announce

Messages by Date

2025/09/20 [ANNOUNCE] Release Apache Iceberg C++ 0.1.0 Gang Wu
2025/09/20 [ANNOUNCE] Apache Pekko Connectors 1.2.0 released PJ Fanning
2025/09/20 [ANNOUNCE] Apache TomEE 10.1.2 Markus Jung
2025/09/19 [ANNOUNCE] Apache Camel 4.8.9 (LTS) Released Gregor Zurowski
2025/09/19 [ANNOUNCE] Apache Polaris 1.1.0-incubating has been released! Jean-Baptiste Onofré
2025/09/19 [ANNOUNCE] Apache Arrow .NET 22.0.1 released Sutou Kouhei
2025/09/18 CVE-2025-29847: Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass Chen Xia
2025/09/18 CVE-2025-59355: Apache Linkis: Password Exposure Chen Xia
2025/09/17 [ANNOUNCE] Apache OpenMeetings 8.1.0 is released Maxim Solodovnik
2025/09/17 [ANNOUNCE] Apache Qpid JMS 2.9.0 released Robbie Gemmell
2025/09/17 [ANNOUNCE] Apache Qpid JMS 1.15.0 released Robbie Gemmell
2025/09/17 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.3.2 released David Jensen
2025/09/15 [ANNOUNCE] Apache Pig 0.18.0 released Rohini Palaniswamy
2025/09/15 Re: CVE-2025-59328: Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data Shawn Yang
2025/09/15 [ANNOUNCE] Apache Tika 3.2.3 released Tim Allison
2025/09/14 CVE-2025-59328: Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data Chaokun Yang
2025/09/13 [ANNOUNCE] Apache Karaf Cellar 4.4.8 has been released! Jean-Baptiste Onofré
2025/09/13 [ANNOUNCE] Apache Sedona 1.8.0 released Jia Yu
2025/09/13 [ANNOUNCE] Apache Grails (incubating) Redis Plugin 5.0.0-RC2 James Daugherty
2025/09/12 [ANNOUNCE] Apache Arrow ADBC 20 Released David Li
2025/09/12 [ANNOUNCE] Apache Arrow .NET 22.0.0 released Sutou Kouhei
2025/09/12 [ANNOUNCE] Apache Teaclave™ TrustZone SDK 0.6.0 Released Yuan Zhuang
2025/09/12 [ANN] Apache Tomcat 10.1.46 Available Christopher Schultz
2025/09/12 [ANNOUNCE] Apache IoTDB 1.3.5 released Haonan Hou
2025/09/12 [ANNOUNCE] Apache Grails (incubating) Spring Security Plugin 7.0.0-RC2 James Daugherty
2025/09/12 [ANNOUNCE] Apache Grails (incubating) Quartz Plugin 4.0.0-RC2 James Daugherty
2025/09/12 [ANNOUNCE] Apache Grails (incubating) 7.0.0-RC2 James Daugherty
2025/09/12 [ANNOUNCE] Apache Grails (incubating) - Gradle Plugin - Grails Publish 0.0.1 James Daugherty
2025/09/12 [ANNOUNCE] Apache Grails (incubating) GitHub Actions 1.0.0 James Daugherty
2025/09/11 [ANNOUNCE] Apache Groovy 5.0.1 Released Paul King
2025/09/10 [ANNOUNCE] Apache Pekko Persistence R2DBC 1.1.0 released PJ Fanning
2025/09/09 [ANN] Apache Tomcat 10.1.45 Available (with IMPORTANT NOTE) Christopher Schultz
2025/09/09 [ANNOUNCE] Release Apache Fory 0.12.2 Shawn Yang
2025/09/09 [ANNOUNCE] Apache Airflow Providers prepared on September 05, 2025 are released Elad Kalif
2025/09/08 [ANNOUNCE] Apache Pulsar 4.1.0 released Cong Zhao
2025/09/08 [ANNOUNCE] Apache TsFile 1.1.2 released Haonan Hou
2025/09/07 [ANNOUNCE] Apache Bigtop 3.5.0 released Masatake Iwasaki
2025/09/07 [ANN] Apache Tomcat 9.0.109 available Rémy Maucherat
2025/09/06 [ANNOUNCE] Apache MINA SSHD 3.0.0-M1 released Thomas Wolf
2025/09/05 CVE-2025-48208: Apache HertzBeat (incubating): Jmx JNDI injection vulnerability Chao Gong
