announce

Messages by Date

2023/01/08 [ANNOUNCE] Log4cxx 1.0.0 Released Robert Middleton
2023/01/08 [ANNOUNCE] Apache Camel 3.20.1 (LTS) Released Gregor Zurowski
2023/01/06 [ANNOUNCE] Apache Pulsar Node.js client 1.8.0 released Zike Yang
2023/01/06 CVE-2022-45935: Apache James server: Temporary File Information Disclosure Benoit Tellier
2023/01/06 CVE-2022-45787: Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider Benoit Tellier
2023/01/06 [ANNOUNCE] Apache James 3.7.3 released Benoit TELLIER
2023/01/06 [ANNOUNCE] Apache James MIME4J 0.8.8 released Benoit TELLIER
2023/01/06 [ANNOUNCE] Apache James JSPF 1.0.3 released Benoit TELLIER
2023/01/06 [ANNOUNCEMENT] Apache SkyWalking Satellite 1.1.0 Released han liu
2023/01/05 [ANNOUNCE] Airflow Providers released on Janurary 02, 2023 released Elad Kalif
2023/01/03 [ANNOUNCE] MyFaces Core v4.0.0-RC3 Release Volodymyr Siedlecki
2023/01/03 [SECURITY] CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection Mark Thomas
2023/01/03 [ANNOUNCE] Apache Pulsar 2.9.4 released 丛搏
2023/01/03 [ANNOUNCE] Release Apache DolphinScheduler 3.0.4 Jay Chung
2023/01/03 [RELEASE] Apache CouchDB 3.3.0 released Jan Lehnardt
2022/12/30 [ANNOUNCE] Apache APISIX 3.1.0 has been released Zexuan Luo
2022/12/30 CVE-2022-44621: Apache Kylin: Command injection by Diagnosis Controller Xiaoxiang Yu
2022/12/30 CVE-2022-43396: Apache Kylin: Command injection by Useless configuration Xiaoxiang Yu
2022/12/27 [ANNOUNCE] Apache Pulsar Client Python 3.0.0 released Yunze Xu
2022/12/26 [ANNOUNCE] Apache SIS 1.3 Release Martin Desruisseaux
2022/12/24 [ANNOUNCE] Apache Groovy 4.0.7 Released Paul King
2022/12/24 [ANNOUNCE] Apache Groovy 2.5.20 Released Paul King
2022/12/24 [ANNOUNCE] Apache Groovy 3.0.14 Released Paul King
2022/12/22 [ANNOUNCE] Commons Math 4.0-beta1 Gilles Sadowski
2022/12/22 CVE-2022-45347: Apache ShardingSphere-Proxy: ShardingSphere-Proxy MySQL authentication bypass Weijie Wu
2022/12/21 CVE-2022-40145: Apache Karaf: JDBC JAAS LDAP injection Jean-Baptiste Onofré
2022/12/21 [ANNOUNCE] Apache Camel 3.20.0 (LTS) Released Gregor Zurowski
2022/12/20 [ANNOUNCEMENT] Apache SkyWalking Rover 0.4.0 Released han liu
2022/12/20 CVE-2022-46421: Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params Jarek Potiuk
2022/12/19 [ANNOUNCE] Airflow Providers released on December 14, 2022 are ready Elad Kalif
2022/12/19 [ANNOUNCE] Ignite Spark Extension 2.0.0 and 3.0.0 Released Maxim Muzafarov
2022/12/17 [ANNOUNCE] Apache Camel 3.14.7 (LTS) Released Gregor Zurowski
2022/12/17 [ANNOUNCE] Apache SpamAssassin 4.0.0 available Sidney Markowitz
2022/12/17 CVE-2022-47500: Apache Helix: Open redirect Junkai Xue
2022/12/16 CVE-2022-46870: Apache Zeppelin: Stored XSS in note permissions Arnout Engelen
2022/12/16 CVE-2021-28655: Apache Zeppelin: Arbitrary file deletion vulnerability Arnout Engelen
2022/12/15 [ANNOUNCE] Apache Traffic Server 9.1.4 and 8.1.6 are Released Bryan Call
2022/12/15 [ANNOUNCE] Apache NetBeans 16 released Geertjan Wielenga
2022/12/15 CVE-2022-32531: Apache BookKeeper: Java Client Uses Connection to Host that Failed Hostname Verification Enrico Olivelli
2022/12/15 [ANNOUNCE] Apache Pulsar Client C++ 3.1.0 released Zike Yang
