announce

Messages by Date

2025/10/18 CVE-2024-44088: Apache Geode: Reflected XSS William Hodges
2025/10/18 [ANNOUNCE] Apache UIMA Ruta v3.5.1 released Richard Eckart de Castilho
2025/10/18 [ANNOUNCE] Apache Airflow Providers prepared on September 28, 2025 are released Elad Kalif
2025/10/18 [ANN] Apache ActiveMQ Classic 5.19.1 has been released! Jean-Baptiste Onofré
2025/10/18 [ANNOUNCE] Apache Daffodil 4.0.0 Released Steve Lawrence
2025/10/18 [ANNOUNCE] Apache Pulsar Go Client 0.17.0 released Zike Yang
2025/10/18 CVE-2025-62228: Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers Leonard Xu
2025/10/18 [ANNOUNCE] Apache NiFi API 2.4.0 Released David Handermann
2025/10/18 CVE-2025-61622: Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory Chaokun Yang
2025/10/18 [ANNOUNCE] Apache Pekko (Core) 1.2.1 released PJ Fanning
2025/10/18 [ANNOUNCE] Apache Kafka 4.0.1 Christo Lolov
2025/10/18 [ANN] Apache Tomcat 9.0.111 available Rémy Maucherat
2025/10/18 [ANN] Apache Struts 6.8.0 Lukasz Lenart
2025/10/18 [ANN] Apache Tomcat 10.1.47 Available Christopher Schultz
2025/10/18 CVE-2025-61733: Apache Kylin: Authentication bypass Li Yang
2025/10/18 [ANNOUNCE] Apache Lucene 9.12.3 released Ankit Jain
2025/10/18 [ANNOUNCE] Apache Grails - Gradle Plugin - Grails Publish 0.0.2 Mattias Reichel
2025/10/18 Re: CVE-2025-61622: Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory Shawn Yang
2025/10/18 [ANNOUNCE] Apache Camel 4.15.0 Released Gregor Zurowski
2025/10/18 [ANN] Apache Struts 7.1.1 Lukasz Lenart
2025/10/18 [ANNOUNCE] Apache Groovy 4.0.29 Released Paul King
2025/10/18 [ANNOUNCE] Apache Groovy 5.0.2 Released Paul King
2025/10/18 [ANNOUNCE] Release Apache Kvrocks Controller 1.2.0 hulk
2025/10/18 [ANNOUNCEMENT] HttpComponents Client 5.5.1 GA Released Oleg Kalnichevski
2025/10/18 [ANNOUNCE] Apache Airflow Providers prepared on September 25, 2025 are released Elad Kalif
2025/10/18 CVE-2025-54539: Apache ActiveMQ NMS AMQP Client: Deserialization of Untrusted Data Krzysztof Porębski
2025/10/18 [ANNOUNCE] Apache Flink Agents 0.1.0 released Xuannan Su
2025/10/18 [ANNOUNCE] Apache Airflow Providers prepared on October 01, 2025 are released Elad Kalif
2025/10/18 [ANNOUNCE] Apache NiFi MiNiFi C++ 0.99.2 release Gábor Gyimesi
2025/10/18 [ANNOUNCE] Apache APISIX 3.14.0 has been released Ashish Tiwari
2025/10/18 [ANNOUNCE] Apache Grails GitHub Actions 1.0.1 Mattias Reichel
2025/10/18 [ANNOUNCE] Apache James 3.9.0 released [email protected]
2025/10/18 [ANN] Apache Tomcat 11.0.13 Available Mark Thomas
2025/10/17 CVE-2025-61734: Apache Kylin: improper restriction of file read Li Yang
2025/10/17 [ANN] Apache Tomcat 9.0.110 available Rémy Maucherat
2025/10/17 [ANNOUNCE] Apache APISIX 3.14.1 has been released Ashish Tiwari
2025/10/17 [ANNOUNCEMENT] HttpComponents Core 5.4-alpha1 released Oleg Kalnichevski
2025/10/17 [ANNOUNCE] Apache Airflow Providers prepared on October 04, 2025 are released Elad Kalif
2025/10/17 Apache Mesos is now retired Niall Pemberton
2025/10/17 CVE-2025-58457: Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands Damien Diederen
