announce  

Messages by Date

• 2025/01/08 CVE-2024-45033: Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli Elad Kalif
• 2025/01/07 CVE-2024-54676: Apache OpenMeetings: Deserialisation of untrusted data in cluster mode Maxim Solodovnik
• 2025/01/07 [ANNOUNCE] Apache Commons BeanUtils 2.0.0-M1 Gary Gregory
• 2025/01/07 [ANNOUNCE] Apache Commons BeanUtils 1.10.0 Gary Gregory
• 2025/01/06 [ANNOUNCE] Apache Commons Codec 1.17.2 Gary Gregory
• 2025/01/05 [ANN] Apache Causeway version 3.2.0 Released Dan Haywood
• 2025/01/04 [ANNOUNCE] Apache Atlas 2.4.0 released Madhan Neethiraj
• 2025/01/04 [ANNOUNCE] Apache OpenMeetings 8.0.0 is released Maxim Solodovnik
• 2025/01/03 [ANNOUNCE] Apache Airflow Providers prepared on December 30, 2024 are released Elad Kalif
• 2025/01/03 [Announce] Release of Apache Ivy 2.5.3 Maarten Coene
• 2024/12/31 [ANNOUNCE] Apache EventMesh 1.11.0 available mikexue
• 2024/12/30 [ANN] Apache Syncope 4.0.0-M0 Francesco Chicchiriccò
• 2024/12/30 [ANN] Apache Syncope 3.0.10 Francesco Chicchiriccò
• 2024/12/27 CVE-2024-56512: Apache NiFi: Missing Complete Authorization for Parameter and Service References David Handermann
• 2024/12/26 [ANNOUNCE] Apache Wicket 9.19.0 released Andrea Del Bene
• 2024/12/26 [ANNOUNCE] Apache Kyuubi v1.10.1 is available Cheng Pan
• 2024/12/26 [ANNOUNCE] Apache Airflow Providers prepared on December 22, 2024 are released Elad Kalif
• 2024/12/25 [ANNOUNCE] Apache MINA 2.0.27, 2.1.0 and 2.2.4 release Emmanuel Lecharny
• 2024/12/25 [ANNOUNCE] Apache FreeMarker 2.3.34 is released Daniel Dekany
• 2024/12/25 CVE-2024-43441: Apache HugeGraph-Server: Fixed JWT Token(Secret) Imba Jin
• 2024/12/25 [ANNOUNCE] Apache NiFi 2.1.0 Released David Handermann
• 2024/12/24 CVE-2024-52046: Apache MINA: MINA applications using unbounded deserialization may allow RCE Emmanuel Lécharny
• 2024/12/23 CVE-2024-23945: Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails Stamatis Zampetakis
• 2024/12/23 CVE-2024-45387: Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments Eric Friedrich
• 2024/12/21 [ANNOUNCE] Apache Lucene 10.1.0 released Luca Cavanna
• 2024/12/21 [ANN] Apache TomEE 10.0.0 (GA) Richard Zowalla
• 2024/12/21 [ANNOUNCE] Apache Camel 3.22.3 (LTS) Released Gregor Zurowski
• 2024/12/20 [SECURITY] CVE-2024-56337 Apache Tomcat - RCE via write-enabled default servlet - CVE-2024-50379 mitigation was incomplete Mark Thomas
• 2024/12/20 [ANN] Apache Struts 7.0.0 GA Lukasz Lenart
• 2024/12/19 [ANNOUNCE] Apache Wicket 10.3.0 released Andrea Del Bene
• 2024/12/18 CVE-2024-56128: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption Manikumar
• 2024/12/17 [SECURITY] CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet Mark Thomas
• 2024/12/17 [SECURITY] CVE-2024-54677 Apache Tomcat - DoS in examples web application Mark Thomas
• 2024/12/16 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.10 Chris Bono
• 2024/12/16 [ANNOUNCE] Apache Airflow 2.10.4 Released Utkarsh Sharma
• 2024/12/15 [ANNOUNCE] Apache XMLBeans 5.3.0 release PJ Fanning
• 2024/12/14 [ANNOUNCE] Apache Kafka 3.7.2 Matthias J. Sax
• 2024/12/13 [ANNOUNCE] Apache Commons Text 1.13.0 Gary Gregory
• 2024/12/13 [ANNOUNCE] Apache Log4j `2.24.3` released Piotr P. Karwasz
• 2024/12/13 [ANNOUNCE] Apache NetBeans 24 Released Eric Barboni
