announce

Messages by Thread

[ANNOUNCE] Apache Fortress 3.0.1 Released Shawn McKinney
[ANNOUNCE] Apache Fineract 1.12.1 Release Adam Monsen
[ANNOUNCE] Apache bRPC 1.14.0 released Weibing Wang
[ANNOUNCE] Apache James MIME4J 0.8.13 released [email protected]
[ANNOUNCE] Apache Kyuubi Shaded v0.6.0 is available Cheng Pan
[ANNOUNCE] Apache Curator 5.9.0 released Kezhu Wang
CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 Eric Covener
[ANNOUNCEMENT] Apache HTTP Server 2.4.65 Released covener
[ANNOUNCE] Apache Groovy 4.0.28 Released Paul King
[ANNOUNCE] Apache Groovy 5.0.0-beta-2 Paul King
[ANNOUNCE] Apache OpenNLP 2.5.5 released Martin Wiesner
[ANNOUNCE] Apache NiFi 2.5.0 Released Pierre Villard
[ANNOUNCE] Apache Arrow 21.0.0 released Bryce Mecum
[ANNOUNCE] Apache Pulsar Client Python 3.8.0 released Yunze Xu
[ANNOUNCE] Apache Pekko (Core) 1.2.0-M2 released PJ Fanning
[ANNOUNCE] Apache Nutch 1.21 Release Sebastian Nagel
CVE-2025-50151: Apache Jena: Configuration files uploaded by administrative users are not check properly Andy Seaborne
CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI Andy Seaborne
[ANN] Struts Annotations 2.0 Lukasz Lenart
[ANNOUNCE] Apache Airflow 3.0.3 reference images rebuilt Jarek Potiuk
[ANNOUNCE] Apache Commons IO 2.20.0 Gary Gregory
[ANNOUNCE] Apache Airflow Providers prepared on July 17, 2025 are released Elad Kalif
[ANNOUNCE] Apache Doris 3.0.6.1 released ChenMingyu
[ANNOUNCE] Apache Pekko (Core) 1.1.5 released PJ Fanning
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.3.1 released David Jensen
[ANNOUNCE] Apache Grails (incubating) 7.0.0-M5 James Daugherty
[ANN] Apache Maven 3.9.11 released Slawomir Jaranowski
CVE-2025-48795: Apache CXF: Denial of Service and sensitive data exposure in logs Colm O hEigeartaigh
[ANNOUNCE] Apache HBase 2.6.3 is now available for download Duo Zhang
[ANNOUNCE] Apache TsFile 2.1.0 released Colin Lee
[ANNOUNCE] Apache NiFi API 2.2.0 Released David Handermann
[IMPORTANT] [ANNOUNCE] Critical Vulnerability in Apache Jackrabbit Julian Reschke
[ANNOUNCE] Apache Jackrabbit 2.20.17 released Julian Reschke
[ANNOUNCE] Apache Jackrabbit 2.22.1 released Julian Reschke
[ANNOUNCE] Apache Jackrabbit 2.23.2-beta released Julian Reschke
CVE-2025-53689: Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons Julian Reschke
[ANNOUNCE] Apache Wicket 10.6.0 released Andrea Del Bene
https://issues.apache.org/jira/browse/ZEPPELIN-6101: CVE-2024-41169: Apache Zeppelin: raft directory listing and file read PJ Fanning
[ANNOUNCE] Apache Airflow Providers prepared on July 08, 2025 are released Elad Kalif
[ANNOUNCE] Apache Log4j `2.25.1` released Piotr P. Karwasz
[ANNOUNCE] Apache Pulsar Client C++ 3.7.2 released Yunze Xu
- [ANNOUNCE] Apache Pulsar Client C++ 3.7.2 released Yunze Xu
[ANNOUNCE] Apache APISIX Ingress controller v2.0.0-rc2 released Xin Rong
[ANNOUNCE] Apache Commons Lang 3.18.0 Gary Gregory
[ANNOUNCE] Apache KIE (Incubating) 10.1.0 released Alex Porcelli
[ANNOUNCEMENT] Apache HTTP Server 2.4.64 Released covener
CVE-2025-48924: Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs Gary D. Gregory
[SECURITY] CVE-2025-53506 Apache Tomcat - DoS in HTP/2 Mark Thomas
- [SECURITY] CVE-2025-53506 Apache Tomcat - DoS in HTP/2 Mark Thomas
[SECURITY] CVE-2025-52520 Apache Tomcat - DoS in multipart upload Mark Thomas
- [SECURITY] CVE-2025-52520 Apache Tomcat - DoS in multipart upload Mark Thomas
[SECURITY] CVE-2025-52434 Apache Tomcat -APR/native Connector crash leading to DoS Mark Thomas
CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase Eric Covener
CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack Eric Covener
CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service Eric Covener
CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption Eric Covener
CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping Eric Covener
CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths Eric Covener
CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header Eric Covener
CVE-2024-42516: Apache HTTP Server: HTTP response splitting Eric Covener
[ANNOUNCE] Release Apache Fory(incubating) 0.11.2 Pan Li
[ANNOUNCE] Apache Tika 3.2.1 released Tim Allison
[ANNOUNCE] Apache Commons Validator 1.10.0 Gary Gregory
[ANNOUNCE] Apache IoTDB 2.0.4 released Haonan Hou
[ANNOUNCE] Apache Camel 4.13.0 Released Gregor Zurowski
[ANNOUNCE] Apache Arrow Swift 21.0.0 released Sutou Kouhei
[ANNOUNCE] Apache Arrow ADBC 19 Released David Li
[ANNOUNCE] Apache Airflow Providers prepared on July 03, 2025 are released Elad Kalif
[ANN] Apache Tomcat 9.0.107 available Rémy Maucherat
[ANN] Apache Tomcat 11.0.9 Available Mark Thomas
[ANN] Apache Tomcat 10.1.43 Available Christopher Schultz
[ANNOUNCE] Apache Arrow JS 21.0.0 released Sutou Kouhei
[ANNOUNCE] Apache Pulsar Node.js client 1.14.0 released Baodi Shi
[ANNOUNCE] Apache Jackrabbit Oak 1.82.0 released Julian Reschke
CVE-2025-46647: Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect Junxu Chen
[SECURITY] CVE-2024-35164: Apache Guacamole: Improper input validation of console codes Michael Jumper
[ANNOUNCE] Apache APISIX Ingress controller v2.0.0-rc1 released Xin Rong
CVE-2024-39954: Apache EventMesh Runtime: SSRF Xue Weiming
- Re: CVE-2024-39954: Apache EventMesh Runtime: SSRF Eason Chen
[ANNOUNCE] Apache Drill 1.22.0 Released James Turton
CVE-2025-32897: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji
[ANNOUNCE] Apache APISIX 3.13.0 has been released. Ashish Tiwari
[ANNOUNCE] Apache Camel 4.10.6 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache StormCrawler 3.4.0 released Richard Zowalla
[ANNOUNCE] Apache Camel 4.8.8 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Camel Karaf 4.10.5 released Jean-Baptiste Onofré
[ANN] Maven 4.0.0-rc-4 released ! Guillaume Nodet
[ANNOUNCE] Apache Ratis 3.2.0 Release Xinyu Tan
[ANNOUNCE] Apache Guacamole 1.6.0 released Michael Jumper
CVE-2025-50213: Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator Elad Kalif
[ANNOUNCE] Apache Airflow Providers prepared on June 20, 2025 are released Elad Kalif
[ANN] Apache ActiveMQ Classic 6.1.7 has been released! Jean-Baptiste Onofré
[ANNOUNCE] Apache Lucene 10.2.2 released Chris Hegarty
[ANNOUNCE] Apache Lucene 9.12.2 released Chris Hegarty
[ANNOUNCE] Apache Gluten (Incubating) 1.4.0 available WeitingChen
[ANNOUNCE] Apache Grails (incubating) Plugins - Redis 5.0.0-M4 & Spring Security 7.0.0-M4 James Fredley
[ANNOUNCE] Apache Airflow Providers prepared on June 15, 2025 are released Elad Kalif
[ANNOUNCE] Apache Traffic Server 10.0.6 Release Chris McFarlen
[ANNOUNCE] Apache Daffodil SBT Plugin 1.4.0 Released Josh Adams
[ANNOUNCE] Apache Daffodil 3.11.0 Released Josh Adams
[ANNOUNCE] Release Apache Fory(incubating) 0.11.0 Shawn Yang