2025/09/05 CVE-2025-24404: Apache HertzBeat (incubating): RCE by parse http sitemap xml response Chao Gong
2025/09/05 CVE-2025-58782: Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory Marcel Reutegger
2025/09/05 [ANN] Apache Tomcat 11.0.11 Available Mark Thomas
2025/09/04 CVE-2025-30001: Apache StreamPark: Authenticated users can trigger remote command execution Huajie Wang
2025/09/04 [ANNOUNCE] Apache Kafka 4.1.0 Mickael Maison
2025/09/03 [ANNOUNCE] Apache Parquet Java 1.16.0 Gang Wu
2025/09/03 [ANNOUNCE] Apache Pekko (Core) 1.2.0 released PJ Fanning
2025/09/03 [ANNOUNCE] Release Apache Fory 0.12.1 Shawn Yang
2025/09/02 CVE-2024-43166: Apache DolphinScheduler: CWE-276 Incorrect Default Permissions Lidong Dai
2025/09/02 CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack Lidong Dai
2025/09/02 [ANNOUNCE] Apache APISIX Ingress controller v2.0.0-rc4 released Xin Rong
2025/09/02 [ANNOUNCEMENT] HttpComponents Core 5.3.5 GA released Oleg Kalnichevski
2025/09/02 [ANNOUNCE] Apache CloudStack CloudMonkey v6.5.0 Abhishek Kumar
2025/08/30 [ANNOUNCE] Apache SpamAssassin 4.0.2 available Giovanni Bechis
2025/08/30 [ANNOUNCE] Apache Qpid protonj2 1.0.0 released Timothy Bish
2025/08/25 [ANNOUNCE] Apache Qpid JMS 1.14.0 released Robbie Gemmell
2025/08/25 [ANNOUNCE] Apache Qpid JMS 2.8.0 released Robbie Gemmell
2025/08/25 [ANNOUNCE] Apache Cloudberry (Incubating) 2.0.0 Released Ed Espino
2025/08/24 [ANNOUNCE] Apache Groovy 5.0.0 Released! Paul King
2025/08/24 [ANNOUNCE] Apache NiFi API 2.3.0 Released Pierre Villard
2025/08/23 Apache MINA SSHD 2.16.0 released Thomas Wolf
2025/08/23 [ANNOUNCE] Apache MINA SSHD 2.16.0 released Thomas Wolf
2025/08/22 [ANNOUNCE] Apache log4net 3.2.0 released Jan Friedrich
2025/08/22 CVE-2025-54813: Apache Log4cxx: Improper escaping with JSONLayout Piotr Karwasz
2025/08/22 CVE-2025-54812: Apache Log4cxx: Improper HTML escaping in HTMLLayout Piotr Karwasz
2025/08/22 CVE-2024-48988: Apache StreamPark: SQL injection vulnerability Huajie Wang
2025/08/22 [ANNOUNCE] Apache flink-connector-kafka 4.0.1 release Fabian Paul
2025/08/22 [ANNOUNCE] Apache NetBeans 27 Released Neil C Smith
2025/08/21 [ANNOUNCE] Apache IoTDB 2.0.5 released Haonan Hou
2025/08/20 Re: [ANNOUNCE] Apache Accumulo 2.1.4 Christopher
2025/08/20 [ANNOUNCE] Apache Accumulo 2.1.4 Christopher
2025/08/20 CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison
2025/08/20 [ANNOUNCE] Apache Polaris (incubating) 1.0.1-incubating has been released! Jean-Baptiste Onofré
2025/08/20 [ANNOUNCE] Apache Camel 4.14.0 (LTS) Released Gregor Zurowski
2025/08/19 [ANNOUNCE] Apache Karaf runtime 4.4.8 has been released! Jean-Baptiste Onofré
2025/08/19 [ANNOUNCE] Apache TomEE 10.1.1 Markus Jung
2025/08/19 Re: CVE-2024-39954: Apache EventMesh Runtime: SSRF Eason Chen
2025/08/18 CVE-2025-53192: Apache Commons OGNL: Expression Injection leading to RCE Arnout Engelen
2025/08/18 [ANNOUNCE] Apache Fory 0.12.0 released Shawn Yang
2025/08/18 [ANNOUNCE] Apache TsFile 2.1.1 released Haonan Hou
2025/08/17 [ANNOUNCE] Apache Airflow Providers prepared on August 12, 2025 are released Elad Kalif