2022/12/14 CVE-2022-34271: Apache Atlas: zip path traversal in import functionality Madhan Neethiraj
2022/12/13 CVE-2022-46364: Apache CXF SSRF Vulnerability Colm O hEigeartaigh
2022/12/13 [ANN] End of life for Apache Tomcat 8.5.x Mark Thomas
2022/12/13 [ANN] End of life for Apache Tomcat 8.5.x Mark Thomas
2022/12/13 CVE-2022-46363: Apache CXF directory listing / code exfiltration Colm O hEigeartaigh
2022/12/13 [ANNOUNCE] Apache NiFi MiNiFi C++ 0.13.0 release Ferenc Gerlits
2022/12/12 [ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M7 released Timothy Bish
2022/12/12 [ANNOUNCE] Apache Impala 4.2.0 release Daniel Becker
2022/12/12 [ANN] Apache Syncope 2.1.13 Francesco Chicchiriccò
2022/12/12 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.1.0 Lari Hotari
2022/12/11 [ANNOUNCE] Apache ShardingSphere on Cloud 0.1.1 available 吴伟杰
2022/12/09 [ANN] Apache Tomcat 10.1.4 available Mark Thomas
2022/12/09 [ANNOUNCE] Apache ShardingSphere 5.3.0 available 吴伟杰
2022/12/09 [ANNOUNCE] Apache Hop 2.2.0 Bart Maertens
2022/12/09 [ANNOUNCE] Apache Jackrabbit 2.21.14 released Julian Reschke
2022/12/09 [ANNOUNCE] Apache SkyWalking NodeJS 0.6.0 is available kezhenxu94
2022/12/08 [ANNOUNCEMENT] HttpComponents Client 5.2.1 GA Released Oleg Kalnichevski
2022/12/08 [ANNOUNCE] Release Apache DolphinScheduler 3.0.3 Jay Chung
2022/12/07 [ANNOUNCE] Apache NiFi 1.19.1 release. Joe Witt
2022/12/07 [ANNOUNCE] Apache Doris 1.2.0 release ChenMingyu
2022/12/07 [ANNOUNCE] Apache Commons Statistics Version 1.0 Released Alex Herbert
2022/12/07 [ANNOUNCE] Apache Atlas 2.3.0 released Madhan Neethiraj
2022/12/07 [ANNOUNCE] Apache ActiveMQ 5.17.3 has been released! Jean-Baptiste Onofré
2022/12/07 [ANNOUNCE] Apache Commons BCEL 6.7.0 Gary Gregory
2022/12/06 CVE-2022-45910: Apache ManifoldCF: LDAP Injection Vulnerability - ActiveDirectory Authorities Markus Schuch
2022/12/05 [ANN] Apache Tomcat 11.0.0-M1 (alpha) available Mark Thomas
2022/12/05 [ANN] Apache Tomcat 9.0.70 available Rémy Maucherat
2022/12/05 [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.6 Mark Thomas
2022/12/05 [ANNOUNCE] Apache IoTDB 1.0.0 released Haonan Hou
2022/12/05 CVE-2022-45046: Apache Camel: LDAP Injection in Camel-LDAP Andrea Cosentino
2022/12/05 [ANNOUNCEMENT] HttpComponents Client 4.5.14 GA Released Oleg Kalnichevski
2022/12/04 [ANNOUNCE] Apache HBase 2.5.2 is now available for download Duo Zhang
2022/12/03 CVE-2021-37533: Apache Commons Net's FTP client trusts the host from PASV response by default Gary D. Gregory
2022/12/02 [ANNOUNCE] Airflow Providers released on December 02, 2022 released Jarek Potiuk
2022/12/02 [ANNOUNCE] Apache Commons Net 3.9.0 Gary Gregory
2022/12/02 [ANNOUNCE] Apache Airflow 2.5.0 Released Ephraim Anierobi
2022/12/02 CVE-2022-46366: Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input Arnout Engelen
2022/12/01 [ANNOUNCE] Apache Camel 3.18.4 (LTS) Released Gregor Zurowski
2022/11/30 [ANNOUNCEMENT] HttpComponents Core 4.4.16 Released Oleg Kalnichevski
2022/11/30 [ANNOUNCE] Apache Fineract 1.7.2 Release Aleksandar Vidakovic
2022/11/29 [ANNOUNCE] Apache Tuweni (incubating) 2.3.1 released Antoine Toulme
2022/11/29 Airflow Providers released on November 29, 2022 are ready Jarek Potiuk
