Messages by Thread
-
[ANNOUNCE] Apache Wicket 9.17.0 released
Andrea Del Bene
-
CVE-2024-24683: Apache Hop Engine: ID isn't escaped when generating HTML
Hans Van Akelyen
-
[ANNOUNCE] Release Apache SkyWalking Client JS version 0.11.0
xue fan
-
[ANN] Apache ActiveMQ 6.1.0 has been released!
Jean-Baptiste Onofré
-
[ANNOUNCE] Apache Pekko (Incubating) Sbt Paradox 1.0.1 available
Matthew de Detrich
-
[ANNOUNCE] Apache Pulsar Client C++ 3.5.0 released
Yunze Xu
-
[ANNOUNCE] Apache SDAP (incubating) 1.2.0 Released
Stepheny Perez
-
[ANN] Apache Tomcat 9.0.87 available
Rémy Maucherat
-
[ANNOUNCE] Apache YuniKorn v1.5.0 released
Wilfred Spiegelenburg
-
[ANNOUNCE] Apache PDFBox 3.0.2 released
Andreas Lehmkühler
-
CVE-2024-28752: Apache CXF SSRF Vulnerability using the Aegis databinding
Colm O hEigeartaigh
-
[ANNOUNCE] Apache Camel 4.4.1 (LTS) Released
Gregor Zurowski
-
CVE-2024-23944: Apache ZooKeeper: Information disclosure in persistent watcher handling
Andor Molnar
-
[ANNOUNCE] Apache James MIME4J 0.8.11 released
Benoit TELLIER
-
[ANNOUNCE] Apache Jackrabbit Oak 1.22.19 released
Julian Reschke
-
[ANNOUNCE] Apache Groovy 4.0.20 Released
Paul King
-
[ANNOUNCE] Apache Groovy 5.0.0-alpha-7 Released
Paul King
-
[ANNOUNCE] Apache Commons Configuration 2.10.0
Gary Gregory
-
CVE-2024-28746: Apache Airflow: Ignored Airflow Permissions
Ephraim Anierobi
-
[SECURITY] CVE-2024-23672 Apache Tomcat - Denial of Service
Mark Thomas
-
[SECURITY] CVE-2024-24549 Apache Tomcat - Denial of Service
Mark Thomas
-
CVE-2024-28098: Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Lari Hotari
-
CVE-2024-27317: Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
Lari Hotari
-
CVE-2024-27894: Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
Lari Hotari
-
CVE-2022-34321: Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
Lari Hotari
-
CVE-2024-27135: Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution
Lari Hotari
-
[ANNOUNCE] Apache Wicket 10.0.0 released
Andrea Del Bene
-
[ANNOUNCE] Apache Arrow 15.0.1 released
Raúl Cumplido
-
[ANNOUNCE] Apache Airflow 2.8.3 Released
Ephraim Anierobi
-
[ANNOUNCEMENT] HttpComponents Client 5.4-alpha2 Released
Oleg Kalnichevski
-
[ANNOUNCE] Apache Doris 2.1.0 & 2.0.5 & 1.2.8 release
ChenMingyu
-
[ANNOUNCE] Apache Pulsar 3.0.3 released
Heesung Sohn
-
CVE-2023-41313: Apache Doris: Timing Attack weakness
Mingyu Chen
-
[ANNOUNCE] Apache jclouds 2.6.0 released
Andrew Gaul
-
[ANNOUNCE] Apache Commons Compress Version 1.26.1
Gary Gregory
-
[ANNOUNCE] Apache Pulsar Go Client 0.12.1 released
Zike Yang
-
[ANNOUNCE] Apache Pulsar 3.1.3 released
Ran Gao
-
[ANNOUNCE] Apache Pulsar 2.11.4 released
Lari Hotari
-
[ANNOUNCE] Apache Pulsar 2.10.6 released
Xiangying Meng
-
[ANNOUNCE] Apache Airflow Providers prepared on March 04, 2024 are released
Elad Kalif
-
[ANNOUNCE] Release Apache Kvrocks 2.8.0
Pengbo Cai
-
[ANNOUNCE] Apache Kyuubi Shaded released 0.3.0
Cheng Pan
-
