Messages by Thread
-
[ANNOUNCE] Apache Pekko gRPC 1.1.0 released
PJ Fanning
-
[ANN] Apache Tomcat 11.0.0 Available
Mark Thomas
-
CVE-2024-28168: Apache XML Graphics FOP: XML External Entity (XXE) Processing
Simon Steiner
-
[ANNOUNCE] Apache Pekko (Core) 1.1.2 released
PJ Fanning
-
[ANN] Apache Tomcat 9.0.96 available
Rémy Maucherat
-
[ANNOUNCE] Hive 3.x EOL
Ayush Saxena
-
[ANNOUNCE] Release Apache Fury(incubating) Serialization 0.8.0
Shawn Yang
-
[ANNOUNCE] Release Apache Kvrocks 2.10.0
hulk
-
[ANNOUNCE] Apache Pulsar 3.3.2 released with important security fix for CVE-2024-47561
Lari Hotari
-
[ANNOUNCE] Apache Pulsar 3.0.7 released with important security fix for CVE-2024-47561
Lari Hotari
-
[ANNOUNCE] Release Apache Traffic Control 8.0.2
R S
-
[ANNOUNCE] Apache Qpid JMS 2.6.1 released
Robbie Gemmell
-
[ANNOUNCE] Apache Qpid JMS 1.12.1 released
Robbie Gemmell
-
CVE-2024-47554: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
Gary D. Gregory
-
CVE-2024-47561: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Martin Tzvetanov Grigorov
-
[ANNOUNCE] Apache Pekko Connectors Kafka 1.1.0 released
PJ Fanning
-
[ANNOUNCE] Apache Pekko HTTP 1.1.0 released
PJ Fanning
-
[ANNOUNCE] Apache Hive 4.0.1 Released
Zhihua Deng
-
[ANN] Apache ActiveMQ 5.18.6 has been released!
Jean-Baptiste Onofré
-
[ANNOUNCE] Apache Airflow Providers prepared on September 27, 2024 are released
Elad Kalif
-
[ANNOUNCE] Apache Jackrabbit Oak 1.70.0 released
Julian Reschke
-
[ANNOUNCE] Apache ManifoldCF 2.27 released
Piergiorgio Lucidi
-
[ANNOUNCE] Apache Log4j `2.24.1`released
Piotr P. Karwasz
-
[ANNOUNCE] Apache Daffodil 3.9.0 Released
Steve Lawrence
-
[ANNOUNCE] Apache Pulsar Go Client 0.14.0 released
Zike Yang
-
CVE-2024-45772: Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue
Robert Muir
-
[ANNOUNCE] Apache Lucene 9.12.0 released
Chris Hegarty
-
[ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.7.0 released
Kai Wan
-
[ANNOUNCE] Apache log4net 3.0.1 released
Jan Friedrich
-
[ANNOUNCE] Apache CouchDB 3.4.1 released
Jan Lehnardt
-
[ANNOUNCE] Apache Ratis 3.1.1 Release
Xinyu Tan
-
CVE-2024-47197: Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Slawomir Jaranowski
-
[ANNOUNCE] Apache ServiceComb Java Chassis version 3.2.2 Released
liubao
-
ANNOUNCE] Apache Spark 3.5.3 released
Kent Yao
-
[SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service
Mark Thomas
-
[ANNOUNCE] Apache NiFi NAR Maven Plugin 2.1.0 Released
David Handermann
-
[ANNOUNCE] Apache Commons CSV Version 1.12.0
Gary Gregory
-
[ANNOUNCE] Apache Solr 8.11.4 released
Houston Putman
-
[ANNOUNCE] Apache Qpid JMS 2.6.0 released
Robbie Gemmell
-
[ANNOUNCE] Apache Qpid JMS 1.12.0 released
Robbie Gemmell
-
CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses
Enxin Xie
-
CVE-2024-23454: Apache Hadoop: Temporary File Local Information Disclosure
Shilun Fan
-
[ANNOUNCE] Apache Wicket 10.2.0 released
Andrea Del Bene
-
[ANNOUNCE] Apache Velocity Engine 2.4 released
Claude Brisson
-
[ANNOUNCE] Apache Airflow Providers prepared on September 21, 2024 are released
Elad Kalif
-
CVE-2024-39928: Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
Heping Wang
-
[ANNOUNCE] Apache NiFi API 2.0.0 Released
David Handermann
-
[SECURITY] CVE-2024-38286 Apache Tomcat - Denial of Service
Mark Thomas
-
[ANN] Apache OpenJPA 4.0.1
Francesco Chicchiriccò
-
[ANNOUNCE] Apache StormCrawler (Incubating) 3.1.0 released
Richard Zowalla
-
[ANNOUNCEMENT] HttpComponents Client 5.4 GA Released
