announce

Messages by Thread

[ANNOUNCE] Apache Commons Exec 1.5.0 Gary Gregory
[ANNOUNCE] Apache Pulsar 4.0.5 released Lari Hotari
[ANNOUNCE] Apache Pulsar 3.3.7 released Lari Hotari
[ANNOUNCE] Apache Pulsar 3.0.12 released Lari Hotari
[ANNOUNCE] Apache NetBeans 26 Released Eric Barboni
[ANNOUNCE] Apache Jackrabbit Apache Jackrabbit Oak 1.80 released Julian Reschke
[ANNOUNCE] Apache Pulsar Client C++ 3.7.1 released Yunze Xu
[ANNOUNCE] Apache Kyuubi Shaded v0.5.0 is available Cheng Pan
[ANNOUNCE] Apache Airflow Providers prepared on May 20, 2025 are released Elad Kalif
[ANNOUNCE] Apache Kafka 3.9.1 TengYao Chi
[ANNOUNCE] Apache Arrow 20.0.0 released Jacob Wujciak
[ANNOUNCE] Apache bRPC 1.13.0 released Lorin Lee
[ANNOUNCE] Apache Airflow Providers prepared on May 14, 2025 are released Elad Kalif
[ANNOUNCE] Apache Pekko HTTP 1.2.0 released PJ Fanning
[ANNOUNCEMENT] Apache Portable Runtime 1.7.6 Released minfrin
[ANNOUNCE] Apache Pekko Persistence JDBC 1.1.1 released PJ Fanning
[ANNOUNCE] Apache Pulsar Client Python 3.7.0 released Baodi Shi
CVE-2025-26864: Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication Haonan Hou
CVE-2025-26795: Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver Haonan Hou
CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function Haonan Hou
Apache Beam 2.65.0 Released Yi Hu
[ANNOUNCE] Apache Beam 2.65.0 Released Yi Hu
CVE-2025-47436: Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression Dongjoon Hyun
[ANN] Apache Tomcat 9.0.105 available Rémy Maucherat
[ANNOUNCE] Apache log4net 3.1.0 released Jan Friedrich
[ANN] Apache Tomcat 10.1.41 Available Christopher Schultz
CVE-2025-27696: Apache Superset: Improper authorization leading to resource ownership takeover Daniel Gaspar
[ANNOUNCE] Apache Airflow Providers prepared on May 08, 2025 are released Elad Kalif
[ANNOUNCE] Apache Camel 4.8.7 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Arrow Go v18.3.0 Released Matt Topol
CVE-2025-46392: Apache Commons Configuration: StackOverflowError loading untrusted configuration Arnout Engelen
[ANNOUNCE] Apache Airflow Providers prepared on May 05, 2025 are released Elad Kalif
[ANNOUNCE] Release Apache Kvrocks 2.12.1 hulk
[ANNOUNCE] Apache Gravitino (incubating) 0.9.0 available roryqi
[ANNOUNCE] Apache YuniKorn v1.6.3 released Wilfred Spiegelenburg
CVE-2025-27533: Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation Christopher L. Shannon
[ANNOUNCE] Apache CouchDB 3.5.0 released Jan Lehnardt
[ANNOUNCE] Apache Arrow ADBC 18 Released David Li
[ANNOUNCE] Apache Tika 2.9.4 released Tim Allison
[ANNOUNCE] Apache ShenYu 2.7.0.1 available Hongyu Liu
[ANNOUNCE] Apache Ozone 2.0.0 Wei-Chiu Chuang
[ANNOUNCE] Apache Pekko Management 1.1.1 released Arnout Engelen
[ANNOUNCE] Apache Pulsar Helm Chart version 4.0.1 Released Lari Hotari
CVE-2025-46762: Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata Gang Wu
[ANNOUNCE] Apache PDFBox 3.0.5 released Andreas Lehmkühler
[ANNOUNCE] Apache NiFi 2.4.0 Released Pierre Villard
[ANNOUNCE] Apache Lucene 10.2.1 released Chris Hegarty
[ANNOUNCE] Apache Commons Imaging 1.0.0-alpha6 Gary Gregory
[ANNOUNCE] Apache Camel 4.10.4 (LTS) Released Gregor Zurowski
Apache Mnemonic is now retired Hervé Boutemy
Apache Gora is now retired Hervé Boutemy
[ANNOUNCEMENT] Apache Commons Configuration 2.12.0 Rob Tompkins
