announce

Messages by Thread

[ANNOUNCE] Apache UIMA Java SDK version 3.6.0 released Richard Eckart de Castilho
[ANNOUNCE] Apache flink-connector-kafka 3.4.0 released Arvid Heise
[ANNOUNCE] Apache Qpid Proton 0.40.0 released Robbie Gemmell
[ANNOUNCE] Apache Celeborn 0.5.2 available Nicholas Jiang
[ANNOUNCE] Apache ServiceComb Java Chassis 3.2.3 Released liubao
CVE-2024-51569: Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler Szymon Janc
CVE-2024-47250: Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access Szymon Janc
CVE-2024-47249: Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler Szymon Janc
CVE-2024-47248: Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack Szymon Janc
[ANNOUNCE] Apache Mynewt 1.13.0 and Apache Mynewt NimBLE 1.8.0 released Szymon Janc
[ANNOUNCE] Apache OpenNLP Pre-Trained Models 1.2 released Martin Wiesner
CVE-2024-45719: Apache Answer: Predictable Authorization Token Using UUIDv1 Enxin Xie
[ANNOUNCE] Apache Log4j `2.24.2` released Piotr P. Karwasz
CVE-2024-52067: Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log David Handermann
[ANNOUNCE] Apache NiFi 1.28.1 Released Ferenc Kis
[ANNOUNCE] Apache IoTDB 1.3.3 released Haonan Hou
[ANNOUNCE] Apache Commons IO 2.18.0 Gary Gregory
CVE-2024-31141: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Greg Harris
[ANNOUNCE] Apache Airflow Providers prepared on November 14, 2024 are released Elad Kalif
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.5.0 released David Jensen
[SECURITY] CVE-2024-52318 Apache Tomcat - XSS in generated JSPs Mark Thomas
[SECURITY] CVE-2024-52317 Apache Tomcat - Request and/or response mix-up Mark Thomas
[SECURITY] CVE-2024-52316 Apache Tomcat - Authentication Bypass Mark Thomas
[ANNOUNCE] Apache Jackrabbit Oak 1.72.0 released Julian Reschke
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.9 Chris Bono
CVE-2024-41151: Apache HertzBeat: RCE by notice template injection vulnerability Chao Gong
CVE-2024-45505: Apache HertzBeat (incubating): Exists Native Deser RCE and file writing vulnerabilities Chao Gong
CVE-2024-45791: Apache HertzBeat: Exposure sensitive token via http GET method with query string Chao Gong
CVE-2024-47208: Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE Jacques Le Roux
CVE-2024-48962: Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) Jacques Le Roux
CVE-2024-45784: Apache Airflow: Sensitive configuration values are not masked in the logs by default Ephraim Anierobi
[ANNOUNCE] Apache Traffic Server 10.0.2 and 9.2.6 are released Chris McFarlen
[ANNOUNCE] Apache Pekko gRPC 1.1.1 released PJ Fanning
[ANNOUNCE] Apache Ratis 3.1.2 Release Xinyu Tan
[ANNOUNCE] Apache Arrow ADBC 15 Released David Li
[ANN] Apache ActiveMQ Classic 6.1.4 has been released! Jean-Baptiste Onofré
[ANNOUNCE] Apache Log4j `3.0.0-beta3` released Piotr P. Karwasz
CVE-2024-50386: Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure Daniel Augusto Veronezi Salvador
[ANNOUNCE] Apache OpenNLP 2.5.0 released Martin Wiesner
[ANNOUNCE] Apache TsFile 1.1.0 released Haonan Hou
[ANNOUNCE] Release Apache Fury(incubating) 0.9.0 Shawn Yang
[ANN] Apache Tomcat 9.0.97 available Rémy Maucherat
[ANNOUNCE] Apache Groovy 3.0.23 Released Paul King
[ANNOUNCE] Apache Groovy 4.0.24 Released Paul King
[ANNOUNCE] Apache Groovy 5.0.0-alpha-11 released Paul King
[ANNOUNCE] Apache Kafka 3.9.0 Colin McCabe
[ANNOUNCE] Apache log4net 3.0.3 released Jan Friedrich