2025/10/17 [ANNOUNCE] Apache Pulsar 3.3.9 released Lari Hotari
2025/10/17 CVE-2025-61581: Apache Traffic Control: ReDoS issue in Traffic Router configuration Arnout Engelen
2025/10/17 [ANNOUNCE] Apache Creadur RAT 0.17 P. Ottlinger
2025/10/17 [ANNOUNCE] Apache Iceberg Go Release v0.4.0 Matt Topol
2025/10/17 [ANNOUNCE] Apache SIS 1.5 Release Alexis Manin
2025/10/17 CVE-2025-47410: Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system William Hodges
2025/10/17 [ANNOUNCE] Apache PDFBox 3.0.6 released Andreas Lehmkühler
2025/10/14 CVE-2025-55039: Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks Holden Karau
2025/10/13 [ANN] Apache Tomcat 10.1.48 Available Christopher Schultz
2025/10/13 [ANNOUNCE] Apache Qpid Broker-J 10.0.0 released Tomas Vavricka
2025/10/12 [ANNOUNCE] Apache OpenNLP 2.5.6 released Martin Wiesner
2025/10/04 [ANNOUNCE] Apache Jackrabbit Oak 1.22.23 released Julian Reschke
2025/10/02 [ANNOUNCE] Apache PDFBox 2.0.35 released Andreas Lehmkühler
2025/10/02 [ANNOUNCE] Apache Camel 4.14.1 (LTS) Released Gregor Zurowski
2025/10/02 [ANNOUNCE] Apache Calcite Avatica 1.27.0 Released Francis Chuang
2025/10/02 [ANNOUNCE] Apache Pulsar Helm Chart version 4.3.0 Released Lari Hotari
2025/10/01 [ANNOUNCE] Apache UIMA Java SDK version 3.6.1 released Richard Eckart de Castilho
2025/10/01 [ANNOUNCE] Apache Pinot 1.4.0 released Qiaochu Liu
2025/09/27 [ANNOUNCE] Apache Pulsar 3.0.14 released Lari Hotari
2025/09/27 [ANNOUNCE] Apache Pulsar 4.1.1 released Lari Hotari
2025/09/27 [ANNOUNCE] Apache Pulsar 4.0.7 released Lari Hotari
2025/09/25 CVE-2025-54831: Apache Airflow: Connection sensitive details exposed to users with READ permissions Kaxil Naik
2025/09/24 [ANNOUNCE] Apache Camel 4.10.7 (LTS) Released Gregor Zurowski
2025/09/24 [ANNOUNCE] Apache Jackrabbit Oak 1.86.0 Julian Reschke
2025/09/23 CVE-2025-48392: Apache IoTDB: DoS Vulnerability Haonan Hou
2025/09/23 CVE-2025-48459: Apache IoTDB: Deserialization of untrusted Data Haonan Hou
2025/09/23 Apache Beam 2.68.0 Released! Vitalii Terentev
2025/09/23 [ANNOUNCEMENT] HttpComponents Core 5.3.6 GA released Oleg Kalnichevski
2025/09/22 [ANNOUNCE] Apache Airflow Providers prepared on September 18, 2025 are released Elad Kalif
2025/09/21 [ANNOUNCE] Apache NiFi 2.6.0 Released Pierre Villard
2025/09/21 [ANNOUNCE] Apache StormCrawler 3.5.0 released Richard Zowalla
2025/09/20 [ANNOUNCE] Release Apache Iceberg C++ 0.1.0 Gang Wu
2025/09/20 [ANNOUNCE] Apache Pekko Connectors 1.2.0 released PJ Fanning
2025/09/20 [ANNOUNCE] Apache TomEE 10.1.2 Markus Jung
2025/09/19 [ANNOUNCE] Apache Camel 4.8.9 (LTS) Released Gregor Zurowski
2025/09/19 [ANNOUNCE] Apache Polaris 1.1.0-incubating has been released! Jean-Baptiste Onofré
2025/09/19 [ANNOUNCE] Apache Arrow .NET 22.0.1 released Sutou Kouhei
2025/09/18 CVE-2025-29847: Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass Chen Xia
2025/09/18 CVE-2025-59355: Apache Linkis: Password Exposure Chen Xia
2025/09/17 [ANNOUNCE] Apache OpenMeetings 8.1.0 is released Maxim Solodovnik
