announce

Messages by Date

2023/11/12 CVE-2023-47037: Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access) Ephraim Anierobi
2023/11/12 [ANNOUNCE] Apache Shiro 1.13.0 with fix CVE-2023-46750 fpapon
2023/11/10 [ANNOUNCE] Apache Calcite 1.36.0 released Benchao Li
2023/11/09 [ANNOUNCE] Apache Camel 3.14.10 (LTS) Released Gregor Zurowski
2023/11/09 [ANNOUNCE] Apache Arrow ADBC 0.8.0 released David Li
2023/11/09 CVE-2023-47248: PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file Antoine Pitrou
2023/11/08 CVE-2023-39913: Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK: Potential untrusted code execution when deserializing certain binary CAS formats Richard Eckart de Castilho
2023/11/07 [ANNOUNCE] Apache Qpid protonj2 1.0.0-M18 released Timothy Bish
2023/11/07 [ANNOUNCE] Apache Jackrabbit 2.20.13 released Julian Reschke
2023/11/07 CVE-2023-46819: Apache OFBiz: Execution of Solr plugin queries without authentication Jacques Le Roux
2023/11/07 [ANNOUNCE] Apache Pulsar Go Client 0.11.1 released Zike Yang
2023/11/07 [ANNOUNCE] Apache Kyuubi released 1.8.0 Cheng Pan
2023/11/07 [ANNOUNCE] Apache Allura 1.16.0 released, contains critical security fix Dave Brondsema
2023/11/07 CVE-2023-46851: Apache Allura: sensitive information exposure via import Dave Brondsema
2023/11/07 [ANNOUNCE] Apache Arrow 14.0.0 released Raúl Cumplido
2023/11/06 [ANNOUNCE] Apache Daffodil 3.6.0 Released Steve Lawrence
2023/11/06 [ANNOUNCE] Apache UIMA Java SDK version 3.5.0 released Richard Eckart de Castilho
2023/11/06 [ANNOUNCE] Apache Airflow 2.7.3 Released Ephraim Anierobi
2023/11/05 [ANNOUNCE] Apache OFBiz 18.12.09 released Jacopo Cappellato
2023/11/05 [ANNOUNCE] Apache PDFBox 2.0.30 released Andreas Lehmkühler
2023/11/05 [ANNOUNCE] Apache Pekko (Incubating) Connectors 1.0.1 available PJ Fanning
2023/11/05 [ANNOUNCE] Apache bRPC 1.7.0 released Lorin Lee
2023/11/05 [ANNOUNCE] Apache Jackrabbit FileVault 3.7.2 released Julian Reschke
2023/11/05 [ANNOUNCE] Apache Camel 3.20.8 (LTS) Released Gregor Zurowski
2023/11/03 [ANN] Apache TomEE 8.0.16 Richard Zowalla
2023/11/01 [ANNOUNCE] Apache Airflow Providers prepared on October 28, 2023 are released Elad Kalif
2023/11/01 [ANNOUNCE] Apache Pekko (Incubating) Projection 1.0.0 available PJ Fanning
2023/10/31 [ANN] Apache Struts 2.5.x EOL Lukasz Lenart
2023/10/30 [ANNOUNCE] Call for Presentations now open: Community over Code EU 2024 Ryan Skraba
2023/10/30 [ANNOUNCE] Apache Qpid JMS 1.11.0 released Robbie Gemmell
2023/10/30 [ANNOUNCE] Apache Qpid JMS 2.5.0 released Robbie Gemmell
2023/10/30 [ANNOUNCE] Apache Camel 3.21.2 (LTS) Released Gregor Zurowski
2023/10/30 [ANNOUNCE] Apache Commons Text 1.11.0 Gary Gregory
2023/10/29 CVE-2023-46215: Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Elad Kalif
2023/10/27 [ANNOUNCE] Apache Camel 4.0.2 (LTS) Release Gregor Zurowski
2023/10/27 CVE-2023-46604: Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack Christopher L. Shannon
2023/10/27 [ANNOUNCE] Apache Commons CLI 1.6.0 Gary Gregory
2023/10/26 [ANNOUNCE] Apache Commons IO 2.15.0 Gary Gregory
2023/10/26 [ANN] Apache ActiveMQ 5.16.7 has been released! Jean-Baptiste Onofré
