announce

Messages by Date

2023/03/31 [ANNOUNCE] Apache Groovy 2.5.22 Released Paul King
2023/03/30 CVE-2023-28935: Apache UIMA DUCC: DUCC (EOL) allows RCE Arnout Engelen
2023/03/29 [ANNOUNCE] Apache Camel 3.20.3 (LTS) Released Gregor Zurowski
2023/03/29 [ANNOUNCEMENT] Apache Commons Configuration 2.9.0 Gary Gregory
2023/03/29 n/a: CVE-2023-28158: Apache Archiva privilege escalation Olivier Lamy
2023/03/28 CVE-2023-28326: Apache OpenMeetings: allows user impersonation Maxim Solodovnik
2023/03/28 [ANNOUNCE] Apache DolphinScheduler SDK Python 4.0.2 Released Jay Chung
2023/03/27 [ANNOUNCE] Apache Solr 9.2.0 released Houston Putman
2023/03/27 CVE-2023-25196: Apache Fineract: SQL injection vulnerability James Dailey
2023/03/27 CVE-2023-25197: apache fineract: SQL injection vulnerability in certain procedure calls James Dailey
2023/03/27 CVE-2023-25195: Apache Fineract: SSRF template type vulnerability in certain authenticated users James Dailey
2023/03/27 CVE-2023-27296: Apache InLong: JDBC Deserialization Vulnerability in InLong Charles Zhang
2023/03/26 [ANN] Apache Causeway version 2.0.0-RC1 Released Dan Haywood
2023/03/26 [ANN] Apache ActiveMQ 5.18.0 has been released! Jean-Baptiste Onofré
2023/03/26 CVE-2022-38745: Apache OpenOffice: Empty entry in Java class path Marcus Lange
2023/03/26 CVE-2022-47502: Apache OpenOffice: Macro URL arbitrary script execution Marcus Lange
2023/03/24 [ANNOUNCE] Apache Fineract 1.8.4 Release Aleksandar Vidakovic
2023/03/24 [ANNOUNCE] Apache Fineract 1.7.3 Release Aleksandar Vidakovic
2023/03/23 [ANNOUNCE] Apache Jackrabbit Oak 1.50.0 released Julian Reschke
2023/03/23 [ANNOUNCEMENT] Apache Commons Compress 1.23.0 Gary Gregory
2023/03/22 [SECURITY] CVE-2023-28708 Apache Tomcat - Information Disclosure Mark Thomas
2023/03/21 [ANNOUNCE] Apache Arrow ADBC 0.3.0 Released David Li
2023/03/21 [ANN] Apache Archiva 2.2.10 Olivier Lamy
2023/03/20 CVE-2023-26513: Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS Radu Cotescu
2023/03/20 [ANNOUNCE] Apache Sedona 1.4.0 released Jia Yu
2023/03/16 [ANNOUNCE] Apache SystemDS 3.1.0 Released Janardhan
2023/03/16 [ANNOUNCE] Apache SystemDS 3.0.0 has been Released Janardhan
2023/03/15 [ANNOUNCE] Apache Pulsar Client Python 3.1.0 released Yunze Xu
2023/03/15 CVE-2023-25695: Information disclosure in Apache Airflow Jarek Potiuk
2023/03/15 [ANNOUNCE] Apache Airflow 2.5.2 Released Pierre Jeambrun
2023/03/14 [ANNOUNCE] Apache Calcite 1.34.0 released Stamatis Zampetakis
2023/03/12 [ANNOUNCE] Apache SkyWalking 9.4.0 released Sheng Wu
2023/03/12 [ANNOUNCE] Apache Groovy 4.0.10 Released Paul King
2023/03/12 [ANNOUNCE] Apache Groovy 3.0.16 Released Paul King
2023/03/10 [ANNOUNCE] Airflow Providers prepared on March 07, 2023 are released Elad Kalif
2023/03/10 [ANNOUNCE] Apache Jackrabbit 2.20.9 released Julian Reschke
2023/03/10 [ANNOUNCE] Apache Camel 4.0.0-M2 Released Gregor Zurowski
2023/03/10 CVE-2023-26464: Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender Arnout Engelen
2023/03/10 [ANNOUNCE] Apache APISIX 3.2.0 has been released Zexuan Luo
2023/03/10 [ANN] Apache Struts 6.1.2 Lukasz Lenart
2023/03/10 [ANNOUNCE] Apache APISIX 2.15.3 has been released Zexuan Luo