2025/09/17 [ANNOUNCE] Apache Qpid JMS 2.9.0 released Robbie Gemmell
2025/09/17 [ANNOUNCE] Apache Qpid JMS 1.15.0 released Robbie Gemmell
2025/09/17 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.3.2 released David Jensen
2025/09/15 [ANNOUNCE] Apache Pig 0.18.0 released Rohini Palaniswamy
2025/09/15 Re: CVE-2025-59328: Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data Shawn Yang
2025/09/15 [ANNOUNCE] Apache Tika 3.2.3 released Tim Allison
2025/09/14 CVE-2025-59328: Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data Chaokun Yang
2025/09/13 [ANNOUNCE] Apache Karaf Cellar 4.4.8 has been released! Jean-Baptiste Onofré
2025/09/13 [ANNOUNCE] Apache Sedona 1.8.0 released Jia Yu
2025/09/13 [ANNOUNCE] Apache Grails (incubating) Redis Plugin 5.0.0-RC2 James Daugherty
2025/09/12 [ANNOUNCE] Apache Arrow ADBC 20 Released David Li
2025/09/12 [ANNOUNCE] Apache Arrow .NET 22.0.0 released Sutou Kouhei
2025/09/12 [ANNOUNCE] Apache Teaclave™ TrustZone SDK 0.6.0 Released Yuan Zhuang
2025/09/12 [ANN] Apache Tomcat 10.1.46 Available Christopher Schultz
2025/09/12 [ANNOUNCE] Apache IoTDB 1.3.5 released Haonan Hou
2025/09/12 [ANNOUNCE] Apache Grails (incubating) Spring Security Plugin 7.0.0-RC2 James Daugherty
2025/09/12 [ANNOUNCE] Apache Grails (incubating) Quartz Plugin 4.0.0-RC2 James Daugherty
2025/09/12 [ANNOUNCE] Apache Grails (incubating) 7.0.0-RC2 James Daugherty
2025/09/12 [ANNOUNCE] Apache Grails (incubating) - Gradle Plugin - Grails Publish 0.0.1 James Daugherty
2025/09/12 [ANNOUNCE] Apache Grails (incubating) GitHub Actions 1.0.0 James Daugherty
2025/09/11 [ANNOUNCE] Apache Groovy 5.0.1 Released Paul King
2025/09/10 [ANNOUNCE] Apache Pekko Persistence R2DBC 1.1.0 released PJ Fanning
2025/09/09 [ANN] Apache Tomcat 10.1.45 Available (with IMPORTANT NOTE) Christopher Schultz
2025/09/09 [ANNOUNCE] Release Apache Fory 0.12.2 Shawn Yang
2025/09/09 [ANNOUNCE] Apache Airflow Providers prepared on September 05, 2025 are released Elad Kalif
2025/09/08 [ANNOUNCE] Apache Pulsar 4.1.0 released Cong Zhao
2025/09/08 [ANNOUNCE] Apache TsFile 1.1.2 released Haonan Hou
2025/09/07 [ANNOUNCE] Apache Bigtop 3.5.0 released Masatake Iwasaki
2025/09/07 [ANN] Apache Tomcat 9.0.109 available Rémy Maucherat
2025/09/06 [ANNOUNCE] Apache MINA SSHD 3.0.0-M1 released Thomas Wolf
2025/09/05 CVE-2025-48208: Apache HertzBeat (incubating): Jmx JNDI injection vulnerability Chao Gong
2025/09/05 CVE-2025-24404: Apache HertzBeat (incubating): RCE by parse http sitemap xml response Chao Gong
2025/09/05 CVE-2025-58782: Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory Marcel Reutegger
2025/09/05 [ANN] Apache Tomcat 11.0.11 Available Mark Thomas
2025/09/04 CVE-2025-30001: Apache StreamPark: Authenticated users can trigger remote command execution Huajie Wang
2025/09/04 [ANNOUNCE] Apache Kafka 4.1.0 Mickael Maison
2025/09/03 [ANNOUNCE] Apache Parquet Java 1.16.0 Gang Wu
2025/09/03 [ANNOUNCE] Apache Pekko (Core) 1.2.0 released PJ Fanning
2025/09/03 [ANNOUNCE] Release Apache Fory 0.12.1 Shawn Yang
2025/09/02 CVE-2024-43166: Apache DolphinScheduler: CWE-276 Incorrect Default Permissions Lidong Dai
