announce

Messages by Thread

CVE-2024-24778: Apache StreamPipes: Resources Permission Escalation Philipp Zehnder
[ANN] Apache Struts 7.0.3 Lukasz Lenart
[ANNOUNCE] Apache log4cxx 1.4.0 released Stephen Webb
[ANNOUNCE] Apache Gluten (Incubating) 1.2.0 available WeitingChen
[ANNOUNCE] Apache Qpid Broker-J 9.2.1 released Tomas Vavricka
[ANNOUNCE] Apache Gluten (Incubating) 1.3.0 available WeitingChen
[ANNOUNCE] Apache Pulsar 3.3.5 released Lari Hotari
[ANNOUNCE] Apache Doris 3.0.4 release ChenMingyu
[ANNOUNCE] Apache Groovy 4.0.26 Released Paul King
[ANNOUNCE] Apache Pulsar 4.0.3 released Lari Hotari
[ANNOUNCE]] Apache Groovy 3.0.24 Released Paul King
[ANNOUNCE] Apache Pulsar 3.0.10 released Lari Hotari
[ANNOUNCE] Apache Gluten (Incubating) 1.2.1 available WeitingChen
CVE-2025-27531: Apache InLong: An arbitrary file read vulnerability for JDBC Charles Zhang
[ANNOUNCE] Release Apache Hop 2.12.0 Bart Maertens
[ANNOUNCE] Apache Airflow Providers prepared on February 21, 2025 are released Elad Kalif
[ANNOUNCE] Apache MINA SSHD 2.15.0 released Guillaume Nodet
[ANNOUNCE] Apache Ignite 3.0 released Pavel Tupitsyn
[ANNOUNCEMENT] Apache SkyWalking Satellite 1.3.0 Released han liu
[ANNOUNCE] Apache Calcite Avatica 1.26.0 Released Francis Chuang
[ANNOUNCE] Apache HBase 2.6.2 is now available for download Duo Zhang
[ANNOUNCE] Apache NetBeans 25 Released Eric Barboni
[ANNOUNCE] Apache Arrow Java 18.2.0 released Jean-Baptiste Onofré
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M11 released Timothy Bish
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M23 released Timothy Bish
[ANNOUNCE] Apache Arrow 19.0.1 released Bryce Mecum
[ANNOUNCE] Apache Flink 1.19.2 released Alexander Fedulov
[ANNOUNCE] Apache Flink 1.20.1 released Alexander Fedulov
[ANNOUNCE] Apache Qpid JMS 2.7.0 released Robbie Gemmell
[ANNOUNCE] Apache Qpid JMS 1.13.0 released Robbie Gemmell
Apache StreamPipes 0.97.0 Philipp Zehnder
[ANN] Apache Apache Maven Clean Plugin 3.4.1 Released Slawomir Jaranowski
[ANNOUNCEMENT] HttpComponents Client 5.5 alpha1 Released Oleg Kalnichevski
[ANNOUNCE] Apache Pekko (Core) 1.2.0-M1 released PJ Fanning
[ANN] Apache Tomcat 9.0.100 available Rémy Maucherat
[ANNOUNCE] Apache Ranger 2.6.0 released Madhan Neethiraj
[ANNOUNCE] Apache IoTDB 2.0.1-beta released Haonan Hou
- [ANNOUNCE] Apache IoTDB 2.0.1-beta released Haonan Hou
[ANN] Apache Tomcat 11.0.4 Available Mark Thomas
[ANNOUNCE] Apache Commons VFS Project 2.10.0 Gary Gregory
Apache WSS4J 4.0.0 released Colm O hEigeartaigh
[ANNOUNCE] Apache Ignite 2.17.0 Released Nikita Amelchev
CVE-2024-56180: Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution Xue Weiming
CVE-2024-52577: Apache Ignite: Possible RCE when deserializing incoming messages by the server node Nikita Amelchev
[ANNOUNCE] Apache Commons BeanUtils 1.10.1 Gary Gregory
[ANNOUNCE] Apache Jackrabbit Oak 1.76.0 released Julian Reschke
CVE-2024-46910: Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user Madhan Neethiraj
[ANNOUNCE] Apache ManifoldCF SDK 1.0.2 released Piergiorgio Lucidi
CVE-2024-32838: Apache Fineract: SQL injection vulnerabilities in offices API endpoint Arnout Engelen
[ANNOUNCE] Apache flink-connector-hive 3.0.0 released Sergey Nuyanzin
CVE-2025-26467: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) Paulo Motta
