announce

Messages by Date

2024/11/26 CVE-2024-47248: Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack Szymon Janc
2024/11/25 [ANNOUNCE] Apache Mynewt 1.13.0 and Apache Mynewt NimBLE 1.8.0 released Szymon Janc
2024/11/23 [ANNOUNCE] Apache OpenNLP Pre-Trained Models 1.2 released Martin Wiesner
2024/11/22 CVE-2024-45719: Apache Answer: Predictable Authorization Token Using UUIDv1 Enxin Xie
2024/11/21 [ANNOUNCE] Apache Log4j `2.24.2` released Piotr P. Karwasz
2024/11/20 CVE-2024-52067: Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log David Handermann
2024/11/20 [ANNOUNCE] Apache NiFi 1.28.1 Released Ferenc Kis
2024/11/20 [ANNOUNCE] Apache IoTDB 1.3.3 released Haonan Hou
2024/11/19 [ANNOUNCE] Apache Commons IO 2.18.0 Gary Gregory
2024/11/18 CVE-2024-31141: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Greg Harris
2024/11/18 [ANNOUNCE] Apache Airflow Providers prepared on November 14, 2024 are released Elad Kalif
2024/11/18 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.5.0 released David Jensen
2024/11/18 [SECURITY] CVE-2024-52318 Apache Tomcat - XSS in generated JSPs Mark Thomas
2024/11/18 [SECURITY] CVE-2024-52317 Apache Tomcat - Request and/or response mix-up Mark Thomas
2024/11/18 [SECURITY] CVE-2024-52316 Apache Tomcat - Authentication Bypass Mark Thomas
2024/11/17 [ANNOUNCE] Apache Jackrabbit Oak 1.72.0 released Julian Reschke
2024/11/17 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.9 Chris Bono
2024/11/16 CVE-2024-41151: Apache HertzBeat: RCE by notice template injection vulnerability Chao Gong
2024/11/16 CVE-2024-45505: Apache HertzBeat (incubating): Exists Native Deser RCE and file writing vulnerabilities Chao Gong
2024/11/16 CVE-2024-45791: Apache HertzBeat: Exposure sensitive token via http GET method with query string Chao Gong
2024/11/16 CVE-2024-47208: Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE Jacques Le Roux
2024/11/15 CVE-2024-48962: Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) Jacques Le Roux
2024/11/14 CVE-2024-45784: Apache Airflow: Sensitive configuration values are not masked in the logs by default Ephraim Anierobi
2024/11/13 [ANNOUNCE] Apache Traffic Server 10.0.2 and 9.2.6 are released Chris McFarlen
2024/11/13 [ANNOUNCE] Apache Pekko gRPC 1.1.1 released PJ Fanning
2024/11/13 [ANNOUNCE] Apache Ratis 3.1.2 Release Xinyu Tan
2024/11/12 [ANNOUNCE] Apache Arrow ADBC 15 Released David Li
2024/11/12 [ANN] Apache ActiveMQ Classic 6.1.4 has been released! Jean-Baptiste Onofré
2024/11/12 [ANNOUNCE] Apache Log4j `3.0.0-beta3` released Piotr P. Karwasz
2024/11/12 CVE-2024-50386: Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure Daniel Augusto Veronezi Salvador
2024/11/11 [ANNOUNCE] Apache OpenNLP 2.5.0 released Martin Wiesner
2024/11/11 [ANNOUNCE] Apache TsFile 1.1.0 released Haonan Hou
2024/11/11 [ANNOUNCE] Release Apache Fury(incubating) 0.9.0 Shawn Yang
2024/11/09 [ANN] Apache Tomcat 9.0.97 available Rémy Maucherat
2024/11/08 [ANNOUNCE] Apache Groovy 3.0.23 Released Paul King
2024/11/08 [ANNOUNCE] Apache Groovy 4.0.24 Released Paul King
2024/11/08 [ANNOUNCE] Apache Groovy 5.0.0-alpha-11 released Paul King
2024/11/08 [ANNOUNCE] Apache Kafka 3.9.0 Colin McCabe
