announce

Messages by Thread

[ANNOUNCE] Apache Camel 3.20.1 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Pulsar Node.js client 1.8.0 released Zike Yang
CVE-2022-45935: Apache James server: Temporary File Information Disclosure Benoit Tellier
CVE-2022-45787: Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider Benoit Tellier
[ANNOUNCE] Apache James 3.7.3 released Benoit TELLIER
[ANNOUNCE] Apache James JSPF 1.0.3 released Benoit TELLIER
[ANNOUNCEMENT] Apache SkyWalking Satellite 1.1.0 Released han liu
[ANNOUNCE] Airflow Providers released on Janurary 02, 2023 released Elad Kalif
[ANNOUNCE] MyFaces Core v4.0.0-RC3 Release Volodymyr Siedlecki
[SECURITY] CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection Mark Thomas
[ANNOUNCE] Apache Pulsar 2.9.4 released 丛搏
[ANNOUNCE] Release Apache DolphinScheduler 3.0.4 Jay Chung
[RELEASE] Apache CouchDB 3.3.0 released Jan Lehnardt
[ANNOUNCE] Apache APISIX 3.1.0 has been released Zexuan Luo
CVE-2022-44621: Apache Kylin: Command injection by Diagnosis Controller Xiaoxiang Yu
CVE-2022-43396: Apache Kylin: Command injection by Useless configuration Xiaoxiang Yu
[ANNOUNCE] Apache Pulsar Client Python 3.0.0 released Yunze Xu
[ANNOUNCE] Apache SIS 1.3 Release Martin Desruisseaux
[ANNOUNCE] Apache Groovy 4.0.7 Released Paul King
[ANNOUNCE] Apache Groovy 2.5.20 Released Paul King
[ANNOUNCE] Apache Groovy 3.0.14 Released Paul King
[ANNOUNCE] Commons Math 4.0-beta1 Gilles Sadowski
CVE-2022-45347: Apache ShardingSphere-Proxy: ShardingSphere-Proxy MySQL authentication bypass Weijie Wu
CVE-2022-40145: Apache Karaf: JDBC JAAS LDAP injection Jean-Baptiste Onofré
[ANNOUNCE] Apache Camel 3.20.0 (LTS) Released Gregor Zurowski
[ANNOUNCEMENT] Apache SkyWalking Rover 0.4.0 Released han liu
CVE-2022-46421: Apache Airflow Hive Provider: Hive Provider RCE vulnerability with hive_cli_params Jarek Potiuk
[ANNOUNCE] Airflow Providers released on December 14, 2022 are ready Elad Kalif
[ANNOUNCE] Ignite Spark Extension 2.0.0 and 3.0.0 Released Maxim Muzafarov
[ANNOUNCE] Apache Camel 3.14.7 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache SpamAssassin 4.0.0 available Sidney Markowitz
CVE-2022-47500: Apache Helix: Open redirect Junkai Xue
CVE-2022-46870: Apache Zeppelin: Stored XSS in note permissions Arnout Engelen
CVE-2021-28655: Apache Zeppelin: Arbitrary file deletion vulnerability Arnout Engelen
[ANNOUNCE] Apache Traffic Server 9.1.4 and 8.1.6 are Released Bryan Call
[ANNOUNCE] Apache NetBeans 16 released Geertjan Wielenga
CVE-2022-32531: Apache BookKeeper: Java Client Uses Connection to Host that Failed Hostname Verification Enrico Olivelli
[ANNOUNCE] Apache Pulsar Client C++ 3.1.0 released Zike Yang
CVE-2022-34271: Apache Atlas: zip path traversal in import functionality Madhan Neethiraj
CVE-2022-46364: Apache CXF SSRF Vulnerability Colm O hEigeartaigh
[ANN] End of life for Apache Tomcat 8.5.x Mark Thomas
- [ANN] End of life for Apache Tomcat 8.5.x Mark Thomas
CVE-2022-46363: Apache CXF directory listing / code exfiltration Colm O hEigeartaigh
[ANNOUNCE] Apache NiFi MiNiFi C++ 0.13.0 release Ferenc Gerlits
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M7 released Timothy Bish
[ANNOUNCE] Apache Impala 4.2.0 release Daniel Becker
[ANN] Apache Syncope 2.1.13 Francesco Chicchiriccò
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.1.0 Lari Hotari
[ANNOUNCE] Apache ShardingSphere on Cloud 0.1.1 available 吴伟杰
[ANN] Apache Tomcat 10.1.4 available Mark Thomas