[ANNOUNCE] Apache Camel 4.10.0 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Hudi 1.0.1 released Sivabalan
[ANN] Apache Tomcat 11.0.3 Available Mark Thomas
[ANN] Apache Tomcat 9.0.99 available Rémy Maucherat
[ANNOUNCE] Apache Airflow 2.10.5 Released Utkarsh Sharma
[ANNOUNCE] Apache TsFile 2.0.1 released Haonan Hou
FELIX-6751: CVE-2025-25247: Apache Felix Webconsole: XSS in services console Carsten Ziegeler
[ANNOUNCE] Apache Airflow Providers prepared on February 04, 2025 Jarek Potiuk
[ANNOUNCE] Apache Zeppelin 0.12.0 available Jongyoul Lee
[ANNOUNCE] Apache Commons Logging 1.3.5 Gary Gregory
CVE-2025-25069: Apache Kvrocks: Cross-Protocol Scripting Vulnerability Mingyang Liu
[ANNOUNCE] Release Apache OpenDAL v0.51.2 tison
[ANNOUNCE] Apache Tika 2.9.3 released Tim Allison
[ANNOUNCE] Apache NiFi MiNiFi C++ 0.99.1 release Marton Szasz
[ANNOUNCE] Apache James 3.7.6 released Benoit TELLIER
[ANNOUNCE] Apache James 3.8.2 released Benoit TELLIER
CVE-2024-45626: Apache James: denial of service through JMAP HTML to text conversion Benoit Tellier
CVE-2024-37358: Apache James: denial of service through the use of IMAP literals Benoit Tellier
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.1.0 released David Jensen
CVE-2024-48019: Apache Doris: allows admin users to read arbitrary files through the REST API Mingyu Chen
CVE-2025-24860: Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Paulo Motta
CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Paulo Motta
- Re: CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Paulo Motta
CVE-2024-27137: Apache Cassandra: unrestricted deserialization of JMX authentication credentials Paulo Motta
[ANNOUNCEMENT] HttpComponents Client 5.4.2 GA Released Oleg Kalnichevski
[ANNOUNCE] Apache YuniKorn v1.6.1 released Wilfred Spiegelenburg
[ANNOUNCE] Apache FtpServer 1.2.1 released Emmanuel Lecharny
[ANNOUNCE] Apache Tika 3.1.0 released Tim Allison
[ANNOUNCE] Apache Pulsar Helm Chart version 3.9.0 Released Lari Hotari
[ANNOUNCE] Apache Wicket 8.17.0 released Andrea Del Bene
[ANNOUNCE] Apache Traffic Server 10.0.3 Release Chris McFarlen
[ANNOUNCE] Apache jclouds 2.7.0 released Andrew Gaul
[ANNOUNCEMENT] HttpComponents Core 5.3.3 GA released Oleg Kalnichevski
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.0.0 released David Jensen
CVE-2024-29869: Apache Hive: Credentials file created with non restrictive permissions Ayush Saxena
[ANNOUNCE] Apache Commons Codec 1.18.0 Gary Gregory
[ANNOUNCE] Apache Commons Pool 2.12.1 Gary Gregory
CVE-2024-23953: Apache Hive: Timing Attack Against Signature in LLAP util Ayush Saxena
[ANNOUNCE] Apache NiFi 2.2.0 Released Pierre Villard
[ANNOUNCE] Apache Wicket 9.20.0 released Andrea Del Bene
[ANNOUNCE] Apache Airflow Providers prepared on January 26, 2025 are released Elad Kalif
CVE-2025-24783: Apache Cocoon: continuations may not be private Arnout Engelen
[ANNOUNCE] Apache Pulsar Client Python 3.6.0 released Yunze Xu
[ANNOUNCE] Apache Dubbo Python 3.0.0b1 released Albumen Kevin
- [ANNOUNCE] Apache Dubbo Python 3.0.0b1 released Albumen Kevin
[ANNOUNCE] Apache Gravitino (Incubating) 0.8.0 available Fanng
[ANNOUNCE] Release Apache Kvrocks 2.11.0 Twice
[ANNOUNCE] Apache Storm 2.8.0 Released Rui Abreu
CVE-2024-52012: Apache Solr: Configset upload on Windows allows arbitrary path write-access Jason Gerlowski