2024/11/08 [ANNOUNCE] Apache log4net 3.0.3 released Jan Friedrich
2024/11/08 CVE-2024-50378: Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli Ephraim Anierobi
2024/11/06 CVE-2024-51504: Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server Andor Molnar
2024/11/05 [ANNOUNCE] Apache Airflow 2.10.3 Released Utkarsh Sharma
2024/11/05 [ANNOUNCE] Apache XMLBeans 5.2.2 release PJ Fanning
2024/11/05 [ANNOUNCE] Apache Arrow 18.0.0 released Raúl Cumplido
2024/11/05 [ANNOUNCE] Apache Airflow Providers prepared on November 03, 2024 are released Elad Kalif
2024/11/05 [ANNOUNCE] MyFaces Core v4.1.0-RC3 Release Volodymyr Siedlecki
2024/11/05 [ANNOUNCE] Apache NiFi 2.0.0 Released David Handermann
2024/11/04 [ANNOUNCE] Apache SDAP 1.4.0 Released Riley Kuttruff
2024/11/02 CVE-2024-23590: Apache Kylin: Session fixation in web interface Li Yang
2024/10/31 [ANNOUNCE] Apache Airflow Providers prepared on October 27, 2024 are released Elad Kalif
2024/10/31 [ANNOUNCE] Apache Pulsar Helm Chart version 3.7.0 Released with support for Pulsar 4.0.0 Lari Hotari
2024/10/30 CVE-2024-43383: Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator Paul Irwin
2024/10/30 [ANNOUNCE] Apache Traffic Server 10.0.1 has been released Chris McFarlen
2024/10/29 [ANNOUNCE] Apache Kafka 3.8.1 Josep Prat
2024/10/28 [ANNOUNCEMENT] HttpComponents Client 5.4.1 GA Released Oleg Kalnichevski
2024/10/28 CVE-2024-45477: Apache NiFi: Improper Neutralization of Input in Parameter Description David Handermann
2024/10/28 [ANNOUNCE] Apache bRPC 1.11.0 released Xiguo Hu
2024/10/27 [ANNOUNCE] Apache Kyuubi v1.10.0 is available Bowen Liang
2024/10/27 [ANNOUNCE] Apache NiFi 1.28 Released Ferenc Kis
2024/10/27 [ANNOUNCE] Apache Pekko Persistence DynamoDB 1.1.0 released PJ Fanning
2024/10/25 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.4.0 released David Jensen
2024/10/25 [ANNOUNCE] Apache Camel 4.8.1 (LTS) Released Gregor Zurowski
2024/10/25 CVE-2024-45031: Apache Syncope: Stored XSS in Console and Enduser Francesco Chicchiriccò
2024/10/25 [ANN] Apache Syncope 3.0.9 Francesco Chicchiriccò
2024/10/24 [ANNOUNCE] Release Apache InLong 2.0.0 Aloys Zhang
2024/10/23 [ANNOUNCEMENT] HttpComponents Core 5.3.1 GA released Oleg Kalnichevski
2024/10/23 [ANNOUNCE] Release Apache OpenDAL v0.50.1 Xuanwo
2024/10/22 [ANNOUNCE] Apache CouchDB 3.4.2 released Jan Lehnardt
2024/10/21 [ANNOUNCE] Apache Pulsar 4.0.0 released Lari Hotari
2024/10/21 [ANNOUNCE] Apache Velocity Engine 2.4.1 released Claude Brisson
2024/10/21 [ANNOUNCE] Apache Camel 4.4.4 (LTS) Released Gregor Zurowski
2024/10/21 [ANNOUNCE] Apache log4net 3.0.2 released Jan Friedrich
2024/10/21 [ANNOUNCEMENT] Apache SkyWalking Rover 0.7.0 Released han liu
2024/10/21 [ANNOUNCEMENT] Apache SkyWalking CLI 0.14.0 Released han liu
2024/10/20 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.8 Chris Bono
2024/10/20 [ANNOUNCE] Apache Tika 3.0.0 released Tim Allison
2024/10/20 [ANNOUNCE] Apache HBase 2.6.1 is now available for download Nick Dimiduk
2024/10/18 [ANNOUNCE] Apache APISIX 3.11.0 has been released. Abhishek Choudhary
2024/10/18 [ANNOUNCE] Apache Storm 2.7.0 Released Rui Abreu
2024/10/18 [Announce] Beam 2.60.0 Released Yi Hu
