announce  

Messages by Thread

• • [ANNOUNCE] Apache IoTDB 2.0.1-beta released Haonan Hou
• [ANN] Apache Tomcat 11.0.4 Available Mark Thomas
• [ANNOUNCE] Apache Commons VFS Project 2.10.0 Gary Gregory
• Apache WSS4J 4.0.0 released Colm O hEigeartaigh
• [ANNOUNCE] Apache Ignite 2.17.0 Released Nikita Amelchev
• CVE-2024-56180: Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution Xue Weiming
• CVE-2024-52577: Apache Ignite: Possible RCE when deserializing incoming messages by the server node Nikita Amelchev
• [ANNOUNCE] Apache Commons BeanUtils 1.10.1 Gary Gregory
• [ANNOUNCE] Apache Jackrabbit Oak 1.76.0 released Julian Reschke
• CVE-2024-46910: Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user Madhan Neethiraj
• [ANNOUNCE] Apache ManifoldCF SDK 1.0.2 released Piergiorgio Lucidi
• CVE-2024-32838: Apache Fineract: SQL injection vulnerabilities in offices API endpoint Arnout Engelen
• [ANNOUNCE] Apache flink-connector-hive 3.0.0 released Sergey Nuyanzin
• CVE-2025-26467: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) Paulo Motta
• [ANNOUNCE] Apache Camel 4.10.0 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache Hudi 1.0.1 released Sivabalan
• [ANN] Apache Tomcat 11.0.3 Available Mark Thomas
• [ANN] Apache Tomcat 9.0.99 available Rémy Maucherat
• [ANNOUNCE] Apache Airflow 2.10.5 Released Utkarsh Sharma
• [ANNOUNCE] Apache TsFile 2.0.1 released Haonan Hou
• FELIX-6751: CVE-2025-25247: Apache Felix Webconsole: XSS in services console Carsten Ziegeler
• [ANNOUNCE] Apache Airflow Providers prepared on February 04, 2025 Jarek Potiuk
• [ANNOUNCE] Apache Zeppelin 0.12.0 available Jongyoul Lee
• [ANNOUNCE] Apache Commons Logging 1.3.5 Gary Gregory
• CVE-2025-25069: Apache Kvrocks: Cross-Protocol Scripting Vulnerability Mingyang Liu
• [ANNOUNCE] Release Apache OpenDAL v0.51.2 tison
• [ANNOUNCE] Apache Tika 2.9.3 released Tim Allison
• [ANNOUNCE] Apache NiFi MiNiFi C++ 0.99.1 release Marton Szasz
• [ANNOUNCE] Apache James 3.7.6 released Benoit TELLIER
• [ANNOUNCE] Apache James 3.8.2 released Benoit TELLIER
• CVE-2024-45626: Apache James: denial of service through JMAP HTML to text conversion Benoit Tellier
• CVE-2024-37358: Apache James: denial of service through the use of IMAP literals Benoit Tellier
• [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.1.0 released David Jensen
• CVE-2024-48019: Apache Doris: allows admin users to read arbitrary files through the REST API Mingyu Chen
• CVE-2025-24860: Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Paulo Motta
• CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Paulo Motta
  • Re: CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Paulo Motta
• CVE-2024-27137: Apache Cassandra: unrestricted deserialization of JMX authentication credentials Paulo Motta
• [ANNOUNCEMENT] HttpComponents Client 5.4.2 GA Released Oleg Kalnichevski
• [ANNOUNCE] Apache YuniKorn v1.6.1 released Wilfred Spiegelenburg
• [ANNOUNCE] Apache FtpServer 1.2.1 released Emmanuel Lecharny
• [ANNOUNCE] Apache Tika 3.1.0 released Tim Allison
• [ANNOUNCE] Apache Pulsar Helm Chart version 3.9.0 Released Lari Hotari
• [ANNOUNCE] Apache Wicket 8.17.0 released Andrea Del Bene
• [ANNOUNCE] Apache Traffic Server 10.0.3 Release Chris McFarlen
• [ANNOUNCE] Apache jclouds 2.7.0 released Andrew Gaul
• [ANNOUNCEMENT] HttpComponents Core 5.3.3 GA released Oleg Kalnichevski
• [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.0.0 released David Jensen
