announce
Thread
Date
Earlier messages
Later messages
Messages by Thread
CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query Argument in URL
Jedidiah Cunningham
CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript
Sean R. Owen
CVE-2022-34662: Apache DolphinScheduler prior to 3.0.0 allows path traversal
Jiajie Zhong
[ANNOUNCE] Apache Pulsar 2.10.2 released
Haiting Jiang
CVE-2022-31764: Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC
Weijie Wu
[SECURITY] CVE-2022-42252 Apache Tomcat - Request Smuggling
Mark Thomas
[ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M10 released
Timothy Bish
[ANNOUNCE] Apache Camel 3.18.3 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache brpc (Incubating) 1.3.0 released
Xiguo Hu
[ANNOUNCE] Apache ShardingSphere ElasticJob UI 3.0.2 available
吴伟杰
[ANN] Apache Syncope 3.0.0-M2
Francesco Chicchiriccò
[ANN] Apache Karaf OSGi Runtime 4.3.8 has been released
Jean-Baptiste Onofré
[ANN] Apache Karaf OSGi Runtime 4.4.2 release
Jean-Baptiste Onofré
CVE-2022-26884: Apache DolphinScheduler exposes files without authentication
ShunFeng Cai
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M5 released
Timothy Bish
CVE-2022-39944: The Apache Linkis JDBC EngineConn module has a RCE Vulnerability
Arnout Engelen
CVE-2022-43766: Apache IoTDB: ReDoS Vulnerability by REGEXP
Haonan Hou
CVE-2022-42468 - Apache Flume Improper Input Validation (JNDI Injection) in JMSSource
Ralph Goers
[ANNOUNCE] Release of Apache Flume 1.11.0
Ralph Goers
[ANNOUNCE] Apache IoTDB 0.13.3 released
Jialin Qiao
[ANN] Apache TomEE 8.0.13
Richard Zowalla
CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application
Dan Smith
[ANNOUNCE] MyFaces Core v4.0.0-RC2 Release
Volodymyr Siedlecki
[ANNOUNCE] Apache Lucene 9.4.1 released
Ignacio Vera
[ANNOUNCE] Apache Airflow 2.4.2 Released
Ephraim Anierobi
[ANNOUNCE] Apache ShardingSphere ElasticJob 3.0.2 available
吴伟杰
[ANNOUNCE] Heron 0.20.5-incubating release
Josh Fischer
CVE-2021-42010: Apache Heron (Incubating): CRLF log injection
Josh Fischer
[ANNOUNCE] Apache ShenYu .NET client 1.0.0 available
Han Gao
[ANNOUNCE] Apache Iceberg release 1.0.0
Ryan Blue
[ANNOUNCE] Apache Impala 4.1.1 release
Quanlong Huang
[ANNOUNCE] Apache TVM v0.10.0 Release
Andrew Luo
CVE-2022-42466: Apache Isis: XSS vulnerability, eg for String properties.
Dan Haywood
ISIS-3128: CVE-2022-42467: Apache Isis: h2 webconsole (available only in prototype mode) should nevertheless be disabled by default.
Dan Haywood
[ANN] Apache Isis version 2.0.0-M9 Released
Dan Haywood
[ANNOUNCE] Apache Hop 2.1.0
Bart Maertens
CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass
Albumen Kevin
[ANN] Apache Syncope 3.0.0-M1
Francesco Chicchiriccò
[ANNOUNCE] Apache James JDKIM 0.3 released
Benoit TELLIER
[ANNOUNCE] Apache Jackrabbit 2.21.13 released
Julian Reschke
[ANNOUNCE] Apache Groovy 4.0.6 released
Paul King
[ANNOUNCE] Apache Groovy 2.5.19 released
Paul King
[ANNOUNCE] Apache Wicket 9.12.0 released
Andrea Del Bene
[ANNOUNCE] Apache James 3.7.2 released
Benoit TELLIER
[ANNOUNCE] Apache StreamPipes (incubating) 0.70.0
Tim Bossenmaier
[ANNOUNCE] Apache Airflow Helm Chart version 1.7.0 Released
Jedidiah Cunningham
The Apache Weekly News Round-up: week ending 14 October 2022
Swapnil M Mane
[ANNOUNCE] Release Apache SkyWalking Client JS version 0.9.0
xue fan
CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
Gary D. Gregory
[ANNOUNCE] Apache Calcite Avatica Go 5.2.0 released
Francis Chuang
[ANNOUNCE] Apache Flink Table Store 0.2.1 released
Jingsong Lee
[ANNOUNCEMENT] Apache Commons BCEL 6.6.0
Gary Gregory
[ANN] Apache Tomcat 10.1.1 available
Mark Thomas
[ANNOUNCE] Apache Ignite 2.14.0 Released
Taras Ledkov
[ANNOUNCE] Apache Commons RNG 1.5 released
Alex Herbert
CVE-2022-24697: Apache Kylin: Command injection exists when the configuration overwrites function overwrites system parameters
Xiaoxiang Yu
[ANN] Apache Tomcat 8.5.83 available
Mark Thomas
[ANNOUNCE] Apache Geode 1.15.1
Owen Nichols
[ANNOUNCEMENT] Commons Daemon 1.3.2 Released
Mark Thomas
[ANN] Apache Tomcat 10.0.27 available
Mark Thomas
[ANN] Apache Archiva 2.2.9
Olivier Lamy
[ANNOUNCE] Apache APISIX Ingress controller v1.5.0 released
Jintao Zhang
Fwd: [ANNOUNCE] Release Apache DolphinScheduler 3.1.0
ShunFeng Cai
[ANNOUNCEMENT] Apache SkyWalking PHP 0.1.0 Released
Yanlong He
[ANNOUNCE] Apache Tuweni (incubating) 2.3.0 released
Antoine Toulme
[ANN] Apache Tomcat 9.0.68 available
Mark Thomas
[ANNOUNCE] Apache NiFi 1.18.0 release
Joe Witt
Airflow Providers released on October 06, 2022 are ready
Jarek Potiuk
[ANN] Apache Isis version 2.0.0-M8 Released
Dan Haywood
CVE-2022-41672: Apache Airflow: Session still funtional after user is deactivated
Jedidiah Cunningham
[ANNOUNCE] Apache Tika 2.5.0 released
Tim Allison
[ANNOUNCE] Apache Kafka 3.3.1
José Armando García Sancio
[ANNOUNCE] Apache Camel 3.19.0 Released
Gregor Zurowski
[ANNOUNCE] Release Apache SeaTunnel (Incubating) 2.2.0-beta
Calvin Kirs
Airflow Providers released on October 1, 2022 are ready
Jarek Potiuk
[ANNOUNCE] Apache Lucene 9.4.0 released
Michael Sokolov
[ANNOUNCE] Apache Airflow 2.4.1 Released
Jedidiah Cunningham
[ANNOUNCEMENT] Apache Commons Text 1.10.0
Gary Gregory
[ANNOUNCE] Apache PDFBox 2.0.27 released
Andreas Lehmkuehler
[ANNOUNCE] Apache APISIX 3.0.0-beta has been released
Zexuan Luo
[SECURITY] CVE-2021-43980 Apache Tomcat - Information Disclosure
Mark Thomas
[ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M9 released
Timothy Bish
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M4 released
Timothy Bish
[ANN] Apache Tomcat 10.0.26 available
Mark Thomas
[ANNOUCE] Apache CloudStack 4.17.1.0 LTS Release
Abhishek Kumar
[ANN] Apache Tomcat 9.0.67 available
Rémy Maucherat
[ANN] Apache Tomcat 10.1.0 (stable) available
Mark Thomas
[ANNOUNCE] Apache Allura 1.14.0 released
Dave Brondsema
CVE-2022-33683: Apache Pulsar: Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack
Michael Marshall
CVE-2022-33682: Apache Pulsar: Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack
Michael Marshall
CVE-2022-33681: Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM
Michael Marshall
CVE-2022-24280: Apache Pulsar Proxy target broker address isn't validated
Lari Hotari
CVE-2022-40955: Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC
Arnout Engelen
CVE-2022-40705: Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP
Arnout Engelen
[ANNOUNCE] Apache Qpid JMS 2.1.0 released
Robbie Gemmell
[ANNOUNCE] Apache Qpid JMS 1.7.0 released
Robbie Gemmell
CVE-2022-40754: Apache Airflow: Open Redirect
Jedidiah Cunningham
CVE-2022-40604: Apache Airflow: Format String Vulnerability
Jedidiah Cunningham
[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.4
Mark Thomas
[ANNOUNCE] Apache Creadur RAT 0.15 is released
P. Ottlinger
[ANNOUNCE] Release Apache InLong 1.3.0
Zirui Sting
[ANNOUNCEMENT] Apache SkyWalking CLI 0.11.0 Released
kezhenxu94
[ANNOUNCE] Apache SkyWalking Kubernetes 4.3.0 is available
kezhenxu94
CVE-2022-28220: STARTTLS command injection in Apache JAMES
Benoit Tellier
CVE-2022-34917: Unauthenticated clients may cause OutOfMemoryError on Apache Kafka Brokers
Manikumar
[ANNOUNCE] Apache Kafka 3.2.3
Manikumar
[ANNOUNCE] Apache Kafka 3.1.2
Manikumar
[ANNOUNCE] Apache Kafka 3.0.2
Manikumar
[ANNOUNCE] Apache Kafka 2.8.2
Manikumar
[ANNOUNCE] Apache Pulsar 2.8.4 released
Yunze Xu
[ANNOUNCE] Apache Airflow 2.4.0 Released
Ephraim Anierobi
[ANNOUNCE] Apache Groovy 3.0.13 Released
Paul King
[ANNOUNCE] Apache Log4j 2.19.0 released
Ralph Goers
[ANNOUNCE] Apache POI 5.2.3 released
PJ Fanning
[ANNOUNCEMENT] Apache SkyWalking Cloud on Kubernetes 0.7.0 Released
Ye Cao
[ANNOUNCEMENT] Apache SkyWalking Could on Kubernetes 0.7.0 Released
Ye Cao
[ANNOUNCE] Apache PDFBox 1.8.17 released
Andreas Lehmkuehler
[ANN] Apache Struts ver. 6.0.3 GA
Lukasz Lenart
The Apache Weekly News Round-up: week ending 16 September 2022
Swapnil M Mane
[ANNOUNCE] Apache Tika 1.28.5 released
Tim Allison
[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.3
Mark Thomas
[ANNOUNCEMENT] Apache SkyWalking Rover 0.3.0 Released
han liu
CVE-2022-39135: Apache Calcite: potential XEE attacks
Ruben Q L
[ANNOUNCE] Apache Jackrabbit 2.16.10 released
Julian Reschke
[ANNOUNCE] Apache Jackrabbit 2.16.10 released
Julian Reschke
[ANNOUNCE] Apache Calcite 1.32.0 released
Julian Hyde
[ANNOUNCE] Apache Groovy 4.0.5 Released
Paul King
The Apache Weekly News Round-up: week ending 9 September 2022
Swapnil M Mane
[ANNOUNCE] Apache Camel 3.18.2 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache Pinot 0.11.0 release
Xiang Fu
[ANNOUNCE] Apache IoTDB 0.13.2 released
Jialin Qiao
[ANNOUNCE] Apache NetBeans 15 released
Geertjan Wielenga
[ANNOUNCE] Apache Kyuubi (Incubating) released 1.6.0-incubating
Nicholas Jiang
[ANNOUNCE] Apache Pulsar 2.7.5 released
Haiting Jiang
[ANNOUNCE] Apache Linkis (Incubating) 1.2.0 available
Zhen Wang
CVE-2022-38370: Apache IoTDB: No authorization of DatabaseConnectController in grafana-connector.
Haonan Hou
CVE-2022-38369: Apache IoTDB: Login check vulnerability by session Id
Haonan Hou
[ANNOUNCE] Apache APISIX Ingress controller v1.5.0-rc1 released
Jintao Zhang
[ANNOUNCE] Apache HBase 2.5.0 is now available for download
Nick Dimiduk
[ANNOUNCE] Apache SkyWalking Java Agent 8.12.0 released
Sheng Wu
[ANN] Apache ActiveMQ 5.17.2 has been released!