2024/10/18 [ANN] Apache Struts 6.6.1 Lukasz Lenart
2024/10/18 [ANNOUNCE] Apache log4cxx 1.3.0 released Stephen Webb
2024/10/17 Re: [ANNOUNCE] Release Apache SeaTunnel 2.3.8 Jia Fan
2024/10/15 CVE-2024-45216: Apache Solr: Authentication bypass possible using a fake URL Path ending Houston Putman
2024/10/15 CVE-2024-45217: Apache Solr: ConfigSets created during a backup restore command are trusted implicitly Houston Putman
2024/10/15 [ADVISORY] Apache CloudStack LTS Security Releases 4.18.2.4 and 4.19.1.2 Guto Veronezi
2024/10/15 [ANNOUNCE] Apache Calcite 1.38.0 released Julian Hyde
2024/10/15 CVE-2024-45693: Apache CloudStack: Request origin validation bypass makes account takeover possible Daniel Augusto Veronezi Salvador
2024/10/15 CVE-2024-45462: Apache CloudStack: Incomplete session invalidation on web interface logout Daniel Augusto Veronezi Salvador
2024/10/15 CVE-2024-45461: Apache CloudStack Quota plugin: Access checks not enforced in Quota Daniel Augusto Veronezi Salvador
2024/10/15 CVE-2024-45219: Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure Daniel Augusto Veronezi Salvador
2024/10/15 [ANNOUNCE] Apache Pulsar Helm Chart version 3.6.0 Released Lari Hotari
2024/10/15 [ANNOUNCE] Apache MINA 2.1.9 and 2.0.26 released Emmanuel Lecharny
2024/10/14 [ANNOUNCE] Apache Pekko Management 1.1.0 released PJ Fanning
2024/10/14 CVE-2023-50780: Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans Justin Bertram
2024/10/14 [ANNOUNCE] Apache Lucene 10.0.0 released Luca Cavanna
2024/10/14 [ANNOUNCE] Apache Airflow Providers prepared on October 10, 2024 are released Elad Kalif
2024/10/14 [ANN] Apache TomEE 10.0.0-M3 Richard Zowalla
2024/10/13 [ANNOUNCE] Apache Curator 5.7.1 released Kezhu Wang
2024/10/12 [ANNOUNCE] Apache Jackrabbit 2.23.1-beta released Julian Reschke
2024/10/11 CVE-2024-46911: Apache Roller: Weakness in CSRF protection allows privilege escalation David M. Johnson
2024/10/10 [ANNOUNCE] Apache Pekko gRPC 1.1.0 released PJ Fanning
2024/10/09 [ANN] Apache Tomcat 11.0.0 Available Mark Thomas
2024/10/09 CVE-2024-28168: Apache XML Graphics FOP: XML External Entity (XXE) Processing Simon Steiner
2024/10/08 [ANNOUNCE] Apache Pekko (Core) 1.1.2 released PJ Fanning
2024/10/08 [ANN] Apache Tomcat 9.0.96 available Rémy Maucherat
2024/10/08 [ANNOUNCE] Hive 3.x EOL Ayush Saxena
2024/10/07 [ANNOUNCE] Release Apache Fury(incubating) Serialization 0.8.0 Shawn Yang
2024/10/06 [ANNOUNCE] Release Apache Kvrocks 2.10.0 hulk
2024/10/04 [ANNOUNCE] Apache Pulsar 3.3.2 released with important security fix for CVE-2024-47561 Lari Hotari
2024/10/04 [ANNOUNCE] Apache Pulsar 3.0.7 released with important security fix for CVE-2024-47561 Lari Hotari
2024/10/04 [ANNOUNCE] Release Apache Traffic Control 8.0.2 R S
2024/10/04 [ANNOUNCE] Apache Qpid JMS 2.6.1 released Robbie Gemmell
2024/10/04 [ANNOUNCE] Apache Qpid JMS 1.12.1 released Robbie Gemmell
2024/10/03 CVE-2024-47554: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader Gary D. Gregory
2024/10/03 CVE-2024-47561: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Martin Tzvetanov Grigorov
2024/10/02 [ANNOUNCE] Apache Pekko Connectors Kafka 1.1.0 released PJ Fanning