• CVE-2024-29869: Apache Hive: Credentials file created with non restrictive permissions Ayush Saxena
• [ANNOUNCE] Apache Commons Codec 1.18.0 Gary Gregory
• [ANNOUNCE] Apache Commons Pool 2.12.1 Gary Gregory
• CVE-2024-23953: Apache Hive: Timing Attack Against Signature in LLAP util Ayush Saxena
• [ANNOUNCE] Apache NiFi 2.2.0 Released Pierre Villard
• [ANNOUNCE] Apache Wicket 9.20.0 released Andrea Del Bene
• [ANNOUNCE] Apache Airflow Providers prepared on January 26, 2025 are released Elad Kalif
• CVE-2025-24783: Apache Cocoon: continuations may not be private Arnout Engelen
• [ANNOUNCE] Apache Pulsar Client Python 3.6.0 released Yunze Xu
• [ANNOUNCE] Apache Dubbo Python 3.0.0b1 released Albumen Kevin
  • [ANNOUNCE] Apache Dubbo Python 3.0.0b1 released Albumen Kevin
• [ANNOUNCE] Apache Gravitino (Incubating) 0.8.0 available Fanng
• [ANNOUNCE] Release Apache Kvrocks 2.11.0 Twice
• [ANNOUNCE] Apache Storm 2.8.0 Released Rui Abreu
• CVE-2024-52012: Apache Solr: Configset upload on Windows allows arbitrary path write-access Jason Gerlowski
• CVE-2025-24814: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files Jason Gerlowski
• [ANNOUNCE] Apache Groovy 4.0.25 Released Paul King
• [ANNOUNCE] Apache Groovy 5.0.0-alpha-12 released Paul King
• [ANNOUNCE] Apache Wicket 10.4.0 released Andrea Del Bene
• [ANN] Apache ActiveMQ Classic 6.1.5 has been released! Jean-Baptiste Onofré
• [ANNOUNCE] Apache Arrow 19.0.0 released Bryce Mecum
• [ANNOUNCEMENT] Apache HTTP Server 2.4.63 Released jim
• [ANNOUNCE] Apache Solr 9.8.0 released Anshum Gupta
• [ANNOUNCE] Apache PDFBox 3.0.4 released Andreas Lehmkühler
• [ANNOUNCE] Apache bRPC 1.12.1 released Guangming Chen
• [ANNOUNCE] Apache Solr Operator v0.9.0 released Jason Gerlowski
• CVE-2024-53299: Apache Wicket: An attacker can intentionally trigger a memory leak Pedro Henrique Oliveira dos Santos
• [ANNOUNCE] Apache Camel 4.4.5 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache TsFile 2.0.0 released Haonan Hou
• CVE-2024-51941: Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts Viraj Jasani
• CVE-2025-23196: Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition Viraj Jasani
• CVE-2025-23195: Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie Viraj Jasani
• CVE-2024-45479: Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost Velmurugan Periasamy
• CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input Velmurugan Periasamy
• [ANNOUNCE] Apache Daffodil 3.10.0 Released Josh Adams
• [ANNOUNCE] Apache Pekko Persistence Cassandra 1.1.0 released PJ Fanning
• [ANNOUNCE] Release Apache SeaTunnel 2.3.9 Lucifer Tyrant
• [ANNOUNCE] Apache Flink CDC 3.3.0 released Hang Ruan
• [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.9 Mark Thomas
• [ANNOUNCE] Apache Arrow ADBC 16 Release David Li
• [ANNOUNCE] Apache Pulsar 4.0.2 released Lari Hotari
• CVE-2025-23184: Apache CXF: Denial of Service vulnerability with temporary files Colm O hEigeartaigh
• [ANNOUNCE] Apache Pulsar 3.0.9 released Lari Hotari
• [ANNOUNCE] Apache Pulsar 3.3.4 released Lari Hotari
• [ANNOUNCEMENT] Apache SkyWalking Ruby 0.1.0 Released Zixin Zhou
• [ANNOUNCE] Apache ShenYu 2.7.0 available Hongyu Liu
• [ANNOUNCE] Apache Commons BeanUtils 2.0.0-M1 (now with download link) Gary Gregory
• [ANN] Apache Sling 13 Released Stefan Seifert
• [ANNOUNCE] Release Apache InLong 2.1.0 黄文伟
• [ANNOUNCE] Apache ManifoldCF 2.28 released Piergiorgio Lucidi
• [ANNOUNCE] Apache PDFBox 2.0.33 released Andreas Lehmkühler
• [ANNOUNCE] Apache Pekko Connectors 1.1.0 released PJ Fanning