2023/10/26 [ANN] Apache ActiveMQ 5.17.6 has been released! Jean-Baptiste Onofré
2023/10/26 [ANN] Apache ActiveMQ 5.18.3 has been released! Jean-Baptiste Onofré
2023/10/25 [ANN] Apache Maven 4.0.0-alpha-8 released Guillaume Nodet
2023/10/24 [ANNOUNCE] Apache Pekko (Incubating) gRPC 1.0.1 available PJ Fanning
2023/10/23 CVE-2023-46288: Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set Jarek Potiuk
2023/10/23 [ANNOUNCE] Apache Geronimo TXManager 4.0.0 release fpapon
2023/10/23 [ANNOUNCEMENT] Apache SkyWalking BanyanDB 0.5.0 Released Hongtao Gao
2023/10/23 [ANNOUNCEMENT] Apache SkyWalking Go 0.3.0 Released han liu
2023/10/22 [ANNOUNCE] Apache DS 2.0.0.AM27 released Emmanuel Lecharny
2023/10/22 [ANNOUNCE] Apache Airflow Providers prepared on October 18, 2023 are released Elad Kalif
2023/10/22 [ANNOUNCE] mod_perl-2.0.13 Steve Hay
2023/10/22 [ANNOUNCE] Apache Solr Operator v0.8.0 released Jason Gerlowski
2023/10/22 [ANNOUNCE] Apache Tika 2.9.1 released Tim Allison
2023/10/20 [ANNOUNCE] Apache MINA SSHD 2.11.0 released Guillaume Nodet
2023/10/20 [ANNOUNCE] Apache MINA SSHD 2.9.3 released Guillaume Nodet
2023/10/20 CVE-2023-44483: Apache Santuario: Private Key disclosure in debug-log output Colm O hEigeartaigh
2023/10/19 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST Stefan Eissing
2023/10/19 CVE-2023-31122: Apache HTTP Server: mod_macro buffer over-read Stefan Eissing
2023/10/19 [ANNOUNCEMENT] Apache HTTP Server 2.4.58 Released icing
2023/10/19 CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 Stefan Eissing
2023/10/19 CVE-2023-25753: Server-Side Request Forgery in Apache ShenYu Zhang Yonglun
2023/10/19 CVE-2023-46227: Apache inlong has an Arbitrary File Read Vulnerability Charles Zhang
2023/10/19 [ANNOUNCE] Apache Beam 2.51.0 Released Kenneth Knowles
2023/10/17 [ANNOUNCE] Apache Celeborn(incubating) 0.3.1 available Cheng Pan
2023/10/17 Release Apache Wayang (incubating) 0.71 Alexander Alten
2023/10/17 [ANNOUNCE] Apache XBean 4.24 release fpapon
2023/10/17 [ANNOUNCE] Apache Airflow Providers prepared on October 13, 2023 are released Elad Kalif
2023/10/17 [ANNOUNCE] Release Apache DolphinScheduler 3.2.0 Jay Chung
2023/10/17 [ANNOUNCE] Apache DolphinScheduler Python SDK 4.0.4 Released Jay Chung
2023/10/17 [ANNOUNCE] Apache Wicket 10.0.0-M2 released Andrea Del Bene
2023/10/17 [ANN] Apache TomEE 9.1.1 Richard Zowalla
2023/10/16 [ANN] Apache Tomcat 8.5.95 available Christopher Schultz
2023/10/16 [ANN] Apache Tomcat 10.1.15 available Christopher Schultz
2023/10/16 [ANNOUNCE] Apache Airflow Python Client 2.7.2 Released Ephraim Anierobi
2023/10/16 [ANNOUNCE] Release Apache OpenDAL(incubating) 0.41.0 Suyan
2023/10/16 [ANNOUNCE] Apache Jackrabbit Oak 1.58.0 released Julian Reschke
2023/10/16 [ANNOUNCE] Apache Solr 9.4.0 released Alex Deparvu
2023/10/16 CVE-2023-45757: Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability Wang Weibing
2023/10/16 CVE-2023-43668: Apache InLong: Jdbc Connection Security Bypass in InLong Charles Zhang
2023/10/16 CVE-2023-43666: Apache InLong: General user Unauthorized access User Management Charles Zhang
