announce  

Messages by Date

• 2024/08/28 [ANNOUNCE] Apache Airflow Providers prepared on August 25, 2024 are released Elad Kalif
• 2024/08/28 [ANNOUNCEMENT] Apache SkyWalking Go 0.5.0 Released han liu
• 2024/08/27 [ANNOUNCE] Apache Sedona 1.6.1 released Jia Yu
• 2024/08/26 CVE-2023-49582: Apache Portable Runtime (APR): Unexpected lax shared memory permissions Eric Covener
• 2024/08/26 [ANNOUNCEMENT] Apache Portable Runtime 1.7.5 Released covener
• 2024/08/25 [ANN] Apache Maven Daemon 1.0.2 released Tamás Cservenák
• 2024/08/22 [ANNOUNCE] Apache Airflow Providers prepared on August 19, 2024 are released Elad Kalif
• 2024/08/21 CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on provider link Ephraim Anierobi
• 2024/08/21 [ANNOUNCE] Release Apache Iceberg Rust v0.3.0 Xuanwo
• 2024/08/20 CVE-2023-49198: Apache SeaTunnel Web: Arbitrary file read vulnerability Jun Gao
• 2024/08/20 [ANNOUNCE] Apache Commons Statistics Version 1.1 Released Alex Herbert
• 2024/08/20 CVE-2024-22281: Apache Helix Front (UI): Helix front hard-coded secret in the express-session Junkai Xue
• 2024/08/20 [ANNOUNCE] Apache Commons Compress version 1.27.1 Gary Gregory
• 2024/08/19 CVE-2024-43202: Apache DolphinScheduler: Remote Code Execution Vulnerability ShunFeng Cai
• 2024/08/19 [ANNOUNCE] Apache Impala 4.4.1 release Quanlong Huang
• 2024/08/19 [ANNOUNCE] Apache Commons Logging 1.3.4 Gary Gregory
• 2024/08/19 [ANNOUNCE] Apache Jackrabbit 1.68.0 released Julian Reschke
• 2024/08/16 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.7 Chris Bono
• 2024/08/15 [ANNOUNCE] Apache Airflow 2.10.0 Released Ephraim Anierobi
• 2024/08/15 Apache Kerby 2.1.0 released Colm O hEigeartaigh
• 2024/08/14 [ANNOUNCE] Apache Commons CLI Version 1.9.0 Gary Gregory
• 2024/08/14 [ANNOUNCE] Apache Accumulo 2.1.3 Christopher
• 2024/08/14 [ANNOUNCE] Apache APISIX 3.10.0 has been released Abhishek Choudhary
• 2024/08/13 [ANNOUNCE] Release Apache OpenDAL v0.49.0 Xuanwo
• 2024/08/13 [ANN] Apache Tomcat Connectors 1.2.50 released Mark Thomas
• 2024/08/13 [ANNOUNCE] Apache Camel 4.0.6 (LTS) Release Gregor Zurowski
• 2024/08/12 CVE-2024-41909: Apache MINA SSHD: integrity check bypass Arnout Engelen
• 2024/08/12 [ANNOUNCE] Apache Commons Numbers Version 1.2 Released Alex Herbert
• 2024/08/12 [ANNOUNCE] Apache Spark 3.5.2 released Kent Yao
• 2024/08/10 [ANNOUNCE] Apache Ranger 2.5.0 released Madhan Neethiraj
• 2024/08/09 CVE-2024-30188: Apache DolphinScheduler: Resource File Read And Write Vulnerability ShunFeng Cai
• 2024/08/09 CVE-2024-29831: Apache DolphinScheduler: RCE by arbitrary js execution ShunFeng Cai
• 2024/08/09 [ANNOUNCE] Apache Pulsar Go Client 0.13.1 released Zike Yang
• 2024/08/09 [ANNOUNCE] Apache PDFBox 3.0.3 released Andreas Lehmkühler
• 2024/08/09 [Announcement]: Apache LDAP API 2.1.7 Emmanuel Lecharny
• 2024/08/09 [ANNOUNCE] Apache Commons Compress 1.27.0 Gary Gregory
• 2024/08/09 CVE-2024-41888: Apache Answer: The link for resetting user password is not Single-Use Enxin Xie
• 2024/08/09 CVE-2024-41890: Apache Answer: The link to reset the user's password will remain valid after sending a new link Enxin Xie
• 2024/08/08 [ANNOUNCE] Beam 2.58.0 Released Jack McCluskey
• 2024/08/08 [ANN] Apache ActiveMQ Classic 6.1.3 has been released! Jean-Baptiste Onofré
• 2024/08/07 [ANNOUNCE] Apache Commons Lang Version 3.16.0 Gary Gregory
• 2024/08/07 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.2.2 released David Jensen
• 2024/08/06 [ANNOUNCE] Apache Airflow Providers prepared on August 03, 2024 are released Elad Kalif
• 2024/08/06 [ANN] Apache Tomcat 10.1.28 Available Christopher Schultz
• 2024/08/06 CVE-2024-42062: Apache CloudStack: User Key Exposure to Domain Admins Rohit Yadav
• 2024/08/06 CVE-2024-42222: Apache CloudStack: Unauthorised Network List Access Rohit Yadav
• 2024/08/06 [ANNOUCE] Apache CloudStack LTS Security Releases 4.18.2.3 and 4.19.1.1 Nicolas Vazquez
• 2024/08/06 [ANN] Apache Tomcat 11.0.0-M24 (beta) available Mark Thomas
• 2024/08/06 [ANNOUNCE] Apache Pulsar Helm Chart version 3.5.0 Released Lari Hotari
• 2024/08/05 [ANN] Apache Tomcat 9.0.93 available Rémy Maucherat
• 2024/08/05 CVE-2024-36448: Apache IoTDB Workbench: SSRF Vulnerability (EOL) Haonan Hou
• 2024/08/04 [ANNOUNCE] Apache Answer(Incubating) v1.3.6 available Kumfo Yang
• 2024/08/04 CVE-2024-42447: Apache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow Jarek Potiuk
• 2024/08/04 CVE-2024-38856: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code Jacques Le Roux
• 2024/08/03 [ANNOUNCE] Apache OFBiz 18.12.15 released Jacopo Cappellato
• 2024/08/02 CVE-2024-36268: Apache InLong TubeMQ Client: Remote Code Execution vulnerability Charles Zhang
• 2024/08/01 [ANNOUNCE] Apache Pulsar 3.3.1 released Lari Hotari
• 2024/08/01 [ANNOUNCE] Release Apache OpenDAL 0.48.0 Xuanwo
• 2024/08/01 [ANNOUNCE] Apache Pulsar 3.2.4 released Lari Hotari
• 2024/08/01 CVE-2024-27182: Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability Heping Wang
• 2024/08/01 CVE-2024-27181: Apache Linkis Basic management services: Privilege Escalation Attack vulnerability Heping Wang
• 2024/08/01 [ANNOUNCE] Apache Pulsar 3.0.6 released Lari Hotari
• 2024/08/01 [ANNOUNCE] Apache YuniKorn v1.5.2 released Wilfred Spiegelenburg
• 2024/07/31 [ANNOUNCE] Apache Airflow Providers prepared on July 28, 2024 are released Elad Kalif
• 2024/07/30 CVE-2023-48396: Apache SeaTunnel Web: Authentication bypass Jun Gao
• 2024/07/29 [ANNOUNCE] Apache Kafka 3.8.0 Josep Prat
• 2024/07/29 [ANNOUNCE] Apache Kafka 3.8.0 Josep Prat
• 2024/07/29 [ANNOUNCE] Apache Celeborn 0.4.2 available Fu Chen
• 2024/07/28 Apache Bloodhound is now retired Hervé Boutemy
• 2024/07/28 Apache HAWQ is now retired Hervé Boutemy
• 2024/07/25 CVE-2024-25090: Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode David M. Johnson
• 2024/07/25 [ANNOUNCE] Apache Traffic Server 9.2.5 and 8.1.11 are released Bryan Call
• 2024/07/25 [ANNOUNCE] Apache Iceberg release 1.6.0 Jean-Baptiste Onofré
• 2024/07/25 [ANNOUNCE] Apache Airflow Providers prepared on July 21, 2024 are released Elad Kalif
• 2024/07/25 [ANN] Apache ActiveMQ Classic 5.18.5 has been released! Jean-Baptiste Onofré
• 2024/07/24 [ANN] Apache Tomcat Native 1.3.1 released Mark Thomas
• 2024/07/24 [ANN] Apache Tomcat Native 2.0.8 released Mark Thomas
• 2024/07/24 [ANNOUNCE] Apache PDFBox 2.0.32 released Andreas Lehmkühler
• 2024/07/24 [ANNOUNCE] Apache Airflow Helm Chart version 1.15.0 Released Jedidiah Cunningham
• 2024/07/24 [ANNOUNCE] Apache Commons BCEL Version 6.10.0 Gary Gregory
• 2024/07/23 Subject: [ANNOUNCE] Apache Storm 2.6.3 Released Rui Abreu
