announce

Messages by Date

2024/10/02 [ANNOUNCE] Apache Pekko Connectors Kafka 1.1.0 released PJ Fanning
2024/10/02 [ANNOUNCE] Apache Pekko HTTP 1.1.0 released PJ Fanning
2024/10/02 [ANNOUNCE] Apache Hive 4.0.1 Released Zhihua Deng
2024/10/02 [ANN] Apache ActiveMQ 5.18.6 has been released! Jean-Baptiste Onofré
2024/10/01 [ANNOUNCE] Apache Airflow Providers prepared on September 27, 2024 are released Elad Kalif
2024/10/01 [ANNOUNCE] Apache Jackrabbit Oak 1.70.0 released Julian Reschke
2024/10/01 [ANNOUNCE] Apache ManifoldCF 2.27 released Piergiorgio Lucidi
2024/09/30 [ANNOUNCE] Apache Log4j `2.24.1`released Piotr P. Karwasz
2024/09/30 [ANNOUNCE] Apache Daffodil 3.9.0 Released Steve Lawrence
2024/09/30 [ANNOUNCE] Apache Pulsar Go Client 0.14.0 released Zike Yang
2024/09/28 CVE-2024-45772: Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue Robert Muir
2024/09/28 [ANNOUNCE] Apache Lucene 9.12.0 released Chris Hegarty
2024/09/28 [ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.7.0 released Kai Wan
2024/09/28 [ANNOUNCE] Apache log4net 3.0.1 released Jan Friedrich
2024/09/27 [ANNOUNCE] Apache CouchDB 3.4.1 released Jan Lehnardt
2024/09/26 [ANNOUNCE] Apache Ratis 3.1.1 Release Xinyu Tan
2024/09/26 CVE-2024-47197: Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Slawomir Jaranowski
2024/09/25 [ANNOUNCE] Apache ServiceComb Java Chassis version 3.2.2 Released liubao
2024/09/25 ANNOUNCE] Apache Spark 3.5.3 released Kent Yao
2024/09/25 [SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service Mark Thomas
2024/09/25 [ANNOUNCE] Apache NiFi NAR Maven Plugin 2.1.0 Released David Handermann
2024/09/25 [ANNOUNCE] Apache Commons CSV Version 1.12.0 Gary Gregory
2024/09/25 [ANNOUNCE] Apache Solr 8.11.4 released Houston Putman
2024/09/25 [ANNOUNCE] Apache Qpid JMS 2.6.0 released Robbie Gemmell
2024/09/25 [ANNOUNCE] Apache Qpid JMS 1.12.0 released Robbie Gemmell
2024/09/24 CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Enxin Xie
2024/09/24 CVE-2024-23454: Apache Hadoop: Temporary File Local Information Disclosure Shilun Fan
2024/09/24 [ANNOUNCE] Apache Wicket 10.2.0 released Andrea Del Bene
2024/09/24 [ANNOUNCE] Apache Velocity Engine 2.4 released Claude Brisson
2024/09/24 [ANNOUNCE] Apache Airflow Providers prepared on September 21, 2024 are released Elad Kalif
2024/09/23 CVE-2024-39928: Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability Heping Wang
2024/09/23 [ANNOUNCE] Apache NiFi API 2.0.0 Released David Handermann
2024/09/23 [SECURITY] CVE-2024-38286 Apache Tomcat - Denial of Service Mark Thomas
2024/09/23 [ANN] Apache OpenJPA 4.0.1 Francesco Chicchiriccò
2024/09/23 [ANNOUNCE] Apache StormCrawler (Incubating) 3.1.0 released Richard Zowalla
2024/09/23 [ANNOUNCEMENT] HttpComponents Client 5.4 GA Released Oleg Kalnichevski
2024/09/22 [ANNOUNCE] Apache YuniKorn v1.6.0 released Wilfred Spiegelenburg
2024/09/22 [ANNOUNCE] Apache Answer(Incubating) v1.4.0 available Robin Ren
2024/09/22 [ANNOUNCE] Apache Zeppelin 0.11.2 available Jongyoul Lee
2024/09/20 [ANNOUNCE] Apache Airflow 2.10.2 Released Ephraim Anierobi
2024/09/20 CVE-2024-42323: Apache HertzBeat: RCE by snakeYaml deser load malicious xml Chao Gong
2024/09/20 [ANNOUNCE] Apache Qpid protonj2 1.0.0-M22 released Timothy Bish
2024/09/20 [ANNOUNCE] Apache NetBeans 23 released Eric Barboni
2024/09/18 [ANNOUNCE] Apache Pekko Persistence JDBC 1.1.0 released PJ Fanning
2024/09/17 CVE-2024-45537: Apache Druid: Users can provide MySQL JDBC properties not on allow list Karan Kumar
2024/09/17 CVE-2024-45384: Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack Karan Kumar
2024/09/17 [ANN] Apache Tomcat 9.0.95 available Rémy Maucherat
2024/09/16 [ANN] Apache Tomcat 11.0.0-M26 (beta) available Mark Thomas
2024/09/15 [ANNOUNCE] Apache log4net 3.0.0 released Jan Friedrich
2024/09/15 [ANNOUNCE] Apache Camel 4.8.0 (LTS) Released Gregor Zurowski
2024/09/14 [ANNOUNCE] Apache Pekko (Core) 1.1.1 released Arnout Engelen
2024/09/13 [ANN] Apache Tomcat: HTTP/2 regression in 11.0.0-M25, 10.1.29, 9.0.94 Mark Thomas
2024/09/13 [ANNOUNCE] Apache Pulsar Node.js client 1.12.0 released Baodi Shi
2024/09/12 [ANNOUNCE] Apache Jackrabbit Oak 1.22.21 released Julian Reschke
2024/09/12 [ANNOUNCE] Apache Groovy 4.0.23 Released Paul King
2024/09/12 [ANNOUNCE] Apache Groovy 5.0.0-alpha-10 Released Paul King
2024/09/12 [ANNOUNCEMENT] HttpComponents Core 5.3 GA released Oleg Kalnichevski
2024/09/12 [ANNOUNCE] Beam 2.59.0 Released Robert Burke
2024/09/11 [ANN] Apache Tomcat 10.1.29 Available Christopher Schultz
2024/09/11 CVE-2024-22399: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server Min Ji
2024/09/11 [ANN] Apache Tomcat 9.0.94 available Rémy Maucherat
2024/09/10 [ANN] Apache Tomcat 11.0.0-M25 (beta) available Mark Thomas
2024/09/10 [ANNOUNCE] Apache Pekko Projections 1.1.0-M1 released PJ Fanning
2024/09/06 CVE-2024-45498: Apache Airflow: Command Injection in an example DAG Ephraim Anierobi
2024/09/05 [ANNOUNCE] Apache Arrow ADBC 14 released David Li
2024/09/05 [ANNOUNCE] