announce
Thread
Date
Earlier messages
Later messages
Messages by Thread
[ANNOUNCE] Apache Qpid Dispatch 1.18.0 released
Ken Giusti
The Apache News Round-up: week ending 19 November 2021
Swapnil M Mane
ANNOUNCE] Apache Jackrabbit Oak 1.6.22 released
Julian Reschke
CVE-2021-39235: Apache Ozone: Access mode of block tokens are not enforced
Siddharth Wagle
CVE-2021-41532: Apache Ozone: Unauthenticated access to Ozone Recon HTTP endpoints
Siddharth Wagle
CVE-2021-39236: Apache Ozone: Owners of the S3 tokens are not validated
Siddharth Wagle
CVE-2021-39234: Apache Ozone: Raw block data can be read bypassing ACL/authorization
Siddharth Wagle
CVE-2021-39233: Apache Ozone: Container-related datanode operations can be called without authorization
Siddharth Wagle
CVE-2021-39232: Apache Ozone: Missing admin check for SCM related admin commands
Siddharth Wagle
CVE-2021-39231: Apache Ozone: Missing authentication/authorization on internal RPC endpoints
Siddharth Wagle
CVE-2021-36372: Apache Ozone: Original block tokens are persisted and can be retrieved
Siddharth Wagle
[ANNOUNCE] Apache IoTDB 0.12.3 released
Haonan Hou
[ANNOUNCE] Apache Arrow 6.0.1 released
Sutou Kouhei
[ANN] Apache Tomcat 8.5.73 available
Christopher Schultz
[ANNOUNCE] Apache Solr Operator v0.5.0 released
Houston Putman
[ANNOUNCEMENT] HttpComponents Client 5.1.2 GA Released
Oleg Kalnichevski
CVE-2021-42250: Apache Superset: Possible log injection
Daniel Gaspar
[ANNOUNCE] Apache Lucene 8.11.0 released
Adrien Grand
[ANNOUNCE] Apache Solr 8.11.0 released
Adrien Grand
[ANN] Apache Struts 2.5.27
Lukasz Lenart
[ANNOUNCE] Apache Camel 3.13.0 Released
Gregor Zurowski
[ANN] Apache Tomcat 9.0.55 available
Rémy Maucherat
[ANN] Apache Tomcat 10.0.13 available
Mark Thomas
[ANN] Apache Tomcat 10.1.0-M7 (alpha) available
Mark Thomas
[ANNOUNCE] Apache CloudStack 4.16.0.0 Release
Nicolas Vazquez
[ANNOUNCEMENT] Apache SkyWalking Infra E2E 1.1.0 Released
han liu
[ANNOUNCE] Apache Groovy 4.0.0-beta-2 Released
Paul King
The Apache Weekly News Round-up: week ending 12 November
Sally Khudairi
CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops
Zach Hoffman
Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops
Zach Hoffman
Sponsor Success at Apache: Exploration and Practice of the Apache Way in Tencent
Sally Khudairi
CVE-2021-41972: Apache Superset: Credentials leak
Daniel Gaspar
[ANNOUNCE] Release Apache Traffic Control 6.0.1
Zach Hoffman
[ANNOUNCE] Apache ShardingSphere 5.0.0 available
Haoran Meng
[ANNOUNCE] Apache NiFi 1.15.0 release
Joe Witt
[ANNOUNCE] Apache Jackrabbit Oak 1.8.25 released
Nitin Gupta
[ANNOUNCE] Apache Jackrabbit 2.20.4 released
Julian Reschke
[ANNOUNCE] Apache Qpid Proton 0.36.0 released
Robbie Gemmell
[ANNOUNCEMENT] Apache SkyWalking Satellite 0.3.0 Released
han liu
The Apache News Round-up: week ending 5 November 2021
Swapnil M Mane
Airflow Providers released on Thu Nov 4
Jarek Potiuk
[ANNOUNCE] Apache POI 5.1.0 released
PJ Fanning
[ANNOUNCEMENT] HttpComponents Client 5.2-alpha1 Released
Oleg Kalnichevski
[ANNOUNCE] Apache SystemDS 2.2.0 released
Janardhan
CVE-2021-27644: Apache DolphinScheduler: DolphinScheduler mysql jdbc connector parameters deserialize remote code execution
Calvin Kirs
[ANNOUNCE] Apache Wicket 9.6.0 released
Andrea Del Bene
[ANNOUNCE] Apache Traffic Server 9.1.1 and 8.1.3 are Released