[ANNOUNCE] Apache ShardingSphere 5.3.0 available 吴伟杰
[ANNOUNCE] Apache Hop 2.2.0 Bart Maertens
[ANNOUNCE] Apache Jackrabbit 2.21.14 released Julian Reschke
- [ANNOUNCE] Apache Jackrabbit 2.21.14 released Julian Reschke
[ANNOUNCE] Apache SkyWalking NodeJS 0.6.0 is available kezhenxu94
[ANNOUNCEMENT] HttpComponents Client 5.2.1 GA Released Oleg Kalnichevski
[ANNOUNCE] Release Apache DolphinScheduler 3.0.3 Jay Chung
[ANNOUNCE] Apache NiFi 1.19.1 release. Joe Witt
[ANNOUNCE] Apache Doris 1.2.0 release ChenMingyu
[ANNOUNCE] Apache Commons Statistics Version 1.0 Released Alex Herbert
[ANNOUNCE] Apache Atlas 2.3.0 released Madhan Neethiraj
[ANNOUNCE] Apache ActiveMQ 5.17.3 has been released! Jean-Baptiste Onofré
[ANNOUNCE] Apache Commons BCEL 6.7.0 Gary Gregory
CVE-2022-45910: Apache ManifoldCF: LDAP Injection Vulnerability - ActiveDirectory Authorities Markus Schuch
[ANN] Apache Tomcat 11.0.0-M1 (alpha) available Mark Thomas
[ANN] Apache Tomcat 9.0.70 available Rémy Maucherat
[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.6 Mark Thomas
[ANNOUNCE] Apache IoTDB 1.0.0 released Haonan Hou
CVE-2022-45046: Apache Camel: LDAP Injection in Camel-LDAP Andrea Cosentino
[ANNOUNCEMENT] HttpComponents Client 4.5.14 GA Released Oleg Kalnichevski
[ANNOUNCE] Apache HBase 2.5.2 is now available for download Duo Zhang
CVE-2021-37533: Apache Commons Net's FTP client trusts the host from PASV response by default Gary D. Gregory
[ANNOUNCE] Airflow Providers released on December 02, 2022 released Jarek Potiuk
[ANNOUNCE] Apache Commons Net 3.9.0 Gary Gregory
[ANNOUNCE] Apache Airflow 2.5.0 Released Ephraim Anierobi
CVE-2022-46366: Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input Arnout Engelen
[ANNOUNCE] Apache Camel 3.18.4 (LTS) Released Gregor Zurowski
[ANNOUNCEMENT] HttpComponents Core 4.4.16 Released Oleg Kalnichevski
[ANNOUNCE] Apache Fineract 1.7.2 Release Aleksandar Vidakovic
[ANNOUNCE] Apache Tuweni (incubating) 2.3.1 released Antoine Toulme
Airflow Providers released on November 29, 2022 are ready Jarek Potiuk
CVE-2022-44635: Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal Arnout Engelen
[ANNOUNCE] Apache Fineract 1.8.2 Release Aleksandar Vidakovic
[ANN] Apache Struts 6.1.1 (proper list of issues) Lukasz Lenart
[ANNOUNCE] Apache NiFi 1.19.0 release Joe Witt
[ANN] Apache Struts 6.1.1 Lukasz Lenart
- Re: [ANN] Apache Struts 6.1.1 Lukasz Lenart
[ANNOUNCE] Apache Arrow 10.0.1 released Sutou Kouhei
[ANNOUNCE] Apache Arrow 10.0.0 released Sutou Kouhei
[ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.2.1 released Jiajing LU
[ANNOUNCE] Apache Fineract 1.8.1 Release Aleksandar Vidakovic
[ANNOUNCE] Apache Fineract 1.7.1 Release Aleksandar Vidakovic
[ANNOUNCE] Apache Flink 1.15.3 released Fabian Paul
[ANNOUNCE] Apache Qpid Broker-J 9.0.0 released Tomas Vavricka
CVE-2022-26885: Apache DolphinScheduler config file read by task risk ShunFeng Cai
[ANNOUNCE] Apache Lucene 9.4.2 released Adrien Grand
CVE-2022-45462: Apache DolphinScheduler prior to 2.0.5 have command execution vulnerability Jiajie Zhong
[ANN] Apache Tomcat 8.5.84 available Christopher Schultz
- [ANN] Apache Tomcat 8.5.84 available Christopher Schultz
[ANNOUNCE] Release Apache DolphinScheduler 3.0.2 Jiajie Zhong
CVE-2022-41131: Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection) Jarek Potiuk
CVE-2022-40954: Apache Airflow Spark Provider, Apache Airflow: Airflow 2.3.4 spark provider RCE that bypass restrictions to read arbitrary files Jarek Potiuk