• 2024/07/23 CVE-2023-48362: Apache Drill: XXE Vulnerability in XML Format Reader James Turton
• 2024/07/23 CVE-2024-39676: Apache Pinot: Unauthorized endpoint exposed sensitive information Yupeng Fu
• 2024/07/23 CVE-2024-41178: Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files Andrew Lamb
• 2024/07/23 [ANNOUNCE] Apache Kyuubi v1.9.2 is available Fu Chen
• 2024/07/23 [ANNOUNCE] Apache Pekko Persistence Cassandra 1.1.0-M1 released PJ Fanning
• 2024/07/23 [ANNOUNCE] Apache BVal 3.0.1 Markus Jung
• 2024/07/23 [ANNOUNCE] Apache Jackrabbit 2.23.0-beta released Julian Reschke
• 2024/07/23 [ANN] Apache TomEE 10.0.0-M2 Richard Zowalla
• 2024/07/22 CVE-2024-29070: Apache StreamPark: session not invalidated after logout Huajie Wang
• 2024/07/22 [ANNOUNCE] Apache Pulsar Go Client 0.13.0 released Zike Yang
• 2024/07/22 [ANNOUNCE] Apache Kyuubi Shaded released 0.4.1 Cheng Pan
• 2024/07/22 [ANN] Apache Syncope 3.0.8 Francesco Chicchiriccò
• 2024/07/22 CVE-2024-38503: Apache Syncope: HTML tags can be injected into Console or Enduser text fields Francesco Chicchiriccò
• 2024/07/22 CVE-2024-34457: Apache StreamPark IDOR Vulnerability Huajie Wang
• 2024/07/22 CVE-2024-23321: Apache RocketMQ: Unauthorized Exposure of Sensitive Data Rongtong Jin
• 2024/07/20 Apache Submarine is now retired Hervé Boutemy
• 2024/07/19 [ANNOUNCE] Apache Qpid protonj2 1.0.0-M21 released Timothy Bish
• 2024/07/19 [ANNOUNCE] Apache bRPC 1.10.0 released Xiaofeng
• 2024/07/19 [ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion Abhishek Kumar
• 2024/07/19 CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE Colm O hEigeartaigh
• 2024/07/19 CVE-2024-41172: Unrestricted memory consumption in CXF HTTP clients Colm O hEigeartaigh
• 2024/07/19 CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter Colm O hEigeartaigh
• 2024/07/19 CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion Rohit Yadav
• 2024/07/19 [ANNOUNCE] Apache Arrow 17.0.0 released Raúl Cumplido
• 2024/07/18 [ANNOUNCE] Apache Commons Lang Version 3.15.0 Gary Gregory
• 2024/07/18 CVE-2024-29178: Apache StreamPark: FreeMarker SSTI RCE Vulnerability Huajie Wang
• 2024/07/17 CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows Eric Covener
• 2024/07/17 CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType Eric Covener
• 2024/07/17 CVE-2024-29120: Apache StreamPark: Information leakage vulnerability Huajie Wang
• 2024/07/17 [ANNOUNCE] Apache Tika 3.0.0-BETA2 released Tim Allison
• 2024/07/16 CVE-2024-29737: Apache StreamPark (incubating): maven build params could trigger remote command execution Huajie Wang
• 2024/07/16 CVE-2023-52291: Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution Huajie Wang
• 2024/07/16 [ANNOUNCE] Apache StreamPipes 0.95.1 Dominik Riemer
• 2024/07/16 CVE-2024-31979: Apache StreamPipes: Possibility of SSRF in pipeline element installation process Dominik Riemer
• 2024/07/16 CVE-2024-31411: Apache StreamPipes: Potential remote code execution (RCE) via file upload Dominik Riemer
• 2024/07/16 CVE-2024-30471: Apache StreamPipes: Potential creation of multiple identical accounts Dominik Riemer
• 2024/07/16 [ANNOUNCE] Apache Linkis 1.6.0 released peacewong
• 2024/07/16 [ANNOUNCE] Apache Commons RNG 1.6 released Alex Herbert
• 2024/07/16 [ANNOUNCE] Apache Airflow 2.9.3 Released Utkarsh Sharma
