Messages by Thread
-
[ANNOUNCE] Apache Commons Exec 1.5.0
Gary Gregory
-
[ANNOUNCE] Apache Pulsar 4.0.5 released
Lari Hotari
-
[ANNOUNCE] Apache Pulsar 3.3.7 released
Lari Hotari
-
[ANNOUNCE] Apache Pulsar 3.0.12 released
Lari Hotari
-
[ANNOUNCE] Apache NetBeans 26 Released
Eric Barboni
-
[ANNOUNCE] Apache Jackrabbit Apache Jackrabbit Oak 1.80 released
Julian Reschke
-
[ANNOUNCE] Apache Pulsar Client C++ 3.7.1 released
Yunze Xu
-
[ANNOUNCE] Apache Kyuubi Shaded v0.5.0 is available
Cheng Pan
-
[ANNOUNCE] Apache Airflow Providers prepared on May 20, 2025 are released
Elad Kalif
-
[ANNOUNCE] Apache Kafka 3.9.1
TengYao Chi
-
[ANNOUNCE] Apache Arrow 20.0.0 released
Jacob Wujciak
-
[ANNOUNCE] Apache bRPC 1.13.0 released
Lorin Lee
-
[ANNOUNCE] Apache Airflow Providers prepared on May 14, 2025 are released
Elad Kalif
-
[ANNOUNCE] Apache Pekko HTTP 1.2.0 released
PJ Fanning
-
[ANNOUNCEMENT] Apache Portable Runtime 1.7.6 Released
minfrin
-
[ANNOUNCE] Apache Pekko Persistence JDBC 1.1.1 released
PJ Fanning
-
[ANNOUNCE] Apache Pulsar Client Python 3.7.0 released
Baodi Shi
-
CVE-2025-26864: Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication
Haonan Hou
-
CVE-2025-26795: Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver
Haonan Hou
-
CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function
Haonan Hou
-
Apache Beam 2.65.0 Released
Yi Hu
-
[ANNOUNCE] Apache Beam 2.65.0 Released
Yi Hu
-
CVE-2025-47436: Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression
Dongjoon Hyun
-
[ANN] Apache Tomcat 9.0.105 available
Rémy Maucherat
-
[ANNOUNCE] Apache log4net 3.1.0 released
Jan Friedrich
-
[ANN] Apache Tomcat 10.1.41 Available
Christopher Schultz
-
CVE-2025-27696: Apache Superset: Improper authorization leading to resource ownership takeover
Daniel Gaspar
-
[ANNOUNCE] Apache Airflow Providers prepared on May 08, 2025 are released
Elad Kalif
-
[ANNOUNCE] Apache Camel 4.8.7 (LTS) Released
Gregor Zurowski
-
[ANNOUNCE] Apache Arrow Go v18.3.0 Released
Matt Topol
-
CVE-2025-46392: Apache Commons Configuration: StackOverflowError loading untrusted configuration
Arnout Engelen
-
[ANNOUNCE] Apache Airflow Providers prepared on May 05, 2025 are released
Elad Kalif
-
[ANNOUNCE] Release Apache Kvrocks 2.12.1
hulk
-
[ANNOUNCE] Apache Gravitino (incubating) 0.9.0 available
roryqi
-
[ANNOUNCE] Apache YuniKorn v1.6.3 released
Wilfred Spiegelenburg
-
CVE-2025-27533: Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation
Christopher L. Shannon
-
[ANNOUNCE] Apache CouchDB 3.5.0 released
Jan Lehnardt
-
[ANNOUNCE] Apache Arrow ADBC 18 Released
David Li
-
[ANNOUNCE] Apache Tika 2.9.4 released
Tim Allison
-
[ANNOUNCE] Apache ShenYu 2.7.0.1 available
Hongyu Liu
-
[ANNOUNCE] Apache Ozone 2.0.0
Wei-Chiu Chuang
-
[ANNOUNCE] Apache Pekko Management 1.1.1 released
Arnout Engelen
-
[ANNOUNCE] Apache Pulsar Helm Chart version 4.0.1 Released
Lari Hotari
-
CVE-2025-46762: Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata
Gang Wu
-
[ANNOUNCE] Apache PDFBox 3.0.5 released
Andreas Lehmkühler
-
[ANNOUNCE] Apache NiFi 2.4.0 Released
Pierre Villard
-
[ANNOUNCE] Apache Lucene 10.2.1 released
Chris Hegarty
-
[ANNOUNCE] Apache Commons Imaging 1.0.0-alpha6
Gary Gregory
-
[ANNOUNCE] Apache Camel 4.10.4 (LTS) Released
Gregor Zurowski
-
Apache Mnemonic is now retired
Hervé Boutemy
-
Apache Gora is now retired
Hervé Boutemy
-
[ANNOUNCEMENT] Apache Commons Configuration 2.12.0
Rob Tompkins
-
[ANNOUNCE] Apache Airflow Providers prepared on April 28, 2025 are released
Elad Kalif
-
[SECURITY] CVE-2025-31651 Apache Tomcat - Rewrite rule bypass
Mark Thomas
-