2022/11/29 CVE-2022-44635: Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal Arnout Engelen
2022/11/29 [ANNOUNCE] Apache Fineract 1.8.2 Release Aleksandar Vidakovic
2022/11/28 [ANN] Apache Struts 6.1.1 (proper list of issues) Lukasz Lenart
2022/11/28 Re: [ANN] Apache Struts 6.1.1 Lukasz Lenart
2022/11/28 [ANNOUNCE] Apache NiFi 1.19.0 release Joe Witt
2022/11/28 [ANN] Apache Struts 6.1.1 Lukasz Lenart
2022/11/28 [ANNOUNCE] Apache Arrow 10.0.1 released Sutou Kouhei
2022/11/28 [ANNOUNCE] Apache Arrow 10.0.0 released Sutou Kouhei
2022/11/26 [ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.2.1 released Jiajing LU
2022/11/25 [ANNOUNCE] Apache Fineract 1.8.1 Release Aleksandar Vidakovic
2022/11/25 [ANNOUNCE] Apache Fineract 1.7.1 Release Aleksandar Vidakovic
2022/11/25 [ANNOUNCE] Apache Flink 1.15.3 released Fabian Paul
2022/11/24 [ANNOUNCE] Apache Qpid Broker-J 9.0.0 released Tomas Vavricka
2022/11/24 CVE-2022-26885: Apache DolphinScheduler config file read by task risk ShunFeng Cai
2022/11/23 [ANNOUNCE] Apache Lucene 9.4.2 released Adrien Grand
2022/11/22 CVE-2022-45462: Apache DolphinScheduler prior to 2.0.5 have command execution vulnerability Jiajie Zhong
2022/11/22 [ANN] Apache Tomcat 8.5.84 available Christopher Schultz
2022/11/22 [ANNOUNCE] Release Apache DolphinScheduler 3.0.2 Jiajie Zhong
2022/11/21 Re: CVE-2022-40954: Apache Airflow Spark Provider, Apache Airflow: Airflow 2.3.4 spark provider RCE that bypass restrictions to read arbitrary files Jarek Potiuk
2022/11/21 CVE-2022-41131: Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection) Jarek Potiuk
2022/11/21 CVE-2022-40954: Apache Airflow Spark Provider, Apache Airflow: Airflow 2.3.4 spark provider RCE that bypass restrictions to read arbitrary files Jarek Potiuk
2022/11/21 CVE-2022-40189: Apache Airlfow Pig Provider RCE Jarek Potiuk
2022/11/21 CVE-2022-38649: Apache Airflow Pinot Provider, Apache Airflow: PinotAdminHook Command Injection Jarek Potiuk
2022/11/21 [ANNOUNCE] Apache Solr 9.1.0 released Ishan Chattopadhyaya
2022/11/21 [ANNOUNCEMENT] HttpComponents Client 5.1.4 GA Released Oleg Kalnichevski
2022/11/21 CVE-2022-45470: Apache Hama allows XSS and information disclosure Arnout Engelen
2022/11/19 [ANNOUNCE] Apache Shiro 1.10.1 released Benjamin Marwell
2022/11/18 [ANNOUNCE] Beam 2.43.0 Released Chamikara Jayalath
2022/11/18 Airflow Providers relesead on 18th of November Jarek Potiuk
2022/11/18 [ANNOUNCE] Apache Kyuubi (Incubating) released 1.6.1-incubating Shaoyun Chen
2022/11/18 [ANNOUNCE] Apache APISIX 2.15.1 has been released Zexuan Luo
2022/11/16 [ANNOUNCE] Apache Pulsar Client C++ 3.0.0 released Matteo Merli
2022/11/16 [ANNOUNCE] Apache Hive 4.0.0-alpha-2 Released Denys Kuzmenko
2022/11/15 CVE-2022-45047: Apache MINA SSHD: Java unsafe deserialization vulnerability Thomas Wolf
2022/11/15 CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories Olivier Lamy
2022/11/15 CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files Olivier Lamy
2022/11/15 Re: CVE-2022-27949: Apache Airflow: sensitive values in rendered template Jarek Potiuk
2022/11/14 CVE-2022-45402: Apache Airflow: Open redirect during login Jedidiah Cunningham
