announce

Messages by Thread

[ANNOUNCE] Apache Airflow Providers prepared on 2025-12-30 are released Shahar Epstein
Apache Commons Pool 2.13.1 Gary Gregory
[ANNOUNCE] Apache Kyuubi v1.10.3 is available Akira Ajisaka
[ANNOUNCE] Apache Camel 4.14.3 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Kyuubi v1.11.0 is available Cheng Pan
[ANNOUNCE] Apache EventMesh 1.12.0 available mikexue
[ANNOUNCE] Apache TsFile 2.2.0 released Haonan Hou
CVE-2025-48769: Apache NuttX RTOS: fs/vfs/fs_rename: use after free Tomasz Cedro
CVE-2025-48768: Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal Tomasz Cedro
[ANNOUNCE] Apache Pulsar Node.js client 1.16.0 released Baodi Shi
CVE-2025-47411: Apache StreamPipes: Leverage of User ID for Privilege Escalation Philipp Zehnder
[ANNOUNCE] Apache CloudStack Kubernetes Provider v1.2.0 Vishesh
[ANNOUNCE] Apache Gravitino 1.1.0 is available Qi Yu
CVE-2025-68637: : Insecure SSL Configuration in Uniffle HTTP Client roryqi
[ANNOUNCE] Apache TsFile 1.1.3 released Haonan Hou
[ANNOUNCEMENT] HttpComponents Client 5.6 GA Released Oleg Kalnichevski
[ANNOUNCEMENT] HttpComponents Client 5.5.2 GA Released Oleg Kalnichevski
[ANNOUNCE] Apache Pekko Persistence JDBC 1.2.0 released PJ Fanning
[ANNOUNCE] Apache Mynewt 1.14.0 and Apache Mynewt NimBLE 1.9.0 released Szymon Janc
[ANNOUNCE] Apache NiFi 2.7.2 Released David Handermann
CVE-2025-66524: Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor David Handermann
CVE-2025-68161: Apache Log4j Core: Missing TLS hostname verification in Socket appender Piotr Karwasz
[ANNOUNCEMENT] HttpComponents Core 5.4 GA released Oleg Kalnichevski
[ANN] Apache Maven 3.9.12 released Slawomir Jaranowski
[ANNOUNCEMENT] Commons Daemon 1.5.1 Released Mark Thomas
[ANNOUNCE] Apache Commons DBCP 2.14.0 Gary Gregory
[ANNOUNCE] Apache StreamPipes 0.98.0 Philipp Zehnder
[ANNOUNCE] Apache Pekko Management 1.2.0 released PJ Fanning
CVE-2025-67895: Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2 Jarek Potiuk
[ANNOUNCE] Apache TomEE 10.1.3 Richard Zowalla
[ANNOUNCE] Apache log4cxx 1.6.0 released Stephen Webb
[ANNOUNCE] Apache Airflow Providers prepared on 2025-12-09 are released Jarek Potiuk
[ANNOUNCE] Apache Camel 4.10.8 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache HBase Operator Tools 1.3.0 is now available for download Duo Zhang
[ANNOUNCE] Apache Qpid Broker-J 10.0.1 released Tomas Vavricka
[ANNOUNCE] Apache NiFi 2.7.1 Released David Handermann
[ANNOUNCE] Apache Airflow 3.1.5 Released Ephraim Anierobi
[ANNOUNCE] Apache Pekko (Core) 1.4.0 released PJ Fanning
CVE-2025-54947: Apache StreamPark: Use hard-coded key vulnerability Huajie Wang
[ANNOUNCE] Apache Pulsar Client C++ 4.0.0 released Yunze Xu
CVE-2025-65995: Apache Airflow: Disclosure of secrets to UI via kwargs Ephraim Anierobi
CVE-2025-66388: Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI Ephraim Anierobi
CVE-2025-58137: Apache Fineract: IDOR via self-service API Adam Monsen
CVE-2025-58130: Apache Fineract: Server Key not masked Adam Monsen
CVE-2025-23408: Apache Fineract: weak password policy Adam Monsen
[ANNOUNCE] Apache OpenNLP 2.5.7 released Richard Zowalla
[ANNOUNCE] Apache Jackrabbit 2.23.3-beta released Julian Reschke
[ANNOUNCE] Apache Airflow 3.1.4 Released Ephraim Anierobi
[ANN] CVE-2025-66675: Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - version ranges fixed Lukasz Lenart
[ANNOUNCE] Apache Commons Pool 2.13.0 Gary Gregory