[ANNOUNCE] Apache Airflow Providers prepared on April 28, 2025 are released Elad Kalif
[SECURITY] CVE-2025-31651 Apache Tomcat - Rewrite rule bypass Mark Thomas
[SECURITY] CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header Mark Thomas
[ANNOUNCEMENT] HttpComponents Client 5.4.4 GA Released Oleg Kalnichevski
[ANNOUNCE] Apache Airflow Providers prepared on April 24, 2025 are released Elad Kalif
[ANNOUNCEMENT] Apache SkyWalking Go 0.6.0 Released han liu
[ANNOUNCE] Apache Wicket 10.5.0 released Andrea Del Bene
[ANNOUNCE] Apache Wicket 9.21.0 released Andrea Del Bene
[ANNOUNCE] Apache PDFBox 2.0.34 released Andreas Lehmkühler
The Apache Software Foundation (ASF) welcomes 45 new Members Brian Proffitt
[ANNOUNCE] Apache Pulsar Go Client 0.15.0 released Zike Yang
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.2.3 released David Jensen
[ANNOUNCE] Apache Commons Collections 4.5.0 Gary Gregory
[ANNOUNCE] Apache SystemDS 3.3.0 Janardhan
- [ANNOUNCE] Apache SystemDS 3.3.0 Janardhan
[ANNOUNCE] Apache flink-connector-jdbc 3.3.0 & 4.0.0 released Hang Ruan
[ANNOUNCE] Release Apache Kvrocks 2.12.0 hulk
CVE-2025-26413: Apache Kvrocks: The server was crashed by the negative offset Hulk Lin
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.6.0 Chris Bono
[ANNOUNCE] Apache Airflow Providers prepared on April 20, 2025 are released Elad Kalif
[ANNOUNCE] Apache Airflow Providers prepared on April 16, 2025 are released Elad Kalif
[ANNOUNCE] Apache Commons JXPath 1.4.0 Gary Gregory
CVE-2025-29953: Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass Arnout Engelen
[ANNOUNCE] Apache IoTDB 2.0.2 released Haonan Hou
[ANNOUNCE] Apache IoTDB 1.3.4 released Haonan Hou
[ANNOUNCE] OpenNLP 2.5.4 released Martin Wiesner
CVE-2024-56736: Apache HertzBeat (incubating): Server-Side Request Forgery (SSRF) in Api Config Oss Chao Gong
[ANNOUNCE] Apache TsFile 2.0.2 released Haonan Hou
[ANNOUNCE] Apache TsFile 1.1.1 released Haonan Hou
[ANNOUNCE] Apache Airflow Providers prepared on April 10, 2025 are released Elad Kalif
[ANNOUNCE] Apache Commons IO 2.19.0 Gary Gregory
CVE-2025-32896: Apache SeaTunnel: Unauthenticated insecure access Hailin Wang
CVE-2025-24859: Apache Roller: Insufficient Session Expiration on Password Change David M. Johnson
[ANNOUNCE] Apache Commons Text 1.13.1 Gary Gregory
[ANN] Apache Tomcat 11.0.6 Available Mark Thomas
[ANNOUNCE] Apache Lucene 10.2.0 released Ignacio Vera
[ANN] Apache Tomcat 9.0.104 available Rémy Maucherat
[ANNOUNCE] Apache Geronimo XBean 4.27 released Francois Papon
CVE-2025-27391: Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log Domenico Francesco Bruscino
[ANNOUNCE] Apache Airflow Providers prepared on April 06, 2025 are released Elad Kalif
[ANNOUNCE] Apache Pulsar 3.3.6 released Lari Hotari
[ANNOUNCE] Apache Pulsar 4.0.4 released Lari Hotari
[ANNOUNCE] Apache Pulsar 3.0.11 released Lari Hotari
CVE-2025-30677: Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors Lari Hotari
[ANN] Apache Causeway version 3.3.0 Released Dan Haywood
CVE-2025-31672: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names PJ Fanning
[ANNOUNCE] Apache Jackrabbit Oak 1.78.0 released Julian Reschke
[ANNOUNCE] Apache OFBiz 24.09.01 released Nicolas Malin
[ANNOUNCE] Apache POI 5.4.1 release PJ Fanning
Apache Cocoon is now retired Hervé Boutemy