• 2024/12/13 [ANNOUNCE] Apache Lucene 9.12.1 released Chris Hegarty
• 2024/12/12 [ANNOUNCE] Release Apache Hop 2.11.0 Bart Maertens
• 2024/12/12 [ANNOUNCE] Apache Pekko Persistence R2DBC 1.1.0-M1 released PJ Fanning
• 2024/12/12 CVE-2024-55633: Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access Daniel Gaspar
• 2024/12/11 [ANNOUNCE] Apache KIE (Incubating) 10.0.0 released Alex Porcelli
• 2024/12/11 [ANN] CVE-2024-53677 File upload logic is flawed Lukasz Lenart
• 2024/12/10 [ANNOUNCE] Apache StormCrawler (Incubating) 3.2.0 released Tim Allison
• 2024/12/10 [ANNOUNCE] MyFaces Core v4.1.0 Release Volodymyr Siedlecki
• 2024/12/10 [ANNOUNCE] Apache Pulsar Helm Chart version 3.8.0 Released Lari Hotari
• 2024/12/10 [ANNOUNCE] Apache Celeborn 0.4.3 available Cheng Pan
• 2024/12/09 [ANN] Apache Tomcat 9.0.98 available Rémy Maucherat
• 2024/12/09 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.6.0 released David Jensen
• 2024/12/09 [ANN] Apache Tomcat 11.0.2 Available Mark Thomas
• 2024/12/09 CVE-2024-53949: Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled Daniel Gaspar
• 2024/12/09 CVE-2024-53948: Apache Superset: Error verbosity exposes metadata in analytics databases Daniel Gaspar
• 2024/12/09 CVE-2024-53947: Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions Daniel Gaspar
• 2024/12/06 [ANNOUNCE] Apache CloudStack LTS Release 4.20.0.0 João Jandre
• 2024/12/06 [ANNOUNCE] Apache OpenNLP 2.5.1 released Richard Zowalla
• 2024/12/05 [ANNOUNCE] Apache Camel 4.8.2 (LTS) Released Gregor Zurowski
• 2024/12/05 [ANNOUNCE] Apache Uniffle (Incubating) 0.9.1 available zhengchenyu
• 2024/12/04 [ANNOUNCE] Apache Camel 4.9.0 Released Gregor Zurowski
• 2024/12/04 CVE-2022-41137: Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore Stamatis Zampetakis
• 2024/12/04 [ANNOUNCE] Apache UIMA Ruta v3.5.0 released Richard Eckart de Castilho
• 2024/12/04 [ANNOUNCE] Apache Arrow 18.1.0 released Jacob Wujciak
• 2024/12/03 [ANNOUNCE] Apache Pulsar 3.3.3 released Lari Hotari
• 2024/12/03 [ANNOUNCE] Apache Pulsar 4.0.1 released Lari Hotari
• 2024/12/02 CVE-2024-45106: Apache Ozone: Improper authentication when generating S3 secrets Ethan Rose
• 2024/12/02 [ANNOUNCE] Apache Commons DBCP Version 2.13.0 Gary Gregory
• 2024/12/02 [ANNOUNCE] Apache Pulsar 3.0.8 released Lari Hotari
• 2024/12/02 [ANNOUNCE] Apache Kyuubi v1.8.3 is available Cheng Pan
• 2024/12/02 [ANNOUNCE] Apache Kyuubi v1.9.3 is available Cheng Pan
• 2024/11/29 [ANNOUNCE] Apache Storm 2.7.1 released Rui Abreu
• 2024/11/29 [ANN] Apache Struts 6.7.0 Lukasz Lenart
• 2024/11/28 CVE-2024-52338: Apache Arrow R package: Arbitrary code execution when loading a malicious data file Dewey Dunnington
• 2024/11/27 [ANNOUNCE] Apache Geronimo Jwt Auth 1.0.5 released Francois Papon
• 2024/11/27 [ANNOUNCE] Apache Airflow Providers prepared on November 24, 2024 are released Elad Kalif
• 2024/11/27 [ANNOUNCE] Apache UIMA Java SDK version 3.6.0 released Richard Eckart de Castilho
• 2024/11/26 [ANNOUNCE] Apache flink-connector-kafka 3.4.0 released Arvid Heise
• 2024/11/26 [ANNOUNCE] Apache Qpid Proton 0.40.0 released Robbie Gemmell
• 2024/11/26 [ANNOUNCE] Apache Celeborn 0.5.2 available Nicholas Jiang
• 2024/11/26 [ANNOUNCE] Apache ServiceComb Java Chassis 3.2.3 Released liubao
• 2024/11/26 CVE-2024-51569: Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler Szymon Janc