• 2024/07/16 CVE-2024-39877: Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler Ephraim Anierobi
• 2024/07/16 CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability Ephraim Anierobi
• 2024/07/16 CVE-2024-39887: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar
• 2024/07/16 [ANNOUNCE] Apache Uniffle (Incubating) 0.9.0 available Enrico Minack
• 2024/07/16 [ANNOUNCE] Apache Commons Codec 1.17.1 Gary Gregory
• 2024/07/15 CVE-2023-52290: Apache StreamPark (incubating): Unchecked SQL query fields trigger SQL injection vulnerability Huajie Wang
• 2024/07/15 [ANNOUNCE] Apache Camel 4.7.0 Released Gregor Zurowski
• 2024/07/15 [ANN] Apache Tomcat 10.1.26 Available Christopher Schultz
• 2024/07/15 [ANNOUNCE] Apache Airflow Providers prepared on July 12, 2024 are released Elad Kalif
• 2024/07/15 [ANNOUNCE] Release Apache SkyWalking Client JS version 0.12.0 xue fan
• 2024/07/13 CVE-2023-49566: Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability Heping Wang
• 2024/07/13 CVE-2023-46801: Apache Linkis DataSource: Remote code execution vulnerability in apache Linkis 1.4.0 Heping Wang
• 2024/07/13 CVE-2023-41916: Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading Heping Wang
• 2024/07/12 [ANNOUNCE] Apache Airflow Providers prepared on July 09, 2024 are released Elad Kalif
• 2024/07/12 [ANNOUNCE] Apache Pekko Connectors 1.1.0-M1 released PJ Fanning
• 2024/07/12 [ANNOUNCE] Apache Jackrabbit Oak 1.66.0 released Julian Reschke
• 2024/07/12 CVE-2024-36522: Apache Wicket: Remote code execution via XSLT injection Martin Tzvetanov Grigorov
• 2024/07/09 [ANNOUNCE] Apache NiFi 1.27.0 Released David Handermann
• 2024/07/08 [ANNOUNCE] Apache Bigtop 3.3.0 released Masatake Iwasaki
• 2024/07/08 [ANNOUNCE] Apache Pulsar Node.js client 1.11.1 released Baodi Shi
• 2024/07/08 [ANN] Apache Causeway version 2.1.0 and 3.1.0 Released Dan Haywood
• 2024/07/08 [ANN] Apache Tomcat 9.0.91 available Rémy Maucherat
• 2024/07/07 CVE-2024-37389: Apache NiFi: Improper Neutralization of Input in Parameter Context Description David Handermann
• 2024/07/07 [ANNOUNCE] Release Apache OpenDAL 0.47.3 Xuanwo
• 2024/07/07 [SECURITY] CVE-2024-34750 Apache Tomcat - Denial of Service Mark Thomas
• 2024/07/05 [ANN] Apache Tomcat 11.0.0-M22 (beta) available Mark Thomas
• 2024/07/05 [ANNOUNCE] Apache CloudStack LTS Security Releases 4.18.2.1 and 4.19.0.2 Abhishek Kumar
• 2024/07/05 [ANNOUNCE] Apache Airflow Providers prepared on July 02, 2024 are released Jarek Potiuk
• 2024/07/05 [ANNOUNCE] Apache ServiceComb Java Chassis version 3.2.0 Released liubao
• 2024/07/05 [ANNOUNCE] Apache ServiceComb Java Chassis version 2.8.18 Released liubao
• 2024/07/05 [ANNOUNCE] Apache Arrow ADBC 13 released David Li
• 2024/07/04 [ANNOUNCE] Apache Commons Logging 1.3.3 Gary Gregory
• 2024/07/03 [ANNOUNCEMENT] Apache HTTP Server 2.4.61 Released covener
• 2024/07/03 CVE-2024-39884: Apache HTTP Server: source code disclosure with handlers configured via AddType Eric Covener
• 2024/07/03 [ANNOUNCEMENT] HttpComponents Core 5.2.5 GA released Oleg Kalnichevski
• 2024/07/02 [ANNOUNCE] Release Apache OpenDAL 0.47.2 Xuanwo
• 2024/07/02 [ANNOUNCE] Apache POI 5.3.0 release PJ Fanning
• 2024/07/02 [ANNOUNCEMENT] Apache HTTP Server 2.4.60 Released covener
• 2024/07/01 [ANNOUNCE] Apache NiFi 2.0.0-M4 Released David Handermann