2022/11/14 [ANN] Apache Tomcat 9.0.69 available Rémy Maucherat
2022/11/14 [ANN] Apache Tomcat 10.1.2 available Mark Thomas
2022/11/14 CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB Rob Vesse
2022/11/14 [ANN] Apache Syncope 3.0.0 Francesco Chicchiriccò
2022/11/14 [ANNOUNCEMENT] HttpComponents Core 5.1.5 GA released Oleg Kalnichevski
2022/11/14 CVE-2022-45378: Apache SOAP allows unauthenticated users to potentially invoke arbitrary code Arnout Engelen
2022/11/14 [ANNOUNCE] Apache Airflow 2.4.3 Released Ephraim Anierobi
2022/11/14 CVE-2022-27949: Apache Airflow: sensitive values in rendered template Jarek Potiuk
2022/11/14 CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example Jarek Potiuk
2022/11/11 [ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M11 released Timothy Bish
2022/11/11 [ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M6 released Timothy Bish
2022/11/11 [ANNOUNCE] Apache Qpid Proton 0.38.0 released Robbie Gemmell
2022/11/11 [ANNOUNCE] Apache APISIX Java Plugin Runner 0.4.0 has been released tzssangglass
2022/11/11 [ANNOUNCE] Apache Jackrabbit 2.20.7 released Julian Reschke
2022/11/10 [ANNOUNCEMENT] HttpComponents Client 5.2 GA Released Oleg Kalnichevski
2022/11/10 [ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.2.0 released Jiajing LU
2022/11/10 [ACCOUNCE] Apache Flink Elasticsearch Connector 3.0.0 released Chesnay Schepler
2022/11/08 [ANNOUNCE] Apache SkyWalking Java Agent 8.13.0 released Sheng Wu
2022/11/08 [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.5 Mark Thomas
2022/11/08 [ANNOUNCE] Apache Daffodil 3.4.0 Released Steve Lawrence
2022/11/08 [ANN] Apache Tomcat Native 2.0.2 released Mark Thomas
2022/11/07 [ANNOUNCEMENT] HttpComponents Core 5.2 GA released Oleg Kalnichevski
2022/11/07 [ANNOUNCE] Apache Tika 2.6.0 released Tim Allison
2022/11/06 [ANNOUNCE] Apache PLC4X 0.10.0 released Christofer Dutz
2022/11/06 [ANNOUNCE] Apache Camel 3.14.6 (LTS) Released Gregor Zurowski
2022/11/05 [ANNOUNCE] Apache ShenYu Nginx 1.0.0-1 available ChenBin
2022/11/04 CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing Gary D. Gregory
2022/11/04 CVE-2022-37866: Apache Ivy: Ivy Path traversal Stefan Bodewig
2022/11/04 CVE-2022-37865: Apache Ivy allow create/overwrite any file on the system Stefan Bodewig
2022/11/04 [ANN] Apache Ivy 2.5.1 Released Stefan Bodewig
2022/11/04 [ANNOUNCE] Apache James JSIEVE 0.8 released Benoit TELLIER
2022/11/04 [ANNOUNCE] Apache James MIME4J 0.8.8 released Benoit TELLIER
2022/11/04 [ANNOUNCE] Apache James JSPF 1.0.2 released Benoit TELLIER
2022/11/04 [ANNOUNCEMENT] Apache Commons BCEL 6.6.1 Gary Gregory
2022/11/04 [ANNOUNCE] Apache Pulsar Helm Chart version 3.0.0 Released Michael Marshall
2022/11/03 CVE-2022-33684: Apache Pulsar: Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack Michael Marshall
2022/11/03 CVE-2022-32287: Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives Richard Eckart de Castilho
2022/11/03 [ANNOUNCE] Apache Curator 5.4.0 released Enrico Olivelli
2022/11/03 [ANNOUNCE] Apache UIMA Java SDK version 3.3.1 released Richard Eckart de Castilho
2022/11/02 [ANNOUNCE] Apache Accumulo 2.1.0 Christopher
