECURITY] CVE-2024-23672 Apache Tomcat - Denial of Service
Mark Thomas
-
[SECURITY] CVE-2024-24549 Apache Tomcat - Denial of Service
Mark Thomas
-
CVE-2024-28098: Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Lari Hotari
-
CVE-2024-27317: Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
Lari Hotari
-
CVE-2024-27894: Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
Lari Hotari
-
CVE-2022-34321: Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
Lari Hotari
-
CVE-2024-27135: Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution
Lari Hotari
-
[ANNOUNCE] Apache Wicket 10.0.0 released
Andrea Del Bene
-
[ANNOUNCE] Apache Arrow 15.0.1 released
Raúl Cumplido
-
[ANNOUNCE] Apache Airflow 2.8.3 Released
Ephraim Anierobi
-
[ANNOUNCEMENT] HttpComponents Client 5.4-alpha2 Released
Oleg Kalnichevski
-
[ANNOUNCE] Apache Doris 2.1.0 & 2.0.5 & 1.2.8 release
ChenMingyu
-
[ANNOUNCE] Apache Pulsar 3.0.3 released
Heesung Sohn
-
CVE-2023-41313: Apache Doris: Timing Attack weakness
Mingyu Chen
-
[ANNOUNCE] Apache jclouds 2.6.0 released
Andrew Gaul
-
[ANNOUNCE] Apache Commons Compress Version 1.26.1
Gary Gregory
-
[ANNOUNCE] Apache Pulsar Go Client 0.12.1 released
Zike Yang
-
[ANNOUNCE] Apache Pulsar 3.1.3 released
Ran Gao
-
[ANNOUNCE] Apache Pulsar 2.11.4 released
Lari Hotari
-
[ANNOUNCE] Apache Pulsar 2.10.6 released
Xiangying Meng
-
[ANNOUNCE] Apache Airflow Providers prepared on March 04, 2024 are released
Elad Kalif
-
[ANNOUNCE] Release Apache Kvrocks 2.8.0
Pengbo Cai
-
[ANNOUNCE] Apache Kyuubi Shaded released 0.3.0
Cheng Pan
-
[ANNOUNCE] Apache Jackrabbit 2.20.15 released
Julian Reschke
-
ANNOUNCE] Apache Jackrabbit 2.21.25 released
Julian Reschke
-
CVE-2023-50740: Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Heping Wang
-
CVE-2024-26580: Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Charles Zhang
-
[ANNOUNCE] Apache Commons DBCP 2.12.0
Gary Gregory
-
CVE-2023-50378: Apache Ambari: Various XSS problems
Brahma Reddy Battula
-
[ANNOUNCE] Apache Groovy 3.0.21 Released
Paul King
-
[ANNOUNCE] Apache Groovy 4.0.19 Released
Paul King
-
CVE-2024-27138: Apache Archiva: disabling user registration is not effective
Arnout Engelen
-
CVE-2024-27139: Apache Archiva: incorrect authentication potentially leading to account takeover
Arnout Engelen
-
CVE-2024-27140: Apache Archiva: reflected XSS
Arnout Engelen
-
CVE-2024-26280: Apache Airflow: Overly broad default permissions for Viewer/Ops (audit logs)
Ephraim Anierobi
-
[ANNOUNCE] Release Apache Groovy 5.0.0-alpha-6
Paul King
-
[ANNOUNCE] Apache flink-connector-parent 1.1.0 released
Etienne Chauchot
-
[ANNOUNCE] Apache Shiro 2.0.0 release
fpapon
-
CVE-2024-27906: Apache Airflow: Dag Code and Import Error Permissions Ignored
Ephraim Anierobi
-
[ANNOUNCE]
fpapon
-
CVE-2024-25065: Apache OFBiz: Path traversal allowing authentication bypass.
Jacques Le Roux
-
[ANNOUNCE] Apache OFBiz 18.12.12 released
Jacopo Cappellato
-
CVE-2024-25128: Apache Airlfow Vulnerability: custom, long deprecated OpenID (NOT OIDC)
Jarek Potiuk
-
CVE-2024-26016: Apache Superset: Improper authorization validation on dashboards and charts import
Daniel Gaspar
-
CVE-2024-24779: Apache Superset: Improper data authorization when creating a new dataset
Daniel Gaspar
-
CVE-2024-24772: Apache Superset: Improper Neutralisation of custom SQL on embedded context
Daniel Gaspar
-
CVE-2024-24773: Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Daniel Gaspar
-
CVE-2024-27315: Apache Superset: Improper error handling on alerts
Daniel Gaspar
-
[ANNOUNCE] Apache Pekko 1.0.3-M1 released
Arnout Engelen
-
[ANNOUNCE] Apache Kafka 3.7.0
Stanislav Kozlovski
-
CVE-2023-50380: Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server
Brahma Reddy Battula
-
CVE-2024-21742: Apache James Mime4J: Mime4J DOM header injection
Benoit Tellier
-
[ANNOUNCE] Apache Pulsar Helm Chart version 3.3.0 Released
Lari Hotari
-
CVE-2023-51747: SMTP smuggling in Apache James
Benoit Tellier
-
CVE-2024-27905: Apache Aurora: padding oracle can allow construction an authentication cookie
Arnout Engelen
-
[ANNOUNCE] Apache Airflow Providers prepared on February 23, 2024 are released
Elad Kalif
-
CVE-2023-50379: Apache Ambari: authenticated users could perform command injection to perform RCE
Brahma Reddy Battula
-
[ANNOUNCE] Apache Commons BCEL 3.8.2
Gary Gregory
-
[ANNOUNCE] Apache Jackrabbit 2.21.25 released
Julian Reschke
-
CVE-2023-51518: Apache James server: Privilege escalation via JMX pre-authentication deserialisation
Benoit Tellier
-
[ANNOUNCE] Apache Airflow 2.8.2 Released
Ephraim Anierobi
-
[ANNOUNCE] Apache James MIME4J 0.8.10 released
Benoit TELLIER