announce

Messages by Date

2024/01/19 [SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure Mark Thomas
2024/01/19 [ANNOUNCE] Apache Directory SCIMple 1.0.0-M1 released Brian Demers
2024/01/19 [ANNOUNCE] Apache Groovy 4.0.18 Released Paul King
2024/01/19 [ANNOUNCE] Apache Solr 9.4.1 released David Smiley
2024/01/18 [ANN] Apache Maven 4.0.0-alpha-12 released Guillaume Nodet
2024/01/18 [ANNOUNCE] Apache MINA SSHD 2.12.0 released Guillaume Nodet
2024/01/18 [ANNOUNCE] Apache Sedona 1.5.1 released Jia Yu
2024/01/16 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.2 Chris Bono
2024/01/15 [ANNOUNCE] Apache APISIX 3.8.0 has been released Xin Rong
2024/01/15 CVE-2023-46226: Apache IoTDB: Remote Code Execution (RCE) risk via the UDF Haonan Hou
2024/01/13 [ANNOUNCE] Apache Commons BCEL 6.8.1 Gary Gregory
2024/01/12 [ANNOUNCE] Apache Qpid protonj2 1.0.0-M19 Timothy Bish
2024/01/12 CVE-2023-50290: Apache Solr: Host environment variables are published via the Metrics API Houston Putman
2024/01/12 CVE-2023-46749: Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Brian Demers
2024/01/12 [ANN] Apache Cocoon 2.1 and 3.0 retired Cédric Damioli
2024/01/11 [ANNOUNCE] Apache Jackrabbit 2.20.14 released Julian Reschke
2024/01/11 [ANN] Apache Karaf OSGi Runtime 4.4.5 has been released! Jean-Baptiste Onofré
2024/01/10 [ANNOUNCE] Apache Airflow Providers prepared on January 07, 2024 are released Elad Kalif
2024/01/10 CVE-2023-49619: Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions. Enxin Xie
2024/01/10 [ANN] Apache Tomcat 9.0.85 available Rémy Maucherat
2024/01/09 [ANN] Apache Tomcat 11.0.0-M16 (alpha) available Mark Thomas
2024/01/09 Apache Tomcat 8.5.98 Available Christopher Schultz
2024/01/09 Apache Tomcat 10.1.18 Available Christopher Schultz
2024/01/09 [ANNOUNCE] Apache Pekko (Incubating) gRPC 1.0.2 available PJ Fanning
2024/01/09 [ANNOUNCE] Apache Creadur RAT 0.16 released P. Ottlinger
2024/01/09 [ANNOUNCE] Apache Arrow ADBC 0.9.0 released David Li
2024/01/08 [ANNOUNCE] Apache Curator 5.6.0 released tison
2024/01/08 [ANNOUNCE] Apache JMeter 5.6.3 released Milamber
2024/01/08 [ANNOUNCE] Apache Commons Exec Version 1.4.0 Gary Gregory
2024/01/06 [ANNOUNCE] Beam 2.53.0 Released Jack McCluskey
2024/01/05 CVE-2023-51441: Apache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP API Arnout Engelen
2024/01/05 Fwd: [ANNOUNCE] Apache Hudi 0.14.1 released Sivabalan
2024/01/04 [ANNOUNCE] Apache Pulsar 3.1.2 released houxiaoyu
2024/01/03 [ANN] Apache Causeway version 2.0.0-RC4 Released Dan Haywood
2024/01/03 [ANNOUNCE] Apache Pulsar 2.11.3 released Baodi Shi
2024/01/03 [ANNOUNCE] Apache Pulsar Client Python 3.4.0 released Zike Yang
2024/01/03 CVE-2023-51785: Apache InLong: Arbitrary File Read Vulnerability in Apache InLong Manager Charles Zhang
2024/01/03 CVE-2023-51784: Apache InLong: Remote Code Execution vulnerability in Apache InLong Manager Charles Zhang
2024/01/03 [ANNOUNCE] Apache Airflow Providers prepared on December 31, 2023 are released Jarek Potiuk
2024/01/02 CVE-2012-5639: Apache OpenOffice: Loading internal / external resources without warning Marcus
2024/01/02 CVE-2023-1183: Apache OpenOffice: Arbitrary file write in Apache OpenOffice Base Marcus
2024/01/02 CVE-2023-47804: Apache OpenOffice: Macro URL arbitrary script execution Marcus