2025/09/02 CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack Lidong Dai
2025/09/02 [ANNOUNCE] Apache APISIX Ingress controller v2.0.0-rc4 released Xin Rong
2025/09/02 [ANNOUNCEMENT] HttpComponents Core 5.3.5 GA released Oleg Kalnichevski
2025/09/02 [ANNOUNCE] Apache CloudStack CloudMonkey v6.5.0 Abhishek Kumar
2025/08/30 [ANNOUNCE] Apache SpamAssassin 4.0.2 available Giovanni Bechis
2025/08/30 [ANNOUNCE] Apache Qpid protonj2 1.0.0 released Timothy Bish
2025/08/25 [ANNOUNCE] Apache Qpid JMS 1.14.0 released Robbie Gemmell
2025/08/25 [ANNOUNCE] Apache Qpid JMS 2.8.0 released Robbie Gemmell
2025/08/25 [ANNOUNCE] Apache Cloudberry (Incubating) 2.0.0 Released Ed Espino
2025/08/24 [ANNOUNCE] Apache Groovy 5.0.0 Released! Paul King
2025/08/24 [ANNOUNCE] Apache NiFi API 2.3.0 Released Pierre Villard
2025/08/23 Apache MINA SSHD 2.16.0 released Thomas Wolf
2025/08/23 [ANNOUNCE] Apache MINA SSHD 2.16.0 released Thomas Wolf
2025/08/22 [ANNOUNCE] Apache log4net 3.2.0 released Jan Friedrich
2025/08/22 CVE-2025-54813: Apache Log4cxx: Improper escaping with JSONLayout Piotr Karwasz
2025/08/22 CVE-2025-54812: Apache Log4cxx: Improper HTML escaping in HTMLLayout Piotr Karwasz
2025/08/22 CVE-2024-48988: Apache StreamPark: SQL injection vulnerability Huajie Wang
2025/08/22 [ANNOUNCE] Apache flink-connector-kafka 4.0.1 release Fabian Paul
2025/08/22 [ANNOUNCE] Apache NetBeans 27 Released Neil C Smith
2025/08/21 [ANNOUNCE] Apache IoTDB 2.0.5 released Haonan Hou
2025/08/20 Re: [ANNOUNCE] Apache Accumulo 2.1.4 Christopher
2025/08/20 [ANNOUNCE] Apache Accumulo 2.1.4 Christopher
2025/08/20 CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison
2025/08/20 [ANNOUNCE] Apache Polaris (incubating) 1.0.1-incubating has been released! Jean-Baptiste Onofré
2025/08/20 [ANNOUNCE] Apache Camel 4.14.0 (LTS) Released Gregor Zurowski
2025/08/19 [ANNOUNCE] Apache Karaf runtime 4.4.8 has been released! Jean-Baptiste Onofré
2025/08/19 [ANNOUNCE] Apache TomEE 10.1.1 Markus Jung
2025/08/19 Re: CVE-2024-39954: Apache EventMesh Runtime: SSRF Eason Chen
2025/08/18 CVE-2025-53192: Apache Commons OGNL: Expression Injection leading to RCE Arnout Engelen
2025/08/18 [ANNOUNCE] Apache Fory 0.12.0 released Shawn Yang
2025/08/18 [ANNOUNCE] Apache TsFile 2.1.1 released Haonan Hou
2025/08/17 [ANNOUNCE] Apache Airflow Providers prepared on August 12, 2025 are released Elad Kalif
2025/08/14 CVE-2025-55675: Apache Superset: Incorrect datasource authorization on REST API Daniel Gaspar
2025/08/14 CVE-2025-55674: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar
2025/08/14 CVE-2025-55672: Apache Superset: Store XSS on charts metadata Daniel Gaspar
2025/08/14 CVE-2025-55673: Apache Superset: Metadata exposure in embedded charts Daniel Gaspar
2025/08/14 [ANNOUNCE] Apache Jackrabbit Oak 1.84.0 released Julian Reschke
2025/08/13 [ANNOUNCE] Apache Traffic Server 10.1.0 Release Chris McFarlen
2025/08/13 [SECURITY] CVE-2025-55668 Apache Tomcat - Session fixation via rewrite valve Mark Thomas
