announce

Messages by Thread

[ANNOUNCE] Apache PDFBox 3.0.1 released Andreas Lehmkühler
CVE-2023-49735: Apache Tiles: Unvalidated input may lead to path traversal and XXE Arnout Engelen
CVE-2022-45135: Apache Cocoon: SQL injection in DatabaseCookieAuthenticatorAction Cédric Damioli
CVE-2023-49733: Apache Cocoon's StreamGenerator is vulnerable to XXE injection Cédric Damioli
CVE-2023-49620: Apache DolphinScheduler: Authenticated users could delete UDFs in resouece center they were not authorized Jiajie Zhong
[ANNOUNCE] Apache Groovy 5.0.0-alpha-3 Released Paul King
[ANNOUNCE] Apache Groovy 4.0.16 Released Paul King
[ANNOUNCE] Apache StreamPipes 0.93.0 Tim Bossenmaier
[ANNOUNCE] Apache Airflow Providers prepared on November 24, 2023 are released Elad Kalif
CVE-2023-42504: Apache Superset: Lack of rate limiting allows for possible denial of service Daniel Gaspar
CVE-2023-42505: Apache Superset: Sensitive information disclosure on db connection details Daniel Gaspar
[SECURITY] CVE-2023-46589 Apache Tomcat - Request Smuggling Mark Thomas
CVE-2023-42502: Apache Superset: Open Redirect Vulnerability Daniel Gaspar
CVE-2022-41678: Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE Jean-Baptiste Onofré
[ANN] Apache Cocoon 2.3.0 Released Cédric Damioli
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.1.0 released tison
CVE-2023-49145: Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt David Handermann
[ANNOUNCE] Apache Commons Lang Version 3.14.0 Gary Gregory
CVE-2023-42501: Apache Superset: Unnecessary read permissions within the Gamma role Daniel Gaspar
[ANNOUNCE] OpenNLP 2.3.1 released Martin Wiesner
CVE-2023-40610: Apache Superset: Privilege escalation with default examples database Daniel Gaspar
[ANNOUNCE] Apache Pulsar Client C++ 3.4.1 released Yunze Xu
[ANNOUNCE] Apache Wicket 9.16.0 released Andrea Del Bene
[ANN] Apache IvyDE Retired Stefan Bodewig
[ANNOUNCE] Apache NiFi 2.0.0-M1 Released David Handermann
[ANNOUNCE] Apache POI 5.2.5 released PJ Fanning
CVE-2023-49068: Apache DolphinScheduler: Information Leakage Vulnerability Zihao Xiang
CVE-2023-48796: Apache dolphinscheduler sensitive information disclosure Zhenxu Ke
CVE-2023-43123: Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files Julien Nioche
CVE-2022-45875: Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin Wenjun Ruan
CVE-2023-37924: Apache Submarine: SQL injection from unauthorized login Xiang Chen
[ANNOUNCE] Apache APISIX 3.7.0 has been released Xin Rong
[ANNOUNCE] Apache Ratis 3.0.0 released! William Song
[ANNOUNCE] Apache Ratis 3.0.0 released William Song
[ANNOUNCE] Apache Camel 4.0.3 (LTS) Release Gregor Zurowski
[ANNOUNCE] Apache YuniKorn v1.4.0 released Wilfred Spiegelenburg
[ANN] Apache ActiveMQ 6.0.0 has been released! Jean-Baptiste Onofré
CVE-2022-46337: Apache Derby: LDAP injection vulnerability in authenticator Richard N. Hillegas
[ANNOUNCE] Apache Pekko (Incubating) Persistence DynamoDB 1.0.0 available PJ Fanning
CVE-2023-46302: Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization Xiang Chen
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.0 Christophe Bornet
[ANNOUNCE] Apache Accumulo 1.10.4 Christopher
[ANNOUNCE] Apache Commons Compress 1.25.0 Gary Gregory
[ANNOUNCE] Apache XMLBeans 5.2.0 release PJ Fanning
[ANNOUNCE] Release Apache OpenDAL incubating 0.42.0 Mingzhuo Yin
CVE-2023-26031: Privilege escalation in Apache Haoop Yarn container-executor binary on Linux systems Masatake Iwasaki