2024/01/02 [ANNOUNCE] Apache IoTDB 1.3.0 released Haonan Hou
2024/01/02 [ANNOUNCE] Log4cxx 1.2.0 Released Robert Middleton
2024/01/01 [ANNOUNCE] Apache Airflow Providers prepared on 28th December 2023 are releasedcccccbctlvggtjkkvhgtgdefghndgvtufdrhvndclclj Jarek Potiuk
2024/01/01 [ANNOUNCE] Release Apache OpenDAL(incubating) 0.44.0 Liuqing Yue
2023/12/30 [ANNOUNCEMENT] HttpComponents Client 5.4-alpha1 Released Oleg Kalnichevski
2023/12/29 [ANNOUNCE] Apache Subversion 1.14.3 released hartmannathan
2023/12/29 CVE-2023-49299: Apache DolphinScheduler: Arbitrary js execute as root for authenticated users Jiajie Zhong
2023/12/29 CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat Arrigo Marchiori
2023/12/29 CVE-2012-5639: Apache OpenOffice: Loading internal / external resources without warning Arrigo Marchiori
2023/12/29 CVE-2023-47804: Apache OpenOffice: Macro URL arbitrary script execution Arrigo Marchiori
2023/12/29 CVE-2023-1183: Apache OpenOffice: Arbitrary file write in Apache OpenOffice Base Arrigo Marchiori
2023/12/29 [ANNOUNCE] Apache Pekko (Incubating) Persistence R2DBC 1.0.0 available PJ Fanning
2023/12/29 [ANNOUNCE] Apache Commons FileUpload 2.0.0-M2 Gary Gregory
2023/12/28 [ANN] Apache Iceberg 1.4.3 release Jean-Baptiste Onofré
2023/12/28 [ANNOUNCE] Apache Airflow Providers prepared on 23rd December 2023 are released Jarek Potiuk
2023/12/27 [ANNOUNCE] Apache Linkis 1.5.0 available 郭飞
2023/12/27 [ANNOUNCE] Apache Camel 3.22.0 (LTS) Released Gregor Zurowski
2023/12/27 [ANNOUNCE] Apache Ignite 2.16.0 Released Nikita Amelchev
2023/12/27 [ANNOUNCEMENT] HttpComponents Core 5.3-alpha1 released Oleg Kalnichevski
2023/12/26 CVE-2023-51467: Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability Deepak Dixit
2023/12/26 CVE-2023-50968: Apache OFBiz: Arbitrary file properties reading and SSRF attack Nicolas Malin
2023/12/26 [ANN] Apache Syncope 3.0.6 Francesco Chicchiriccò
2023/12/24 [ANNOUNCE] Apache OpenMeetings 7.2.0 is released Maxim Solodovnik
2023/12/24 [ANNOUNCE] Apache Airflow Python Client 2.8.0 Released Ephraim Anierobi
2023/12/22 [ANNOUNCE] Apache Groovy 3.0.20 Released Paul King
2023/12/22 [ANNOUNCE] Release Apache Groovy 5.0.0-alpha-4 Paul King
2023/12/22 [ANNOUNCE] Release Apache InLong 1.10.0 Verne Deng
2023/12/22 [ANNOUNCE] Apache Groovy 4.0.17 Released Paul King
2023/12/22 [ANNOUNCE] Apache OFBiz 18.12.11 released Jacopo Cappellato
2023/12/22 CVE-2023-51656: Apache IoTDB: Unsafe deserialize map in Sync Tool Haonan Hou
2023/12/22 [ANNOUNCE] Apache Arrow 14.0.2 released Raúl Cumplido
2023/12/22 [ANNOUNCE] Apache Pulsar Helm Chart version 3.1.0 Released Lari Hotari
2023/12/22 CVE-2023-49920: Apache Airflow: Missing CSRF protection on DAG/trigger Ephraim Anierobi
2023/12/22 CVE-2023-48291: Apache Airflow: Improper access control to DAG resources Ephraim Anierobi
2023/12/22 CVE-2023-50783: Apache Airflow: Improper access control vulnerability on the "varimport" endpoint Ephraim Anierobi
2023/12/22 CVE-2023-47265: Apache Airflow: DAG Params alllow to embed unchecked Javascript Ephraim Anierobi
2023/12/20 [SECURITY] CVE-2023-43826: Apache Guacamole: Integer overflow in handling of VNC image buffers Michael Jumper