2023/10/16 CVE-2023-43667: Apache InLong: Log Injection in Global functions Charles Zhang
2023/10/16 [ANNOUNCE] Apache Solr 9.4.0 released Alex Deparvu
2023/10/15 [ANNOUNCE] Apache IoTDB 1.2.2 released Haonan Hou
2023/10/14 [ANN] Apache Tomcat 11.0.0-M13 (alpha) available Mark Thomas
2023/10/14 [ANNOUNCE] Apache bRPC 1.6.1 released Lorin Lee
2023/10/13 CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags Ephraim Anierobi
2023/10/13 Release Apache Wayang (incubating) 0.71 Alexander Alten
2023/10/13 CVE-2023-42792: Apache Airflow: Improper access control to DAG resources Ephraim Anierobi
2023/10/13 CVE-2023-45348: Apache Airflow: Configuration information leakage vulnerability Ephraim Anierobi
2023/10/13 CVE-2023-42780: Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature Ephraim Anierobi
2023/10/13 [ANN] Apache Tomcat 9.0.82 available Rémy Maucherat
2023/10/13 [ANNOUNCE] Apache SIS 1.4 Release Martin Desruisseaux
2023/10/12 [ANNOUNCE] Apache Sedona 1.5.0 released Jia Yu
2023/10/12 [ANNOUNCE] Apache Airflow 2.7.2 Released Ephraim Anierobi
2023/10/12 [Announcement] : Apache LDAP API 2.1.5 Emmanuel Lecharny
2023/10/11 CVE-2023-44981: Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication Andor Molnar
2023/10/11 [ANNOUNCE] Apache Camel 4.1.0 Released Gregor Zurowski
2023/10/11 [ANNOUNCE] Apache Jackrabbit 2.21.20 released Julian Reschke
2023/10/11 [ANNOUNCE] Apache Kafka 3.6.0 Satish Duggana
2023/10/10 Apache Traffic Server 9.2.3 and 8.1.9 are released Bryan Call
2023/10/10 [SECURITY] CVE-2023-42795 Apache Tomcat - information disclosure Mark Thomas
2023/10/10 [SECURITY] CVE-2023-45648 Apache Tomcat - Request Smuggling Mark Thomas
2023/10/10 [SECURITY] CVE-2023-44487 Apache Tomcat - HTTP/2 DoS Mark Thomas
2023/10/10 [SECURITY] CVE-2023-42794 Apache Tomcat - denial of service Mark Thomas
2023/10/10 [ANN] Apache Tomcat 9.0.81 available Rémy Maucherat
2023/10/10 [ANN] Apache Tomcat 11.0.0-M12 (alpha) available Mark Thomas
2023/10/10 [ANN] Apache Tomcat 8.5.94 available Christopher Schultz
2023/10/10 [ANN] Apache Tomcat 10.1.14 available Christopher Schultz
2023/10/10 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.4.0 Christophe Bornet
2023/10/07 [ANNOUNCE] Apache Celix 2.4.0 released Pepijn Noltes
2023/10/07 [ANNOUNCE] Apache Pekko (Incubating) Persistence Cassandra 1.0.0 available PJ Fanning
2023/10/07 [ANNOUNCE] Release Apache Kvrocks 2.6.0 Twice
2023/10/06 [ANNOUNCEMENT] Apache Commons Net 3.10.0 Gary Gregory
2023/10/06 [ANNOUNCE] Apache APISIX 3.6.0 has been released Xin Rong
2023/10/05 [ANN] Apache Maven 3.9.5 released Slawomir Jaranowski
2023/10/05 [ANNOUNCE] Apache HUDI 0.14.0 released Prashant Wason
2023/10/03 [ANNOUNCE] Apache Impala 4.3.0 release Michael Smith
2023/10/03 [ANN] Apache Tomcat Native 1.2.39 released Mark Thomas
2023/10/02 [ANNOUNCE] Apache Airflow Helm Chart version 1.11.0 Released Jedidiah Cunningham
2023/10/02 [ANNOUNCE] Apache Camel 3.20.7 (LTS) Released Gregor Zurowski
2023/10/02 [ANN] Apache Syncope 3.0.5 Francesco Chicchiriccò
2023/10/02 [ANN] Apache Tomcat Native 2.0.6 released Mark Thomas
2023/10/02 [ANNOUNCEMENT] Apache Commons Pool 2.12.0 Phil Steitz
2023/10/02 Apache Any23 is now retired Hervé Boutemy
