[ANNOUNCE] Apache Qpid protonj2 1.0.0-M18 released

The Apache Qpid (http://qpid.apache.org) community is pleased to announce the immediate availability of Apache protonj2 1.0.0-M18. This is the latest release of our AMQP Java client supporting the Advanced Message Queuing Protocol 1.0 (AMQP 1.0, ISO/IEC 19464, http://www.amqp.org), based around

[ANNOUNCE] Apache Jackrabbit 2.20.13 released

The Apache Jackrabbit community is pleased to announce the release of Apache Jackrabbit 2.20.13. The release is available for download at: http://jackrabbit.apache.org/downloads.html See the full release notes below for details about this release: Release Notes -- Apache Jackrabbit --

CVE-2023-46819: Apache OFBiz: Execution of Solr plugin queries without authentication

Severity: moderate Affected versions: - Apache OFBiz before 18.12.09 Description: Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09.  Users are recommended to upgrade to version 18.12.09 Credit:

[ANNOUNCE] Apache Pulsar Go Client 0.11.1 released

The Apache Pulsar team is proud to announce Apache Pulsar Go Client version 0.11.1. Pulsar is a highly scalable, low latency messaging platform running on commodity hardware. It provides simple pub-sub semantics over topics, guaranteed at-least-once delivery of messages, automatic cursor

[ANNOUNCE] Apache Kyuubi released 1.8.0

Hi all, The Apache Kyuubi community is pleased to announce that Apache Kyuubi 1.8.0 has been released! Apache Kyuubi is a distributed and multi-tenant gateway to provide serverless SQL on data warehouses and lakehouses. Kyuubi provides a pure SQL gateway through Thrift JDBC/ODBC interface for

[ANNOUNCE] Apache Allura 1.16.0 released, contains critical security fix

The Apache Allura team is pleased to announce the release of Apache Allura 1.16.0 Apache Allura is an open source implementation of a software forge, a web site that manages source code repositories, bug reports, discussions, wiki pages, blogs, and more for any number of individual projects.

CVE-2023-46851: Apache Allura: sensitive information exposure via import

Severity: critical Affected versions: - Apache Allura 1.0.1 through 1.15.0 Description: Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose

[ANNOUNCE] Apache Arrow 14.0.0 released

The Apache Arrow community is pleased to announce the 14.0.0 release. It includes 483 resolved issues ([1]) since the 13.0.0 release. The release is available now from our website and [2]: http://arrow.apache.org/install/ Read about what's new in the release