2023/12/20 CVE-2023-37544: Apache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoS Michael Marshall
2023/12/19 [ANNOUNCE] Apache Jackrabbit 2.21.22 released Julian Reschke
2023/12/19 CVE-2023-49734: Apache Superset: Privilege Escalation Vulnerability Daniel Gaspar
2023/12/19 CVE-2023-49736: Apache Superset: SQL Injection on where_in JINJA macro Daniel Gaspar
2023/12/19 CVE-2023-46104: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb Daniel Gaspar
2023/12/19 [ANNOUNCE] Apache Airflow 2.8.0 Released Ephraim Anierobi
2023/12/19 [ANNOUNCE] Apache Olingo 5.0.0 has been released mibo
2023/12/19 [ANNOUNCE] Apache Camel 4.3.0 Released Gregor Zurowski
2023/12/18 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.1 Chris Bono
2023/12/18 [ANNOUNCE] Apache Airflow Providers prepared on 12 December 2023 are released Jarek Potiuk
2023/12/18 [ANNOUNCE] Release Apache Kvrocks 2.7.0 hulk
2023/12/18 [ANNOUNCE] Apache Lucene 9.9.1 released Chris Hegarty
2023/12/16 CVE-2023-41314: Apache Doris: Missing API authentication allowed DoS Mingyu Chen
2023/12/16 [ANNOUNCE] Apache Pulsar Client C++ 3.4.2 released Yunze Xu
2023/12/16 [ANNOUNCE] Apache Camel 3.21.3 (LTS) Released Gregor Zurowski
2023/12/15 CVE-2023-49898: Apache StreamPark (incubating): Authenticated system users could trigger remote command execution Huajie Wang
2023/12/15 CVE-2023-30867: Apache StreamPark (incubating): Authenticated system users could trigger SQL injection vulnerability Huajie Wang
2023/12/15 CVE-2023-46279: Apache Dubbo: Bypass deny serialize list check in Apache Dubbo Albumen Kevin
2023/12/15 CVE-2023-29234: Bypass serialize checks in Apache Dubbo Albumen Kevin
2023/12/14 [ANNOUNCE] Apache Uniffle (Incubating) V0.8.0 available Xianjing Feng
2023/12/13 CVE-2023-46750: Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro. Brian Demers
2023/12/13 [ANNOUNCE] Apache Camel 3.20.9 (LTS) Released Gregor Zurowski
2023/12/13 [ANNOUNCE] Apache Tika 3.0.0-BETA released Tim Allison
2023/12/13 [ANN] Apache Maven 4.0.0-alpha-9 released Guillaume Nodet
2023/12/12 CVE-2023-45725: Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents Nick Vatamaniuc
2023/12/12 [ANN] Apache Tomcat 9.0.84 available Rémy Maucherat
2023/12/12 [ANN] Apache Tomcat 11.0.0-M15 (alpha) available Mark Thomas
2023/12/12 Apache Tomcat 10.1.17 Available Christopher Schultz
2023/12/12 [ANN] Apache Tomcat 8.5.97 available Christopher Schultz
2023/12/12 [ANNOUNCE] Apache Jackrabbit 2.21.21 released Julian Reschke
2023/12/12 [ANNOUNCE] Apache Airflow Providers prepared on December 08, 2023 are released Elad Kalif
2023/12/11 [ANN] Apache ActiveMQ 6.0.1 has been released! Jean-Baptiste Onofré
2023/12/11 [ANNOUNCE] Apache Kafka 3.5.2 Luke Chen
2023/12/11 [ANNOUNCE] Apache Calcite Avatica Go 5.3.0 released Francis Chuang
2023/12/11 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.1.1 released tison
2023/12/09 Fwd: [ANNOUNCE] Apache Commons BCEL Version 6.8.0 Gary Gregory
2023/12/09 [ANNOUNCE] Release Apache Hop 2.7.0 Bart Maertens
2023/12/09 CVE-2023-41835: Apache Struts: excessive disk usage Lukasz Lenart
2023/12/09 [ANNOUNCE] Apache Guacamole 1.5.4 Michael Jumper
2023/12/08 [ANNOUNCEMENT] HttpComponents Client 5.3 GA Released Oleg Kalnichevski
2023/12/07 [ANNOUNCE] Apache Kyuubi Shaded released 0.2.0 Cheng Pan