[ANNOUNCE] Apache Jackrabbit 2.20.15 released
Julian Reschke
-
ANNOUNCE] Apache Jackrabbit 2.21.25 released
Julian Reschke
-
CVE-2023-50740: Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Heping Wang
-
CVE-2024-26580: Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Charles Zhang
-
[ANNOUNCE] Apache Commons DBCP 2.12.0
Gary Gregory
-
CVE-2023-50378: Apache Ambari: Various XSS problems
Brahma Reddy Battula
-
[ANNOUNCE] Apache Groovy 3.0.21 Released
Paul King
-
[ANNOUNCE] Apache Groovy 4.0.19 Released
Paul King
-
CVE-2024-27138: Apache Archiva: disabling user registration is not effective
Arnout Engelen
-
CVE-2024-27139: Apache Archiva: incorrect authentication potentially leading to account takeover
Arnout Engelen
-
CVE-2024-27140: Apache Archiva: reflected XSS
Arnout Engelen
-
CVE-2024-26280: Apache Airflow: Overly broad default permissions for Viewer/Ops (audit logs)
Ephraim Anierobi
-
[ANNOUNCE] Release Apache Groovy 5.0.0-alpha-6
Paul King
-
[ANNOUNCE] Apache flink-connector-parent 1.1.0 released
Etienne Chauchot
-
[ANNOUNCE] Apache Shiro 2.0.0 release
fpapon
-
CVE-2024-27906: Apache Airflow: Dag Code and Import Error Permissions Ignored
Ephraim Anierobi
-
[ANNOUNCE]
fpapon
-
CVE-2024-25065: Apache OFBiz: Path traversal allowing authentication bypass.
Jacques Le Roux
-
[ANNOUNCE] Apache OFBiz 18.12.12 released
Jacopo Cappellato
-
CVE-2024-25128: Apache Airlfow Vulnerability: custom, long deprecated OpenID (NOT OIDC)
Jarek Potiuk
-
CVE-2024-26016: Apache Superset: Improper authorization validation on dashboards and charts import
Daniel Gaspar
-
CVE-2024-24779: Apache Superset: Improper data authorization when creating a new dataset
Daniel Gaspar
-
CVE-2024-24772: Apache Superset: Improper Neutralisation of custom SQL on embedded context
Daniel Gaspar
-
CVE-2024-24773: Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Daniel Gaspar
-
CVE-2024-27315: Apache Superset: Improper error handling on alerts
Daniel Gaspar
-
[ANNOUNCE] Apache Pekko 1.0.3-M1 released
Arnout Engelen
-
[ANNOUNCE] Apache Kafka 3.7.0
Stanislav Kozlovski
-
CVE-2023-50380: Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server
Brahma Reddy Battula
-
CVE-2024-21742: Apache James Mime4J: Mime4J DOM header injection
Benoit Tellier
-
[ANNOUNCE] Apache Pulsar Helm Chart version 3.3.0 Released
Lari Hotari
-
CVE-2023-51747: SMTP smuggling in Apache James
Benoit Tellier
-
CVE-2024-27905: Apache Aurora: padding oracle can allow construction an authentication cookie
Arnout Engelen
-
[ANNOUNCE] Apache Airflow Providers prepared on February 23, 2024 are released
Elad Kalif
-
CVE-2023-50379: Apache Ambari: authenticated users could perform command injection to perform RCE
Brahma Reddy Battula
-
[ANNOUNCE] Apache Commons BCEL 3.8.2
Gary Gregory
-
[ANNOUNCE] Apache Jackrabbit 2.21.25 released
Julian Reschke
-
CVE-2023-51518: Apache James server: Privilege escalation via JMX pre-authentication deserialisation
Benoit Tellier
-