CVE-2024-50378: Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli Ephraim Anierobi
CVE-2024-51504: Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server Andor Molnar
[ANNOUNCE] Apache Airflow 2.10.3 Released Utkarsh Sharma
[ANNOUNCE] Apache XMLBeans 5.2.2 release PJ Fanning
[ANNOUNCE] Apache Arrow 18.0.0 released Raúl Cumplido
[ANNOUNCE] Apache Airflow Providers prepared on November 03, 2024 are released Elad Kalif
[ANNOUNCE] MyFaces Core v4.1.0-RC3 Release Volodymyr Siedlecki
[ANNOUNCE] Apache NiFi 2.0.0 Released David Handermann
[ANNOUNCE] Apache SDAP 1.4.0 Released Riley Kuttruff
CVE-2024-23590: Apache Kylin: Session fixation in web interface Li Yang
[ANNOUNCE] Apache Airflow Providers prepared on October 27, 2024 are released Elad Kalif
[ANNOUNCE] Apache Pulsar Helm Chart version 3.7.0 Released with support for Pulsar 4.0.0 Lari Hotari
CVE-2024-43383: Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator Paul Irwin
[ANNOUNCE] Apache Traffic Server 10.0.1 has been released Chris McFarlen
[ANNOUNCE] Apache Kafka 3.8.1 Josep Prat
[ANNOUNCEMENT] HttpComponents Client 5.4.1 GA Released Oleg Kalnichevski
CVE-2024-45477: Apache NiFi: Improper Neutralization of Input in Parameter Description David Handermann
[ANNOUNCE] Apache bRPC 1.11.0 released Xiguo Hu
[ANNOUNCE] Apache Kyuubi v1.10.0 is available Bowen Liang
[ANNOUNCE] Apache NiFi 1.28 Released Ferenc Kis
[ANNOUNCE] Apache Pekko Persistence DynamoDB 1.1.0 released PJ Fanning
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.4.0 released David Jensen
[ANNOUNCE] Apache Camel 4.8.1 (LTS) Released Gregor Zurowski
CVE-2024-45031: Apache Syncope: Stored XSS in Console and Enduser Francesco Chicchiriccò
[ANN] Apache Syncope 3.0.9 Francesco Chicchiriccò
[ANNOUNCE] Release Apache InLong 2.0.0 Aloys Zhang
[ANNOUNCEMENT] HttpComponents Core 5.3.1 GA released Oleg Kalnichevski
[ANNOUNCE] Release Apache OpenDAL v0.50.1 Xuanwo
[ANNOUNCE] Apache CouchDB 3.4.2 released Jan Lehnardt
[ANNOUNCE] Apache Pulsar 4.0.0 released Lari Hotari
[ANNOUNCE] Apache Velocity Engine 2.4.1 released Claude Brisson
[ANNOUNCE] Apache Camel 4.4.4 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache log4net 3.0.2 released Jan Friedrich
[ANNOUNCEMENT] Apache SkyWalking Rover 0.7.0 Released han liu
[ANNOUNCEMENT] Apache SkyWalking CLI 0.14.0 Released han liu
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.8 Chris Bono
[ANNOUNCE] Apache Tika 3.0.0 released Tim Allison
[ANNOUNCE] Apache HBase 2.6.1 is now available for download Nick Dimiduk
[ANNOUNCE] Apache APISIX 3.11.0 has been released. Abhishek Choudhary
[ANNOUNCE] Apache Storm 2.7.0 Released Rui Abreu
[Announce] Beam 2.60.0 Released Yi Hu
[ANN] Apache Struts 6.6.1 Lukasz Lenart
[ANNOUNCE] Apache log4cxx 1.3.0 released Stephen Webb
Re: [ANNOUNCE] Release Apache SeaTunnel 2.3.8 Jia Fan
CVE-2024-45216: Apache Solr: Authentication bypass possible using a fake URL Path ending Houston Putman
CVE-2024-45217: Apache Solr: ConfigSets created during a backup restore command are trusted implicitly Houston Putman
[ADVISORY] Apache CloudStack LTS Security Releases 4.18.2.4 and 4.19.1.2 Guto Veronezi
[ANNOUNCE] Apache Calcite 1.38.0 released Julian Hyde
CVE-2024-45693: Apache CloudStack: Request origin validation bypass makes account takeover possible Daniel Augusto Veronezi Salvador
CVE-2024-45462: Apache CloudStack: Incomplete session invalidation on web interface logout Daniel Augusto Veronezi Salvador