2025/08/14 CVE-2025-55675: Apache Superset: Incorrect datasource authorization on REST API Daniel Gaspar
2025/08/14 CVE-2025-55674: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar
2025/08/14 CVE-2025-55672: Apache Superset: Store XSS on charts metadata Daniel Gaspar
2025/08/14 CVE-2025-55673: Apache Superset: Metadata exposure in embedded charts Daniel Gaspar
2025/08/14 [ANNOUNCE] Apache Jackrabbit Oak 1.84.0 released Julian Reschke
2025/08/13 [ANNOUNCE] Apache Traffic Server 10.1.0 Release Chris McFarlen
2025/08/13 [SECURITY] CVE-2025-55668 Apache Tomcat - Session fixation via rewrite valve Mark Thomas
2025/08/13 [SECURITY] CVE-2025-48989 Apache Tomcat - DoS in HTP/2 - Made You Reset Mark Thomas
2025/08/13 [ANNOUNCE] Apache Fory Graduates to Top-Level Project! Shawn Yang
2025/08/13 [ANNOUNCE] Apache Allura 1.18.0 released Dave Brondsema
2025/08/12 Apache Beam 2.67.0 Released! Vitalii Terentev
2025/08/11 CVE-2025-54472: Apache bRPC: Redis Parser Remote Denial of Service Wang Weibing
2025/08/11 [ANN] Apache Syncope 3.0.13 Francesco Chicchiriccò
2025/08/11 [ANN] Apache Syncope 4.0.1 Francesco Chicchiriccò
2025/08/11 [ANNOUNCE] Apache Airflow Providers prepared on August 07, 2025 are released Elad Kalif
2025/08/10 [ANNOUNCE] Apache Grails (incubating) 7.0.0-RC1 James Daugherty
2025/08/10 [ANNOUNCE] Apache YuniKorn v1.7.0 released Wilfred Spiegelenburg
2025/08/08 [ANNOUNCE] Apache Tika 3.2.2 released Tim Allison
2025/08/07 [ANN] Apache Tomcat 10.1.44 Available Christopher Schultz
2025/08/07 CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE Colm O hEigeartaigh
2025/08/07 CVE-2025-53606: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji
2025/08/07 [SECURITY] Upcoming updates to recent(ish)Tomcat CVEs Mark Thomas
2025/08/07 [ANN] Apache Tomcat 11.0.10 Available Mark Thomas
2025/08/06 [ANN] Apache Tomcat 9.0.108 available Rémy Maucherat
2025/08/06 Re: Apache jclouds is now retired tison
2025/08/06 Apache jclouds is now retired Niall Pemberton
2025/08/06 [ANNOUNCE] Apache Groovy 5.0.0-rc-1 Released! Paul King
2025/08/06 [ANNOUNCE] Apache Pulsar Helm Chart version 4.2.0 Released Lari Hotari
2025/08/06 [ANNOUNCE] Apache bRPC 1.14.1 released Weibing Wang
2025/08/05 [ANNOUNCE] Apache Pulsar Go Client 0.16.0 released Zike Yang
2025/08/04 CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin Nicolas Malin
2025/08/04 [ANNOUNCE] Apache APISIX Ingress controller v2.0.0-rc3 released Xin Rong
2025/08/04 [ANNOUNCE] Apache OFBiz 24.09.02 released Nicolas Malin
2025/08/03 [ANNOUNCE] Apache Storm 2.8.2 Released Rui Abreu
2025/08/03 [ANNOUNCE] Apache log4cxx 1.5.0 released Stephen Webb
2025/08/03 [ANNOUNCE] Apache Grails (incubating) Plugins compatible with 7.0.0-M5 James Daugherty
2025/08/03 CVE-2024-51775: Apache Zeppelin: Command Injection via CSWSH PJ Fanning
2025/08/03 CVE-2024-41177: Apache Zeppelin: XSS in the Helium module PJ Fanning
2025/08/03 CVE-2024-52279: Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string PJ Fanning
2025/08/02 [ANNOUNCE] Apache Airflow Providers prepared on July 29, 2025 are released Elad Kalif