• [ANNOUNCE] Apache Jackrabbit Oak 1.74.0 released Julian Reschke
• [ANNOUNCE] Apache bRPC 1.12.0 released Guangming Chen
• [ANNOUNCE] Apache Pulsar Client C++ 3.7.0 released Yunze Xu
• [ANNOUNCE] Apache Arrow Go v18.1.0 Released David Li
• [ANNOUNCEMENT] HttpComponents Core 5.3.2 GA released Oleg Kalnichevski
• CVE-2024-45627: Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability Heping Wang
• CVE-2025-22828: Apache CloudStack: Unauthorised access to annotations Nux
• Apache Streams is now retired Hervé Boutemy
• [ANNOUNCE] Apache Camel 4.8.3 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache OpenNLP 2.5.3 released Richard Zowalla
• [ANNOUNCE] Apache James MIME4J 0.8.12 released Benoit TELLIER
• [ANNOUNCE] Apache Pekko (Core) 1.1.3 released PJ Fanning
• [ANNOUNCE] Apache POI 5.4.0 release PJ Fanning
• [ANNOUNCE] Apache Linkis 1.7.0 available peacewong
• [ANNOUNCE] Apache Uniffle (Incubating) 0.9.2 available zhengchenyu
• CVE-2024-45033: Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli Elad Kalif
• CVE-2024-54676: Apache OpenMeetings: Deserialisation of untrusted data in cluster mode Maxim Solodovnik
• [ANNOUNCE] Apache Commons BeanUtils 2.0.0-M1 Gary Gregory
• [ANNOUNCE] Apache Commons BeanUtils 1.10.0 Gary Gregory
  • [ANNOUNCE] Apache Commons BeanUtils 1.10.0 Gary Gregory
• [ANNOUNCE] Apache Commons Codec 1.17.2 Gary Gregory
• [ANN] Apache Causeway version 3.2.0 Released Dan Haywood
• [ANNOUNCE] Apache Atlas 2.4.0 released Madhan Neethiraj
• [ANNOUNCE] Apache OpenMeetings 8.0.0 is released Maxim Solodovnik
• [ANNOUNCE] Apache Airflow Providers prepared on December 30, 2024 are released Elad Kalif
• [Announce] Release of Apache Ivy 2.5.3 Maarten Coene
• [ANNOUNCE] Apache EventMesh 1.11.0 available mikexue
• [ANN] Apache Syncope 4.0.0-M0 Francesco Chicchiriccò
• [ANN] Apache Syncope 3.0.10 Francesco Chicchiriccò
• CVE-2024-56512: Apache NiFi: Missing Complete Authorization for Parameter and Service References David Handermann
• [ANNOUNCE] Apache Wicket 9.19.0 released Andrea Del Bene
• [ANNOUNCE] Apache Kyuubi v1.10.1 is available Cheng Pan
• [ANNOUNCE] Apache Airflow Providers prepared on December 22, 2024 are released Elad Kalif
• [ANNOUNCE] Apache MINA 2.0.27, 2.1.0 and 2.2.4 release Emmanuel Lecharny
• [ANNOUNCE] Apache FreeMarker 2.3.34 is released Daniel Dekany
• CVE-2024-43441: Apache HugeGraph-Server: Fixed JWT Token(Secret) Imba Jin
• [ANNOUNCE] Apache NiFi 2.1.0 Released David Handermann
• CVE-2024-52046: Apache MINA: MINA applications using unbounded deserialization may allow RCE Emmanuel Lécharny
• CVE-2024-23945: Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails Stamatis Zampetakis
• CVE-2024-45387: Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments Eric Friedrich
• [ANNOUNCE] Apache Lucene 10.1.0 released Luca Cavanna
• [ANN] Apache TomEE 10.0.0 (GA) Richard Zowalla
• [ANNOUNCE] Apache Camel 3.22.3 (LTS) Released Gregor Zurowski
• [SECURITY] CVE-2024-56337 Apache Tomcat - RCE via write-enabled default servlet - CVE-2024-50379 mitigation was incomplete Mark Thomas
• [ANN] Apache Struts 7.0.0 GA Lukasz Lenart
• [ANNOUNCE] Apache Wicket 10.3.0 released Andrea Del Bene
• CVE-2024-56128: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption Manikumar
• [SECURITY] CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet Mark Thomas
• [SECURITY] CVE-2024-54677 Apache Tomcat - DoS in examples web application Mark Thomas
• [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.10 Chris Bono