[ANNOUNCE] Apache SedonaDB 0.2.0 released Dewey Dunnington
CVE-2025-26866: Apache HugeGraph-Server: RAFT and deserialization vulnerability VGalaxies
- CVE-2025-26866: Apache HugeGraph-Server: RAFT and deserialization vulnerability VGalaxies
[ANN] Apache Tomcat 10.1.50 Available Christopher Schultz
[ANN] Apache Tomcat 11.0.15 Available Mark Thomas
[ANNOUNCE] Apache Commons Text 1.15.0 Gary Gregory
[ANN] Apache Tomcat 9.0.113 available Rémy Maucherat
[ANNOUNCE] Apache Fory 0.13.2 released Shawn Yang
CVE-2025-66516: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected Tim Allison
[ANNOUNCEMENT] Apache HTTP Server 2.4.66 Released covener
CVE-2025-66200: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo Eric Covener
CVE-2025-65082: Apache HTTP Server: CGI environment variable override Eric Covener
CVE-2025-59775: Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF Eric Covener
CVE-2025-58098: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... Eric Covener
CVE-2025-55753: Apache HTTP Server: mod_md (ACME), unintended retry intervals Eric Covener
[ANNOUNCE] Apache Flink 2.2.0 released Hang Ruan
CVE-2025-53960: Apache StreamPark: Use the user’s password as the secret key Vulnerability Huajie Wang
Apache Derby is now retired Richard Hillegas
[ANNOUNCE] Apache Groovy 5.0.3 Released Paul King
[ANNOUNCE] Apache Teaclave™ TrustZone SDK 0.7.0 Released Yuan Zhuang
[ANNOUNCE] Apache Commons Exec 1.6.0 Gary Gregory
[ANNOUNCE] Apache Airflow Providers prepared on 2025-12-01 are released Jens Scheffler
[ANNOUNCE] Apache OFBiz 24.09.04 released Jacopo Cappellato
[ANNOUNCE] Apache Grails 7.0.4 James Daugherty
[ANN] CVE-2025-64775: Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - S2-068 Lukasz Lenart
- Re: [ANN] CVE-2025-64775: Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - S2-068 Lukasz Lenart
[ANNOUNCE] Grails Publish Gradle Plugin 0.0.3 James Daugherty
[ANNOUNCE] Apache POI 5.5.1 release PJ Fanning
ANNOUNCE: Emmanuel Lecharny
ANNOUNCE: Apache MINA 2.2.5 released Emmanuel Lecharny
[ANNOUNCE] Apache Airflow Providers prepared on 2025-11-27 are released Jens Scheffler
- [ANNOUNCE] Apache Airflow Providers prepared on 2025-11-27 are released Jens Scheffler
CVE-2025-59789: Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser Wang Weibing
CVE-2025-59792: Apache Kvrocks: MONITOR command reveals plaintext credentials to non-admins Hulk Lin
CVE-2025-59790: Apache Kvrocks: RESET command grants admin privileges Hulk Lin
CVE-2023-48796: Apache DolphinScheduler: Sensitive information disclosure Lidong Dai
CVE-2025-59454: Apache CloudStack: Lack of user permission validation leading to data leak for few APIs Harikrishna Patnala
CVE-2025-59302: Apache CloudStack: Potential remote code execution on Javascript engine defined rules Harikrishna Patnala
CVE-2025-54057: Apache SkyWalking: Stored XSS vulnerability Zhenxu Ke
[ANNOUNCE] Apache Commons Configuration 2.13.0 Gary Gregory
CVE-2025-62728: Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs Stamatis Zampetakis
CVE-2025-59390: Apache Druid: Kerberos authenticaton chooses a cryptographically unsecure secret if not configured explicitly. Karan Kumar
Apache Griffin is now retired Niall Pemberton
Apache Traffic Control is now retired Niall Pemberton
[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.10 Mark Thomas
[ANN] Apache Syncope 3.0.15 Francesco Chicchiriccò
[ANN] Apache Syncope 4.0.3 Francesco Chicchiriccò