[ANN] Apache OpenJPA 4.1.0 Francesco Chicchiriccò
[ANNOUNCE] Apache Commons CSV 1.14.0 Gary Gregory
CVE-2025-30474: Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message Gary D. Gregory
CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Elad Kalif
Apache Oozie is now retired Hervé Boutemy
Apache Pivot is now retired Hervé Boutemy
Apache Beam 2.64.0 Released! XQ Hu
[ANNOUNCE] Apache Camel 4.11.0 Released Gregor Zurowski
[ANNOUNCE] Release Apache SkyWalking Client JS version 1.0.0 xue fan
[ANNOUNCE] Apache Traffic Server 10.0.5 Release Chris McFarlen
[ANNOUNCE] Apache Airflow Helm Chart version 1.16.0 Released Jedidiah Cunningham
[ANNOUNCE] Apache OFBiz 18.12.19 released Nicolas Malin
CVE-2025-30676: Apache OFBiz: Stored XSS Vulnerability Jacques Le Roux
[ANNOUNCE] Apache Camel 4.8.6 (LTS) Released Gregor Zurowski
CVE-2025-30177: Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering Andrea Cosentino
CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. Enxin Xie
CVE-2025-30065: Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata Gang Wu
CVE-2025-27427: Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission Justin Bertram
[ANNOUNCE] Apache Airflow Providers prepared on March 26, 2025 are released Elad Kalif
[ANNOUNCE] Apache Camel 4.10.3 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Jackrabbit Filevault 3.8.4 released Julian Reschke
[ANN] Apache TomEE 10.0.1 Richard Zowalla
[ANNOUNCEMENT] HttpComponents Client 5.4.3 GA Released Oleg Kalnichevski
[ANNOUNCE] Apache Jackrabbit Oak 1.22.22 released Julian Reschke
CVE-2025-30067: Apache Kylin: The remote code execution via jdbc url Li Yang
CVE-2024-48944: Apache Kylin: SSRF vulnerability in the diagnosis api Li Yang
[ANNOUNCE] Apache Iceberg Go Release v0.2.0 Matt Topol
[ANNOUNCE] Apache Solr Operator v0.9.1 released Jason Gerlowski
[ANNOUNCE] release of Apache VCL 2.5.2 Josh Thompson
CVE-2024-53678: Apache VCL: SQL injection vulnerability in New Block Allocation form Josh Thompson
CVE-2024-53679: Apache VCL: XSS vulnerability in User Lookup impacting user privileges Josh Thompson
[ANNOUNCE] Apache Answer v1.4.5 available Luffy
[ANNOUNCE] Apache StormCrawler (Incubating) 3.3.0 released Tim Allison
CVE-2025-27553: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT Gary D. Gregory
[ANN] Apache ActiveMQ Classic 5.17.7 has been released! Jean-Baptiste Onofré
[ANN] Apache ActiveMQ Classic 5.18.7 has been released! Jean-Baptiste Onofré
[ANN] Apache ActiveMQ Classic 5.16.8 has been released! Jean-Baptiste Onofré
CVE-2025-26796: Apache Oozie: XSS in Oozie Web Console Arnout Engelen
[ANNOUNCEMENT] HttpComponents Core 5.3.4 GA released Oleg Kalnichevski
CVE-2025-27888: Apache Druid: Server-Side Request Forgery and Cross-Site Scripting Adarsh Sanjeev
CVE-2024-54016: compression bomb attack in Apache Seata Server Min Ji
CVE-2024-47552: Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server Min Ji
CVE-2025-27018: Apache Airflow MySQL Provider: SQL injection in MySQL provider core function Elad Kalif
[ANNOUNCE] Apache YuniKorn v1.6.2 released Wilfred Spiegelenburg
[ANNOUNCE] Apache Kafka 4.0.0 David Jacot
[ANNOUNCE] Apache CouchDB 3.4.3 released Jan Lehnardt
[ANNOUNCE] Apache Arrow Go v18.2.0 Released Matt Topol
[ANNOUNCE] Apache BVal 3.0.2 Markus Jung
[ANNOUNCE] Apache Calcite 1.39.0 released Stamatis Zampetakis