[ANN] Apache TomEE 10.1.0 Richard Zowalla
[ANNOUNCE] Apache Log4j `2.25.0` released Piotr P. Karwasz
CVE-2025-48976: Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers Gary D. Gregory
[ANNOUNCE] Apache Commons FileUpload 2.0.0-M4 Gary Gregory
[SECURITY] CVE-2025-49125 Apache Tomcat - Security constraint bypass for pre/post-resources Mark Thomas
[SECURITY] CVE-2025-49124 Apache Tomcat - Side-loading via Tomcat installer for Windows Mark Thomas
[SECURITY] CVE-2025-48988 Apache Tomcat - DoS in multipart upload Mark Thomas
[SECURITY] CVE-2025-48976 Apache Tomcat - DoS in Commons FileUpload Mark Thomas
[ANNOUNCE] - Establishing ALC Taipei Chapter tison
[ANNOUNCE] Apache Pekko (Core) 1.1.4 released PJ Fanning
[ANNOUNCE] Release Apache InLong 2.2.0 Verne Deng
CVE-2025-47869: Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size. Tomasz Cedro
CVE-2025-47868: Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition. Tomasz Cedro
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.7.0 Chris Bono
[ANNOUNCE] Apache Grails (incubating) 7.0.0-M4 James Daugherty
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.3.0 released David Jensen
[ANNOUNCE] Apache James JDKIM 0.5 released Rene Cordier
[ANN] Apache Tomcat 11.0.8 Available Mark Thomas
[ANN] Apache Tomcat 9.0.106 available Rémy Maucherat
[ANN] Apache Tomcat 10.1.42 Available Christopher Schultz
CVE-2025-27817: Apache Kafka Client: Arbitrary file read and SSRF vulnerability Luke Chen
CVE-2025-27819: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration Luke Chen
CVE-2025-27818: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration Luke Chen
[ANNOUNCE] Apache Fury Renamed to Apache Fory Shawn Yang
[ANNOUNCE] Apache Airflow Providers prepared on June 03, 2025 are released Jarek Potiuk
[ANNOUNCE] Apache Commons FileUpload 1.6.0 Gary Gregory
[ANN] Apache Maven 3.9.10 released Slawomir Jaranowski
[ANNOUNCE] Apache Camel 4.10.5 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Teaclave TrustZone SDK (incubating) 0.4.0 Released Yuan Zhuang
CVE-2025-46548: Apache Pekko Management, Apache Pekko Management, Apache Pekko Management: management API basic authentication is not effective Arnout Engelen
[ANNOUNCE] Apache Storm 2.8.1 Released Rui Abreu
CVE-2025-48912: Apache Superset: Improper authorization bypass on row level security via SQL Injection Daniel Gaspar
[ANNOUNCE] Apache IoTDB 2.0.3 released Haonan Hou
[ANNOUNCE] Apache Pulsar Node.js client 1.13.2 released Baodi Shi
[ANNOUNCE] Apache Bigtop 3.4.0 released Masatake Iwasaki
[ANNOUNCE] Apache Groovy 5.0.0-beta-1 Released Paul King
[SECURITY] CVE-2025-46701 Apache Tomcat - CGI security constraint bypass Mark Thomas
[ANNOUNCE] Apache Iceberg Go Release v0.3.0 Matt Topol
[ANNOUNCE] Apache Camel 4.12.0 Released Gregor Zurowski
[ANNOUNCE] Apache Tika 3.2.0 released Tim Allison
CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default Gary D. Gregory
[ANNOUNCE] Apache Commons BeanUtils 1.11.0 Gary Gregory
CVE-2025-27522: Apache InLong: JDBC Vulnerability during verification processing Charles Zhang
CVE-2025-27528: Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Charles Zhang
CVE-2025-27526: Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Charles Zhang
[ANNOUNCE] Apache Commons FileUpload 2.0.0-M3 Gary Gregory
[ANNOUNCE] Apache Pulsar Helm Chart version 4.1.0 Released Lari Hotari