[SECURITY] CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header
Mark Thomas
-
[ANNOUNCEMENT] HttpComponents Client 5.4.4 GA Released
Oleg Kalnichevski
-
[ANNOUNCE] Apache Airflow Providers prepared on April 24, 2025 are released
Elad Kalif
-
[ANNOUNCEMENT] Apache SkyWalking Go 0.6.0 Released
han liu
-
[ANNOUNCE] Apache Wicket 10.5.0 released
Andrea Del Bene
-
[ANNOUNCE] Apache Wicket 9.21.0 released
Andrea Del Bene
-
[ANNOUNCE] Apache PDFBox 2.0.34 released
Andreas Lehmkühler
-
The Apache Software Foundation (ASF) welcomes 45 new Members
Brian Proffitt
-
[ANNOUNCE] Apache Pulsar Go Client 0.15.0 released
Zike Yang
-
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.2.3 released
David Jensen
-
[ANNOUNCE] Apache Commons Collections 4.5.0
Gary Gregory
-
[ANNOUNCE] Apache SystemDS 3.3.0
Janardhan
-
[ANNOUNCE] Apache flink-connector-jdbc 3.3.0 & 4.0.0 released
Hang Ruan
-
[ANNOUNCE] Release Apache Kvrocks 2.12.0
hulk
-
CVE-2025-26413: Apache Kvrocks: The server was crashed by the negative offset
Hulk Lin
-
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.6.0
Chris Bono
-
[ANNOUNCE] Apache Airflow Providers prepared on April 20, 2025 are released
Elad Kalif
-
[ANNOUNCE] Apache Airflow Providers prepared on April 16, 2025 are released
Elad Kalif
-
[ANNOUNCE] Apache Commons JXPath 1.4.0
Gary Gregory
-
CVE-2025-29953: Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass
Arnout Engelen
-
[ANNOUNCE] Apache IoTDB 2.0.2 released
Haonan Hou
-
[ANNOUNCE] Apache IoTDB 1.3.4 released
Haonan Hou
-
[ANNOUNCE] OpenNLP 2.5.4 released
Martin Wiesner
-
CVE-2024-56736: Apache HertzBeat (incubating): Server-Side Request Forgery (SSRF) in Api Config Oss
Chao Gong
-
[ANNOUNCE] Apache TsFile 2.0.2 released
Haonan Hou
-
[ANNOUNCE] Apache TsFile 1.1.1 released
Haonan Hou
-
[ANNOUNCE] Apache Airflow Providers prepared on April 10, 2025 are released
Elad Kalif
-
[ANNOUNCE] Apache Commons IO 2.19.0
Gary Gregory
-
CVE-2025-32896: Apache SeaTunnel: Unauthenticated insecure access
Hailin Wang
-
CVE-2025-24859: Apache Roller: Insufficient Session Expiration on Password Change
David M. Johnson
-
[ANNOUNCE] Apache Commons Text 1.13.1
Gary Gregory
-
[ANN] Apache Tomcat 11.0.6 Available
Mark Thomas
-
[ANNOUNCE] Apache Lucene 10.2.0 released
Ignacio Vera
-
[ANN] Apache Tomcat 9.0.104 available
Rémy Maucherat
-
[ANNOUNCE] Apache Geronimo XBean 4.27 released
Francois Papon
-
CVE-2025-27391: Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log
Domenico Francesco Bruscino
-
[ANNOUNCE] Apache Airflow Providers prepared on April 06, 2025 are released
Elad Kalif
-
[ANNOUNCE] Apache Pulsar 3.3.6 released
Lari Hotari
-
[ANNOUNCE] Apache Pulsar 4.0.4 released
Lari Hotari
-
[ANNOUNCE] Apache Pulsar 3.0.11 released
Lari Hotari
-
CVE-2025-30677: Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors
Lari Hotari
-
[ANN] Apache Causeway version 3.3.0 Released
Dan Haywood
-
CVE-2025-31672: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names
PJ Fanning
-
[ANNOUNCE] Apache Jackrabbit Oak 1.78.0 released
Julian Reschke
-
[ANNOUNCE] Apache OFBiz 24.09.01 released
Nicolas Malin
-
[ANNOUNCE] Apache POI 5.4.1 release
PJ Fanning
-
Apache Cocoon is now retired
Hervé Boutemy
-
[ANN] Apache OpenJPA 4.1.0
Francesco Chicchiriccò
-
[ANNOUNCE] Apache Commons CSV 1.14.0
Gary Gregory
-
CVE-2025-30474: Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message
Gary D. Gregory
-
CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection
Elad Kalif
-
Apache Oozie is now retired
Hervé Boutemy
-
Apache Pivot is now retired
Hervé Boutemy
-
Apache Beam 2.64.0 Released!