Oleg Kalnichevski
-
[ANNOUNCE] Apache YuniKorn v1.6.0 released
Wilfred Spiegelenburg
-
[ANNOUNCE] Apache Answer(Incubating) v1.4.0 available
Robin Ren
-
[ANNOUNCE] Apache Zeppelin 0.11.2 available
Jongyoul Lee
-
[ANNOUNCE] Apache Airflow 2.10.2 Released
Ephraim Anierobi
-
CVE-2024-42323: Apache HertzBeat: RCE by snakeYaml deser load malicious xml
Chao Gong
-
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M22 released
Timothy Bish
-
[ANNOUNCE] Apache NetBeans 23 released
Eric Barboni
-
[ANNOUNCE] Apache Pekko Persistence JDBC 1.1.0 released
PJ Fanning
-
CVE-2024-45537: Apache Druid: Users can provide MySQL JDBC properties not on allow list
Karan Kumar
-
CVE-2024-45384: Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack
Karan Kumar
-
[ANN] Apache Tomcat 9.0.95 available
Rémy Maucherat
-
[ANN] Apache Tomcat 11.0.0-M26 (beta) available
Mark Thomas
-
[ANNOUNCE] Apache log4net 3.0.0 released
Jan Friedrich
-
[ANNOUNCE] Apache Camel 4.8.0 (LTS) Released
Gregor Zurowski
-
[ANNOUNCE] Apache Pekko (Core) 1.1.1 released
Arnout Engelen
-
[ANN] Apache Tomcat: HTTP/2 regression in 11.0.0-M25, 10.1.29, 9.0.94
Mark Thomas
-
[ANNOUNCE] Apache Pulsar Node.js client 1.12.0 released
Baodi Shi
-
[ANNOUNCE] Apache Jackrabbit Oak 1.22.21 released
Julian Reschke
-
[ANNOUNCE] Apache Groovy 4.0.23 Released
Paul King
-
[ANNOUNCE] Apache Groovy 5.0.0-alpha-10 Released
Paul King
-
[ANNOUNCEMENT] HttpComponents Core 5.3 GA released
Oleg Kalnichevski
-
[ANNOUNCE] Beam 2.59.0 Released
Robert Burke
-
[ANN] Apache Tomcat 10.1.29 Available
Christopher Schultz
-
CVE-2024-22399: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server
Min Ji
-
[ANN] Apache Tomcat 9.0.94 available
Rémy Maucherat
-
[ANN] Apache Tomcat 11.0.0-M25 (beta) available
Mark Thomas
-
[ANNOUNCE] Apache Pekko Projections 1.1.0-M1 released
PJ Fanning
-
CVE-2024-45498: Apache Airflow: Command Injection in an example DAG
Ephraim Anierobi
-
[ANNOUNCE] Apache Arrow ADBC 14 released
David Li
-
[ANNOUNCE] Apache Flink CDC 3.2.0 released
Qingsheng Ren
-
[ANNOUNCE] Apache Pekko (Core) 1.1.0 released
PJ Fanning
-
CVE-2024-45507: Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
Jacques Le Roux
-
CVE-2024-45195: Apache OFBiz: Confused controller-view authorization logic (forced browsing)
Jacques Le Roux
-
[ANNOUNCE] Apache OFBiz 18.12.16 released
Jacopo Cappellato
-
[ANN] Apache Maven 4.0.0-beta-4 released
Tamás Cservenák
-
[ANNOUNCE] Apache Commons Lang 3.17.0
Gary Gregory
-
[ANNOUNCE] Apache Ant 1.10.15 released
Jaikiran Pai
-
[ANNOUNCE] Apache Traffic Server 10.0.0 has been released
Chris McFarlen
-
[ANNOUNCE] Apache Parquet release 1.14.2
Fokko Driesprong
-
[ANNOUNCE] Apache Airflow Providers prepared on August 25, 2024 are released
Elad Kalif
-
[ANNOUNCEMENT] Apache SkyWalking Go 0.5.0 Released
han liu
-
[ANNOUNCE] Apache Sedona 1.6.1 released
Jia Yu
-
CVE-2023-49582: Apache Portable Runtime (APR): Unexpected lax shared memory permissions
Eric Covener
-
[ANNOUNCEMENT] Apache Portable Runtime 1.7.5 Released
covener
-
[ANN] Apache Maven Daemon 1.0.2 released
Tamás Cservenák
-
[ANNOUNCE] Apache Airflow Providers prepared on August 19, 2024 are released
Elad Kalif
-
CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on provider link
Ephraim Anierobi
-
[ANNOUNCE] Release Apache Iceberg Rust v0.3.0
Xuanwo
-
CVE-2023-49198: Apache SeaTunnel Web: Arbitrary file read vulnerability
Jun Gao
-
[ANNOUNCE] Apache Commons Statistics Version 1.1 Released