2022/11/02 CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path Dan Klco
2022/11/02 [ANNOUNCE] Apache Commons Numbers Version 1.1 Released Alex Herbert
2022/11/01 CVE-2022-43985: Apache Airflow: Open Redirect Jedidiah Cunningham
2022/11/01 CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query Argument in URL Jedidiah Cunningham
2022/11/01 CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript Sean R. Owen
2022/11/01 CVE-2022-34662: Apache DolphinScheduler prior to 3.0.0 allows path traversal Jiajie Zhong
2022/11/01 [ANNOUNCE] Apache Pulsar 2.10.2 released Haiting Jiang
2022/11/01 CVE-2022-31764: Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC Weijie Wu
2022/10/31 [SECURITY] CVE-2022-42252 Apache Tomcat - Request Smuggling Mark Thomas
2022/10/31 [ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M10 released Timothy Bish
2022/10/31 [ANNOUNCE] Apache Camel 3.18.3 (LTS) Released Gregor Zurowski
2022/10/31 [ANNOUNCE] Apache brpc (Incubating) 1.3.0 released Xiguo Hu
2022/10/31 [ANNOUNCE] Apache ShardingSphere ElasticJob UI 3.0.2 available 吴伟杰
2022/10/31 [ANN] Apache Syncope 3.0.0-M2 Francesco Chicchiriccò
2022/10/29 [ANN] Apache Karaf OSGi Runtime 4.3.8 has been released Jean-Baptiste Onofré
2022/10/29 [ANN] Apache Karaf OSGi Runtime 4.4.2 release Jean-Baptiste Onofré
2022/10/28 CVE-2022-26884: Apache DolphinScheduler exposes files without authentication ShunFeng Cai
2022/10/28 [ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M5 released Timothy Bish
2022/10/26 CVE-2022-39944: The Apache Linkis JDBC EngineConn module has a RCE Vulnerability Arnout Engelen
2022/10/26 CVE-2022-43766: Apache IoTDB: ReDoS Vulnerability by REGEXP Haonan Hou
2022/10/25 CVE-2022-42468 - Apache Flume Improper Input Validation (JNDI Injection) in JMSSource Ralph Goers
2022/10/25 [ANNOUNCE] Release of Apache Flume 1.11.0 Ralph Goers
2022/10/25 [ANNOUNCE] Apache IoTDB 0.13.3 released Jialin Qiao
2022/10/25 [ANN] Apache TomEE 8.0.13 Richard Zowalla
2022/10/24 CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application Dan Smith
2022/10/24 [ANNOUNCE] MyFaces Core v4.0.0-RC2 Release Volodymyr Siedlecki
2022/10/24 [ANNOUNCE] Apache Lucene 9.4.1 released Ignacio Vera
2022/10/24 [ANNOUNCE] Apache Airflow 2.4.2 Released Ephraim Anierobi
2022/10/23 [ANNOUNCE] Apache ShardingSphere ElasticJob 3.0.2 available 吴伟杰
2022/10/23 [ANNOUNCE] Heron 0.20.5-incubating release Josh Fischer
2022/10/23 CVE-2021-42010: Apache Heron (Incubating): CRLF log injection Josh Fischer
2022/10/21 [ANNOUNCE] Apache ShenYu .NET client 1.0.0 available Han Gao
2022/10/21 [ANNOUNCE] Apache Iceberg release 1.0.0 Ryan Blue
2022/10/19 [ANNOUNCE] Apache Impala 4.1.1 release Quanlong Huang
2022/10/19 [ANNOUNCE] Apache TVM v0.10.0 Release Andrew Luo
2022/10/19 CVE-2022-42466: Apache Isis: XSS vulnerability, eg for String properties. Dan Haywood
2022/10/19 ISIS-3128: CVE-2022-42467: Apache Isis: h2 webconsole (available only in prototype mode) should nevertheless be disabled by default. Dan Haywood
2022/10/18 [ANN] Apache Isis version 2.0.0-M9 Released Dan Haywood
2022/10/18 [ANNOUNCE] Apache Hop 2.1.0 Bart Maertens
2022/10/18 CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass Albumen Kevin