2023/09/30 [ANNOUNCEMENT] Apache Commons IO 2.14.0 Gary Gregory
2023/09/30 [ANNOUNCE] Apache Arrow nanoarrow 0.3.0 Released Dewey Dunnington
2023/09/30 CVE-2023-39410: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK Ryan Skraba
2023/09/29 [ANNOUNCE] Apache Camel 3.21.1 (LTS) Released Gregor Zurowski
2023/09/29 [ANNOUNCE] Apache POI 5.2.4 released PJ Fanning
2023/09/29 [SECURITY] [CORRECTION] CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Authentication Bypass Christopher Schultz
2023/09/29 [ANNOUNCE] Apache Lucene 9.8.0 released Patrick Zhai
2023/09/28 [ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.5.0 released Jiajing LU
2023/09/26 [ANNOUNCE] Apache Avro 1.11.3 released Ryan Skraba
2023/09/25 [ANNOUNCEMENT] Apache SkyWalking BanyanDB Helm 0.1.0 Released Hongtao Gao
2023/09/25 [ANNOUNCE] Apache Camel 4.0.1 Release Gregor Zurowski
2023/09/25 [ANNOUNCEMENT] HttpComponents Core 5.2.3 GA released Oleg Kalnichevski
2023/09/25 [ANNOUNCE] Apache Kyuubi released 1.7.3 Zhen Wang
2023/09/24 [ANNOUNCE] Apache Arrow ADBC 0.7.0 released David Li
2023/09/22 [ANNOUNCE] Release Apache Hop 2.6.0 Bart Maertens
2023/09/21 [ANN] Apache Karaf OSGi runtime 4.3.10 has been released! Jean-Baptiste Onofré
2023/09/21 [ANNOUNCE] Release Apache OpenDAL(incubating) v0.40.0 Xuanwo
2023/09/20 [ANNOUNCE] Apache Pinot 1.0.0 Released Xiang Fu
2023/09/19 [ANNOUNCE] Apache Pinot 1.0.0 Released Xiang Fu
2023/09/19 [ANNOUNCE] Apache Pinot 1.0.0 release Saurabh Dubey
2023/09/19 [ANNOUNCE] Apache Pinot 1.0.0 release Saurabh Dubey
2023/09/19 [ANNOUNCE] Apache Pinot 1.0.0 release Saurabh Dubey
2023/09/19 [ANNOUNCE] Apache Pinot 1.0.0 release Saurabh Dubey
2023/09/19 [ANNOUNCE] Apache Flink Stateful Functions Release 3.3.0 released Martijn Visser
2023/09/18 [ANNOUNCE] Apache IoTDB 1.2.1 released Haonan Hou
2023/09/18 [ANNOUNCE] Apache Wicket 9.15.0 released Andrea Del Bene
2023/09/18 [ANNOUNCE] Apache Allura 1.15.0 released Dave Brondsema
2023/09/18 [ANNOUNCEMENT] Apache Commons JCS 3.2 Released Thomas Vandahl
2023/09/18 [ANN] Apache Karaf OSGi runtime 4.4.4 has been released! Jean-Baptiste Onofré
2023/09/18 [ANNOUNCE] Apache Kyuubi released 1.7.2 Zhen Wang
2023/09/18 [ANNOUNCE] Apache APISIX Ingress controller v1.7.0 released Jintao Zhang
2023/09/17 [ANNOUNCE] Apache Airflow Providers prepared on September 14, 2023 are released Elad Kalif
2023/09/15 [ANNOUNCEMENT] Apache Commons DbUtils 1.8.1 Gary Gregory
2023/09/15 [ANNOUNCE] Apache Jackrabbit Oak 1.22.17 released Julian Reschke
2023/09/14 [ANNOUNCE] Apache Groovy 4.0.15 Released Paul King
2023/09/14 [ANNOUNCE] Apache Groovy 5.0.0-alpha-2 Released Paul King
2023/09/14 [ANNOUNCE] Apache Airflow Providers prepared on September 12, 2023 are released Elad Kalif
2023/09/14 CVE-2023-41267: Apache HDFS Provider error message suggested installation of incorrect pip package Elad Kalif
2023/09/14 [ANNOUNCE] Apache Arrow Flight SQL adapter for PostgreSQL 0.1.0 released Sutou Kouhei
2023/09/14 CVE-2023-42503: Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file Gary D. Gregory
2023/09/13 [ANN] Apache Struts 6.3.0.1, 6.1.2.2, 2.5.32 Lukasz Lenart