[ANNOUNCE] Apache Airflow 2.8.2 Released
Ephraim Anierobi
-
[ANNOUNCE] Apache James MIME4J 0.8.10 released
Benoit TELLIER
-
[ANNOUNCE] Apache James 3.8.1 released
Benoit TELLIER
-
[ANNOUNCE] Apache James 3.7.5 released
Benoit TELLIER
-
CVE-2024-23320: Apache DolphinScheduler: Arbitrary js execution as root for authenticated users
Jiajie Zhong
-
[ANNOUNCE] Apache Arrow ADBC 0.10.0 released
David Li
-
CVE-2024-26578: Apache Answer: Repeated submission at registration created duplicate users with the same name
Enxin Xie
-
CVE-2024-22393: Apache Answer: Pixel Flood Attack by uploading the large pixel file
Enxin Xie
-
[ANNOUNCE] Apache NetBeans 21 released
Geertjan Wielenga
-
CVE-2024-23349: Apache Answer: XSS vulnerability when submitting summary
Enxin Xie
-
[ANNOUNCE] Apache Log4j 3.0.0-beta2 released
Piotr P. Karwasz
-
[ANNOUNCE] Apache Log4j 2.23.0 released
Piotr P. Karwasz
-
[ANNOUNCE] Apache Kyuubi 1.8.1 is available
Cheng Pan
-
[ANNOUNCE] Apache Accumulo Access 1.0.0-beta release
Dominic Garguilo
-
CVE-2024-25141: Apache Airflow Mongo Provider: Certificate validation isn't respected even if SSL is enabled for apache-airflow-providers-mongo
Elad Kalif
-
[ANNOUNCE] Apache Airflow Providers prepared on February 19, 2024 are released
Elad Kalif
-
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.3
Chris Bono
-
[ANNOUNCE] Apache Lucene 9.10.0 released
Adrien Grand
-
[ANNOUNCE] Apache PLC4X 0.12.0 released
Christofer Dutz
-
CVE-2023-49109: Remote Code Execution in Apache Dolphinscheduler
Jiajie Zhong
-
CVE-2023-50270: Apache DolphinScheduler: Session do not expire after password change
Jiajie Zhong
-
CVE-2023-51770: Apache DolphinScheduler: Arbitrary File Read Vulnerability
Jiajie Zhong
-
CVE-2023-49250: Apache DolphinScheduler: Insecure TLS TrustManager used in HttpUtil
Jiajie Zhong
-
[ANNOUNCE] Apache TsFile 1.0.0 released
Haonan Hou
-
[ANNOUNCE] Release Apache SeaTunnel 2.3.4
Yao Zhou
-
[ANN] Apache Tomcat 8.5.99 Available
Christopher Schultz
-
https://camel.apache.org/security/CVE-2024-23114.html: CVE-2024-23114: Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository
Andrea Cosentino
-
https://camel.apache.org/security/CVE-2024-22369.html: CVE-2024-22369: Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository
Andrea Cosentino
-
[ANN] Apache Tomcat 9.0.86 available
Rémy Maucherat
-
[ANNOUNCE] Apache Commons Compress 1.26.0
Gary Gregory
-
CVE-2024-26308: Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Gary D. Gregory
-
CVE-2024-25710: Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Gary D. Gregory
-
[ANNOUNCE] Apache Airflow Providers prepared on February 17, 2024 are released
Elad Kalif
-
[ANNOUNCE] Apache Camel 4.4.0 (LTS) Released
Gregor Zurowski
-
CVE-2024-23807: Apache Xerces C++: Use-after-free on external DTD scan
Arnout Engelen
-
[ANNOUNCE] Apache Airflow Providers prepared on February 12, 2024 are released
Elad Kalif
-
Apache Giraph is now retired
Hervé Boutemy
-