• 2024/07/01 CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy handler substitution Eric Covener
• 2024/07/01 CVE-2024-38477: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request Eric Covener
• 2024/07/01 CVE-2024-38476: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect Eric Covener
• 2024/07/01 CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences Eric Covener
• 2024/07/01 CVE-2024-38475: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. Eric Covener
• 2024/07/01 CVE-2024-38473: Apache HTTP Server proxy encoding problem Eric Covener
• 2024/07/01 CVE-2024-38472: Apache HTTP Server on WIndows UNC SSRF Eric Covener
• 2024/07/01 CVE-2024-36387: Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 Eric Covener
• 2024/07/01 [ANNOUNCE] Apache Kafka 3.7.1 Igor Soarez
• 2024/06/30 [ANNOUNCE] Apache IoTDB 1.3.2 released Haonan Hou
• 2024/06/30 [ANNOUNCE] Apache Commons Email Parent POM 2.0.0-M1 Gary Gregory
• 2024/06/30 [ANNOUNCE] Apache Groovy 5.0.0-alpha-9 Released Paul King
• 2024/06/30 [ANNOUNCE] Apache Groovy 4.0.22 Released Paul King
• 2024/06/30 [ANNOUNCE] Apache Groovy 3.0.22 Released Paul King
• 2024/06/29 [ANNOUNCE] Apache Doris 2.0.12 & 2.1.4 release ChenMingyu
• 2024/06/28 [ANNOUNCE] Apache Camel 4.4.3 (LTS) Released Gregor Zurowski
• 2024/06/27 [ANNOUNCE] Apache Lucene 9.11.1 released Ignacio Vera
• 2024/06/27 [ANNOUNCE] Apache Airflow Providers prepared on June 22, 2024 are released Elad Kalif
• 2024/06/27 [ANNOUNCEMENT] HttpComponents Client 5.4-beta1 Released Oleg Kalnichevski
• 2024/06/26 [ANNOUNCE] Apache BookKeeper 4.17.1 released ZhangJian He
• 2024/06/25 [ANNOUNCEMENT] HttpComponents Core 5.3-beta1 released Oleg Kalnichevski
• 2024/06/25 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.3.1 released David Jensen
• 2024/06/25 CVE-2024-27136: Apache JSPWiki: Cross-site scripting vulnerability on upload page Juan Pablo Santos Rodríguez
• 2024/06/24 [ANNOUNCE] Apache Pekko (Core) 1.0.3 released PJ Fanning
• 2024/06/24 Fwd: [ANNOUNCE] Apache MINA SSHD 2.13.1 released Guillaume Nodet
• 2024/06/23 [ANNOUNCE] Apache Drill 1.21.2 Released James Turton
• 2024/06/23 [ANNOUNCE] Apache Camel 3.21.5 (LTS) Released Gregor Zurowski
• 2024/06/22 CVE-2024-29868: Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation Dominik Riemer
• 2024/06/22 [ANNOUNCE] Apache Impala 3.4.2 release Quanlong Huang
• 2024/06/21 [ANNOUNCE] Apache Allura 1.17.1 released Dave Brondsema
• 2024/06/21 CVE-2024-38379: Apache Allura: Stored authenticated XSS David Philip Brondsema
• 2024/06/21 [ANNOUNCE] Release Apache OpenDAL v0.47.1 Xuanwo
• 2024/06/20 CVE-2024-34693: Apache Superset: Server arbitrary file read Daniel Gaspar
• 2024/06/19 [ANNOUNCE] Apache Pekko Connectors Kafka 1.1.0-M1 released PJ Fanning
• 2024/06/19 [ANN] Apache Tomcat 10.1.25 Available Christopher Schultz
• 2024/06/19 [ANNOUNCE] Apache Ant 1.9.x release series EOL Jaikiran Pai
• 2024/06/19 [ANN] Apache Tomcat 9.0.90 available Rémy Maucherat
• 2024/06/18 [ANNOUNCE] Apache SDAP 1.3.0 Released Riley Kuttruff
• 2024/06/18 [ANNOUNCE] Apache Commons Collections 4.5.0-M2 Gary Gregory
• 2024/06/18 [ANN] Apache Tomcat 11.0.0-M21 (beta) available Mark Thomas
• 2024/06/18 [ANNOUNCE] Apache Pekko Management 1.1.0-M1 released PJ Fanning

• Earlier messages
• Later messages