Bryan Call
CVE-2021-41973: Apache MINA HTTP listener DOS
Emmanuel Lecharny
Apache Month in Review: October 2021
Sally Khudairi
[ANNOUNCE] Apache MINA 2.0.22 & 2.1.5 released
Emmanuel Lecharny
[ANNOUNCE] Apache Avro 1.11.0 released
Ryan Skraba
[ANNOUNCE] Apache SkyWalking Java Agent 8.8.0 released
Kai Wan
[ANNOUNCE] Airflow 2.2.1 is released
Jedidiah Cunningham
[ANNOUNCE] Apache Commons CLI 1.5.0
Rob Tompkins
The Apache News Round-up: week ending 29 October 2021
Swapnil M Mane
[ANNOUNCE] Apache OFBiz 18.12.01 released
Jacopo Cappellato
[ANNOUNCE] Apache Arrow 6.0.0 released
Krisztián Szűcs
[ANNOUNCE] Apache ShenYu (incubating) 2.4.1 available
XiaoYu
[ANNOUNCE] Apache Geode 1.12.5
Dick Cavender
[ANNOUNCEMENT] HttpComponents Client 5.1.1 GA Released
Oleg Kalnichevski
[ANNOUNCE] Apache HBase 1.4.14 is now available for download
Duo Zhang
[ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M3 released
Timothy Bish
Apache Kyuubi (Incubating) 1.3.1-incubating released
Xiduo You
[ANNOUNCE] Apache OpenMeetings 6.2.0 is released
Sebastian Wagner
[ANNOUNCE] Apache Bigtop 3.0.0 released
Kengo Seki
[ANNOUNCE] Apache PLC4X 0.9.0 released
Christofer Dutz
The Apache News Round-up: week ending 22 October 2021
Swapnil M Mane
Fwd: [ANNOUNCE] Apache XMLBeans 5.0.2 release
PJ Fanning
[ANNOUNCE] Apache Qpid JMS 1.3.0 released
Robbie Gemmell
[ANNOUNCE] Apache Flink 1.13.3 released
Chesnay Schepler
[ANNOUNCE] Apache Ant 1.10.12 released
Jaikiran Pai
CVE-2021-40865: Apache Storm: Unsafe Pre-Authentication Deserialization In Workers
Derek Dagit
CVE-2021-38294: Apache Storm: Shell Command Injection Vulnerability in Nimbus Thrift Server
Derek Dagit
[ANNOUNCEMENT] HttpComponents Core 5.2-alpha2 released
Oleg Kalnichevski
[ANNOUNCE] Apache Qpid Proton-J 0.33.10 released
Robbie Gemmell
[ANNOUNCE] Apache Calcite 1.28.0 released
Julian Hyde
[ANNOUNCE] Apache DataFu 1.6.1 Released
Eyal Allweil
[ANNOUNCE] Apache SkyWalking Eyes 0.2.0 is out
kezhenxu94@apache
[ANNOUNCE] Apache SkyWalking CLI 0.9.0 is out
kezhenxu94@apache
[ANNOUNCE] Apache Solr 8.10.1 released
Mayya Sharipova
[ANNOUNCE] Apache Lucene 8.10.1 released
Mayya Sharipova
The Apache News Round-up: week ending 15 October 2021
Swapnil M Mane
CVE-2021-41971: Apache Superset: Possible SQL Injection when template processing is enabled
Daniel Gaspar
[SECURITY] CVE-2021-42340 Apache Tomcat DoS
Mark Thomas
[ANNOUNCE] Apache Storm 2.1.1 Released
Ethan Li
[ANNOUNCE] Release Apache SkyWalking Client JS version 0.7.0
xue fan
[ANNOUNCE] Apache ShardingSphere ElasticJob 3.0.1 available
吴伟杰
[ANNOUNCE] Apache SIS 1.1 Release
Martin Desruisseaux
[ANNOUNCE] Apache Camel 3.11.3 (LTS) Released
Gregor Zurowski
[RELEASE] CouchDB 3.2.0
Jan Lehnardt
[ANNOUNCE] Airflow 2.2.0 is released
Kaxil Naik
[ANNOUNCE] Apache Storm 1.2.4 Released
Ethan Li
Airflow Providers (Amazon 2.3.0) released on Mon 11 Oct 17:18:55 CEST 2021 are ready
Jarek Potiuk
[ANNOUNCE] Release Apache Traffic Control 6.0.0
Zach Hoffman
CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request
Eric Friedrich
Re: CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request
Eric Friedrich
[ANNOUNCE] Apache Calcite Avatica 1.19.0 released
Julian Hyde
[ANNOUNCE] Apache Storm 2.2.1 Released
Ethan Li
[ANNOUNCE] Apache Hop (Incubating) 1.0 released
Bart Maertens
Fwd: [ANNOUNCE] Apache Jackrabbit Oak 1.22.9 released
