announce

Messages by Date

2026/05/03 CVE-2026-40563: Apache Atlas: Script injection allows access to unintended data Pinal Shah
2026/05/02 [ANNOUNCE] Apache Polaris 1.4.1 Jean-Baptiste Onofré
2026/05/02 [ANNOUNCE] OpenNLP 2.5.9 released Richard Zowalla
2026/05/02 [ANNOUNCE] OpenNLP 3.0.0-M3 released Richard Zowalla
2026/05/02 CVE-2026-42812: Apache Polaris: No protection on `write.metadata.path` Jean-Baptiste Onofré
2026/05/02 CVE-2026-42811: Apache Polaris: In plain terms, Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Jean-Baptiste Onofré
2026/05/02 CVE-2026-42810: Apache Polaris: Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. Jean-Baptiste Onofré
2026/05/02 CVE-2026-42809: Apache Polaris: An authenticated low-privileged user can abuse Polaris staged table creation to mint broad temporary storage credentials for an attacker-chosen location before Polaris validates that location Jean-Baptiste Onofré
2026/05/01 CVE-2026-42440: Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader Richard Zowalla
2026/05/01 CVE-2026-42027: Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader Richard Zowalla
2026/05/01 CVE-2026-40682: Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor Richard Zowalla
2026/05/01 CVE-2026-42404: Apache Neethi: Unrestricted HTTP Redirect Following in Policy References Colm O hEigeartaigh
2026/05/01 CVE-2026-42402: Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS Colm O hEigeartaigh
2026/05/01 [ANNOUNCE] Release Apache OpenDAL 0.56.0 Xuanwo
2026/05/01 CVE-2026-42403: Apache Neethi: Circular Policy Reference Infinite Loop Colm O hEigeartaigh
2026/05/01 Apache MINA 2.0.12 and 2.2.7 release Emmanuel Lecharny
2026/04/30 [ANNOUNCE] Apache Pulsar Helm Chart version 4.6.0 Released Lari Hotari
2026/04/30 Apache Beam 2.73.0 Released! Vitalii Terentev
2026/04/30 [ANNOUNCE] Apache James MIME4J 0.8.14 released [email protected]
2026/04/30 [ANNOUNCE] Apache James MIME4J 0.8.13 released [email protected]
2026/04/29 [ANNOUNCE] Apache Accumulo Access 1.0.0-beta3 Christopher
2026/04/29 [ANNOUNCE] Apache KIE (Incubating) 10.2.0 released Alex Porcelli
2026/04/29 Re: CVE-2026-41016: Apache Airflow SMTP Provider: No certificate validation on SMTP STARTTLS connections Shahar Epstein
2026/04/29 Apache MINA 2.0.28, 2.0.11 and 2.2.6 release Emmanuel Lecharny
2026/04/29 [ANNOUNCE] Apache Jackrabbit Oak 1.22.24 released Julian Reschke
2026/04/28 ANNOUNCE] Apache Jackrabbit Oak 1.22.24 released Julian Reschke
2026/04/28 CVE-2026-41873: Pony Mail: Admin account takeover via request smuggling Arnout Engelen
2026/04/28 [ANN] Apache Struts 6.9.0 Lukasz Lenart
2026/04/27 CVE-2025-48431: Apache Thrift glibc language bindings: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. Jens Geyer
2026/04/27 CVE-2026-41602: Apache Thrift: Go TFramedTransport uint32 overflow Jens Geyer
2026/04/27 CVE-2026-41603: Apache Thrift: Java TSSLTransportFactory hostname verification Jens Geyer
2026/04/27 CVE-2026-41605: Apache Thrift: Swift Compact Protocol integer overflow Jens Geyer
2026/04/27 CVE-2026-41604: Apache Thrift: Swift Range crash in skip() Jens Geyer
2026/04/27 CVE-2026-41606: Apache Thrift: c_glib dispatch stack overflow Jens Geyer
2026/04/27 CVE-2026-41607: Apache Thrift: C++ JSON OOB read Jens Geyer
2026/04/27 CVE-2026-41636: Apache Thrift: Node.js skip() recursion Jens Geyer
2026/04/27 [ANNOUNCE] Apache Pulsar 4.2.1 released Lari Hotari
2026/04/27 [ANNOUNCE] Apache Pulsar 4.0.10 released Lari Hotari
2026/04/27 [ANNOUNCE] Apache Pulsar 3.0.17 released Lari Hotari