CVE-2025-24814: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files Jason Gerlowski
[ANNOUNCE] Apache Groovy 4.0.25 Released Paul King
[ANNOUNCE] Apache Groovy 5.0.0-alpha-12 released Paul King
[ANNOUNCE] Apache Wicket 10.4.0 released Andrea Del Bene
[ANN] Apache ActiveMQ Classic 6.1.5 has been released! Jean-Baptiste Onofré
[ANNOUNCE] Apache Arrow 19.0.0 released Bryce Mecum
[ANNOUNCEMENT] Apache HTTP Server 2.4.63 Released jim
[ANNOUNCE] Apache Solr 9.8.0 released Anshum Gupta
[ANNOUNCE] Apache PDFBox 3.0.4 released Andreas Lehmkühler
[ANNOUNCE] Apache bRPC 1.12.1 released Guangming Chen
[ANNOUNCE] Apache Solr Operator v0.9.0 released Jason Gerlowski
CVE-2024-53299: Apache Wicket: An attacker can intentionally trigger a memory leak Pedro Henrique Oliveira dos Santos
[ANNOUNCE] Apache Camel 4.4.5 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache TsFile 2.0.0 released Haonan Hou
CVE-2024-51941: Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts Viraj Jasani
CVE-2025-23196: Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition Viraj Jasani
CVE-2025-23195: Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie Viraj Jasani
CVE-2024-45479: Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost Velmurugan Periasamy
CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input Velmurugan Periasamy
[ANNOUNCE] Apache Daffodil 3.10.0 Released Josh Adams
[ANNOUNCE] Apache Pekko Persistence Cassandra 1.1.0 released PJ Fanning
[ANNOUNCE] Release Apache SeaTunnel 2.3.9 Lucifer Tyrant
[ANNOUNCE] Apache Flink CDC 3.3.0 released Hang Ruan
[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.9 Mark Thomas
[ANNOUNCE] Apache Arrow ADBC 16 Release David Li
[ANNOUNCE] Apache Pulsar 4.0.2 released Lari Hotari
CVE-2025-23184: Apache CXF: Denial of Service vulnerability with temporary files Colm O hEigeartaigh
[ANNOUNCE] Apache Pulsar 3.0.9 released Lari Hotari
[ANNOUNCE] Apache Pulsar 3.3.4 released Lari Hotari
[ANNOUNCEMENT] Apache SkyWalking Ruby 0.1.0 Released Zixin Zhou
[ANNOUNCE] Apache ShenYu 2.7.0 available Hongyu Liu
[ANNOUNCE] Apache Commons BeanUtils 2.0.0-M1 (now with download link) Gary Gregory
[ANN] Apache Sling 13 Released Stefan Seifert
[ANNOUNCE] Release Apache InLong 2.1.0 黄文伟
[ANNOUNCE] Apache ManifoldCF 2.28 released Piergiorgio Lucidi
[ANNOUNCE] Apache PDFBox 2.0.33 released Andreas Lehmkühler
[ANNOUNCE] Apache Pekko Connectors 1.1.0 released PJ Fanning
[ANNOUNCE] Apache Jackrabbit Oak 1.74.0 released Julian Reschke
[ANNOUNCE] Apache bRPC 1.12.0 released Guangming Chen
[ANNOUNCE] Apache Pulsar Client C++ 3.7.0 released Yunze Xu
[ANNOUNCE] Apache Arrow Go v18.1.0 Released David Li
[ANNOUNCEMENT] HttpComponents Core 5.3.2 GA released Oleg Kalnichevski
CVE-2024-45627: Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability Heping Wang
CVE-2025-22828: Apache CloudStack: Unauthorised access to annotations Nux
Apache Streams is now retired Hervé Boutemy
[ANNOUNCE] Apache Camel 4.8.3 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache OpenNLP 2.5.3 released Richard Zowalla
[ANNOUNCE] Apache James MIME4J 0.8.12 released Benoit TELLIER
[ANNOUNCE] Apache Pekko (Core) 1.1.3 released PJ Fanning
[ANNOUNCE] Apache POI 5.4.0 release PJ Fanning
[ANNOUNCE] Apache Linkis 1.7.0 available peacewong