[ANNOUNCE] Apache DataFu-Spark 2.1.0 Released Eyal Allweil
[ANNOUNCE] Apache Kyuubi v1.10.2 is available Cheng Pan
[ANNOUNCE] Apache Kyuubi v1.9.4 is available Cheng Pan
[ANNOUNCE] Apache Groovy 4.0.27 Released Paul King
[ANN] Apache Syncope 4.0.0 Francesco Chicchiriccò
[ANN] Apache Syncope 3.0.12 Francesco Chicchiriccò
[ANNOUNCE] Apache Groovy 3.0.25 Released Paul King
[ANNOUNCE] Release Apache Fury(incubating) 0.10.3 Pan Li
[ANNOUNCE] Apache TsFile 2.0.3 released Haonan Hou
[ANNOUNCE] Apache Pulsar Go Client 0.15.1 released Zike Yang
[ANNOUNCEMENT] HttpComponents Client 5.5 GA Released Oleg Kalnichevski
CVE-2025-35003: Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities. Tomasz Cedro
[ANNOUNCE] Apache Commons Exec 1.5.0 Gary Gregory
[ANNOUNCE] Apache Pulsar 4.0.5 released Lari Hotari
[ANNOUNCE] Apache Pulsar 3.3.7 released Lari Hotari
[ANNOUNCE] Apache Pulsar 3.0.12 released Lari Hotari
[ANNOUNCE] Apache NetBeans 26 Released Eric Barboni
[ANNOUNCE] Apache Jackrabbit Apache Jackrabbit Oak 1.80 released Julian Reschke
[ANNOUNCE] Apache Pulsar Client C++ 3.7.1 released Yunze Xu
[ANNOUNCE] Apache Kyuubi Shaded v0.5.0 is available Cheng Pan
[ANNOUNCE] Apache Airflow Providers prepared on May 20, 2025 are released Elad Kalif
[ANNOUNCE] Apache Kafka 3.9.1 TengYao Chi
[ANNOUNCE] Apache Arrow 20.0.0 released Jacob Wujciak
[ANNOUNCE] Apache bRPC 1.13.0 released Lorin Lee
[ANNOUNCE] Apache Airflow Providers prepared on May 14, 2025 are released Elad Kalif
[ANNOUNCE] Apache Pekko HTTP 1.2.0 released PJ Fanning
[ANNOUNCEMENT] Apache Portable Runtime 1.7.6 Released minfrin
[ANNOUNCE] Apache Pekko Persistence JDBC 1.1.1 released PJ Fanning
[ANNOUNCE] Apache Pulsar Client Python 3.7.0 released Baodi Shi
CVE-2025-26864: Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication Haonan Hou
CVE-2025-26795: Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver Haonan Hou
CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function Haonan Hou
Apache Beam 2.65.0 Released Yi Hu
[ANNOUNCE] Apache Beam 2.65.0 Released Yi Hu
CVE-2025-47436: Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression Dongjoon Hyun
[ANN] Apache Tomcat 9.0.105 available Rémy Maucherat
[ANNOUNCE] Apache log4net 3.1.0 released Jan Friedrich
[ANN] Apache Tomcat 10.1.41 Available Christopher Schultz
CVE-2025-27696: Apache Superset: Improper authorization leading to resource ownership takeover Daniel Gaspar
[ANNOUNCE] Apache Airflow Providers prepared on May 08, 2025 are released Elad Kalif
[ANNOUNCE] Apache Camel 4.8.7 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Arrow Go v18.3.0 Released Matt Topol
CVE-2025-46392: Apache Commons Configuration: StackOverflowError loading untrusted configuration Arnout Engelen
[ANNOUNCE] Apache OFBiz 18.12 End-Of-Life (EOL) announcement Jacques Le Roux
[ANNOUNCE] Apache Airflow Providers prepared on May 05, 2025 are released Elad Kalif
[ANNOUNCE] Release Apache Kvrocks 2.12.1 hulk
[ANNOUNCE] Apache Gravitino (incubating) 0.9.0 available roryqi
[ANNOUNCE] Apache YuniKorn v1.6.3 released Wilfred Spiegelenburg
CVE-2025-27533: Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation Christopher L. Shannon
[ANNOUNCE] Apache CouchDB 3.5.0 released Jan Lehnardt
[ANNOUNCE] Apache Arrow ADBC 18 Released David Li
[ANNOUNCE] Apache Tika 2.9.4 released Tim Allison