2023/03/09 [ANNOUNCE] Apache Arrow nanoarrow 0.1.0 Released Dewey Dunnington
2023/03/09 [ANNOUNCE] Apache Pulsar Adapters 2.11.0 released Christophe Bornet
2023/03/08 CVE-2023-23638: Apache Dubbo Deserialization Vulnerability Gadgets Bypass Albumen Kevin
2023/03/07 CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting Eric Covener
2023/03/07 CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy Eric Covener
2023/03/07 [ANNOUNCEMENT] Apache HTTP Server 2.4.56 Released covener
2023/03/06 [ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.3.1 released Hongtao Gao
2023/03/06 [ANNOUNCE] Airflow Providers prepared on March 03, 2023 released Elad Kalif
2023/03/06 [ANNOUNCE] Apache UIMA Java SDK JSON CAS I/O v0.5.0 released Richard Eckart de Castilho
2023/03/06 [ANN] Apache Tomcat 11.0.0-M4 (alpha) available Mark Thomas
2023/03/06 [ANNOUNCE] Apache Qpid Proton-J 0.34.1 released Robbie Gemmell
2023/03/06 [ANNOUNCE] Apache Pulsar Node.js client 1.8.1 released Baodi Shi
2023/03/05 [ANN] Apache Tomcat 10.1.7 available Christopher Schultz
2023/03/05 [ANN] Apache Tomcat 8.5.87 available Christopher Schultz
2023/03/05 [ANNOUNCE] Apache NLPCraft 1.0.0 (incubating) released Sergey Kamov
2023/03/05 Apache NLPCraft 1.0.0 (incubating) released Sergey Kamov
2023/03/03 [ANN] Apache Tomcat 9.0.73 available Rémy Maucherat
2023/03/01 [ANNOUNCE] Apache Celeborn(incubating) 0.2.0 available Ethan Feng
2023/02/28 [ANNOUNCE] Apache NetBeans 17 released Geertjan Wielenga
2023/02/27 [ANNOUNCE] Apache OpenOffice 4.1.14 released Carl Marcum
2023/02/27 [ANNOUNCE] OpenNLP 2.1.1 released Jeff Zemerick
2023/02/27 [ANNOUNCEMENT] Apache Juneau 9.0.0 Released James Bognar
2023/02/27 [ANNOUNCEMENT] Apache SkyWalking BanyanDB 0.3.1 Released Hongtao Gao
2023/02/27 Apache jUDDI is now retired Hervé Boutemy
2023/02/27 [ANN] Apache ActivveMQ "Classic" 5.17.4 has been released! Jean-Baptiste Onofré
2023/02/27 [ANN] Apache Karaf Decanter 2.10.0 has been released! Jean-Baptiste Onofré
2023/02/27 [ANNOUNCE] Apache DolphinScheduler SDK Python 4.0.1 Released Jay Chung
2023/02/24 [ANN] Apache Tomcat 10.1.6 available Christopher Schultz
2023/02/24 [ANN] Apache Tomcat 8.5.86 available Christopher Schultz
2023/02/24 [ANNOUNCE] Apache UIMA Ruta v3.3.0 released Richard Eckart de Castilho
2023/02/24 [ANNOUNCE] Apache UIMA Java SDK version 3.4.1 released Richard Eckart de Castilho
2023/02/23 CVE-2023-25956: Apache Airflow AWS Provider: Arbitrary file read via AWS provider Jarek Potiuk
2023/02/23 CVE-2023-25696: Apache Airflow Hive Provider Beeline RCE Jarek Potiuk
2023/02/23 CVE-2023-25693: Sqoop Apache Airflow Provider Remote Code Execution Vulnerability Jarek Potiuk
2023/02/23 CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service Jarek Potiuk
2023/02/23 Re: CVE-2023-25691: Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution Jarek Potiuk
2023/02/23 CVE-2023-25691: Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution Jarek Potiuk
2023/02/23 [ANNOUNCE] Apache HugeGraph(incubating) 1.0.0 available Imba Jin
2023/02/23 [ANN] Apache Tomcat 11.0.0-M3 (alpha) available Mark Thomas
2023/02/23 [ANN] Apache Tomcat 9.0.72 available Rémy Maucherat