Jean-Baptiste Onofré
[ANNOUNCE] Apache Qpid Proton-J 0.34.0 released
Robbie Gemmell
Apache OFBiz - Unauth Stored XSS (CVE-2022-25370)
Jacques Le Roux
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
Jacques Le Roux
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
Jacques Le Roux
Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
Jacques Le Roux
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
Jacques Le Roux
Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063)
Jacques Le Roux
Subject: Apache OFBiz - Server-Side Template Injection (CVE-2022-25813)
Jacques Le Roux
[ANNOUNCE] Apache OFBiz 18.12 End-Of-Life (EOL) announcement
Jacques Le Roux
CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons
Jedidiah Cunningham
CVE-2022-38054: Apache Airflow: Session Fixation
Jedidiah Cunningham
The Apache Weekly News Round-up: week ending 2 September 2022
Swapnil M Mane
[ANNOUNCE] Apache SkyWalking 9.2.0 released
Sheng Wu
CVE-2022-37435: Apache ShenYu Admin Improper Privilege Management
Zhang Yonglun
[ANNOUNCE] Apache OFBiz 18.12.06 released
Jacopo Cappellato
CVE-2022-37023: Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11
Kirk Lund
CVE-2022-37022: Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 11
Kirk Lund
CVE-2022-37021: Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 8.
Kirk Lund
[ANNOUNCE] Apache XMLBeans 5.1.1 release
PJ Fanning
[ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M8 released
Timothy Bish
[ANNOUNCE] Apache Fineract 1.8.0 Release
Aleksandar Vidakovic
Apache Buildr is now retired
Hervé Boutemy
Apache REEF is now retired
Hervé Boutemy
[ANNOUNCE] Apache APISIX 2.13.3 has been released
Zexuan Luo
The Apache Weekly News Round-up: week ending 26 August 2022
Swapnil M Mane
[ANNOUNCE] Apache Beam 2.41.0 Released
Kiley Sok
[ANNOUNCE] Release Apache Traffic Control 7.0.1
Steve Hamrick
CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption
Joe Orton
CVE-2021-25642: Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler
Masatake Iwasaki
[ANNOUNCE] Apache Airflow 2.3.4 Released
Ephraim Anierobi
CVE-2022-34916: Apache Flume: Improper Input Validation (JNDI Injection) in JMSMessageConsumer
Ralph Goers
[ANNOUNCE] Apache Flume 1.10.1 released
Ralph Goers
[ANNOUNCE] Apache Camel 3.14.5 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache APISIX Java Plugin Runner 0.3.0 has been released
tzssangglass
The Apache Weekly News Round-up: week ending 19 August 2022
Swapnil M Mane
Airflow Providers released on August 18, 2022 are ready
Jarek Potiuk
[Announcement] : Apache LDAP API 2.1.2
Emmanuel Lecharny
[Announcement] : Apache LDAP API 2.1.2
Emmanuel Lecharny
[ANNOUNCE] Apache Solr Operator v0.6.0 released
Jason Gerlowski
Airflow Providers released on August 14, 2022 are ready
Jarek Potiuk
[ANN] Apache Tomcat 8.5.82 available
Christopher Schultz
[ANNOUNCE] Release Apache DolphinScheduler 3.0.0
Jiajie Zhong
CVE-2022-37401: Apache OpenOffice Weak Master Keys
Carl B. Marcum
CVE-2022-37400: Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password
Carl B. Marcum
[ANNOUNCE] Apache Jackrabbit 2.21.12 released
Julian Reschke
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M3 released
Timothy Bish
[ANNOUNCE] Apache Camel 3.18.1 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache Calcite 1.31.0 released
Andrei Sereda
[ANNOUNCE] Apache Traffic Server v9.1.3 is Released!
Bryan Call
[ANNOUNCE] Apache HBase 1.7.2 is now available for download
Duo Zhang
[Announcement] : Apache LDAP API 2.1.1
Emmanuel Lecharny
[ANNOUNCE] Apache ServiceComb Pack version 0.7.1 Released
Lei Zhang
[ANNOUNCE] Apache UIMA Java SDK JSON CAS I/O v0.4.0 released
Richard Eckart de Castilho
CVE-2022-35724: Apache Avro: Denial of service while reading data in Avro Rust SDK
Ryan Skraba
CVE-2022-36124: Apache Avro: Memory overconsumption in Avro Rust SDK
Ryan Skraba
CVE-2022-36125: Apache Avro: Integer overflow when reading corrupted .avro file in Avro Rust SDK
Ryan Skraba
[ANNOUNCE] Apache Avro 1.11.1 released
Ryan Skraba
[ANN] Apache Syncope 3.0.0-M0
Francesco Chicchiriccò
[ANN] Apache Syncope 2.1.12
Francesco Chicchiriccò
Earlier messages
Later messages