• 2024/11/26 CVE-2024-47250: Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access Szymon Janc
• 2024/11/26 CVE-2024-47249: Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler Szymon Janc
• 2024/11/26 CVE-2024-47248: Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack Szymon Janc
• 2024/11/25 [ANNOUNCE] Apache Mynewt 1.13.0 and Apache Mynewt NimBLE 1.8.0 released Szymon Janc
• 2024/11/23 [ANNOUNCE] Apache OpenNLP Pre-Trained Models 1.2 released Martin Wiesner
• 2024/11/22 CVE-2024-45719: Apache Answer: Predictable Authorization Token Using UUIDv1 Enxin Xie
• 2024/11/21 [ANNOUNCE] Apache Log4j `2.24.2` released Piotr P. Karwasz
• 2024/11/20 CVE-2024-52067: Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log David Handermann
• 2024/11/20 [ANNOUNCE] Apache NiFi 1.28.1 Released Ferenc Kis
• 2024/11/20 [ANNOUNCE] Apache IoTDB 1.3.3 released Haonan Hou
• 2024/11/19 [ANNOUNCE] Apache Commons IO 2.18.0 Gary Gregory
• 2024/11/18 CVE-2024-31141: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Greg Harris
• 2024/11/18 [ANNOUNCE] Apache Airflow Providers prepared on November 14, 2024 are released Elad Kalif
• 2024/11/18 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.5.0 released David Jensen
• 2024/11/18 [SECURITY] CVE-2024-52318 Apache Tomcat - XSS in generated JSPs Mark Thomas
• 2024/11/18 [SECURITY] CVE-2024-52317 Apache Tomcat - Request and/or response mix-up Mark Thomas
• 2024/11/18 [SECURITY] CVE-2024-52316 Apache Tomcat - Authentication Bypass Mark Thomas
• 2024/11/17 [ANNOUNCE] Apache Jackrabbit Oak 1.72.0 released Julian Reschke
• 2024/11/17 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.9 Chris Bono
• 2024/11/16 CVE-2024-41151: Apache HertzBeat: RCE by notice template injection vulnerability Chao Gong
• 2024/11/16 CVE-2024-45505: Apache HertzBeat (incubating): Exists Native Deser RCE and file writing vulnerabilities Chao Gong
• 2024/11/16 CVE-2024-45791: Apache HertzBeat: Exposure sensitive token via http GET method with query string Chao Gong
• 2024/11/16 CVE-2024-47208: Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE Jacques Le Roux
• 2024/11/15 CVE-2024-48962: Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) Jacques Le Roux
• 2024/11/14 CVE-2024-45784: Apache Airflow: Sensitive configuration values are not masked in the logs by default Ephraim Anierobi
• 2024/11/13 [ANNOUNCE] Apache Traffic Server 10.0.2 and 9.2.6 are released Chris McFarlen
• 2024/11/13 [ANNOUNCE] Apache Pekko gRPC 1.1.1 released PJ Fanning
• 2024/11/13 [ANNOUNCE] Apache Ratis 3.1.2 Release Xinyu Tan
• 2024/11/12 [ANNOUNCE] Apache Arrow ADBC 15 Released David Li
• 2024/11/12 [ANN] Apache ActiveMQ Classic 6.1.4 has been released! Jean-Baptiste Onofré
• 2024/11/12 [ANNOUNCE] Apache Log4j `3.0.0-beta3` released Piotr P. Karwasz
• 2024/11/12 CVE-2024-50386: Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure Daniel Augusto Veronezi Salvador
• 2024/11/11 [ANNOUNCE] Apache OpenNLP 2.5.0 released Martin Wiesner
• 2024/11/11 [ANNOUNCE] Apache TsFile 1.1.0 released Haonan Hou
• 2024/11/11 [ANNOUNCE] Release Apache Fury(incubating) 0.9.0 Shawn Yang
• 2024/11/09 [ANN] Apache Tomcat 9.0.97 available Rémy Maucherat
• 2024/11/08 [ANNOUNCE] Apache Groovy 3.0.23 Released Paul King
• 2024/11/08 [ANNOUNCE] Apache Groovy 4.0.24 Released Paul King