2023/02/23 CVE-2023-25621: Apache Sling does not allow to handle i18n content in a secure way Carsten Ziegeler
2023/02/23 [ANNOUNCE] Apache IoTDB 0.13.4 released 刘旭鑫
2023/02/22 [ANNOUNCE] Apache Kvrocks(incubating) 2.3.0 Released Pengbo Cai
2023/02/22 [ANNOUNCE] Apache Log4j 2.20.0 released Ralph Goers
2023/02/22 [ANN] Apache ActiveMQ 5.16.6 has been released! Jean-Baptiste Onofré
2023/02/22 [ANNOUNCE] Apache IoTDB 1.0.1 released Gaofei Cao
2023/02/22 [ANNOUNCE] Airflow Providers prepared on February 18, 2023 are ready Elad Kalif
2023/02/20 [SECURITY] CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Mark Thomas
2023/02/20 [SECURITY] CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Mark Thomas
2023/02/20 [SECURITY] CVE-2023-24998 Apache Commons FileUpload - DoS with excessive parts Mark Thomas
2023/02/20 [ANN] Apache Syncope 3.0.2 Francesco Chicchiriccò
2023/02/20 CVE-2023-25613: LDAP Injection Vulnerability in Apache Kerby Colm O hEigeartaigh
2023/02/20 [ANNOUNCE] Apache BookKeeper 4.14.7 released Hang Chen
2023/02/19 [ANNOUNCE] Apache Guacamole 1.5.0 Michael Jumper
2023/02/17 [ANNOUNCE] MyFaces Core v4.0.0-RC5 Release Volodymyr Siedlecki
2023/02/17 [ANNOUNCE] Apache Doris 1.2.2 release ChenMingyu
2023/02/17 [ANNOUNCE] Apache Pulsar Client C++ 3.1.2 released Yunze Xu
2023/02/15 [ANNOUNCE] Apache Arrow ADBC 0.2.0 Released David Li
2023/02/15 CVE-2022-42735: Apache ShenYu Admin ultra vires Zhang Yonglun
2023/02/14 CVE-2023-25141: JNDI injection into Apache sling-org-apache-sling-jcr-base Angela Schreiber
2023/02/14 [ANNOUNCE] Apache OpenMeetings 7.0.0 is released Maxim Solodovnik
2023/02/14 [ANN] Apache Tomcat Native 2.0.3 released Mark Thomas
2023/02/14 [ANN] Apache Tomcat Native 1.2.36 released Mark Thomas
2023/02/13 [ANNOUNCE] Apache Commons FIleUpload 1.5 Released Mark Thomas
2023/02/13 [ANNOUNCE] Apache Airflow Providers prepared on February 08, 2023 released Elad Kalif
2023/02/13 [ANNOUNCE] Apache Jackrabbit 2.21.15 released Julian Reschke
2023/02/13 [ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.3.0 released Jiajing LU
2023/02/10 CVE-2023-22832: Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes David Handermann
2023/02/10 [ANNOUNCE] Apache NiFi 1.20.0 release. Joe Witt
2023/02/09 [ANNOUNCE] Apache Groovy 4.0.9 Released Paul King
2023/02/09 [ANNOUNCE] Apache Groovy 3.0.15 Released Paul King
2023/02/08 [ANNOUNCE] Apache UIMA uimaFIT version 3.4.0 released Richard Eckart de Castilho
2023/02/08 [ANNOUNCE] Apache APISIX 2.15.2 has been released Zexuan Luo
2023/02/07 CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect Manikumar
2023/02/07 [ANNOUNCE] Apache Kafka 3.4.0 David Arthur
2023/02/07 [ANNOUNCE] Apache bRPC 1.4.0 Released Xiaofeng
2023/02/07 [ANNOUNCE] Apache Camel 3.20.2 (LTS) Released Gregor Zurowski
2023/02/07 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.2.0 Christophe Bornet
2023/02/07 [ANNOUNCE] Apache YuniKorn v1.2.0 released Wilfred Spiegelenburg
2023/02/06 [ANNOUNCE] Apache Airflow Helm Chart version 1.8.0 Released Jedidiah Cunningham
2023/02/06 ANNOUNCE] Apache Tika 2.7.0 released Tim Allison
2023/02/06 [ANNOUNCE] Release Apache Hop 2.3.0 Bart Maertens