2026/04/27 [ANNOUNCE] Apache CloudStack LTS Release 4.20.3.0 Abhisar Sinha
2026/04/27 [ANNOUNCE] Apache TsFile 2.3.0 released Haonan Hou
2026/04/27 ZDRES-059: CVE-2026-41635: Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE Emmanuel Lécharny
2026/04/27 CVE-2026-41409: Apache MINA: CWE-502 Deserialization of Untrusted Data Emmanuel Lécharny
2026/04/26 CVE-2026-40858: Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository Andrea Cosentino
2026/04/26 CVE-2026-40860: Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp Andrea Cosentino
2026/04/26 CVE-2026-40473: Apache Camel: Camel-Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP Andrea Cosentino
2026/04/26 CVE-2026-40453: Apache Camel: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection Andrea Cosentino
2026/04/26 CVE-2026-40048: Apache Camel: Camel-PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager Andrea Cosentino
2026/04/26 CVE-2026-40022: Apache Camel: Camel-Platform-HTTP-Main: Authentication Bypass on Non-Root Context Paths in camel main runtime Andrea Cosentino
2026/04/26 CVE-2026-33454: Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant) Andrea Cosentino
2026/04/26 CVE-2026-33453: Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution Andrea Cosentino
2026/04/26 CVE-2026-27172: Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store Andrea Cosentino
2026/04/26 [ANNOUNCE] Apache Commons Codec 1.22.0 Gary Gregory
2026/04/26 [ANNOUNCE] Apache Camel 4.20.0 Released Gregor Zurowski
2026/04/25 [ANNOUNCE] Apache Storm 2.8.7 Released Rui Abreu
2026/04/25 CVE-2026-41081: Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure Richard Zowalla
2026/04/25 CVE-2026-40557: Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections Richard Zowalla
2026/04/24 [ANNOUNCE] Apache Camel 4.14.7 (LTS) Released Gregor Zurowski
2026/04/24 CVE-2026-40690: Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users Rahul Vats
2026/04/24 CVE-2026-38743: Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities Rahul Vats
2026/04/23 CVE-2025-62233: Apache DolphinScheduler: Deserialization of untrusted data in RPC Wenjun Ruan
2026/04/23 CVE-2026-23902: Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution. Wenjun Ruan
2026/04/23 [ANNOUNCE] Apache Sedona 1.9.0 released Jia Yu
2026/04/23 [ANNOUNCE] Apache ActiveMQ 6.2.5 has been released! Jean-Baptiste Onofré
2026/04/23 [ANNOUNCE] Apache ActiveMQ 5.19.6 has been released! Jean-Baptiste Onofré
2026/04/23 CVE-2026-41044: Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia Christopher L. Shannon
2026/04/23 CVE-2026-41043: Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues Christopher L. Shannon
2026/04/23 CVE-2026-40466: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI Christopher L. Shannon
2026/04/23 [ANNOUNCE] Apache Commons IO 2.22.0 Gary Gregory
2026/04/22 [ANNOUNCE] Apache Camel 4.18.2 (LTS) Released Gregor Zurowski
2026/04/22 [ANNOUNCE] Apache Airflow 3.2.1 Released Rahul Vats
2026/04/22 [ANNOUNCE] Apache Arrow 24.0.0 released Raúl Cumplido
2026/04/21 [ANNOUNCE] Apache Jackrabbit Oak 2.0.0 released Julian Reschke
2026/04/20 [ANNOUNCE] Apache Commons Numbers Version 1.3 Released Alex Herbert
2026/04/20 [ANNOUNCE] Apache Fory 0.17.0 released Shawn Yang
2026/04/19 [ANNOUNCE] Apache log4net 3.3.1 released Jan Friedrich
2026/04/19 [ANNOUNCE] Apache Camel 4.14.6 (LTS) Released Gregor Zurowski
2026/04/17 CVE-2026-40948: Apache Airflow Keycloak Provider: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager Jarek Potiuk