2023/12/07 [ANNOUNCE] Apache Kafka 3.6.1 Mickael Maison
2023/12/07 [ANN] Apache Struts 6.3.0.2 & 2.5.33 Lukasz Lenart
2023/12/07 CVE-2023-50164: Apache Struts: File upload component had a directory traversal vulnerability Lukasz Lenart
2023/12/06 [ANNOUNCE] Apache SkyWalking 9.7.0 released Sheng Wu
2023/12/06 [ANNOUNCE] Apache Jackrabbit Oak 1.60.0 released Julian Reschke
2023/12/05 [ANNOUNCE] Apache CouchDB 3.3.3 released Jan Lehnardt
2023/12/05 CVE-2023-49070: Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present Jacques Le Roux
2023/12/04 [ANNOUNCE] Apache Lucene 9.9.0 released Chris Hegarty
2023/12/04 [ANNOUNCEMENT] HttpComponents Client 5.2.3 GA Released Oleg Kalnichevski
2023/12/04 [ANNOUNCEMENT] HttpComponents Core 5.2.4 GA released Oleg Kalnichevski
2023/12/04 [ANNOUNCEMENT] Apache SkyWalking CLI 0.13.0 Released han liu
2023/12/04 [ANNOUNCE] Apache OFBiz 18.12.10 released Jacopo Cappellato
2023/12/04 [ANNOUNCE] Apache Calcite Avatica 1.24.0 Released Francis Chuang
2023/12/02 [ANNOUNCE] Apache Commons Logging 1.3.0 Gary Gregory
2023/12/01 [ANNOUNCE] Apache Pekko (Incubating) 1.0.2 available PJ Fanning
2023/12/01 [ANNOUNCE] Apache Jackrabbit Oak 1.22.18 released Julian Reschke
2023/11/30 [ANNOUNCE] Apache PDFBox 3.0.1 released Andreas Lehmkühler
2023/11/30 CVE-2023-49735: Apache Tiles: Unvalidated input may lead to path traversal and XXE Arnout Engelen
2023/11/30 CVE-2022-45135: Apache Cocoon: SQL injection in DatabaseCookieAuthenticatorAction Cédric Damioli
2023/11/30 CVE-2023-49733: Apache Cocoon's StreamGenerator is vulnerable to XXE injection Cédric Damioli
2023/11/30 CVE-2023-49620: Apache DolphinScheduler: Authenticated users could delete UDFs in resouece center they were not authorized Jiajie Zhong
2023/11/30 [ANNOUNCE] Apache Groovy 5.0.0-alpha-3 Released Paul King
2023/11/30 [ANNOUNCE] Apache Groovy 4.0.16 Released Paul King
2023/11/29 [ANNOUNCE] Apache StreamPipes 0.93.0 Tim Bossenmaier
2023/11/29 [ANNOUNCE] Apache Airflow Providers prepared on November 24, 2023 are released Elad Kalif
2023/11/28 CVE-2023-42504: Apache Superset: Lack of rate limiting allows for possible denial of service Daniel Gaspar
2023/11/28 CVE-2023-42505: Apache Superset: Sensitive information disclosure on db connection details Daniel Gaspar
2023/11/28 [SECURITY] CVE-2023-46589 Apache Tomcat - Request Smuggling Mark Thomas
2023/11/28 CVE-2023-42502: Apache Superset: Open Redirect Vulnerability Daniel Gaspar
2023/11/28 CVE-2022-41678: Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE Jean-Baptiste Onofré
2023/11/28 [ANN] Apache Cocoon 2.3.0 Released Cédric Damioli
2023/11/28 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.1.0 released tison
2023/11/28 CVE-2023-49145: Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt David Handermann
2023/11/27 [ANNOUNCE] Apache Commons Lang Version 3.14.0 Gary Gregory
2023/11/27 CVE-2023-42501: Apache Superset: Unnecessary read permissions within the Gamma role Daniel Gaspar
2023/11/27 [ANNOUNCE] OpenNLP 2.3.1 released Martin Wiesner
2023/11/27 CVE-2023-40610: Apache Superset: Privilege escalation with default examples database Daniel Gaspar
2023/11/27 [ANNOUNCE] Apache Pulsar Client C++ 3.4.1 released Yunze Xu
2023/11/27 [ANNOUNCE] Apache Wicket 9.16.0 released Andrea Del Bene