CVE-2025-65998: Apache Syncope: Default AES key used for internal password encryption Francesco Chicchiriccò
[ANNOUNCE] Apache Grails 7.0.3 James Daugherty
[ANNOUNCE] Apache Pulsar Helm Chart version 4.4.0 Released Lari Hotari
[ANNOUNCE] Release Apache Hop 2.16.0 Bart Maertens
[ANNOUNCE] Apache Pekko (Core) 1.3.0 released PJ Fanning
[ANNOUNCE] Establishing the Apache Artemis project Christopher Shannon
[ANNOUNCE] Apache GeaFlow (incubating) 0.7.0 Released Qiang Zhou
[ANNOUNCE] Apache Airflow Providers prepared on 2025-11-18 are released Jarek Potiuk
CVE-2025-64408: Apache Causeway: Java deserialization vulnerability to authenticated attackers Dan Haywood
[ANNOUNCE] Apache Airflow Providers prepared on 2025-11-14 are released Jarek Potiuk
[ANNOUNCE] Apache Commons Validator 1.10.1 Gary Gregory
[ANNOUNCE] Apache Lucene 10.3.2 released Simon Cooper
[ANNOUNCE] Apache Pulsar 4.1.2 released Lari Hotari
[ANNOUNCE] Apache Pulsar 4.0.8 released Lari Hotari
[ANNOUNCE] Apache Pulsar 3.0.15 released Lari Hotari
[ANNOUNCE] Apache POI 5.5.0 release PJ Fanning
[ANNOUNCE] Apache Airflow 3.1.3 Released Ephraim Anierobi
[ANNOUNCE] Apache Commons JEXL 3.6.0 Gary Gregory
[ANNOUNCE] Apache Kafka 4.1.1 Lianet Magrans
[ANN] Apache Karaf Decanter 2.12.0 has been released! Jean-Baptiste Onofré
[ANN] Apache ActiveMQ Classic 6.2.0 has been released! Jean-Baptiste Onofré
[ANNOUNCE] Apache Pulsar Client C++ 3.8.0 released Yunze Xu
[ANN] Maven 4.0.0-rc-5 released ! Guillaume Nodet
[ANNOUNCE] Apache Ratis 3.2.1 Release Xinyu Tan
[ANNOUNCE] Apache OpenOffice 4.1.16 released Marcus
[ANNOUNCE] Apache NetBeans 28 Released Eric Barboni
Apache Kibble is now retired Niall Pemberton
[ANNOUNCE] Release Apache Kvrocks 2.14.0 Twice
CVE-2025-64406: Apache OpenOffice: Possible memory corruption during CSV import Arrigo Marchiori
CVE-2025-64407: Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables Arrigo Marchiori
CVE-2025-64405: Apache OpenOffice: Remote documents loaded without prompt via DDE function Arrigo Marchiori
CVE-2025-64404: Apache OpenOffice: Remote documents loaded without prompt via background and bullet images Arrigo Marchiori
CVE-2025-64403: Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc Arrigo Marchiori
CVE-2025-64402: Apache OpenOffice: Remote documents loaded without prompt via OLE objects Arrigo Marchiori
CVE-2025-64401: Apache OpenOffice: Remote documents loaded without prompt via IFrame Arrigo Marchiori
[ANNOUNCE] Apache Airflow CTl 0.1.0 from 0.1.0rc2 released Jarek Potiuk
[ANNOUNCE] Apache CouchDB 3.5.1 released Jan Lehnardt
CVE-2025-61623: Apache OFBiz: Reflected Cross-site Scripting Jacques Le Roux
CVE-2025-59118: Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload Jacques Le Roux
[ANN] Apache Tomcat 10.1.49 Available Christopher Schultz
[ANN] Apache Tomcat 9.0.112 available Rémy Maucherat
[ANN] Apache Tomcat 11.0.14 Available Mark Thomas
[ANNOUNCE] Apache OFBiz 24.09.03 released Nicolas Malin
[ANNOUNCE] Apache Grails 7.0.2 Mattias Reichel
[ANNOUNCE] Apache Fluss 0.8.0-incubating released Jark Wu
[ANNOUNCE] Apache NiFi API 2.5.0 Released David Handermann
[ANNOUNCE] Apache Airflow Providers prepared on 2025-11-03 are released Jarek Potiuk
Apache Commons IO 2.21.0 Release Notes Gary Gregory
[ANNOUNCE] Apache Shiro 2.0.6 released Francois Papon
Apache Portals is now retired Niall Pemberton
[ANNOUNCE] Apache Solr 9.10.0 released Jan Høydahl
[ANNOUNCE] Apache Arrow ADBC 21 Released David Li