• 2024/11/08 [ANNOUNCE] Apache Groovy 5.0.0-alpha-11 released Paul King
• 2024/11/08 [ANNOUNCE] Apache Kafka 3.9.0 Colin McCabe
• 2024/11/08 [ANNOUNCE] Apache log4net 3.0.3 released Jan Friedrich
• 2024/11/08 CVE-2024-50378: Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli Ephraim Anierobi
• 2024/11/06 CVE-2024-51504: Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server Andor Molnar
• 2024/11/05 [ANNOUNCE] Apache Airflow 2.10.3 Released Utkarsh Sharma
• 2024/11/05 [ANNOUNCE] Apache XMLBeans 5.2.2 release PJ Fanning
• 2024/11/05 [ANNOUNCE] Apache Arrow 18.0.0 released Raúl Cumplido
• 2024/11/05 [ANNOUNCE] Apache Airflow Providers prepared on November 03, 2024 are released Elad Kalif
• 2024/11/05 [ANNOUNCE] MyFaces Core v4.1.0-RC3 Release Volodymyr Siedlecki
• 2024/11/05 [ANNOUNCE] Apache NiFi 2.0.0 Released David Handermann
• 2024/11/04 [ANNOUNCE] Apache SDAP 1.4.0 Released Riley Kuttruff
• 2024/11/02 CVE-2024-23590: Apache Kylin: Session fixation in web interface Li Yang
• 2024/10/31 [ANNOUNCE] Apache Airflow Providers prepared on October 27, 2024 are released Elad Kalif
• 2024/10/31 [ANNOUNCE] Apache Pulsar Helm Chart version 3.7.0 Released with support for Pulsar 4.0.0 Lari Hotari
• 2024/10/30 CVE-2024-43383: Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator Paul Irwin
• 2024/10/30 [ANNOUNCE] Apache Traffic Server 10.0.1 has been released Chris McFarlen
• 2024/10/29 [ANNOUNCE] Apache Kafka 3.8.1 Josep Prat
• 2024/10/28 [ANNOUNCEMENT] HttpComponents Client 5.4.1 GA Released Oleg Kalnichevski
• 2024/10/28 CVE-2024-45477: Apache NiFi: Improper Neutralization of Input in Parameter Description David Handermann
• 2024/10/28 [ANNOUNCE] Apache bRPC 1.11.0 released Xiguo Hu
• 2024/10/27 [ANNOUNCE] Apache Kyuubi v1.10.0 is available Bowen Liang
• 2024/10/27 [ANNOUNCE] Apache NiFi 1.28 Released Ferenc Kis
• 2024/10/27 [ANNOUNCE] Apache Pekko Persistence DynamoDB 1.1.0 released PJ Fanning
• 2024/10/25 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.4.0 released David Jensen
• 2024/10/25 [ANNOUNCE] Apache Camel 4.8.1 (LTS) Released Gregor Zurowski
• 2024/10/25 CVE-2024-45031: Apache Syncope: Stored XSS in Console and Enduser Francesco Chicchiriccò
• 2024/10/25 [ANN] Apache Syncope 3.0.9 Francesco Chicchiriccò
• 2024/10/24 [ANNOUNCE] Release Apache InLong 2.0.0 Aloys Zhang
• 2024/10/23 [ANNOUNCEMENT] HttpComponents Core 5.3.1 GA released Oleg Kalnichevski
• 2024/10/23 [ANNOUNCE] Release Apache OpenDAL v0.50.1 Xuanwo
• 2024/10/22 [ANNOUNCE] Apache CouchDB 3.4.2 released Jan Lehnardt
• 2024/10/21 [ANNOUNCE] Apache Pulsar 4.0.0 released Lari Hotari
• 2024/10/21 [ANNOUNCE] Apache Velocity Engine 2.4.1 released Claude Brisson
• 2024/10/21 [ANNOUNCE] Apache Camel 4.4.4 (LTS) Released Gregor Zurowski
• 2024/10/21 [ANNOUNCE] Apache log4net 3.0.2 released Jan Friedrich
• 2024/10/21 [ANNOUNCEMENT] Apache SkyWalking Rover 0.7.0 Released han liu
• 2024/10/21 [ANNOUNCEMENT] Apache SkyWalking CLI 0.14.0 Released han liu
• 2024/10/20 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.8 Chris Bono
• 2024/10/20 [ANNOUNCE] Apache Tika 3.0.0 released Tim Allison
• 2024/10/20 [ANNOUNCE] Apache HBase 2.6.1 is now available for download Nick Dimiduk
• 2024/10/18 [ANNOUNCE] Apache APISIX 3.11.0 has been released. Abhishek Choudhary