[ANNOUNCE] Beam 2.54.0 Released
Robert Burke
-
CVE-2023-50292: Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users
Houston Putman
-
Apache MXNet is now retired
Hervé Boutemy
-
[ANNOUNCEMENT] HttpComponents Core 5.3-alpha2 released
Oleg Kalnichevski
-
CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104)
Daniel Gaspar
-
[ANN] Apache Tomcat Native 1.3.0 released
Mark Thomas
-
[ANN] Apache Tomcat Native 2.0.7 released
Mark Thomas
-
[ANNOUNCE] Apache Solr 9.5.0 released
Jason Gerlowski
-
[ANNOUNCE] Apache Arrow nanoarrow 0.4.0 Released
Dewey Dunnington
-
[ANNOUNCE] Apache Qpid Broker-J 9.2.0 released
Tomas Vavricka
-
[ANNOUNCE] Apache Commons Codec 1.16.1
Gary Gregory
-
CVE-2023-50291: Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords
Houston Putman
-
CVE-2023-50298: Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions
Houston Putman
-
CVE-2023-50386: Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Houston Putman
-
[ANNOUNCE] Apache Pekko (Incubating) HTTP 1.0.1 available
PJ Fanning
-
[ANNOUNCE] Apache Solr 8.11.3 released
Houston Putman
-
[ANNOUNCE] Apache Lucene 8.11.3 released
Houston Putman
-
[ANNOUNCE] Apache Jackrabbit 2.21.23 released
Julian Reschke
-
[ANNOUNCE] Apache UIMA Ruta v3.4.1 released
Richard Eckart de Castilho
-
CVE-2024-23452: Apache bRPC: HTTP request smuggling vulnerability
Wang Weibing
-
CVE-2023-39196: Apache Ozone: Missing mutual TLS authentication in one of the service internal Ozone Storage Container Manager endpoints
István Fajth
-
[ANNOUNCE] Apache flink-connector-kafka v3.1.0 released
Martijn Visser
-
CVE-2023-51437: Apache Pulsar: Timing attack in SASL token signature verification
Michael Marshall
-
[ANNOUNCE] Apache Pulsar Node.js client 1.10.0 released
Baodi Shi
-
[ANNOUNCE] Apache Celeborn(incubating) 0.4.0 available
Fu Chen
-
[ANNOUNCE] Apache Fineract 1.9.0 Release
Aleksandar Vidakovic
-
[Announcement] : Apache LDAP API 2.1.6
Emmanuel Lecharny
-
CVE-2024-23673: Apache Sling Servlets Resolver: Malicious code execution via path traversal
Carsten Ziegeler
-
[ANNOUNCE] Apache bRPC 1.8.0 released
Weibing Wang
-
[ANNOUNCE] OpenNLP 2.3.2 released
Richard Zowalla
-
[ANNOUNCE] Apache Airflow Providers prepared on January 30, 2024 are released
Elad Kalif
-
[ANNOUNCE] Apache Storm 2.6.1 Released
Richard Zowalla
-
[ANNOUNCE] Apache Camel 4.0.4 (LTS) Release
Gregor Zurowski
-
[ANNOUNCE] MyFaces Core v4.0.2 Release
Volodymyr Siedlecki
-
CVE-2023-44312: Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server
liubao
-
CVE-2023-44313: Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API
liubao
-
[ANNOUNCE] Release Apache Traffic Control 8.0.0
R S
-
[ANNOUNCE] Apache Geronimo Arthur 1.0.8 release
fpapon
-
[ANNOUNCE] Apache Camel 3.22.1 (LTS) Released
Gregor Zurowski
-
[ANNOUNCE] Apache Camel 3.21.4 (LTS) Released
Gregor Zurowski
-
[ANNOUNCE] Apache NiFi 2.0.0-M2 Released
David Handermann
-
[ANNOUNCE] MyFaces Core v4.1.0-RC1 Release
Volodymyr Siedlecki