- Re: CVE-2022-40954: Apache Airflow Spark Provider, Apache Airflow: Airflow 2.3.4 spark provider RCE that bypass restrictions to read arbitrary files Jarek Potiuk
CVE-2022-40189: Apache Airlfow Pig Provider RCE Jarek Potiuk
CVE-2022-38649: Apache Airflow Pinot Provider, Apache Airflow: PinotAdminHook Command Injection Jarek Potiuk
[ANNOUNCE] Apache Solr 9.1.0 released Ishan Chattopadhyaya
[ANNOUNCEMENT] HttpComponents Client 5.1.4 GA Released Oleg Kalnichevski
CVE-2022-45470: Apache Hama allows XSS and information disclosure Arnout Engelen
[ANNOUNCE] Apache Shiro 1.10.1 released Benjamin Marwell
[ANNOUNCE] Beam 2.43.0 Released Chamikara Jayalath
Airflow Providers relesead on 18th of November Jarek Potiuk
[ANNOUNCE] Apache Kyuubi (Incubating) released 1.6.1-incubating Shaoyun Chen
[ANNOUNCE] Apache APISIX 2.15.1 has been released Zexuan Luo
[ANNOUNCE] Apache Pulsar Client C++ 3.0.0 released Matteo Merli
[ANNOUNCE] Apache Hive 4.0.0-alpha-2 Released Denys Kuzmenko
CVE-2022-45047: Apache MINA SSHD: Java unsafe deserialization vulnerability Thomas Wolf
CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories Olivier Lamy
CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files Olivier Lamy
CVE-2022-45402: Apache Airflow: Open redirect during login Jedidiah Cunningham
[ANN] Apache Tomcat 9.0.69 available Rémy Maucherat
[ANN] Apache Tomcat 10.1.2 available Mark Thomas
CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB Rob Vesse
[ANN] Apache Syncope 3.0.0 Francesco Chicchiriccò
[ANNOUNCEMENT] HttpComponents Core 5.1.5 GA released Oleg Kalnichevski
CVE-2022-45378: Apache SOAP allows unauthenticated users to potentially invoke arbitrary code Arnout Engelen
[ANNOUNCE] Apache Airflow 2.4.3 Released Ephraim Anierobi
CVE-2022-27949: Apache Airflow: sensitive values in rendered template Jarek Potiuk
- Re: CVE-2022-27949: Apache Airflow: sensitive values in rendered template Jarek Potiuk
CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example Jarek Potiuk
[ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M11 released Timothy Bish
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M6 released Timothy Bish
[ANNOUNCE] Apache Qpid Proton 0.38.0 released Robbie Gemmell
[ANNOUNCE] Apache APISIX Java Plugin Runner 0.4.0 has been released tzssangglass
[ANNOUNCE] Apache Jackrabbit 2.20.7 released Julian Reschke
[ANNOUNCEMENT] HttpComponents Client 5.2 GA Released Oleg Kalnichevski
[ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.2.0 released Jiajing LU
[ACCOUNCE] Apache Flink Elasticsearch Connector 3.0.0 released Chesnay Schepler
[ANNOUNCE] Apache SkyWalking Java Agent 8.13.0 released Sheng Wu
[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.5 Mark Thomas
[ANNOUNCE] Apache Daffodil 3.4.0 Released Steve Lawrence
[ANN] Apache Tomcat Native 2.0.2 released Mark Thomas
[ANNOUNCEMENT] HttpComponents Core 5.2 GA released Oleg Kalnichevski
[ANNOUNCE] Apache Tika 2.6.0 released Tim Allison
[ANNOUNCE] Apache PLC4X 0.10.0 released Christofer Dutz
[ANNOUNCE] Apache Camel 3.14.6 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache ShenYu Nginx 1.0.0-1 available ChenBin
CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing Gary D. Gregory
CVE-2022-37866: Apache Ivy: Ivy Path traversal Stefan Bodewig
CVE-2022-37865: Apache Ivy allow create/overwrite any file on the system Stefan Bodewig
[ANN] Apache Ivy 2.5.1 Released Stefan Bodewig