2026/04/17 CVE-2026-25917: Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5) Rahul Vats
2026/04/17 CVE-2026-32228: Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to Rahul Vats
2026/04/17 CVE-2026-30898: Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf Rahul Vats
2026/04/17 CVE-2026-32690: Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1 Rahul Vats
2026/04/17 [ANN] Apache Maven 3.9.15 released Slawomir Jaranowski
2026/04/17 [ANNOUNCE] Apache Pulsar Client Python 3.11.0 released Yunze Xu
2026/04/17 CVE-2026-30912: Apache Airflow: Exposing stack trace in case of constraint error Rahul Vats
2026/04/17 CVE-2025-66335: Apache Doris MCP Server: MCP SQL inject Mingyu Chen
2026/04/17 CVE-2026-33558: Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output Luke Chen
2026/04/17 CVE-2026-33557: Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication Luke Chen
2026/04/16 CVE-2026-31987: Apache Airflow: JWT token appearing in logs Rahul Vats
2026/04/16 [ANNOUNCE] Apache Camel 4.19.0 Released Gregor Zurowski
2026/04/16 [ANNOUNCE] Apache Grails 7.1.0 James Daugherty
2026/04/15 [ANNOUNCE] Apache Pinot 1.5.0 Released Yash Mayya
2026/04/15 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 5.3.0 released David Jensen
2026/04/15 [ANNOUNCE] Apache Pulsar Go Client 0.19.0 released Zike Yang
2026/04/15 CVE-2026-25219: Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access Jarek Potiuk
2026/04/15 [ANNOUNCE] Apache Cloudberry (Incubating) 2.1.0 released Dianjin Wang
2026/04/14 CVE-2026-30778: Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. Kai Wan
2026/04/14 CVE-2025-54550: Apache Airflow: RCE by race condition in example_xcom dag Jarek Potiuk
2026/04/14 [ANNOUNCE] Apache APISIX 3.16.0 has been released Abhishek Choudhary
2026/04/14 [ANNOUNCE] Apache IoTDB 2.0.8 released Haonan Hou
2026/04/14 [ANNOUNCE] Apache Airflow Providers prepared on 2026-04-12 are released Jarek Potiuk
2026/04/13 CVE-2026-31908: Apache APISIX: forward auth plugin allows header injection Abhishek Choudhary
2026/04/13 CVE-2026-31924: Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP Abhishek Choudhary
2026/04/13 CVE-2026-33929: Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code Tilman Hausherr
2026/04/13 CVE-2026-31923: Apache APISIX: Openid-connect `tls_verify` field is disabled by default Abhishek Choudhary
2026/04/13 CVE-2026-39816: Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService David Handermann
2026/04/13 CVE-2026-33858: Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API Rahul Vats
2026/04/13 CVE-2025-66236: Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI Rahul Vats
2026/04/13 CVE-2026-34884: Apache SkyWalking MCP: SSRF via set_skywalking_url Tool and GraphQL Expression Injection in MCP Server Qiuxia Fan
2026/04/13 CVE-2026-34476: Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server Qiuxia Fan
2026/04/13 CVE-2025-54057: Apache SkyWalking: Stored XSS vulnerability Zhenxu Ke
2026/04/12 [ANNOUNCE] Apache Airflow Providers prepared on 2026-04-08 are released Jarek Potiuk
2026/04/12 [ANNOUNCE] Apache Storm 2.8.6 Released Richard Zowalla
2026/04/12 CVE-2026-35565: Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI Richard Zowalla
2026/04/12 CVE-2026-35337: Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling Richard Zowalla
2026/04/12 [ANNOUNCE] Apache SkyWalking MCP 0.2.0 Released xue fan
2026/04/12 [ANNOUNCE] Apache Pulsar Node.js client 1.17.0 released Baodi Shi
2026/04/11 [ANN] Apache Ant 1.10.17 Released Stefan Bodewig