2025/08/01 [ANNOUNCE] Apache Jackrabbit 2.22.2 released Julian Reschke
2025/07/31 [ANNOUNCE] Apache Pulsar 4.0.6 released Lari Hotari
2025/07/31 [ANNOUNCE] Apache Pulsar 3.3.8 released Lari Hotari
2025/07/31 [ANNOUNCE] Apache Pulsar 3.0.13 released Lari Hotari
2025/07/30 [ANNOUNCE] Apache Ranger 2.7.0 released Madhan Neethiraj
2025/07/30 CVE-2025-24854: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin Juan Pablo Santos Rodríguez
2025/07/30 CVE-2025-24853: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing Juan Pablo Santos Rodríguez
2025/07/30 [ANNOUNCE] Apache JSPWiki 2.12.3 released Juan Pablo Santos Rodríguez
2025/07/30 CVE-2025-54656: Apache Struts Extras: Improper Output Neutralization for Logs Arnout Engelen
2025/07/29 [ANNOUNCE] Apache Fortress 3.0.1 Released Shawn McKinney
2025/07/28 [ANNOUNCE] Apache Fineract 1.12.1 Release Adam Monsen
2025/07/28 [ANNOUNCE] Apache bRPC 1.14.0 released Weibing Wang
2025/07/25 [ANNOUNCE] Apache James MIME4J 0.8.13 released btell...@apache.org
2025/07/24 [ANNOUNCE] Apache Kyuubi Shaded v0.6.0 is available Cheng Pan
2025/07/23 [ANNOUNCE] Apache Curator 5.9.0 released Kezhu Wang
2025/07/23 CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 Eric Covener
2025/07/23 [ANNOUNCEMENT] Apache HTTP Server 2.4.65 Released covener
2025/07/23 [ANNOUNCE] Apache Groovy 4.0.28 Released Paul King
2025/07/23 [ANNOUNCE] Apache Groovy 5.0.0-beta-2 Paul King
2025/07/23 [ANNOUNCE] Apache OpenNLP 2.5.5 released Martin Wiesner
2025/07/22 [ANNOUNCE] Apache NiFi 2.5.0 Released Pierre Villard
2025/07/21 [ANNOUNCE] Apache Arrow 21.0.0 released Bryce Mecum
2025/07/21 [ANNOUNCE] Apache Pulsar Client Python 3.8.0 released Yunze Xu
2025/07/21 [ANNOUNCE] Apache Pekko (Core) 1.2.0-M2 released PJ Fanning
2025/07/21 [ANNOUNCE] Apache Nutch 1.21 Release Sebastian Nagel
2025/07/21 CVE-2025-50151: Apache Jena: Configuration files uploaded by administrative users are not check properly Andy Seaborne
2025/07/21 CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI Andy Seaborne
2025/07/19 [ANN] Struts Annotations 2.0 Lukasz Lenart
2025/07/19 [ANNOUNCE] Apache Airflow 3.0.3 reference images rebuilt Jarek Potiuk
2025/07/18 [ANNOUNCE] Apache Commons IO 2.20.0 Gary Gregory
2025/07/18 [ANNOUNCE] Apache Airflow Providers prepared on July 17, 2025 are released Elad Kalif
2025/07/18 [ANNOUNCE] Apache Doris 3.0.6.1 released ChenMingyu
2025/07/17 [ANNOUNCE] Apache Pekko (Core) 1.1.5 released PJ Fanning
2025/07/16 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.3.1 released David Jensen
2025/07/16 [ANNOUNCE] Apache Grails (incubating) 7.0.0-M5 James Daugherty
2025/07/16 [ANN] Apache Maven 3.9.11 released Slawomir Jaranowski
2025/07/16 CVE-2025-48795: Apache CXF: Denial of Service and sensitive data exposure in logs Colm O hEigeartaigh
2025/07/16 [ANNOUNCE] Apache HBase 2.6.3 is now available for download Duo Zhang
2025/07/14 [ANNOUNCE] Apache TsFile 2.1.0 released Colin Lee
2025/07/14 [ANNOUNCE] Apache NiFi API 2.2.0 Released David Handermann