2023/11/27 [ANN] Apache IvyDE Retired Stefan Bodewig
2023/11/27 [ANNOUNCE] Apache NiFi 2.0.0-M1 Released David Handermann
2023/11/27 [ANNOUNCE] Apache POI 5.2.5 released PJ Fanning
2023/11/25 CVE-2023-49068: Apache DolphinScheduler: Information Leakage Vulnerability Zihao Xiang
2023/11/25 CVE-2023-48796: Apache dolphinscheduler sensitive information disclosure Zhenxu Ke
2023/11/23 CVE-2023-43123: Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files Julien Nioche
2023/11/22 CVE-2022-45875: Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin Wenjun Ruan
2023/11/22 CVE-2023-37924: Apache Submarine: SQL injection from unauthorized login Xiang Chen
2023/11/21 [ANNOUNCE] Apache APISIX 3.7.0 has been released Xin Rong
2023/11/21 [ANNOUNCE] Apache Ratis 3.0.0 released! William Song
2023/11/21 [ANNOUNCE] Apache Ratis 3.0.0 released William Song
2023/11/20 [ANNOUNCE] Apache Camel 4.0.3 (LTS) Release Gregor Zurowski
2023/11/20 [ANNOUNCE] Apache YuniKorn v1.4.0 released Wilfred Spiegelenburg
2023/11/19 [ANN] Apache ActiveMQ 6.0.0 has been released! Jean-Baptiste Onofré
2023/11/19 CVE-2022-46337: Apache Derby: LDAP injection vulnerability in authenticator Richard N. Hillegas
2023/11/19 [ANNOUNCE] Apache Pekko (Incubating) Persistence DynamoDB 1.0.0 available PJ Fanning
2023/11/19 CVE-2023-46302: Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization Xiang Chen
2023/11/18 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.0 Christophe Bornet
2023/11/17 [ANNOUNCE] Apache Accumulo 1.10.4 Christopher
2023/11/17 [ANNOUNCE] Apache Commons Compress 1.25.0 Gary Gregory
2023/11/17 [ANNOUNCE] Apache XMLBeans 5.2.0 release PJ Fanning
2023/11/16 [ANNOUNCE] Release Apache OpenDAL incubating 0.42.0 Mingzhuo Yin
2023/11/16 CVE-2023-26031: Privilege escalation in Apache Haoop Yarn container-executor binary on Linux systems Masatake Iwasaki
2023/11/16 [ANNOUNCE] Apache Derby 10.17.1.0 released Richard Hillegas
2023/11/15 [ANNOUNCE] Apache APISIX Ingress controller v1.7.1 released Ming Wen
2023/11/15 [ANN] Apache Tomcat 11.0.0-M14 (alpha) available Mark Thomas
2023/11/15 [ANN] Apache Tomcat 9.0.83 available Rémy Maucherat
2023/11/15 [ANN] Apache Tomcat 10.1.16 available Christopher Schultz
2023/11/15 [ANN] Apache Tomcat 8.5.96 available Christopher Schultz
2023/11/15 [ANNOUNCE] Apache Camel 4.2.0 Released Gregor Zurowski
2023/11/14 [ANNOUNCE] Apache Airflow Providers prepared on November 08, 2023 are released Elad Kalif
2023/11/14 [ANNOUNCE] Apache Arrow 14.0.1 released Raúl Cumplido
2023/11/14 [ANNOUNCE] Apache Airflow Python Client 2.7.3 Released Ephraim Anierobi
2023/11/13 [ANNOUNCE] Apache UIMA uimaFIT version 3.5.0 released Richard Eckart de Castilho
2023/11/13 [ANNOUNCE] Apache Pulsar Client C++ 3.4.0 released Yunze Xu
2023/11/13 [ANNOUNCEMENT] Apache SkyWalking Infra E2E 1.3.0 Released Hoshea Jiang
2023/11/13 [ANNOUNCE] Apache APISIX Ingress controller v1.7.1 released Ling Samuel
2023/11/13 [ANNOUNCE] Apache Olingo 2.0.13 has been released mibo
2023/11/13 [ANNOUNCE] Apache Olingo 4.10.0 has been released mibo
2023/11/13 [ANNOUNCE] Apache Airflow Providers prepared on November 08, 2023 are released Elad Kalif
2023/11/12 CVE-2023-42781: Apache Airflow: Permission verification bypass allows viewing dagruns of other dags Ephraim Anierobi