Alex Herbert
-
CVE-2024-22281: Apache Helix Front (UI): Helix front hard-coded secret in the express-session
Junkai Xue
-
[ANNOUNCE] Apache Commons Compress version 1.27.1
Gary Gregory
-
CVE-2024-43202: Apache DolphinScheduler: Remote Code Execution Vulnerability
ShunFeng Cai
-
[ANNOUNCE] Apache Impala 4.4.1 release
Quanlong Huang
-
[ANNOUNCE] Apache Commons Logging 1.3.4
Gary Gregory
-
[ANNOUNCE] Apache Jackrabbit 1.68.0 released
Julian Reschke
-
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.7
Chris Bono
-
[ANNOUNCE] Apache Airflow 2.10.0 Released
Ephraim Anierobi
-
Apache Kerby 2.1.0 released
Colm O hEigeartaigh
-
[ANNOUNCE] Apache Commons CLI Version 1.9.0
Gary Gregory
-
[ANNOUNCE] Apache Accumulo 2.1.3
Christopher
-
[ANNOUNCE] Apache APISIX 3.10.0 has been released
Abhishek Choudhary
-
[ANNOUNCE] Release Apache OpenDAL v0.49.0
Xuanwo
-
[ANN] Apache Tomcat Connectors 1.2.50 released
Mark Thomas
-
[ANNOUNCE] Apache Camel 4.0.6 (LTS) Release
Gregor Zurowski
-
CVE-2024-41909: Apache MINA SSHD: integrity check bypass
Arnout Engelen
-
[ANNOUNCE] Apache Commons Numbers Version 1.2 Released
Alex Herbert
-
[ANNOUNCE] Apache Spark 3.5.2 released
Kent Yao
-
[ANNOUNCE] Apache Ranger 2.5.0 released
Madhan Neethiraj
-
CVE-2024-30188: Apache DolphinScheduler: Resource File Read And Write Vulnerability
ShunFeng Cai
-
CVE-2024-29831: Apache DolphinScheduler: RCE by arbitrary js execution
ShunFeng Cai
-
[ANNOUNCE] Apache Pulsar Go Client 0.13.1 released
Zike Yang
-
[ANNOUNCE] Apache PDFBox 3.0.3 released
Andreas Lehmkühler
-
[Announcement]: Apache LDAP API 2.1.7
Emmanuel Lecharny
-
[ANNOUNCE] Apache Commons Compress 1.27.0
Gary Gregory
-
CVE-2024-41888: Apache Answer: The link for resetting user password is not Single-Use
Enxin Xie
-
CVE-2024-41890: Apache Answer: The link to reset the user's password will remain valid after sending a new link
Enxin Xie
-
[ANNOUNCE] Beam 2.58.0 Released
Jack McCluskey
-
[ANN] Apache ActiveMQ Classic 6.1.3 has been released!
Jean-Baptiste Onofré
-
[ANNOUNCE] Apache Commons Lang Version 3.16.0
Gary Gregory
-
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.2.2 released
David Jensen
-
[ANNOUNCE] Apache Airflow Providers prepared on August 03, 2024 are released
Elad Kalif
-
[ANN] Apache Tomcat 10.1.28 Available
Christopher Schultz
-
CVE-2024-42062: Apache CloudStack: User Key Exposure to Domain Admins
Rohit Yadav
-
CVE-2024-42222: Apache CloudStack: Unauthorised Network List Access
Rohit Yadav
-
[ANNOUCE] Apache CloudStack LTS Security Releases 4.18.2.3 and 4.19.1.1
Nicolas Vazquez
-
[ANN] Apache Tomcat 11.0.0-M24 (beta) available
Mark Thomas
-
[ANNOUNCE] Apache Pulsar Helm Chart version 3.5.0 Released
Lari Hotari
-
[ANN] Apache Tomcat 9.0.93 available
Rémy Maucherat
-
CVE-2024-36448: Apache IoTDB Workbench: SSRF Vulnerability (EOL)
Haonan Hou
-
[ANNOUNCE] Apache Answer(Incubating) v1.3.6 available
Kumfo Yang
-
CVE-2024-42447: Apache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow
Jarek Potiuk
-
CVE-2024-38856: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
Jacques Le Roux
-
[ANNOUNCE] Apache OFBiz 18.12.15 released
Jacopo Cappellato
-
CVE-2024-36268: Apache InLong TubeMQ Client: Remote Code Execution vulnerability
Charles Zhang
-
[ANNOUNCE] Apache Pulsar 3.3.1 released
Lari Hotari
-
[ANNOUNCE] Release Apache OpenDAL 0.48.0
Xuanwo
-
[ANNOUNCE] Apache Pulsar 3.2.4 released
Lari Hotari
-
CVE-2024-27182: Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability
Heping Wang
-
CVE-2024-27181: Apache Linkis Basic management services: Privilege Escalation Attack vulnerability
Heping Wang
-
[ANNOUNCE] Apache Pulsar 3.0.6 released
Lari Hotari
-
[ANNOUNCE] Apache YuniKorn v1.5.2 released
Wilfred Spiegelenburg
-
[ANNOUNCE] Apache Airflow Providers prepared on July 28, 2024 are released
Elad Kalif
-
CVE-2023-48396: Apache SeaTunnel Web: Authentication bypass
Jun Gao
-
[ANNOUNCE] Apache Kafka 3.8.0
Josep Prat
-
[ANNOUNCE] Apache Celeborn 0.4.2 available
Fu Chen
-
Apache Bloodhound is now retired
Hervé Boutemy
-
Apache HAWQ is now retired
Hervé Boutemy
-
CVE-2024-25090: Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode
David M. Johnson
-
[ANNOUNCE] Apache Traffic Server 9.2.5 and 8.1.11 are released
Bryan Call
-
[ANNOUNCE] Apache Iceberg release 1.6.0
Jean-Baptiste Onofré
-
[ANNOUNCE] Apache Airflow Providers prepared on July 21, 2024 are released
Elad Kalif
-
[ANN] Apache ActiveMQ Classic 5.18.5 has been released!
Jean-Baptiste Onofré
-
[ANN] Apache Tomcat Native 1.3.1 released
Mark Thomas
-
[ANN] Apache Tomcat Native 2.0.8 released
Mark Thomas
-
[ANNOUNCE] Apache PDFBox 2.0.32 released
Andreas Lehmkühler
-
[ANNOUNCE] Apache Airflow Helm Chart version 1.15.0 Released
Jedidiah Cunningham
-
[ANNOUNCE] Apache Commons BCEL Version 6.10.0
Gary Gregory
-
Subject: [ANNOUNCE] Apache Storm 2.6.3 Released
Rui Abreu
-
CVE-2023-48362: Apache Drill: XXE Vulnerability in XML Format Reader
James Turton
-
CVE-2024-39676: Apache Pinot: Unauthorized endpoint exposed sensitive information
Yupeng Fu
-
CVE-2024-41178: Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Andrew Lamb
-
[ANNOUNCE] Apache Kyuubi v1.9.2 is available
Fu Chen
-
[ANNOUNCE] Apache Pekko Persistence Cassandra 1.1.0-M1 released
PJ Fanning
-
[ANNOUNCE] Apache BVal 3.0.1
Markus Jung
-
[ANNOUNCE] Apache Jackrabbit 2.23.0-beta released
Julian Reschke
-
[ANN] Apache TomEE 10.0.0-M2
Richard Zowalla
-
CVE-2024-29070: Apache StreamPark: session not invalidated after logout
Huajie Wang
-
[ANNOUNCE] Apache Pulsar Go Client 0.13.0 released
Zike Yang
-
[ANNOUNCE] Apache Kyuubi Shaded released 0.4.1
Cheng Pan
-
[ANN] Apache Syncope 3.0.8
Francesco Chicchiriccò
-
CVE-2024-38503: Apache Syncope: HTML tags can be injected into Console or Enduser text fields
Francesco Chicchiriccò
-
CVE-2024-34457: Apache StreamPark IDOR Vulnerability
Huajie Wang
-
CVE-2024-23321: Apache RocketMQ: Unauthorized Exposure of Sensitive Data
Rongtong Jin
-
Apache Submarine is now retired
Hervé Boutemy
-
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M21 released
Timothy Bish
-
[ANNOUNCE] Apache bRPC 1.10.0 released
Xiaofeng
-
[ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion
Abhishek Kumar
-
CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE
Colm O hEigeartaigh
-
CVE-2024-41172: Unrestricted memory consumption in CXF HTTP clients
Colm O hEigeartaigh
-
CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter
Colm O hEigeartaigh
-
CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion
Rohit Yadav
-
[ANNOUNCE] Apache Arrow 17.0.0 released
Raúl Cumplido
-
[ANNOUNCE] Apache Commons Lang Version 3.15.0
Gary Gregory
-
CVE-2024-29178: Apache StreamPark: FreeMarker SSTI RCE Vulnerability
Huajie Wang
-
CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
Eric Covener
-
CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType
Eric Covener
-
CVE-2024-29120: Apache StreamPark: Information leakage vulnerability
Huajie Wang