• 2024/10/18 [ANNOUNCE] Apache Storm 2.7.0 Released Rui Abreu
• 2024/10/18 [Announce] Beam 2.60.0 Released Yi Hu
• 2024/10/18 [ANN] Apache Struts 6.6.1 Lukasz Lenart
• 2024/10/18 [ANNOUNCE] Apache log4cxx 1.3.0 released Stephen Webb
• 2024/10/17 Re: [ANNOUNCE] Release Apache SeaTunnel 2.3.8 Jia Fan
• 2024/10/15 CVE-2024-45216: Apache Solr: Authentication bypass possible using a fake URL Path ending Houston Putman
• 2024/10/15 CVE-2024-45217: Apache Solr: ConfigSets created during a backup restore command are trusted implicitly Houston Putman
• 2024/10/15 [ADVISORY] Apache CloudStack LTS Security Releases 4.18.2.4 and 4.19.1.2 Guto Veronezi
• 2024/10/15 [ANNOUNCE] Apache Calcite 1.38.0 released Julian Hyde
• 2024/10/15 CVE-2024-45693: Apache CloudStack: Request origin validation bypass makes account takeover possible Daniel Augusto Veronezi Salvador
• 2024/10/15 CVE-2024-45462: Apache CloudStack: Incomplete session invalidation on web interface logout Daniel Augusto Veronezi Salvador
• 2024/10/15 CVE-2024-45461: Apache CloudStack Quota plugin: Access checks not enforced in Quota Daniel Augusto Veronezi Salvador
• 2024/10/15 CVE-2024-45219: Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure Daniel Augusto Veronezi Salvador
• 2024/10/15 [ANNOUNCE] Apache Pulsar Helm Chart version 3.6.0 Released Lari Hotari
• 2024/10/15 [ANNOUNCE] Apache MINA 2.1.9 and 2.0.26 released Emmanuel Lecharny
• 2024/10/14 [ANNOUNCE] Apache Pekko Management 1.1.0 released PJ Fanning
• 2024/10/14 CVE-2023-50780: Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans Justin Bertram
• 2024/10/14 [ANNOUNCE] Apache Lucene 10.0.0 released Luca Cavanna
• 2024/10/14 [ANNOUNCE] Apache Airflow Providers prepared on October 10, 2024 are released Elad Kalif
• 2024/10/14 [ANN] Apache TomEE 10.0.0-M3 Richard Zowalla
• 2024/10/13 [ANNOUNCE] Apache Curator 5.7.1 released Kezhu Wang
• 2024/10/12 [ANNOUNCE] Apache Jackrabbit 2.23.1-beta released Julian Reschke
• 2024/10/11 CVE-2024-46911: Apache Roller: Weakness in CSRF protection allows privilege escalation David M. Johnson
• 2024/10/10 [ANNOUNCE] Apache Pekko gRPC 1.1.0 released PJ Fanning
• 2024/10/09 [ANN] Apache Tomcat 11.0.0 Available Mark Thomas
• 2024/10/09 CVE-2024-28168: Apache XML Graphics FOP: XML External Entity (XXE) Processing Simon Steiner
• 2024/10/08 [ANNOUNCE] Apache Pekko (Core) 1.1.2 released PJ Fanning
• 2024/10/08 [ANN] Apache Tomcat 9.0.96 available Rémy Maucherat
• 2024/10/08 [ANNOUNCE] Hive 3.x EOL Ayush Saxena
• 2024/10/07 [ANNOUNCE] Release Apache Fury(incubating) Serialization 0.8.0 Shawn Yang
• 2024/10/06 [ANNOUNCE] Release Apache Kvrocks 2.10.0 hulk
• 2024/10/04 [ANNOUNCE] Apache Pulsar 3.3.2 released with important security fix for CVE-2024-47561 Lari Hotari
• 2024/10/04 [ANNOUNCE] Apache Pulsar 3.0.7 released with important security fix for CVE-2024-47561 Lari Hotari
• 2024/10/04 [ANNOUNCE] Release Apache Traffic Control 8.0.2 R S
• 2024/10/04 [ANNOUNCE] Apache Qpid JMS 2.6.1 released Robbie Gemmell
• 2024/10/04 [ANNOUNCE] Apache Qpid JMS 1.12.1 released Robbie Gemmell
• 2024/10/03 CVE-2024-47554: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader Gary D. Gregory
• 2024/10/03 CVE-2024-47561: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Martin Tzvetanov Grigorov

• Earlier messages
• Later messages