[ANNOUNCE] Apache James JSPF 1.0.5 released Rene Cordier
[ANNOUNCE] Apache Geronimo Java Mail 2.1_1.0.1 Francois Papon
[ANN] Apache Maven Daemon 2.0.0-rc-3 released Guillaume Nodet
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.2.1 released David Jensen
[ANNOUNCE] Apache Pulsar Helm Chart version 4.0.0 Released Lari Hotari
[ANN] Apache Maven 4.0.0-rc-3 released Guillaume Nodet
[ANNOUNCE] Apache Airflow Providers prepared on March 09, 2025 are released Elad Kalif
[ANNOUNCE] Apache James JDKIM 0.4 released Rene Cordier
FELIX-6753: CVE-2025-27867: Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin Carsten Ziegeler
CVE-2025-29891: Apache Camel: Camel Message Header Injection through request parameters Andrea Cosentino
[ANNOUNCE] Apache Pulsar Node.js client 1.13.1 released Baodi Shi
[ANNOUNCE] Apache Solr 9.8.1 released Houston Putman
[ANN] Apache Syncope 4.0.0-M1 Francesco Chicchiriccò
[SECURITY] CVE-2025-24813 Potential RCE and/or information disclosure and/or information corruption with partial PUT Mark Thomas
[ANN] Apache Syncope 3.0.11 Francesco Chicchiriccò
[ANN] Apache ActiveMQ Classic 5.19.0 has been released! Jean-Baptiste Onofré
CVE-2025-27017: Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record Pierre Villard
[ANNOUNCE] Apache NiFi 2.3.0 Released Pierre Villard
[ANN] Apache ActiveMQ Classic 6.1.6 has been released! Jean-Baptiste Onofré
Fwd: Announcing Fineract Release 1.11.0 James Dailey
[ANNOUNCE] Apache Camel 3.22.4 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Camel 4.10.2 (LTS) Released Gregor Zurowski
CVE-2025-27636: Apache Camel: Camel Message Header Injection via Improper Filtering Andrea Cosentino
[ANNOUNCE] Apache Pulsar Client Python 3.6.1 released Yunze Xu
[ANNOUNCE] Apache Camel 4.8.5 (LTS) Released Gregor Zurowski
CVE-2025-26865: Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE Jacques Le Roux
[ANNOUNCE] Apache OFBiz 18.12.18 released Jacopo Cappellato
[ANNOUNCE] Apache Pekko Projection 1.1.0 released PJ Fanning
[ANNOUNCE] Apache Arrow ADBC 17 Released David Li
[ANNOUNCE] Apache Curator 5.8.0 released tison
[ANN] Apache Tomcat 9.0.102 available Rémy Maucherat
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.2.0 released David Jensen
[ANNOUNCE] Apache Traffic Server 10.0.4 Release Chris McFarlen
[ANN] Apache Struts 6.7.4 Lukasz Lenart
[ANNOUNCE] Apache Calcite Avatica Go 5.4.0 released Francis Chuang
[ANNOUNCE] Apache Pulsar Node.js client 1.13.0 released Baodi Shi
[ANNOUNCE] Apache Camel 4.10.1 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Camel 4.8.4 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Impala 4.5.0 release Peter Rozsa
[ANNOUNCEMENT] Apache CloudStack 4.19.2.0 release Daan Hoogland
CVE-2024-55532: Apache Ranger: Improper Neutralization of Formula Elements in a CSV File Velmurugan Periasamy
CVE-2024-24778: Apache StreamPipes: Resources Permission Escalation Philipp Zehnder
[ANN] Apache Struts 7.0.3 Lukasz Lenart
[ANNOUNCE] Apache log4cxx 1.4.0 released Stephen Webb
[ANNOUNCE] Apache Gluten (Incubating) 1.2.0 available WeitingChen
[ANNOUNCE] Apache Qpid Broker-J 9.2.1 released Tomas Vavricka
[ANNOUNCE] Apache Gluten (Incubating) 1.3.0 available WeitingChen
[ANNOUNCE] Apache Pulsar 3.3.5 released Lari Hotari
[ANNOUNCE] Apache Doris 3.0.4 release ChenMingyu

Earlier messages