XQ Hu
-
[ANNOUNCE] Apache Camel 4.11.0 Released
Gregor Zurowski
-
[ANNOUNCE] Release Apache SkyWalking Client JS version 1.0.0
xue fan
-
[ANNOUNCE] Apache Traffic Server 10.0.5 Release
Chris McFarlen
-
[ANNOUNCE] Apache Airflow Helm Chart version 1.16.0 Released
Jedidiah Cunningham
-
[ANNOUNCE] Apache OFBiz 18.12.19 released
Nicolas Malin
-
CVE-2025-30676: Apache OFBiz: Stored XSS Vulnerability
Jacques Le Roux
-
[ANNOUNCE] Apache Camel 4.8.6 (LTS) Released
Gregor Zurowski
-
CVE-2025-30177: Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering
Andrea Cosentino
-
CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy.
Enxin Xie
-
CVE-2025-30065: Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
Gang Wu
-
CVE-2025-27427: Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission
Justin Bertram
-
[ANNOUNCE] Apache Airflow Providers prepared on March 26, 2025 are released
Elad Kalif
-
[ANNOUNCE] Apache Camel 4.10.3 (LTS) Released
Gregor Zurowski
-
[ANNOUNCE] Apache Jackrabbit Filevault 3.8.4 released
Julian Reschke
-
[ANN] Apache TomEE 10.0.1
Richard Zowalla
-
[ANNOUNCEMENT] HttpComponents Client 5.4.3 GA Released
Oleg Kalnichevski
-
[ANNOUNCE] Apache Jackrabbit Oak 1.22.22 released
Julian Reschke
-
CVE-2025-30067: Apache Kylin: The remote code execution via jdbc url
Li Yang
-
CVE-2024-48944: Apache Kylin: SSRF vulnerability in the diagnosis api
Li Yang
-
[ANNOUNCE] Apache Iceberg Go Release v0.2.0
Matt Topol
-
[ANNOUNCE] Apache Solr Operator v0.9.1 released
Jason Gerlowski
-
[ANNOUNCE] release of Apache VCL 2.5.2
Josh Thompson
-
CVE-2024-53678: Apache VCL: SQL injection vulnerability in New Block Allocation form
Josh Thompson
-
CVE-2024-53679: Apache VCL: XSS vulnerability in User Lookup impacting user privileges
Josh Thompson
-
[ANNOUNCE] Apache Answer v1.4.5 available
Luffy
-
[ANNOUNCE] Apache StormCrawler (Incubating) 3.3.0 released
Tim Allison
-
CVE-2025-27553: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT
Gary D. Gregory
-
[ANN] Apache ActiveMQ Classic 5.17.7 has been released!
Jean-Baptiste Onofré
-
[ANN] Apache ActiveMQ Classic 5.18.7 has been released!
Jean-Baptiste Onofré
-
[ANN] Apache ActiveMQ Classic 5.16.8 has been released!