2026/04/11 [ANNOUNCE] Apache NiFi 2.9.0 Released Pierre Villard
2026/04/10 CVE-2026-40023: Apache Log4cxx, Apache Log4cxx (Conan), Apache Log4cxx (Brew): Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz
2026/04/10 CVE-2026-34481: Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout Piotr Karwasz
2026/04/10 CVE-2026-34480: Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz
2026/04/10 CVE-2026-40021: Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters Piotr Karwasz
2026/04/10 CVE-2026-34479: Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters Piotr Karwasz
2026/04/10 CVE-2026-34478: Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility Piotr Karwasz
2026/04/10 CVE-2026-34477: Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass Piotr Karwasz
2026/04/10 [ANNOUNCE] Apache Jackrabbit 2.23.4-beta released Julian Reschke
2026/04/09 [SECURITY] CVE-2026-34500 Apache Tomcat - OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled Mark Thomas
2026/04/09 [SECURITY] CVE-2026-32990 Apache Tomcat - The fix for CVE-2025-66614 is incomplete Mark Thomas
2026/04/09 [SECURITY] CVE-2026-34483 Apache Tomcat - Incomplete escaping of JSON access logs Mark Thomas
2026/04/09 [SECURITY] CVE-2026-34487 Apache Tomcat - Cloud membership for clustering component exposed the Kubernetes bearer token Mark Thomas
2026/04/09 [SECURITY] CVE-2026-34486 Apache Tomcat - Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor Mark Thomas
2026/04/09 [SECURITY] CVE-2026-29145 Apache Tomcat and Tomcat Native - OCSP checks sometimes soft-fail even when soft-fail is disabled Mark Thomas
2026/04/09 [SECURITY] CVE-2026-29146 Apache Tomcat - EncryptInterceptor vulnerable to padding oracle attack by default Mark Thomas
2026/04/09 [SECURITY] CVE-2026-25854 Apache Tomcat - Occasionally open redirect Mark Thomas
2026/04/09 [SECURITY] CVE-2026-29129 Apache Tomcat - Configured TLS cipher preference order not preserved Mark Thomas
2026/04/09 [SECURITY] CVE-2026-24880 Apache Tomcat - Request smuggling via invalid chunk extension Mark Thomas
2026/04/09 The Apache Software Foundation Welcomes 45 New Members Brian Proffitt
2026/04/09 CVE-2026-34020: Apache OpenMeetings: Login Credentials Passed via GET Query Parameters Maxim Solodovnik
2026/04/09 CVE-2026-33266: Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt Maxim Solodovnik
2026/04/09 CVE-2026-33005: Apache OpenMeetings: Insufficient checks in FileWebService Maxim Solodovnik
2026/04/09 [ANNOUNCE] Apache ActiveMQ 6.2.4 has been released! Christopher Shannon
2026/04/09 [ANNOUNCE] Apache ActiveMQ 5.19.5 has been released! Christopher Shannon
2026/04/09 CVE-2026-40046: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated Christopher L. Shannon
2026/04/09 CVE-2026-39304: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM Christopher L. Shannon
2026/04/09 [ANNOUNCE] Apache OpenMeetings 9.0.0 is released Maxim Solodovnik
2026/04/09 [ANNOUNCE] Apache Arrow ADBC 23 Released David Li
2026/04/09 CVE-2025-57735: Apache Airflow: Airflow Logout Not Invalidating JWT Rahul Vats
2026/04/09 CVE-2026-34538: Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure) Rahul Vats
2026/04/08 [ANNOUNCE] Apache Commons Configuration 2.14.0 Gary Gregory
2026/04/08 [ANNOUNCE] Release Apache Fluss (fluss-rust) 0.1.0-incubating yunhong Zheng
2026/04/08 [ANNOUNCE] Apache Xalan Java xslt 3.0 alpha1 released Mukul Gandhi
2026/04/07 [ANNOUNCE] Apache Airflow 3.2.0 Released Rahul Vats
2026/04/07 CASSANDRA-21202: CVE-2026-32588: Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing Michael Semb Wever