Nitin Gupta
[ANN] Apache Syncope 2.1.10
Francesco Chicchiriccò
CVE-2021-41832: Apache OpenOffice: Content Manipulation with Certificate Validation Attack
Dave Fisher
CVE-2021-41831: Apache OpenOffice: Timestamp Manipulation with Signature Wrapping
Dave Fisher
CVE-2021-41830: Apache OpenOffice: Double Certificate Attack
Dave Fisher
[ANN] Apache Tomcat 8.5.72 available
Christopher Schultz
Apache Jackrabbit 2.21.8 released
Julian Reschke
[ANNOUNCE] Apache OODT 1.9.1 released
Imesha Sudasingha
[ANNOUNCE] Apache OpenOffice 4.1.11 released
Carl Marcum
The Apache News Round-up: week ending 8 October 2021
Swapnil M Mane
[ANNOUNCEMENT] Apache HTTP Server 2.4.51 Released
icing
CVE-2021-28129: DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid
Dave Fisher
CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
Stefan Eissing
CVE-2021-40439: Apache OpenOffice: Billion Laughs
Dave Fisher
CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file
Dave Fisher
The Apache Software Foundation Announces Apache® OpenOffice® 4.1.11
Sally Khudairi
[ANNOUNCE] Apache Camel 3.7.6 (LTS) Released
Gregor Zurowski
[ANNOUNCEMENT] Apache HTTP Server 2.4.50 Released
icing
[RELEASE] CouchDB 3.1.2
Jan Lehnardt
CVE-2021-41773: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
Stefan Eissing
CVE-2021-41524: Apache HTTP Server: null pointer dereference in h2 fuzzing
Stefan Eissing
[ANN] Apache Tomcat 9.0.54 available
Rémy Maucherat
The Apache News Round-up: week ending 1 October 2021
Swapnil M Mane
[ANN] Apache Tomcat 10.0.12 available
Mark Thomas
[ANN] Apache Tomcat 10.1.0-M6 (alpha) available
Mark Thomas
[ANNOUNCE] Apache Camel 3.12.0 Released
Gregor Zurowski
[ANNOUNCE] Apache SkyWalking 8.8.1 released
kezhenxu94@apache
[ANNOUNCEMENT] Log4cxx 0.12.1 Released
Robert Middleton
Apache Month in Review: September 2021
Sally Khudairi
[ANNOUNCEMENT] HttpComponents Core 5.1.2 GA released
Oleg Kalnichevski
[ANNOUNCE] Apache Qpid JMS 1.2.0 released
Robbie Gemmell
[ANNOUNCE] Apache APISIX 2.10.0 has been release
Zexuan Luo
CVE-2021-41616: Apache ddlutils 1.0 readobject vulnerability
Bryan Pendleton
[ANNOUNCE] Apache Flink 1.14.0 released
Dawid Wysakowicz
[ANNOUNCE] Apache Solr 8.10.0 released
Timothy Potter
[ANNOUNCE] Apache Lucene 8.10.0 released
Timothy Potter
[ANNOUNCE] Apache Storm 2.3.0 Released
Ethan Li
[ANNOUNCE] Apache SkyWalking 8.8.0 released
Sheng Wu
[ANNOUNCE] Apache James MIME4J 0.8.6
btell...@apache.org
The Apache News Round-up: week ending 27 September 2021
Sally Khudairi
CVE-2021-36749: Apache Druid: The HTTP inputSource allows authenticated users to read data from other sources than intended (incomplete fix of CVE-2021-26920)
Clint Wylie
[ANNOUNCE] Apache Druid 0.22.0 release
Clint Wylie
[ANNOUNCE] Apache Pulsar 2.8.1 released
Hang Chen
[ANNOUNCE] Apache Kafka 3.0.0
Konstantine Karantasis
[ANNOUNCE] Apache Ranger response to incorrect analyst report on Cloud data security
Madhan Neethiraj
[ANNOUNCE] Apache NetBeans 12.5 released
Eric Barboni
CVE-2021-38153: Timing Attack Vulnerability for Apache Kafka Connect and Clients
Randall Hauch
[ANNOUNCE] Apache Ignite 2.11.0 Released
Maxim Muzafarov
The Apache News Round-up: week ending 17 September 2021
Sally Khudairi
[ANNOUNCE] Apache Kafka 2.8.1
David Jacot
[ANNOUNCE] Apache Airflow 2.1.4 is released
Kaxil Naik