Jean-Baptiste Onofré
-
CVE-2025-26796: Apache Oozie: XSS in Oozie Web Console
Arnout Engelen
-
[ANNOUNCEMENT] HttpComponents Core 5.3.4 GA released
Oleg Kalnichevski
-
CVE-2025-27888: Apache Druid: Server-Side Request Forgery and Cross-Site Scripting
Adarsh Sanjeev
-
CVE-2024-54016: compression bomb attack in Apache Seata Server
Min Ji
-
CVE-2024-47552: Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server
Min Ji
-
CVE-2025-27018: Apache Airflow MySQL Provider: SQL injection in MySQL provider core function
Elad Kalif
-
[ANNOUNCE] Apache YuniKorn v1.6.2 released
Wilfred Spiegelenburg
-
[ANNOUNCE] Apache Kafka 4.0.0
David Jacot
-
[ANNOUNCE] Apache CouchDB 3.4.3 released
Jan Lehnardt
-
[ANNOUNCE] Apache Arrow Go v18.2.0 Released
Matt Topol
-
[ANNOUNCE] Apache BVal 3.0.2
Markus Jung
-
[ANNOUNCE] Apache Calcite 1.39.0 released
Stamatis Zampetakis
-
[ANNOUNCE] Apache James JSPF 1.0.5 released
Rene Cordier
-
[ANNOUNCE] Apache Geronimo Java Mail 2.1_1.0.1
Francois Papon
-
[ANN] Apache Maven Daemon 2.0.0-rc-3 released
Guillaume Nodet
-
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.2.1 released
David Jensen
-
[ANNOUNCE] Apache Pulsar Helm Chart version 4.0.0 Released
Lari Hotari
-
[ANN] Apache Maven 4.0.0-rc-3 released
Guillaume Nodet
-
[ANNOUNCE] Apache Airflow Providers prepared on March 09, 2025 are released
Elad Kalif
-
[ANNOUNCE] Apache James JDKIM 0.4 released
Rene Cordier
-
FELIX-6753: CVE-2025-27867: Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin
Carsten Ziegeler
-
CVE-2025-29891: Apache Camel: Camel Message Header Injection through request parameters
Andrea Cosentino
-
[ANNOUNCE] Apache Pulsar Node.js client 1.13.1 released
Baodi Shi
-
[ANNOUNCE] Apache Solr 9.8.1 released
Houston Putman
-
[ANN] Apache Syncope 4.0.0-M1
Francesco Chicchiriccò
-
[SECURITY] CVE-2025-24813 Potential RCE and/or information disclosure and/or information corruption with partial PUT
Mark Thomas
-
[ANN] Apache Syncope 3.0.11
Francesco Chicchiriccò
-
[ANN] Apache ActiveMQ Classic 5.19.0 has been released!
Jean-Baptiste Onofré
-
CVE-2025-27017: Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record
Pierre Villard
-
[ANNOUNCE] Apache NiFi 2.3.0 Released
Pierre Villard
-
[ANN] Apache ActiveMQ Classic 6.1.6 has been released!
Jean-Baptiste Onofré
-
Fwd: Announcing Fineract Release 1.11.0
James Dailey
-
[ANNOUNCE] Apache Camel 3.22.4 (LTS) Released
Gregor Zurowski
-
[ANNOUNCE] Apache Camel 4.10.2 (LTS) Released
Gregor Zurowski
-
CVE-2025-27636: Apache Camel: Camel Message Header Injection via Improper Filtering
Andrea Cosentino
-
[ANNOUNCE] Apache Pulsar Client Python 3.6.1 released
Yunze Xu
-
[ANNOUNCE] Apache Camel 4.8.5 (LTS) Released
Gregor Zurowski
-
CVE-2025-26865: Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE
Jacques Le Roux
-
[ANNOUNCE] Apache OFBiz 18.12.18 released
Jacopo Cappellato
-
[ANNOUNCE] Apache Pekko Projection 1.1.0 released
PJ Fanning
-
[ANNOUNCE] Apache Arrow ADBC 17 Released
David Li
-
[ANNOUNCE] Apache Curator 5.8.0 released
tison
-
[ANN] Apache Tomcat 9.0.102 available
Rémy Maucherat
-
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.2.0 released
David Jensen
-
[ANNOUNCE] Apache Traffic Server 10.0.4 Release
Chris McFarlen
-
[ANN] Apache Struts 6.7.4
Lukasz Lenart
-
[ANNOUNCE] Apache Calcite Avatica Go 5.4.0 released
Francis Chuang
-
[ANNOUNCE] Apache Pulsar Node.js client 1.13.0 released
Baodi Shi
-
[ANNOUNCE] Apache Camel 4.10.1 (LTS) Released
Gregor Zurowski
-
[ANNOUNCE] Apache Camel 4.8.4 (LTS) Released
Gregor Zurowski
-
[ANNOUNCE] Apache Impala 4.5.0 release
Peter Rozsa
-
[ANNOUNCEMENT] Apache CloudStack 4.19.2.0 release
Daan Hoogland
-
CVE-2024-55532: Apache Ranger: Improper Neutralization of Formula Elements in a CSV File
Velmurugan Periasamy
-
CVE-2024-24778: Apache StreamPipes: Resources Permission Escalation
Philipp Zehnder
-
[ANN] Apache Struts 7.0.3
Lukasz Lenart
-
[ANNOUNCE] Apache log4cxx 1.4.0 released
Stephen Webb
-
[ANNOUNCE] Apache Gluten (Incubating) 1.2.0 available
WeitingChen
-
[ANNOUNCE] Apache Qpid Broker-J 9.2.1 released
Tomas Vavricka
-
[ANNOUNCE] Apache Gluten (Incubating) 1.3.0 available
WeitingChen
-
[ANNOUNCE] Apache Pulsar 3.3.5 released
Lari Hotari
-
[ANNOUNCE] Apache Doris 3.0.4 release
ChenMingyu