2023/02/06 [ANNOUNCE] Apache HBase 2.5.3 is now available for download Tak Lon (Stephen) Wu
2023/02/06 [ANNOUNCE] Apache HBase 2.4.16 is now available for download Duo Zhang
2023/02/06 [ANNOUNCE] Apache Camel 4.0.0-M1 Released Gregor Zurowski
2023/02/06 [ANNOUNCE] Apache ShenYu 2.5.1 available Liu Liang
2023/02/06 CVE-2023-22849: Apache Sling App CMS: XSS in CMS Reference / UI Components Dan Klco
2023/02/06 CVE-2022-45786: Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection John Gemignani
2023/02/02 [ANNOUCEMENT] Apache Commons CSV 1.10.0 Gary Gregory
2023/02/02 [ANNOUNCE] Apache Arrow 11.0.0 released Raúl Cumplido
2023/02/02 [ANNOUNCE] Apache UIMA Java SDK version 3.4.0 released Richard Eckart de Castilho
2023/02/02 [ANNOUNCEMENT] Apache Portable Runtime Utility 1.6.3 Released covener
2023/02/02 [ANNOUNCEMENT] Apache Portable Runtime 1.7.2 Released covener
2023/02/01 [ANNOUNCE] Apache Flink 1.16.1 released Martijn Visser
2023/02/01 CVE-2023-24997: Apache InLong: Jdbc Connection Security Bypass in InLong Charles Zhang
2023/02/01 CVE-2023-24977: Apache InLong: Jdbc Connection causes arbitrary file reading in InLong Charles Zhang
2023/01/31 CVE-2022-28331: Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function Eric Covener
2023/01/31 CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds writes in the apr_base64 family of functions Eric Covener
2023/01/31 CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions Eric Covener
2023/01/31 [ANNOUNCEMENT] Apache Portable Runtime Utility 1.6.2 Released covener
2023/01/31 [ANNOUNCEMENT] Apache Portable Runtime 1.7.1 Released covener
2023/01/31 CVE-2022-44645: Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability Heping Wang
2023/01/31 CVE-2022-44644: Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability Heping Wang
2023/01/31 [ANNOUNCE] Apache APISIX Ingress controller v1.6.0 released Jintao Zhang
2023/01/30 [ANNOUNCE] Apache Lucene 9.5.0 released Luca Cavanna
2023/01/30 CVE-2023-24830: Apache IoTDB: apache/iotdb-web-workbench: create a user without authorization Jialin Qiao
2023/01/30 CVE-2023-24829: Apache IoTDB: apache/iotdb-web-workbench: forge the JWTToken to access workbench Jialin Qiao
2023/01/30 [ANNOUNCE] MyFaces Core v4.0.0-RC4 Release Volodymyr Siedlecki
2023/01/30 [ANNOUNCE] Apache ZooKeeper 3.8.1 released Enrico Olivelli
2023/01/30 [ANNOUNCE] Apache EventMesh (incubating) 1.8.0 available walterzywei
2023/01/30 [ANNOUNCE] Apache Jackrabbit Oak 1.48.0 released Julian Reschke
2023/01/26 [ANNOUNCE] Airflow Providers prepared on January 23, 2023 are ready Elad Kalif
2023/01/26 [ANNOUNCE] Apache DataFu-Spark 1.7.0 Released Eyal Allweil
2023/01/25 [ANNOUNCE] Apache Pinot 0.12.0 released Xiang Fu
2023/01/25 [ANNOUNCE] Apache Solr 9.1.1 released Michael Gibney
2023/01/25 [ANNOUNCE] Apache Camel 3.18.5 (LTS) Released Gregor Zurowski
2023/01/23 [ANNOUNCE] Apache Traffic Server v9.2.0 is Released! Leif Hedstrom
2023/01/23 [ANN] Apache Tomcat 10.1.5 available Mark Thomas
2023/01/23 Re: CVE-2023-22884: Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow Jarek Potiuk
2023/01/23 [ANNOUCEMENT] Apache Commons Crypto 1.2.0 Gary Gregory