[CVE-2021-40690] - Apache Santuario - XML Security for Java
Colm O hEigeartaigh
[ANNOUNCEMENT] Apache HTTP Server 2.4.49 Released
icing
[ANNOUNCEMENT] Apache SkyWalking CLI 0.8.0 Released
Hoshea Jiang
[ANNOUNCE] Apache Jena 4.2.0 has been released
Andy Seaborne
[ANNOUNCEMENT] Apache SkyWalking Satellite 0.2.0 Released
han liu
CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass
Brian Demers
Success at Apache: from Mentee to PMC
Sally Khudairi
CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability
Andy Seaborne
[SECURITY] CVE-2021-41079 Apache Tomcat DoS
Mark Thomas
[ANNOUNCE] Apache IoTDB 0.12.2 is released
Xiangdong Huang
[ANN] Tomcat 8.5.71 Released
Christopher Schultz
[ANNOUNCE] Apache Solr Operator v0.4.0 released
Houston Putman
[ANNOUNCE] Apache Commons RNG 1.4 released
Alex Herbert
[ANNOUNCEMENT] HttpComponents Core 5.2-alpha1 released
Oleg Kalnichevski
[ANN] Apache Tomcat 9.0.53 available
Rémy Maucherat
[ANN] Apache Tomcat 10.0.11 available
Mark Thomas
[ANN] Apache Tomcat 10.1.0-M5 (alpha) available
Mark Thomas
[ANNOUNCE] Apache Camel 3.11.2 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache Jackrabbit Oak 1.4 retired
Julian Reschke
[ANN] Apache Karaf runtime 4.3.3 has been released
Jean-Baptiste Onofré
[ANNOUNCE] Apache SkyWalking Python Agent 0.7.0 is released
kezhenxu94@apache
[ANN] Release of Apache Log4j Kotlin API 1.1.0
Matt Sicker
[ANNOUNCE] Apache jclouds 2.4.0 released
Andrew Gaul
[ANNOUNCE] Apache Wicket 9.5.0 released
Andrea Del Bene
[ANNOUNCE] Apache PDFBox 3.0.0-alpha2 released
Andreas Lehmkuehler
[ANNOUNCE] Apache Any23 2.5 Release
Lewis John McGibbney
CVE-2021-40146: A Remote Code Execution (RCE) vulnerability exists in Apache Any23 YAMLExtractor.java
Lewis John McGibbney
CVE-2021-38555: An XML external entity (XXE) injection vulnerability exists in Apache Any23 StreamUtils.java
Lewis John McGibbney
The Apache News Round-up: week ending 10 September 2021
Sally Khudairi
CVE-2021-38540: Apache Airflow: Variable Import endpoint missed authentication check
Kaxil Naik
[ANNOUNCE] Apache Jackrabbit 2.14.10 released
Julian Reschke
[ANNOUNCE] Apache DolphinScheduler 1.3.8 released
David Dai
[ANNOUNCE] Apache Groovy 4.0.0-beta-1 released
Paul King
[ANNOUNCE] Apache Groovy 2.5.15 released
Paul King
[ANNOUNCE] Apache Groovy 3.0.9 released
Paul King
[ANNOUNCE] Apache Geronimo Arthur 1.0.3
Francois Papon
[ANNOUNCE] Apache APISIX Go Plugin Runner 0.2.0 has been released
Zexuan Luo
[ANNOUNCE] Apache Geode 1.14.0
nabarun nag
The Apache News Round-up: week ending 3 September 2021
Swapnil M Mane
[ANNOUNCE] Apache Hudi 0.9.0 released
Udit Mehrotra
CVE-2019-10095: Apache Zeppelin: bash command injection in spark interpreter
Jeff Zhang
CVE-2020-13929: Apache Zeppelin: Notebook permissions bypass
Jeff Zhang
CVE-2021-27578: Apache Zeppelin: Cross Site Scripting in markdown interpreter
Jeff Zhang
[ANN] Apache Tomcat Native 1.2.31 released
Mark Thomas
Apache Month in Review: August 2021
Sally Khudairi
[ANNOUNCE] Apache Qpid Proton-J 0.33.9 released
Robbie Gemmell
The Apache® Software Foundation Announces Annual Report for 2021 Fiscal Year
Sally Khudairi
[ANNOUNCE] Apache APISIX 2.9 has been release
Zexuan Luo
[ANNOUNCE] Apache Tika 2.1.0 released
Tim Allison
The Apache Drill Project Announces Apache® DrillTM v1.19 Milestone Release
Sally Khudairi
Earlier messages
Later messages