CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing

Description: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass

[ANNOUNCE] Apache James JSPF 1.0.2 released

The Apache James (https://james.apache.org) community is pleased to announce the availability of Apache James JSPF 1.0.2 library. Apache James JSPF is a library for verifying SPF records for a given email, written in plain Java. This release:  - Upgrade dependencies  - Uses DSNJava

[ANNOUNCE] Apache James JSIEVE 0.8 released

The Apache James (https://james.apache.org) community is pleased to announce the availability of Apache James JSieve 0.8 library. Apache James JSIEVE is a library for parsing and executing SIEVE scripts (RFC-5228), written in plain Java. This release targets JDK 8, update dependencies, and

CVE-2022-37865: Apache Ivy allow create/overwrite any file on the system

Severity: medium Description: With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target

[ANNOUNCE] Apache Pulsar Helm Chart version 3.0.0 Released

Hello, The Apache Pulsar team is pleased to announce the release of Apache Pulsar Helm Chart 3.0.0. It ships with Apache Pulsar version 2.10.2, our latest release. The source release, as well as the "binary" Helm Chart release, are available: Official Sources:

[ANN] Apache Ivy 2.5.1 Released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Apache Ant Team is pleased to announce the release of Apache Ivy 2.5.1. Apache Ivy is a dependency manager focusing on flexibility and simplicity with strong integration into the Apache Ant build tool. Ivy 2.5.1 is bugfix release and addresses

[ANNOUNCE] Apache James MIME4J 0.8.8 released

The Apache James (https://james.apache.org) community is pleased to announce the availability of Apache James MIME4J 0.8.8 library. Apache James MIME4J is a library for parsing and and building MIME messages, written in plain Java. Read more about this release:

CVE-2022-37866: Apache Ivy: Ivy Path traversal

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Severity: medium Description: When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or

[ANNOUNCEMENT] Apache Commons BCEL 6.6.1

The Apache Commons BCEL team is pleased to announce the release of Apache Commons BCEL 6.6.1! The Byte Code Engineering Library (BCEL) is intended to give users a convenient way to analyze, create, and manipulate compiled .class files. Classes are represented by objects containing all the