CVE-2024-45461: Apache CloudStack Quota plugin: Access checks not enforced in Quota Daniel Augusto Veronezi Salvador
CVE-2024-45219: Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure Daniel Augusto Veronezi Salvador
[ANNOUNCE] Apache Pulsar Helm Chart version 3.6.0 Released Lari Hotari
[ANNOUNCE] Apache MINA 2.1.9 and 2.0.26 released Emmanuel Lecharny
[ANNOUNCE] Apache Pekko Management 1.1.0 released PJ Fanning
CVE-2023-50780: Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans Justin Bertram
[ANNOUNCE] Apache Lucene 10.0.0 released Luca Cavanna
[ANNOUNCE] Apache Airflow Providers prepared on October 10, 2024 are released Elad Kalif
[ANN] Apache TomEE 10.0.0-M3 Richard Zowalla
[ANNOUNCE] Apache Curator 5.7.1 released Kezhu Wang
[ANNOUNCE] Apache Jackrabbit 2.23.1-beta released Julian Reschke
CVE-2024-46911: Apache Roller: Weakness in CSRF protection allows privilege escalation David M. Johnson
[ANNOUNCE] Apache Pekko gRPC 1.1.0 released PJ Fanning
[ANN] Apache Tomcat 11.0.0 Available Mark Thomas
CVE-2024-28168: Apache XML Graphics FOP: XML External Entity (XXE) Processing Simon Steiner
[ANNOUNCE] Apache Pekko (Core) 1.1.2 released PJ Fanning
[ANN] Apache Tomcat 9.0.96 available Rémy Maucherat
[ANNOUNCE] Hive 3.x EOL Ayush Saxena
[ANNOUNCE] Release Apache Fury(incubating) Serialization 0.8.0 Shawn Yang
[ANNOUNCE] Release Apache Kvrocks 2.10.0 hulk
[ANNOUNCE] Apache Pulsar 3.3.2 released with important security fix for CVE-2024-47561 Lari Hotari
[ANNOUNCE] Apache Pulsar 3.0.7 released with important security fix for CVE-2024-47561 Lari Hotari
[ANNOUNCE] Release Apache Traffic Control 8.0.2 R S
[ANNOUNCE] Apache Qpid JMS 2.6.1 released Robbie Gemmell
[ANNOUNCE] Apache Qpid JMS 1.12.1 released Robbie Gemmell
CVE-2024-47554: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader Gary D. Gregory
CVE-2024-47561: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Martin Tzvetanov Grigorov
[ANNOUNCE] Apache Pekko Connectors Kafka 1.1.0 released PJ Fanning
[ANNOUNCE] Apache Pekko HTTP 1.1.0 released PJ Fanning
[ANNOUNCE] Apache Hive 4.0.1 Released Zhihua Deng
[ANN] Apache ActiveMQ 5.18.6 has been released! Jean-Baptiste Onofré
[ANNOUNCE] Apache Airflow Providers prepared on September 27, 2024 are released Elad Kalif
[ANNOUNCE] Apache Jackrabbit Oak 1.70.0 released Julian Reschke
[ANNOUNCE] Apache ManifoldCF 2.27 released Piergiorgio Lucidi
[ANNOUNCE] Apache Log4j `2.24.1`released Piotr P. Karwasz
[ANNOUNCE] Apache Daffodil 3.9.0 Released Steve Lawrence
[ANNOUNCE] Apache Pulsar Go Client 0.14.0 released Zike Yang
CVE-2024-45772: Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue Robert Muir
[ANNOUNCE] Apache Lucene 9.12.0 released Chris Hegarty
[ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.7.0 released Kai Wan
[ANNOUNCE] Apache log4net 3.0.1 released Jan Friedrich
[ANNOUNCE] Apache CouchDB 3.4.1 released Jan Lehnardt
[ANNOUNCE] Apache Ratis 3.1.1 Release Xinyu Tan
CVE-2024-47197: Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Slawomir Jaranowski
[ANNOUNCE] Apache ServiceComb Java Chassis version 3.2.2 Released liubao
ANNOUNCE] Apache Spark 3.5.3 released Kent Yao
[SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service Mark Thomas
[ANNOUNCE] Apache NiFi NAR Maven Plugin 2.1.0 Released David Handermann
[ANNOUNCE] Apache Commons CSV Version 1.12.0 Gary Gregory
[ANNOUNCE] Apache Solr 8.11.4 released Houston Putman
[ANNOUNCE] Apache Qpid JMS 2.6.0 released Robbie Gemmell