-
[ANNOUNCE] Apache Lucene 9.9.2 released
Chris Hegarty
-
CVE-2023-29055: Apache Kylin: Insufficiently protected credentials in config file
Li Yang
-
[ANNOUNCE] Apache Pulsar Go Client 0.12.0 released
Zike Yang
-
[ANNOUNCE] Apache Creadur RAT 0.16.1 released
P. Ottlinger
-
[ANNOUNCE] Apache Airflow Providers prepared on January 26, 2024 are released
Jarek Potiuk
-
[ANNOUNCE] Apache Pekko (Incubating) Connectors 1.0.2 available
PJ Fanning
-
[ANNOUNCE] Apache Pulsar Helm Chart version 3.2.0 Released
Lari Hotari
-
[ANNOUNCEMENT] HttpComponents Client 5.3.1 GA Released
Oleg Kalnichevski
-
CVE-2023-50944: Apache Airflow: Bypass permission verification to read code of other dags
Ephraim Anierobi
-
CVE-2023-50943: Apache Airflow: Potential pickle deserialization vulnerability in XComs
Ephraim Anierobi
-
CVE-2023-51702: Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
Ephraim Anierobi
-
CVE-2023-49657: Apache Superset: Stored XSS in Dashboard Title and Chart Title
Daniel Gaspar
-
[ANNOUNCE] Apache Arrow 15.0.0 released
Raúl Cumplido
-
[ANNOUNCE] Release Apache OpenDAL 0.44.2
Manjusaka
-
[ANNOUNCE] Apache UIMA Ruta v3.4.0 released
Richard Eckart de Castilho
-
[ANNOUNCE] Apache Airflow 2.8.1 Released
Ephraim Anierobi
-
[ANNOUNCE] Apache Groovy 5.0.0-alpha-5 Released
Paul King
-
[ANNOUNCE] Apache HBase 3.0.0-beta-1 is now available for download
Duo Zhang
-
[SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure
Mark Thomas
-
[ANNOUNCE] Apache Directory SCIMple 1.0.0-M1 released
Brian Demers
-
[ANNOUNCE] Apache Groovy 4.0.18 Released
Paul King
-
[ANNOUNCE] Apache Solr 9.4.1 released
David Smiley
-
[ANN] Apache Maven 4.0.0-alpha-12 released
Guillaume Nodet
-
[ANNOUNCE] Apache MINA SSHD 2.12.0 released
Guillaume Nodet
-
[ANNOUNCE] Apache Sedona 1.5.1 released
Jia Yu
-
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.2
Chris Bono
-
[ANNOUNCE] Apache APISIX 3.8.0 has been released
Xin Rong
-
CVE-2023-46226: Apache IoTDB: Remote Code Execution (RCE) risk via the UDF
Haonan Hou
-
[ANNOUNCE] Apache Commons BCEL 6.8.1
Gary Gregory
-
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M19
Timothy Bish
-
CVE-2023-50290: Apache Solr: Host environment variables are published via the Metrics API
Houston Putman
-
CVE-2023-46749: Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting
Brian Demers
-
[ANN] Apache Cocoon 2.1 and 3.0 retired
Cédric Damioli
-
[ANNOUNCE] Apache Jackrabbit 2.20.14 released
Julian Reschke
-
[ANN] Apache Karaf OSGi Runtime 4.4.5 has been released!
Jean-Baptiste Onofré
-
[ANNOUNCE] Apache Airflow Providers prepared on January 07, 2024 are released
Elad Kalif
-
CVE-2023-49619: Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions.
Enxin Xie
-
[ANN] Apache Tomcat 9.0.85 available
Rémy Maucherat
-
[ANN] Apache Tomcat 11.0.0-M16 (alpha) available
Mark Thomas
-
Apache Tomcat 8.5.98 Available
Christopher Schultz
-
Apache Tomcat 10.1.18 Available
Christopher Schultz