[ANNOUNCE] Apache Fory 0.13.1 released Shawn Yang
[ANNOUNCE] Apache Airflow 3.1.2 & Task SDK 1.1.2 Released Ephraim Anierobi
[ANNOUNCE] Apache Camel 4.16.0 Released Gregor Zurowski
[ANNOUNCE] Apache Answer 1.7.0 available Robin Ren
[ANNOUNCE] Apache Jackrabbit 1.88.0 released Julian Reschke
CVE-2025-58337: Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server Mingyu Chen
[ANNOUNCE] Apache Storm 2.8.3 Released Rui Abreu
[ANNOUNCE] Apache Camel 4.14.2 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Grails 7.0.1 James Fredley
CVE-2025-62232: Apache APISIX: APISIX basic-auth logs plaintext credentials at info level Ashish Tiwari
[ANNOUNCE] Apache Arrow 22.0.0 released Raúl Cumplido
[ANNOUNCE] Apache Gluten (incubating) 1.5.0 released Philo
- [ANNOUNCE] Apache Gluten (incubating) 1.5.0 released Philo He
- Re: [ANNOUNCE] Apache Gluten (incubating) 1.5.0 released Philo He
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 5.0.0 released David Jensen
Apache Beam 2.69.0 Released! Vitalii Terentev
[ANNOUNCE] Apache Grails Spring Security 7.0.0 Mattias Reichel
[ANNOUNCE] Apache Fory 0.13.0 released Shawn Yang
[ANNOUNCEMENT] HttpComponents Client 5.6-alpha1 Released Oleg Kalnichevski
[ANNOUNCE] Apache Airflow 3.1.1 & Task SDK 1.1.1 Released Kaxil Naik
[ANNOUNCE] Apache CloudStack Regular Release 4.20.2.0 Wei Zhou
- Re: [ANNOUNCE] Apache CloudStack Regular Release 4.20.2.0 Wei Zhou
[SECURITY] CVE-2025-61795 Apache Tomcat - Delayed cleaning of multipart upload temporary files may lead to DoS Mark Thomas
[SECURITY] CVE-2025-55752 Apache Tomcat - Directory traversal via rewrite with possible RCE if PUT is enabled Mark Thomas
[SECURITY] CVE-2025-55754 Apache Tomcat - Console manipulation via escape sequences in log messages Mark Thomas
[ANNOUNCE] Apache Geronimo XBean 4.28 released Francois Papon
[ANNOUNCE] Apache bRPC 1.15.0 released Shuai Liu
[ANN] Apache Camel Karaf 4.10.7 has been released Jean-Baptiste Onofré
[ANNOUNCE] Apache Airflow Providers prepared on October 22, 2025 are released Elad Kalif
[ANNOUNCE] Apache Pekko HTTP 1.3.0 released PJ Fanning
[ANNOUNCE] Apache MINA SSHD 3.0.0-M2 released Thomas Wolf
[ANNOUNCE] Apache APISIX Ingress controller v2.0.0-rc5 released Xin Rong
[ANNOUNCE] Apache Pulsar Node.js client 1.15.0 released Baodi Shi
[ANN] Apache ActiveMQ Classic 6.1.8 has been released! Jean-Baptiste Onofré
[ANNOUNCE] Apache Pekko gRPC 1.2.0 released PJ Fanning
[ANNOUNCE] Apache Grails Redis Plugin 5.0.0 Mattias Reichel
[ANNOUNCE] Apache Empire-db 3.4.0 released doebele
[ANNOUNCE] Apache Fineract 1.13.0 Release Adam Monsen
[ANNOUNCE] Apache OpenNLP 2.5.6.1 released Richard Zowalla
[ANN] Apache Syncope 4.0.2 Francesco Chicchiriccò
[ANN] Apache Syncope 3.0.14 Francesco Chicchiriccò
CVE-2025-57738: Apache Syncope: Remote Code Execution by delegated administrators Francesco Chicchiriccò
[ANNOUNCE] Apache Grails Quartz Plugin 4.0.0 Mattias Reichel
[ANNOUNCE] Apache Grails 7.0.0 James Fredley
[ANNOUNCE] Apache Arrow JS 21.1.0 released Sutou Kouhei
[ANNOUNCE] Release Apache Fory 0.12.3 Shawn Yang
CVE-2025-61735: Apache Kylin: Server-Side Request Forgery Li Yang
[ANN] Apache Tomcat 11.0.12 Available Mark Thomas
CVE-2024-44088: Apache Geode: Reflected XSS William Hodges
[ANNOUNCE] Apache UIMA Ruta v3.5.1 released Richard Eckart de Castilho
[ANNOUNCE] Apache Airflow Providers prepared on September 28, 2025 are released Elad Kalif

Earlier messages