[ANNOUNCE] Apache Qpid JMS 1.12.0 released Robbie Gemmell
CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Enxin Xie
CVE-2024-23454: Apache Hadoop: Temporary File Local Information Disclosure Shilun Fan
[ANNOUNCE] Apache Wicket 10.2.0 released Andrea Del Bene
[ANNOUNCE] Apache Velocity Engine 2.4 released Claude Brisson
[ANNOUNCE] Apache Airflow Providers prepared on September 21, 2024 are released Elad Kalif
CVE-2024-39928: Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability Heping Wang
[ANNOUNCE] Apache NiFi API 2.0.0 Released David Handermann
[SECURITY] CVE-2024-38286 Apache Tomcat - Denial of Service Mark Thomas
[ANN] Apache OpenJPA 4.0.1 Francesco Chicchiriccò
[ANNOUNCE] Apache StormCrawler (Incubating) 3.1.0 released Richard Zowalla
[ANNOUNCEMENT] HttpComponents Client 5.4 GA Released Oleg Kalnichevski
[ANNOUNCE] Apache YuniKorn v1.6.0 released Wilfred Spiegelenburg
[ANNOUNCE] Apache Answer(Incubating) v1.4.0 available Robin Ren
[ANNOUNCE] Apache Zeppelin 0.11.2 available Jongyoul Lee
[ANNOUNCE] Apache Airflow 2.10.2 Released Ephraim Anierobi
CVE-2024-42323: Apache HertzBeat: RCE by snakeYaml deser load malicious xml Chao Gong
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M22 released Timothy Bish
[ANNOUNCE] Apache NetBeans 23 released Eric Barboni
[ANNOUNCE] Apache Pekko Persistence JDBC 1.1.0 released PJ Fanning
CVE-2024-45537: Apache Druid: Users can provide MySQL JDBC properties not on allow list Karan Kumar
CVE-2024-45384: Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack Karan Kumar
[ANN] Apache Tomcat 9.0.95 available Rémy Maucherat
[ANN] Apache Tomcat 11.0.0-M26 (beta) available Mark Thomas
[ANNOUNCE] Apache log4net 3.0.0 released Jan Friedrich
[ANNOUNCE] Apache Camel 4.8.0 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Pekko (Core) 1.1.1 released Arnout Engelen
[ANN] Apache Tomcat: HTTP/2 regression in 11.0.0-M25, 10.1.29, 9.0.94 Mark Thomas
[ANNOUNCE] Apache Pulsar Node.js client 1.12.0 released Baodi Shi
[ANNOUNCE] Apache Jackrabbit Oak 1.22.21 released Julian Reschke
[ANNOUNCE] Apache Groovy 4.0.23 Released Paul King
[ANNOUNCE] Apache Groovy 5.0.0-alpha-10 Released Paul King
[ANNOUNCEMENT] HttpComponents Core 5.3 GA released Oleg Kalnichevski
[ANNOUNCE] Beam 2.59.0 Released Robert Burke
[ANN] Apache Tomcat 10.1.29 Available Christopher Schultz
CVE-2024-22399: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server Min Ji
[ANN] Apache Tomcat 9.0.94 available Rémy Maucherat
[ANN] Apache Tomcat 11.0.0-M25 (beta) available Mark Thomas
[ANNOUNCE] Apache Pekko Projections 1.1.0-M1 released PJ Fanning
CVE-2024-45498: Apache Airflow: Command Injection in an example DAG Ephraim Anierobi
[ANNOUNCE] Apache Arrow ADBC 14 released David Li
[ANNOUNCE] Apache Flink CDC 3.2.0 released Qingsheng Ren
[ANNOUNCE] Apache Pekko (Core) 1.1.0 released PJ Fanning
CVE-2024-45507: Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE Jacques Le Roux
CVE-2024-45195: Apache OFBiz: Confused controller-view authorization logic (forced browsing) Jacques Le Roux
[ANNOUNCE] Apache OFBiz 18.12.16 released Jacopo Cappellato
[ANN] Apache Maven 4.0.0-beta-4 released Tamás Cservenák
[ANNOUNCE] Apache Commons Lang 3.17.0 Gary Gregory
[ANNOUNCE] Apache Ant 1.10.15 released Jaikiran Pai
[ANNOUNCE] Apache Traffic Server 10.0.0 has been released Chris McFarlen
[ANNOUNCE] Apache Parquet release 1.14.2 Fokko Driesprong
[ANNOUNCE] Apache Airflow Providers prepared on August 25, 2024 are released Elad Kalif