2026/04/07 CVE-2026-27315: Apache Cassandra: cqlsh history sensitive information leak Michael Semb Wever
2026/04/07 CVE-2026-27314: Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass Michael Semb Wever
2026/04/07 CVE-2026-35554: Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition Manikumar
2026/04/06 [ANNOUNCE] Apache MINA SSHD 3.0.0-M3 released Thomas Wolf
2026/04/06 CVE-2026-34197: Apache ActiveMQ Broker, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans Christopher L. Shannon
2026/04/06 CVE-2026-33227: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ Web: Improper Limitation of a Pathname to a Restricted Directory Christopher L. Shannon
2026/04/06 [ANNOUNCE] Apache Ratis 3.2.2 Release Xinyu Tan
2026/04/05 [ANNOUNCE] Apache Pekko (Core) 1.5.0 released PJ Fanning
2026/04/04 [ANNOUNCE] Apache Grails 7.0.10 James Daugherty
2026/04/04 [ANN] Apache Tomcat 11.0.21 Available Mark Thomas
2026/04/04 [ANNOUNCE] Apache Grails 7.1.0-RC1 James Daugherty
2026/04/04 [ANNOUNCE] Apache log4cxx 1.7.0 released Stephen Webb
2026/04/03 [ANNOUNCE] Apache SkyWalking 10.4.0 released Sheng Wu
2026/04/03 [ANN] Apache Syncope 4.0.5 Francesco Chicchiriccò
2026/04/03 [ANN] Apache Syncope 4.1.0 Francesco Chicchiriccò
2026/04/03 [ANN] Apache Tomcat 9.0.117 available Rémy Maucherat
2026/04/03 [ANN] Apache Tomcat 10.1.54 Available Christopher Schultz
2026/04/03 [ANN] End Of Support for Tomcat Native 1.x Christopher Schultz
2026/04/02 [ANNOUNCE] Apache Traffic Server 10.1.2 Release Chris McFarlen
2026/04/02 [ANNOUNCE] Apache Pulsar Client C++ 4.1.0 released Yunze Xu
2026/04/01 [ANNOUNCE] Apache Accumulo Access 1.0.0-beta2 Christopher
2026/04/01 [ANNOUNCE] Apache ActiveMQ 5.19.4 has been released! Jean-Baptiste Onofré
2026/04/01 [ANN] Apache Ant 1.10.16 Released Stefan Bodewig
2026/04/01 [ANNOUNCE] Apache Pulsar 4.2.0 released Lari Hotari
2026/03/31 Apache Beam 2.72.0 Released! Vitalii Terentev
2026/03/31 [ANNOUNCE] Apache ActiveMQ 6.2.3 has been released! Jean-Baptiste Onofré
2026/03/30 CVE-2026-32794: Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange Jens Scheffler
2026/03/30 [ANNOUNCE] Release Apache SkyWalking Client JS version 1.1.0 xue fan
2026/03/29 [ANNOUNCE] Apache Groovy 5.0.5 Released Paul King
2026/03/29 [ANNOUNCE] Apache Groovy 4.0.31 Released Paul King
2026/03/28 [ANNOUNCE] Apache Airflow Providers prepared on 2026-03-24 are released Jens Scheffler
2026/03/28 [ANNOUNCE] Apache Log4j `2.25.4` released Piotr P. Karwasz
2026/03/27 [ANNOUNCE] Apache Camel 4.18.1 (LTS) Released Gregor Zurowski
2026/03/26 [ANNOUNCE] Apache Kyuubi v1.11.1 is available Cheng Pan
2026/03/26 [ANNOUNCEMENT] HttpComponents Core 5.5-alpha1 released Oleg Kalnichevski
2026/03/26 [ANNOUNCE] Apache SkyWalking MCP 0.1.0 Released xue fan
2026/03/25 [ANNOUNCE] Apache TsFile 2.2.1 released Haonan Hou
2026/03/25 [ANNOUNCE] Apache Storm 2.8.5 Released Rui Abreu
2026/03/24 [ANNOUNCE] Apache ActiveMQ 6.2.2 has been released! Jean-Baptiste Onofré
2026/03/24 [ANNOUNCE] Apache ActiveMQ 5.19.3 has been released! Jean-Baptiste Onofré
2026/03/24 [ANNOUNCE] Apache Tika 3.3.0 released Tim Allison
2026/03/23 [ANN] Apache Tomcat 10.1.53 Available Christopher Schultz
2026/03/22 [ANNOUNCE] Apache Airflow Helm Chart version 1.20.0 Released Jens Scheffler
2026/03/20 CVE-2026-32642: Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission Justin Bertram
2026/03/20 [ANNOUNCE] Apache Creadur RAT 0.18 P. Ottlinger
2026/03/20 [ANN] Apache Tomcat 9.0.116 available Rémy Maucherat

Earlier messages