• [ANNOUNCE] Apache Airflow 2.10.4 Released Utkarsh Sharma
• [ANNOUNCE] Apache XMLBeans 5.3.0 release PJ Fanning
• [ANNOUNCE] Apache Kafka 3.7.2 Matthias J. Sax
• [ANNOUNCE] Apache Commons Text 1.13.0 Gary Gregory
• [ANNOUNCE] Apache Log4j `2.24.3` released Piotr P. Karwasz
• [ANNOUNCE] Apache NetBeans 24 Released Eric Barboni
• [ANNOUNCE] Apache Lucene 9.12.1 released Chris Hegarty
• [ANNOUNCE] Release Apache Hop 2.11.0 Bart Maertens
• [ANNOUNCE] Apache Pekko Persistence R2DBC 1.1.0-M1 released PJ Fanning
• CVE-2024-55633: Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access Daniel Gaspar
• [ANNOUNCE] Apache KIE (Incubating) 10.0.0 released Alex Porcelli
• [ANN] CVE-2024-53677 File upload logic is flawed Lukasz Lenart
• [ANNOUNCE] Apache StormCrawler (Incubating) 3.2.0 released Tim Allison
• [ANNOUNCE] MyFaces Core v4.1.0 Release Volodymyr Siedlecki
• [ANNOUNCE] Apache Pulsar Helm Chart version 3.8.0 Released Lari Hotari
• [ANNOUNCE] Apache Celeborn 0.4.3 available Cheng Pan
• [ANN] Apache Tomcat 9.0.98 available Rémy Maucherat
• [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.6.0 released David Jensen
• [ANN] Apache Tomcat 11.0.2 Available Mark Thomas
• CVE-2024-53949: Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled Daniel Gaspar
• CVE-2024-53948: Apache Superset: Error verbosity exposes metadata in analytics databases Daniel Gaspar
• CVE-2024-53947: Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions Daniel Gaspar
• [ANNOUNCE] Apache CloudStack LTS Release 4.20.0.0 João Jandre
• [ANNOUNCE] Apache OpenNLP 2.5.1 released Richard Zowalla
• [ANNOUNCE] Apache Camel 4.8.2 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache Uniffle (Incubating) 0.9.1 available zhengchenyu
• [ANNOUNCE] Apache Camel 4.9.0 Released Gregor Zurowski
• CVE-2022-41137: Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore Stamatis Zampetakis
• [ANNOUNCE] Apache UIMA Ruta v3.5.0 released Richard Eckart de Castilho
• [ANNOUNCE] Apache Arrow 18.1.0 released Jacob Wujciak
• [ANNOUNCE] Apache Pulsar 3.3.3 released Lari Hotari
• [ANNOUNCE] Apache Pulsar 4.0.1 released Lari Hotari
• CVE-2024-45106: Apache Ozone: Improper authentication when generating S3 secrets Ethan Rose
• [ANNOUNCE] Apache Commons DBCP Version 2.13.0 Gary Gregory
• [ANNOUNCE] Apache Pulsar 3.0.8 released Lari Hotari
• [ANNOUNCE] Apache Kyuubi v1.8.3 is available Cheng Pan
• [ANNOUNCE] Apache Kyuubi v1.9.3 is available Cheng Pan
• [ANNOUNCE] Apache Storm 2.7.1 released Rui Abreu
• [ANN] Apache Struts 6.7.0 Lukasz Lenart
• CVE-2024-52338: Apache Arrow R package: Arbitrary code execution when loading a malicious data file Dewey Dunnington
• [ANNOUNCE] Apache Geronimo Jwt Auth 1.0.5 released Francois Papon
• [ANNOUNCE] Apache Airflow Providers prepared on November 24, 2024 are released Elad Kalif
• [ANNOUNCE] Apache UIMA Java SDK version 3.6.0 released Richard Eckart de Castilho
• [ANNOUNCE] Apache flink-connector-kafka 3.4.0 released Arvid Heise
• [ANNOUNCE] Apache Qpid Proton 0.40.0 released Robbie Gemmell
• [ANNOUNCE] Apache Celeborn 0.5.2 available Nicholas Jiang
• [ANNOUNCE] Apache ServiceComb Java Chassis 3.2.3 Released liubao
• CVE-2024-51569: Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler Szymon Janc
• CVE-2024-47250: Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access Szymon Janc
• CVE-2024-47249: Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler Szymon Janc

• Earlier messages
• Later messages