2023/01/22 [ANNOUNCE] Apache Groovy 4.0.8 Released Paul King
2023/01/22 [ANNOUNCE] Apache Groovy 2.5.21 Released Paul King
2023/01/22 [ANN] Apache Tomcat 8.5.85 available [CORRECTION] Christopher Schultz
2023/01/22 CVE-2023-22884: Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow Jarek Potiuk
2023/01/22 [ANNOUNCE] Apache SDAP (incubating) 1.0.0 Released Riley Kuttruff
2023/01/20 [ANNOUNCE] Apache Fineract 1.8.3 Release Aleksandar Vidakovic
2023/01/20 [ANNOUNCE] Apache Airflow 2.5.1 Released Pierre Jeambrun
2023/01/20 [ANN] Apache TomEE 8.0.14 Richard Zowalla
2023/01/20 [ANNOUNCE] Apache Jackrabbit 2.21.14 released Julian Reschke
2023/01/20 [ANNOUNCE] Apache Calcite Avatica 1.23.0 Released Julian Hyde
2023/01/19 [ANN] Apache Tomcat 8.5.84 available Christopher Schultz
2023/01/18 [ANNOUNCE] Apache StreamPipes 0.90.0 Dominik Riemer
2023/01/17 [ANNOUNCE] Airflow Providers released on January 14, 2023 are ready Elad Kalif
2023/01/17 CVE-2022-37436: Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting Eric Covener
2023/01/17 CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp Possible request smuggling Eric Covener
2023/01/17 CVE-2006-20001: Apache HTTP Server: mod_dav out of bounds read, or write of zero byte Eric Covener
2023/01/17 [ANNOUNCEMENT] Apache HTTP Server 2.4.55 Released covener
2023/01/16 CVE-2022-41703: Apache Superset: SQL injection vulnerability in adhoc clauses Daniel Gaspar
2023/01/16 CVE-2022-45438: Apache Superset: Dashboard metadata information leak Daniel Gaspar
2023/01/16 CVE-2022-43721: Apache Superset: Open Redirect Vulnerability Daniel Gaspar
2023/01/16 CVE-2022-43720: Apache Superset: Improper rendering of user input Daniel Gaspar
2023/01/16 CVE-2022-43719: Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API Daniel Gaspar
2023/01/16 CVE-2022-43718: Apache Superset: Cross-Site Scripting vulnerability on upload forms Daniel Gaspar
2023/01/16 CVE-2022-43717: Apache Superset: Cross-Site Scripting on dashboards Daniel Gaspar
2023/01/16 [ANN] Apache Syncope 3.0.1 Francesco Chicchiriccò
2023/01/15 [ANNOUNCE] Apache FreeMarker 2.3.32 is released Daniel Dekany
2023/01/15 [ANN] Apache Karaf OSGi runtime 4.3.9 has been released! Jean-Baptiste Onofré
2023/01/13 [ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M12 released Timothy Bish
2023/01/13 [ANN] Apache Karaf OSGi Runtime 4.4.3 has been released! Jean-Baptiste Onofré
2023/01/13 [ANNOUNCE] Apache Qpid JMS 2.2.0 released Robbie Gemmell
2023/01/13 [ANNOUNCE] Apache Qpid JMS 1.8.0 released Robbie Gemmell
2023/01/13 CVE-2023-22602: Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request Brian Demers
2023/01/13 [ANNOUNCE] Apache Pulsar 2.11.0 released guo jiwei
2023/01/13 [ANN] Apache Tomcat 9.0.71 available Rémy Maucherat
2023/01/12 [ANNOUNCEMENT] HttpComponents Core 5.2.1 GA released Oleg Kalnichevski
2023/01/11 [ANNOUNCE] Apache CouchDB 3.3.1 released Jan Lehnardt
2023/01/11 [ANNOUNCE] Apache Jackrabbit FileVault 3.6.8 released Julian Reschke
2023/01/11 [ANNOUNCE] Apache ShardingSphere on Cloud 0.1.2 available Hongsheng Zhong
2023/01/10 [ANNOUNCE] Apache Arrow ADBC 0.1.0 Released David Li