[ANNOUNCE] Apache Derby 10.17.1.0 released Richard Hillegas
[ANN] Apache Tomcat 11.0.0-M14 (alpha) available Mark Thomas
[ANN] Apache Tomcat 9.0.83 available Rémy Maucherat
[ANN] Apache Tomcat 10.1.16 available Christopher Schultz
[ANN] Apache Tomcat 8.5.96 available Christopher Schultz
[ANNOUNCE] Apache Camel 4.2.0 Released Gregor Zurowski
[ANNOUNCE] Apache Arrow 14.0.1 released Raúl Cumplido
[ANNOUNCE] Apache Airflow Python Client 2.7.3 Released Ephraim Anierobi
[ANNOUNCE] Apache UIMA uimaFIT version 3.5.0 released Richard Eckart de Castilho
[ANNOUNCE] Apache Pulsar Client C++ 3.4.0 released Yunze Xu
[ANNOUNCEMENT] Apache SkyWalking Infra E2E 1.3.0 Released Hoshea Jiang
[ANNOUNCE] Apache APISIX Ingress controller v1.7.1 released Ling Samuel
- [ANNOUNCE] Apache APISIX Ingress controller v1.7.1 released Ming Wen
[ANNOUNCE] Apache Olingo 2.0.13 has been released mibo
[ANNOUNCE] Apache Olingo 4.10.0 has been released mibo
[ANNOUNCE] Apache Airflow Providers prepared on November 08, 2023 are released Elad Kalif
- [ANNOUNCE] Apache Airflow Providers prepared on November 08, 2023 are released Elad Kalif
CVE-2023-42781: Apache Airflow: Permission verification bypass allows viewing dagruns of other dags Ephraim Anierobi
CVE-2023-47037: Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access) Ephraim Anierobi
[ANNOUNCE] Apache Shiro 1.13.0 with fix CVE-2023-46750 fpapon
[ANNOUNCE] Apache Calcite 1.36.0 released Benchao Li
[ANNOUNCE] Apache Camel 3.14.10 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Arrow ADBC 0.8.0 released David Li
CVE-2023-47248: PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file Antoine Pitrou
CVE-2023-39913: Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK: Potential untrusted code execution when deserializing certain binary CAS formats Richard Eckart de Castilho
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M18 released Timothy Bish
[ANNOUNCE] Apache Jackrabbit 2.20.13 released Julian Reschke
CVE-2023-46819: Apache OFBiz: Execution of Solr plugin queries without authentication Jacques Le Roux
[ANNOUNCE] Apache Pulsar Go Client 0.11.1 released Zike Yang
[ANNOUNCE] Apache Kyuubi released 1.8.0 Cheng Pan
[ANNOUNCE] Apache Allura 1.16.0 released, contains critical security fix Dave Brondsema
CVE-2023-46851: Apache Allura: sensitive information exposure via import Dave Brondsema
[ANNOUNCE] Apache Arrow 14.0.0 released Raúl Cumplido
[ANNOUNCE] Apache Daffodil 3.6.0 Released Steve Lawrence
[ANNOUNCE] Apache UIMA Java SDK version 3.5.0 released Richard Eckart de Castilho
[ANNOUNCE] Apache Airflow 2.7.3 Released Ephraim Anierobi
[ANNOUNCE] Apache OFBiz 18.12.09 released Jacopo Cappellato
[ANNOUNCE] Apache PDFBox 2.0.30 released Andreas Lehmkühler
[ANNOUNCE] Apache Pekko (Incubating) Connectors 1.0.1 available PJ Fanning
[ANNOUNCE] Apache bRPC 1.7.0 released Lorin Lee
[ANNOUNCE] Apache Jackrabbit FileVault 3.7.2 released Julian Reschke
[ANNOUNCE] Apache Camel 3.20.8 (LTS) Released Gregor Zurowski
[ANN] Apache TomEE 8.0.16 Richard Zowalla
[ANNOUNCE] Apache Airflow Providers prepared on October 28, 2023 are released Elad Kalif
[ANNOUNCE] Apache Pekko (Incubating) Projection 1.0.0 available PJ Fanning
[ANN] Apache Struts 2.5.x EOL Lukasz Lenart
[ANNOUNCE] Call for Presentations now open: Community over Code EU 2024 Ryan Skraba
[ANNOUNCE] Apache Qpid JMS 1.11.0 released Robbie Gemmell