2024/10/02 [ANNOUNCE] Apache Pekko HTTP 1.1.0 released PJ Fanning
2024/10/02 [ANNOUNCE] Apache Hive 4.0.1 Released Zhihua Deng
2024/10/02 [ANN] Apache ActiveMQ 5.18.6 has been released! Jean-Baptiste Onofré
2024/10/01 [ANNOUNCE] Apache Airflow Providers prepared on September 27, 2024 are released Elad Kalif
2024/10/01 [ANNOUNCE] Apache Jackrabbit Oak 1.70.0 released Julian Reschke
2024/10/01 [ANNOUNCE] Apache ManifoldCF 2.27 released Piergiorgio Lucidi
2024/09/30 [ANNOUNCE] Apache Log4j `2.24.1`released Piotr P. Karwasz
2024/09/30 [ANNOUNCE] Apache Daffodil 3.9.0 Released Steve Lawrence
2024/09/30 [ANNOUNCE] Apache Pulsar Go Client 0.14.0 released Zike Yang
2024/09/28 CVE-2024-45772: Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue Robert Muir
2024/09/28 [ANNOUNCE] Apache Lucene 9.12.0 released Chris Hegarty
2024/09/28 [ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.7.0 released Kai Wan
2024/09/28 [ANNOUNCE] Apache log4net 3.0.1 released Jan Friedrich
2024/09/27 [ANNOUNCE] Apache CouchDB 3.4.1 released Jan Lehnardt
2024/09/26 [ANNOUNCE] Apache Ratis 3.1.1 Release Xinyu Tan
2024/09/26 CVE-2024-47197: Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Slawomir Jaranowski
2024/09/25 [ANNOUNCE] Apache ServiceComb Java Chassis version 3.2.2 Released liubao
2024/09/25 ANNOUNCE] Apache Spark 3.5.3 released Kent Yao
2024/09/25 [SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service Mark Thomas
2024/09/25 [ANNOUNCE] Apache NiFi NAR Maven Plugin 2.1.0 Released David Handermann
2024/09/25 [ANNOUNCE] Apache Commons CSV Version 1.12.0 Gary Gregory
2024/09/25 [ANNOUNCE] Apache Solr 8.11.4 released Houston Putman
2024/09/25 [ANNOUNCE] Apache Qpid JMS 2.6.0 released Robbie Gemmell
2024/09/25 [ANNOUNCE] Apache Qpid JMS 1.12.0 released Robbie Gemmell
2024/09/24 CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Enxin Xie
2024/09/24 CVE-2024-23454: Apache Hadoop: Temporary File Local Information Disclosure Shilun Fan
2024/09/24 [ANNOUNCE] Apache Wicket 10.2.0 released Andrea Del Bene
2024/09/24 [ANNOUNCE] Apache Velocity Engine 2.4 released Claude Brisson
2024/09/24 [ANNOUNCE] Apache Airflow Providers prepared on September 21, 2024 are released Elad Kalif
2024/09/23 CVE-2024-39928: Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability Heping Wang
2024/09/23 [ANNOUNCE] Apache NiFi API 2.0.0 Released David Handermann
2024/09/23 [SECURITY] CVE-2024-38286 Apache Tomcat - Denial of Service Mark Thomas
2024/09/23 [ANN] Apache OpenJPA 4.0.1 Francesco Chicchiriccò
2024/09/23 [ANNOUNCE] Apache StormCrawler (Incubating) 3.1.0 released Richard Zowalla
2024/09/23 [ANNOUNCEMENT] HttpComponents Client 5.4 GA Released Oleg Kalnichevski
2024/09/22 [ANNOUNCE] Apache YuniKorn v1.6.0 released Wilfred Spiegelenburg
2024/09/22 [ANNOUNCE] Apache Answer(Incubating) v1.4.0 available Robin Ren
2024/09/22 [ANNOUNCE] Apache Zeppelin 0.11.2 available Jongyoul Lee
2024/09/20 [ANNOUNCE] Apache Airflow 2.10.2 Released Ephraim Anierobi
2024/09/20 CVE-2024-42323: Apache HertzBeat: RCE by snakeYaml deser load malicious xml Chao Gong
2024/09/20 [ANNOUNCE] Apache Qpid protonj2 1.0.0-M22 released Timothy Bish
2024/09/20 [ANNOUNCE] Apache NetBeans 23 released Eric Barboni