[ANNOUNCE] Apache James JSIEVE 0.8 released Benoit TELLIER
[ANNOUNCE] Apache James MIME4J 0.8.8 released Benoit TELLIER
- [ANNOUNCE] Apache James MIME4J 0.8.8 released Benoit TELLIER
[ANNOUNCE] Apache James JSPF 1.0.2 released Benoit TELLIER
[ANNOUNCEMENT] Apache Commons BCEL 6.6.1 Gary Gregory
[ANNOUNCE] Apache Pulsar Helm Chart version 3.0.0 Released Michael Marshall
CVE-2022-33684: Apache Pulsar: Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack Michael Marshall
CVE-2022-32287: Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives Richard Eckart de Castilho
[ANNOUNCE] Apache Curator 5.4.0 released Enrico Olivelli
[ANNOUNCE] Apache UIMA Java SDK version 3.3.1 released Richard Eckart de Castilho
[ANNOUNCE] Apache Accumulo 2.1.0 Christopher
CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path Dan Klco
[ANNOUNCE] Apache Commons Numbers Version 1.1 Released Alex Herbert
CVE-2022-43985: Apache Airflow: Open Redirect Jedidiah Cunningham
CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query Argument in URL Jedidiah Cunningham
CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript Sean R. Owen
CVE-2022-34662: Apache DolphinScheduler prior to 3.0.0 allows path traversal Jiajie Zhong
[ANNOUNCE] Apache Pulsar 2.10.2 released Haiting Jiang
CVE-2022-31764: Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC Weijie Wu
[SECURITY] CVE-2022-42252 Apache Tomcat - Request Smuggling Mark Thomas
[ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M10 released Timothy Bish
[ANNOUNCE] Apache Camel 3.18.3 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache brpc (Incubating) 1.3.0 released Xiguo Hu
[ANNOUNCE] Apache ShardingSphere ElasticJob UI 3.0.2 available 吴伟杰
[ANN] Apache Syncope 3.0.0-M2 Francesco Chicchiriccò
[ANN] Apache Karaf OSGi Runtime 4.3.8 has been released Jean-Baptiste Onofré
[ANN] Apache Karaf OSGi Runtime 4.4.2 release Jean-Baptiste Onofré
CVE-2022-26884: Apache DolphinScheduler exposes files without authentication ShunFeng Cai
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M5 released Timothy Bish
CVE-2022-39944: The Apache Linkis JDBC EngineConn module has a RCE Vulnerability Arnout Engelen
CVE-2022-43766: Apache IoTDB: ReDoS Vulnerability by REGEXP Haonan Hou
CVE-2022-42468 - Apache Flume Improper Input Validation (JNDI Injection) in JMSSource Ralph Goers
[ANNOUNCE] Release of Apache Flume 1.11.0 Ralph Goers
[ANNOUNCE] Apache IoTDB 0.13.3 released Jialin Qiao
[ANN] Apache TomEE 8.0.13 Richard Zowalla
CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application Dan Smith
[ANNOUNCE] MyFaces Core v4.0.0-RC2 Release Volodymyr Siedlecki
[ANNOUNCE] Apache Lucene 9.4.1 released Ignacio Vera
[ANNOUNCE] Apache Airflow 2.4.2 Released Ephraim Anierobi
[ANNOUNCE] Apache ShardingSphere ElasticJob 3.0.2 available 吴伟杰
[ANNOUNCE] Heron 0.20.5-incubating release Josh Fischer
CVE-2021-42010: Apache Heron (Incubating): CRLF log injection Josh Fischer
[ANNOUNCE] Apache ShenYu .NET client 1.0.0 available Han Gao
[ANNOUNCE] Apache Iceberg release 1.0.0 Ryan Blue
[ANNOUNCE] Apache Impala 4.1.1 release Quanlong Huang
[ANNOUNCE] Apache TVM v0.10.0 Release Andrew Luo
CVE-2022-42466: Apache Isis: XSS vulnerability, eg for String properties. Dan Haywood
ISIS-3128: CVE-2022-42467: Apache Isis: h2 webconsole (available only in prototype mode) should nevertheless be disabled by default. Dan Haywood
[ANN] Apache Isis version 2.0.0-M9 Released Dan Haywood
[ANNOUNCE] Apache Hop 2.1.0 Bart Maertens