[ANNOUNCE] Apache Uniffle (Incubating) 0.9.2 available zhengchenyu
CVE-2024-45033: Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli Elad Kalif
CVE-2024-54676: Apache OpenMeetings: Deserialisation of untrusted data in cluster mode Maxim Solodovnik
[ANNOUNCE] Apache Commons BeanUtils 2.0.0-M1 Gary Gregory
[ANNOUNCE] Apache Commons BeanUtils 1.10.0 Gary Gregory
- [ANNOUNCE] Apache Commons BeanUtils 1.10.0 Gary Gregory
[ANNOUNCE] Apache Commons Codec 1.17.2 Gary Gregory
[ANN] Apache Causeway version 3.2.0 Released Dan Haywood
[ANNOUNCE] Apache Atlas 2.4.0 released Madhan Neethiraj
[ANNOUNCE] Apache OpenMeetings 8.0.0 is released Maxim Solodovnik
[ANNOUNCE] Apache Airflow Providers prepared on December 30, 2024 are released Elad Kalif
[Announce] Release of Apache Ivy 2.5.3 Maarten Coene
[ANNOUNCE] Apache EventMesh 1.11.0 available mikexue
[ANN] Apache Syncope 4.0.0-M0 Francesco Chicchiriccò
[ANN] Apache Syncope 3.0.10 Francesco Chicchiriccò
CVE-2024-56512: Apache NiFi: Missing Complete Authorization for Parameter and Service References David Handermann
[ANNOUNCE] Apache Wicket 9.19.0 released Andrea Del Bene
[ANNOUNCE] Apache Kyuubi v1.10.1 is available Cheng Pan
[ANNOUNCE] Apache Airflow Providers prepared on December 22, 2024 are released Elad Kalif
[ANNOUNCE] Apache MINA 2.0.27, 2.1.0 and 2.2.4 release Emmanuel Lecharny
[ANNOUNCE] Apache FreeMarker 2.3.34 is released Daniel Dekany
CVE-2024-43441: Apache HugeGraph-Server: Fixed JWT Token(Secret) Imba Jin
[ANNOUNCE] Apache NiFi 2.1.0 Released David Handermann
CVE-2024-52046: Apache MINA: MINA applications using unbounded deserialization may allow RCE Emmanuel Lécharny
CVE-2024-23945: Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails Stamatis Zampetakis
CVE-2024-45387: Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments Eric Friedrich
[ANNOUNCE] Apache Lucene 10.1.0 released Luca Cavanna
[ANN] Apache TomEE 10.0.0 (GA) Richard Zowalla
[ANNOUNCE] Apache Camel 3.22.3 (LTS) Released Gregor Zurowski
[SECURITY] CVE-2024-56337 Apache Tomcat - RCE via write-enabled default servlet - CVE-2024-50379 mitigation was incomplete Mark Thomas
[ANN] Apache Struts 7.0.0 GA Lukasz Lenart
[ANNOUNCE] Apache Wicket 10.3.0 released Andrea Del Bene
CVE-2024-56128: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption Manikumar
[SECURITY] CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet Mark Thomas
[SECURITY] CVE-2024-54677 Apache Tomcat - DoS in examples web application Mark Thomas
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.10 Chris Bono
[ANNOUNCE] Apache Airflow 2.10.4 Released Utkarsh Sharma
[ANNOUNCE] Apache XMLBeans 5.3.0 release PJ Fanning
[ANNOUNCE] Apache Kafka 3.7.2 Matthias J. Sax
[ANNOUNCE] Apache Commons Text 1.13.0 Gary Gregory
[ANNOUNCE] Apache Log4j `2.24.3` released Piotr P. Karwasz
[ANNOUNCE] Apache NetBeans 24 Released Eric Barboni
[ANNOUNCE] Apache Lucene 9.12.1 released Chris Hegarty
[ANNOUNCE] Release Apache Hop 2.11.0 Bart Maertens
[ANNOUNCE] Apache Pekko Persistence R2DBC 1.1.0-M1 released PJ Fanning
CVE-2024-55633: Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access Daniel Gaspar
[ANNOUNCE] Apache KIE (Incubating) 10.0.0 released Alex Porcelli
[ANN] CVE-2024-53677 File upload logic is flawed Lukasz Lenart
[ANNOUNCE] Apache StormCrawler (Incubating) 3.2.0 released Tim Allison