2024/09/18 [ANNOUNCE] Apache Pekko Persistence JDBC 1.1.0 released PJ Fanning
2024/09/17 CVE-2024-45537: Apache Druid: Users can provide MySQL JDBC properties not on allow list Karan Kumar
2024/09/17 CVE-2024-45384: Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack Karan Kumar
2024/09/17 [ANN] Apache Tomcat 9.0.95 available Rémy Maucherat
2024/09/16 [ANN] Apache Tomcat 11.0.0-M26 (beta) available Mark Thomas
2024/09/15 [ANNOUNCE] Apache log4net 3.0.0 released Jan Friedrich
2024/09/15 [ANNOUNCE] Apache Camel 4.8.0 (LTS) Released Gregor Zurowski
2024/09/14 [ANNOUNCE] Apache Pekko (Core) 1.1.1 released Arnout Engelen
2024/09/13 [ANN] Apache Tomcat: HTTP/2 regression in 11.0.0-M25, 10.1.29, 9.0.94 Mark Thomas
2024/09/13 [ANNOUNCE] Apache Pulsar Node.js client 1.12.0 released Baodi Shi
2024/09/12 [ANNOUNCE] Apache Jackrabbit Oak 1.22.21 released Julian Reschke
2024/09/12 [ANNOUNCE] Apache Groovy 4.0.23 Released Paul King
2024/09/12 [ANNOUNCE] Apache Groovy 5.0.0-alpha-10 Released Paul King
2024/09/12 [ANNOUNCEMENT] HttpComponents Core 5.3 GA released Oleg Kalnichevski
2024/09/12 [ANNOUNCE] Beam 2.59.0 Released Robert Burke
2024/09/11 [ANN] Apache Tomcat 10.1.29 Available Christopher Schultz
2024/09/11 CVE-2024-22399: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server Min Ji
2024/09/11 [ANN] Apache Tomcat 9.0.94 available Rémy Maucherat
2024/09/10 [ANN] Apache Tomcat 11.0.0-M25 (beta) available Mark Thomas
2024/09/10 [ANNOUNCE] Apache Pekko Projections 1.1.0-M1 released PJ Fanning
2024/09/06 CVE-2024-45498: Apache Airflow: Command Injection in an example DAG Ephraim Anierobi
2024/09/05 [ANNOUNCE] Apache Arrow ADBC 14 released David Li
2024/09/05 [ANNOUNCE] Apache Flink CDC 3.2.0 released Qingsheng Ren
2024/09/03 [ANNOUNCE] Apache Pekko (Core) 1.1.0 released PJ Fanning
2024/09/03 CVE-2024-45507: Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE Jacques Le Roux
2024/09/03 CVE-2024-45195: Apache OFBiz: Confused controller-view authorization logic (forced browsing) Jacques Le Roux
2024/09/03 [ANNOUNCE] Apache OFBiz 18.12.16 released Jacopo Cappellato
2024/09/02 [ANN] Apache Maven 4.0.0-beta-4 released Tamás Cservenák
2024/08/30 [ANNOUNCE] Apache Commons Lang 3.17.0 Gary Gregory
2024/08/29 [ANNOUNCE] Apache Ant 1.10.15 released Jaikiran Pai
2024/08/29 CVE-2023-44313: Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API liubao
2024/08/28 [ANNOUNCE] Apache Traffic Server 10.0.0 has been released Chris McFarlen
2024/08/28 [ANNOUNCE] Apache Parquet release 1.14.2 Fokko Driesprong
2024/08/28 [ANNOUNCE] Apache Airflow Providers prepared on August 25, 2024 are released Elad Kalif
2024/08/28 [ANNOUNCEMENT] Apache SkyWalking Go 0.5.0 Released han liu
2024/08/27 [ANNOUNCE] Apache Sedona 1.6.1 released Jia Yu
2024/08/26 CVE-2023-49582: Apache Portable Runtime (APR): Unexpected lax shared memory permissions Eric Covener
2024/08/26 [ANNOUNCEMENT] Apache Portable Runtime 1.7.5 Released covener
2024/08/25 [ANN] Apache Maven Daemon 1.0.2 released Tamás Cservenák
2024/08/22 [ANNOUNCE] Apache Airflow Providers prepared on August 19, 2024 are released Elad Kalif
2024/08/21 CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on provider link Ephraim Anierobi