2025/08/13 [SECURITY] CVE-2025-48989 Apache Tomcat - DoS in HTP/2 - Made You Reset Mark Thomas
2025/08/13 [ANNOUNCE] Apache Fory Graduates to Top-Level Project! Shawn Yang
2025/08/13 [ANNOUNCE] Apache Allura 1.18.0 released Dave Brondsema
2025/08/12 Apache Beam 2.67.0 Released! Vitalii Terentev
2025/08/11 CVE-2025-54472: Apache bRPC: Redis Parser Remote Denial of Service Wang Weibing
2025/08/11 [ANN] Apache Syncope 3.0.13 Francesco Chicchiriccò
2025/08/11 [ANN] Apache Syncope 4.0.1 Francesco Chicchiriccò
2025/08/11 [ANNOUNCE] Apache Airflow Providers prepared on August 07, 2025 are released Elad Kalif
2025/08/10 [ANNOUNCE] Apache Grails (incubating) 7.0.0-RC1 James Daugherty
2025/08/10 [ANNOUNCE] Apache YuniKorn v1.7.0 released Wilfred Spiegelenburg
2025/08/08 [ANNOUNCE] Apache Tika 3.2.2 released Tim Allison
2025/08/07 [ANN] Apache Tomcat 10.1.44 Available Christopher Schultz
2025/08/07 CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE Colm O hEigeartaigh
2025/08/07 CVE-2025-53606: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji
2025/08/07 [SECURITY] Upcoming updates to recent(ish)Tomcat CVEs Mark Thomas
2025/08/07 [ANN] Apache Tomcat 11.0.10 Available Mark Thomas
2025/08/06 [ANN] Apache Tomcat 9.0.108 available Rémy Maucherat
2025/08/06 Re: Apache jclouds is now retired tison
2025/08/06 Apache jclouds is now retired Niall Pemberton
2025/08/06 [ANNOUNCE] Apache Groovy 5.0.0-rc-1 Released! Paul King
2025/08/06 [ANNOUNCE] Apache Pulsar Helm Chart version 4.2.0 Released Lari Hotari
2025/08/06 [ANNOUNCE] Apache bRPC 1.14.1 released Weibing Wang
2025/08/05 [ANNOUNCE] Apache Pulsar Go Client 0.16.0 released Zike Yang
2025/08/04 CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin Nicolas Malin
2025/08/04 [ANNOUNCE] Apache APISIX Ingress controller v2.0.0-rc3 released Xin Rong
2025/08/04 [ANNOUNCE] Apache OFBiz 24.09.02 released Nicolas Malin
2025/08/03 [ANNOUNCE] Apache Storm 2.8.2 Released Rui Abreu
2025/08/03 [ANNOUNCE] Apache log4cxx 1.5.0 released Stephen Webb
2025/08/03 [ANNOUNCE] Apache Grails (incubating) Plugins compatible with 7.0.0-M5 James Daugherty
2025/08/03 CVE-2024-51775: Apache Zeppelin: Command Injection via CSWSH PJ Fanning
2025/08/03 CVE-2024-41177: Apache Zeppelin: XSS in the Helium module PJ Fanning
2025/08/03 CVE-2024-52279: Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string PJ Fanning
2025/08/02 [ANNOUNCE] Apache Airflow Providers prepared on July 29, 2025 are released Elad Kalif
2025/08/01 [ANNOUNCE] Apache Jackrabbit 2.22.2 released Julian Reschke
2025/07/31 [ANNOUNCE] Apache Pulsar 4.0.6 released Lari Hotari
2025/07/31 [ANNOUNCE] Apache Pulsar 3.3.8 released Lari Hotari
2025/07/31 [ANNOUNCE] Apache Pulsar 3.0.13 released Lari Hotari
2025/07/30 [ANNOUNCE] Apache Ranger 2.7.0 released Madhan Neethiraj
2025/07/30 CVE-2025-24854: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin Juan Pablo Santos Rodríguez
2025/07/30 CVE-2025-24853: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing Juan Pablo Santos Rodríguez
2025/07/30 [ANNOUNCE] Apache JSPWiki 2.12.3 released Juan Pablo Santos Rodríguez