[ANNOUNCE] Apache Qpid JMS 2.5.0 released Robbie Gemmell
[ANNOUNCE] Apache Camel 3.21.2 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Commons Text 1.11.0 Gary Gregory
CVE-2023-46215: Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Elad Kalif
[ANNOUNCE] Apache Camel 4.0.2 (LTS) Release Gregor Zurowski
CVE-2023-46604: Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack Christopher L. Shannon
[ANNOUNCE] Apache Commons CLI 1.6.0 Gary Gregory
[ANNOUNCE] Apache Commons IO 2.15.0 Gary Gregory
[ANN] Apache ActiveMQ 5.16.7 has been released! Jean-Baptiste Onofré
[ANN] Apache ActiveMQ 5.17.6 has been released! Jean-Baptiste Onofré
[ANN] Apache ActiveMQ 5.18.3 has been released! Jean-Baptiste Onofré
[ANN] Apache Maven 4.0.0-alpha-8 released Guillaume Nodet
[ANNOUNCE] Apache Pekko (Incubating) gRPC 1.0.1 available PJ Fanning
CVE-2023-46288: Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set Jarek Potiuk
[ANNOUNCE] Apache Geronimo TXManager 4.0.0 release fpapon
[ANNOUNCEMENT] Apache SkyWalking BanyanDB 0.5.0 Released Hongtao Gao
[ANNOUNCEMENT] Apache SkyWalking Go 0.3.0 Released han liu
[ANNOUNCE] Apache DS 2.0.0.AM27 released Emmanuel Lecharny
[ANNOUNCE] Apache Airflow Providers prepared on October 18, 2023 are released Elad Kalif
[ANNOUNCE] mod_perl-2.0.13 Steve Hay
[ANNOUNCE] Apache Solr Operator v0.8.0 released Jason Gerlowski
[ANNOUNCE] Apache Tika 2.9.1 released Tim Allison
[ANNOUNCE] Apache MINA SSHD 2.11.0 released Guillaume Nodet
[ANNOUNCE] Apache MINA SSHD 2.9.3 released Guillaume Nodet
CVE-2023-44483: Apache Santuario: Private Key disclosure in debug-log output Colm O hEigeartaigh
CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST Stefan Eissing
CVE-2023-31122: Apache HTTP Server: mod_macro buffer over-read Stefan Eissing
[ANNOUNCEMENT] Apache HTTP Server 2.4.58 Released icing
CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 Stefan Eissing
CVE-2023-25753: Server-Side Request Forgery in Apache ShenYu Zhang Yonglun
CVE-2023-46227: Apache inlong has an Arbitrary File Read Vulnerability Charles Zhang
[ANNOUNCE] Apache Beam 2.51.0 Released Kenneth Knowles
[ANNOUNCE] Apache Celeborn(incubating) 0.3.1 available Cheng Pan
[ANNOUNCE] Apache XBean 4.24 release fpapon
[ANNOUNCE] Apache Airflow Providers prepared on October 13, 2023 are released Elad Kalif
[ANNOUNCE] Release Apache DolphinScheduler 3.2.0 Jay Chung
[ANNOUNCE] Apache DolphinScheduler Python SDK 4.0.4 Released Jay Chung
[ANNOUNCE] Apache Wicket 10.0.0-M2 released Andrea Del Bene
[ANN] Apache TomEE 9.1.1 Richard Zowalla
[ANN] Apache Tomcat 8.5.95 available Christopher Schultz
[ANN] Apache Tomcat 10.1.15 available Christopher Schultz
[ANNOUNCE] Apache Airflow Python Client 2.7.2 Released Ephraim Anierobi
[ANNOUNCE] Release Apache OpenDAL(incubating) 0.41.0 Suyan
[ANNOUNCE] Apache Jackrabbit Oak 1.58.0 released Julian Reschke
CVE-2023-45757: Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability Wang Weibing
CVE-2023-43668: Apache InLong: Jdbc Connection Security Bypass in InLong Charles Zhang
CVE-2023-43666: Apache InLong: General user Unauthorized access User Management Charles Zhang
CVE-2023-43667: Apache InLong: Log Injection in Global functions Charles Zhang
[ANNOUNCE] Apache Solr 9.4.0 released Alex Deparvu
- [ANNOUNCE] Apache Solr 9.4.0 released Alex Deparvu
[ANNOUNCE] Apache IoTDB 1.2.2 released Haonan Hou
[ANN] Apache Tomcat 11.0.0-M13 (alpha) available Mark Thomas