2025/07/14 [IMPORTANT] [ANNOUNCE] Critical Vulnerability in Apache Jackrabbit Julian Reschke
2025/07/14 [ANNOUNCE] Apache Jackrabbit 2.20.17 released Julian Reschke
2025/07/14 [ANNOUNCE] Apache Jackrabbit 2.22.1 released Julian Reschke
2025/07/14 [ANNOUNCE] Apache Jackrabbit 2.23.2-beta released Julian Reschke
2025/07/14 CVE-2025-53689: Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons Julian Reschke
2025/07/13 [ANNOUNCE] Apache Pulsar Client C++ 3.7.2 released Yunze Xu
2025/07/13 [ANNOUNCE] Apache Wicket 10.6.0 released Andrea Del Bene
2025/07/12 https://issues.apache.org/jira/browse/ZEPPELIN-6101: CVE-2024-41169: Apache Zeppelin: raft directory listing and file read PJ Fanning
2025/07/12 [ANNOUNCE] Apache Airflow Providers prepared on July 08, 2025 are released Elad Kalif
2025/07/12 [ANNOUNCE] Apache Log4j `2.25.1` released Piotr P. Karwasz
2025/07/12 [ANNOUNCE] Apache Pulsar Client C++ 3.7.2 released Yunze Xu
2025/07/12 [ANNOUNCE] Apache APISIX Ingress controller v2.0.0-rc2 released Xin Rong
2025/07/12 [ANNOUNCE] Apache Commons Lang 3.18.0 Gary Gregory
2025/07/12 [ANNOUNCE] Apache KIE (Incubating) 10.1.0 released Alex Porcelli
2025/07/12 [ANNOUNCEMENT] Apache HTTP Server 2.4.64 Released covener
2025/07/11 CVE-2025-48924: Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs Gary D. Gregory
2025/07/10 [SECURITY] CVE-2025-53506 Apache Tomcat - DoS in HTP/2 Mark Thomas
2025/07/10 [SECURITY] CVE-2025-52520 Apache Tomcat - DoS in multipart upload Mark Thomas
2025/07/10 [SECURITY] CVE-2025-53506 Apache Tomcat - DoS in HTP/2 Mark Thomas
2025/07/10 [SECURITY] CVE-2025-52520 Apache Tomcat - DoS in multipart upload Mark Thomas
2025/07/10 [SECURITY] CVE-2025-52434 Apache Tomcat -APR/native Connector crash leading to DoS Mark Thomas
2025/07/10 CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase Eric Covener
2025/07/10 CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack Eric Covener
2025/07/10 CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service Eric Covener
2025/07/10 CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption Eric Covener
2025/07/10 CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping Eric Covener
2025/07/10 CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths Eric Covener
2025/07/10 CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header Eric Covener
2025/07/10 CVE-2024-42516: Apache HTTP Server: HTTP response splitting Eric Covener
2025/07/10 [ANNOUNCE] Release Apache Fory(incubating) 0.11.2 Pan Li
2025/07/10 [ANNOUNCE] Apache Tika 3.2.1 released Tim Allison
2025/07/09 [ANNOUNCE] Apache Commons Validator 1.10.0 Gary Gregory
2025/07/09 [ANNOUNCE] Apache IoTDB 2.0.4 released Haonan Hou
2025/07/09 [ANNOUNCE] Apache Camel 4.13.0 Released Gregor Zurowski
2025/07/07 [ANNOUNCE] Apache Arrow Swift 21.0.0 released Sutou Kouhei
2025/07/07 [ANNOUNCE] Apache Arrow ADBC 19 Released David Li
2025/07/06 [ANNOUNCE] Apache Airflow Providers prepared on July 03, 2025 are released Elad Kalif
2025/07/04 [ANN] Apache Tomcat 9.0.107 available Rémy Maucherat
2025/07/04 [ANN] Apache Tomcat 11.0.9 Available Mark Thomas

Earlier messages