2023/09/13 [ANNOUNCE] Apache Kudu 1.17.0 Released Yingchun Lai
2023/09/13 [SECURITY] CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Information Disclosure Mark Thomas
2023/09/13 [ANNOUNCE] - Establishing ALC Bangalore Chapter Aditya Sharma
2023/09/13 [ANN] Apache Tomcat Connectors 1.2.49 released Mark Thomas
2023/09/12 CVE-2023-40611: Apache Airflow Dag Runs Broken Access Control Vulnerability Ephraim Anierobi
2023/09/12 CVE-2023-40712: Apache Airflow: Secrets can be unmasked in the "Rendered Template" Ephraim Anierobi
2023/09/12 [ANNOUNCE] Apache MINA 2.2.3, 2.1.8 and 2.0.25 released Emmanuel Lecharny
2023/09/12 [ANNOUNCE] Apache Airflow Providers prepared on September 08, 2023 are released Elad Kalif
2023/09/09 [ANNOUNCEMENT] Apache Commons Compress 1.24.0 Gary Gregory
2023/09/09 [ANNOUNCE] Apache SkyWalking License Eyes 0.5.0 is out kezhenxu94
2023/09/08 [ANNOUNCE] Apache Jackrabbit 2.20.12 released Julian Reschke
2023/09/08 [ANNOUNCE] Apache Qpid Broker-J 9.1.0 released Tomas Vavricka
2023/09/08 [ANNOUNCE] Apache Mynewt 1.11.0 and Apache Mynewt NimBLE 1.6.0 released Szymon Janc
2023/09/08 [ANNOUNCE] Apache IoTDB 1.2.0 released Haonan Hou
2023/09/07 [ANNOUNCE] Apache Airflow 2.7.1 Released Ephraim Anierobi
2023/09/06 [ANNOUNCE] Apache Doris 2.0.1 & 1.2.7 release ChenMingyu
2023/09/06 [ANNOUNCE] Apache Fortress 3.0.0 Released Shawn McKinney
2023/09/06 CVE-2023-32672: Apache Superset: SQL parser edge case bypasses data access authorization Daniel Gaspar
2023/09/06 CVE-2023-37941: Apache Superset: Metadata db write access can lead to remote code execution Daniel Gaspar
2023/09/06 CVE-2023-39265: Apache Superset: Possible Unauthorized Registration of SQLite Database Connections Daniel Gaspar
2023/09/06 CVE-2023-39264: Apache Superset: Stack traces enabled by default Daniel Gaspar
2023/09/06 CVE-2023-27526: Apache Superset: Improper Authorization check on import charts Daniel Gaspar
2023/09/06 CVE-2023-27523: Apache Superset: Improper data permission validation on Jinja templated queries Daniel Gaspar
2023/09/06 CVE-2023-36388: Apache Superset: Improper API permission for low privilege users allows for SSRF Daniel Gaspar
2023/09/06 CVE-2023-36387: Apache Superset: Improper API permission for low privilege users Daniel Gaspar
2023/09/06 [ANNOUNCE] Apache Pekko (Incubating) CONNECTORS 1.0.0 available Matthew de Detrich
2023/09/06 [ANNOUNCE] Apache Pekko (Incubating) Persistence JDBC 1.0.0 available PJ Fanning
2023/09/05 CVE-2023-40743: Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Arnout Engelen
2023/09/05 [ANN] Apache Struts 6.3.0 Lukasz Lenart
2023/09/05 [ANNOUNCEMENT] Apache Commons DBCP 2.10.0 Gary Gregory
2023/09/05 [ANNOUNCE] Apache SkyWalking 9.6.0 released Sheng Wu
2023/09/03 [ANNOUNCE] Apache NiFi MiNiFi C++ 0.15.0 release Martin Zink
2023/09/02 CVE-2023-41180: Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++ Marton Szasz
2023/09/02 [ANNOUNCE] Apache Jackrabbit Oak 1.56.0 released Julian Reschke
2023/09/02 [ANNOUNCE] Apache Airflow Providers prepared on August 29, 2023 are released Elad Kalif
2023/09/02 [ANNOUNCE] Apache APISIX 3.5.0 has been released Xin Rong