[ANNOUNCE] Apache bRPC 1.6.1 released Lorin Lee
CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags Ephraim Anierobi
Release Apache Wayang (incubating) 0.71 Alexander Alten
- Release Apache Wayang (incubating) 0.71 Alexander Alten
CVE-2023-42792: Apache Airflow: Improper access control to DAG resources Ephraim Anierobi
CVE-2023-45348: Apache Airflow: Configuration information leakage vulnerability Ephraim Anierobi
CVE-2023-42780: Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature Ephraim Anierobi
[ANN] Apache Tomcat 9.0.82 available Rémy Maucherat
[ANNOUNCE] Apache SIS 1.4 Release Martin Desruisseaux
[ANNOUNCE] Apache Sedona 1.5.0 released Jia Yu
[ANNOUNCE] Apache Airflow 2.7.2 Released Ephraim Anierobi
[Announcement] : Apache LDAP API 2.1.5 Emmanuel Lecharny
CVE-2023-44981: Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication Andor Molnar
[ANNOUNCE] Apache Camel 4.1.0 Released Gregor Zurowski
[ANNOUNCE] Apache Jackrabbit 2.21.20 released Julian Reschke
[ANNOUNCE] Apache Kafka 3.6.0 Satish Duggana
Apache Traffic Server 9.2.3 and 8.1.9 are released Bryan Call
[SECURITY] CVE-2023-42795 Apache Tomcat - information disclosure Mark Thomas
[SECURITY] CVE-2023-45648 Apache Tomcat - Request Smuggling Mark Thomas
[SECURITY] CVE-2023-44487 Apache Tomcat - HTTP/2 DoS Mark Thomas
[SECURITY] CVE-2023-42794 Apache Tomcat - denial of service Mark Thomas
[ANN] Apache Tomcat 9.0.81 available Rémy Maucherat
[ANN] Apache Tomcat 11.0.0-M12 (alpha) available Mark Thomas
[ANN] Apache Tomcat 8.5.94 available Christopher Schultz
[ANN] Apache Tomcat 10.1.14 available Christopher Schultz
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.4.0 Christophe Bornet
[ANNOUNCE] Apache Celix 2.4.0 released Pepijn Noltes
[ANNOUNCE] Apache Pekko (Incubating) Persistence Cassandra 1.0.0 available PJ Fanning
[ANNOUNCE] Release Apache Kvrocks 2.6.0 Twice
[ANNOUNCEMENT] Apache Commons Net 3.10.0 Gary Gregory
[ANNOUNCE] Apache APISIX 3.6.0 has been released Xin Rong
[ANN] Apache Maven 3.9.5 released Slawomir Jaranowski
[ANNOUNCE] Apache HUDI 0.14.0 released Prashant Wason
[ANNOUNCE] Apache Impala 4.3.0 release Michael Smith
[ANN] Apache Tomcat Native 1.2.39 released Mark Thomas
[ANNOUNCE] Apache Airflow Helm Chart version 1.11.0 Released Jedidiah Cunningham
[ANNOUNCE] Apache Camel 3.20.7 (LTS) Released Gregor Zurowski
[ANN] Apache Syncope 3.0.5 Francesco Chicchiriccò
[ANN] Apache Tomcat Native 2.0.6 released Mark Thomas
[ANNOUNCEMENT] Apache Commons Pool 2.12.0 Phil Steitz
Apache Any23 is now retired Hervé Boutemy
[ANNOUNCEMENT] Apache Commons IO 2.14.0 Gary Gregory
[ANNOUNCE] Apache Arrow nanoarrow 0.3.0 Released Dewey Dunnington
CVE-2023-39410: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK Ryan Skraba
[ANNOUNCE] Apache Camel 3.21.1 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache POI 5.2.4 released PJ Fanning
[SECURITY] [CORRECTION] CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Authentication Bypass Christopher Schultz
[ANNOUNCE] Apache Lucene 9.8.0 released Patrick Zhai
[ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.5.0 released Jiajing LU
[ANNOUNCE] Apache Avro 1.11.3 released Ryan Skraba
[ANNOUNCEMENT] Apache SkyWalking BanyanDB Helm 0.1.0 Released Hongtao Gao
[ANNOUNCE] Apache Camel 4.0.1 Release Gregor Zurowski
[ANNOUNCEMENT] HttpComponents Core 5.2.3 GA released Oleg Kalnichevski
[ANNOUNCE] Apache Kyuubi released 1.7.3 Zhen Wang

Earlier messages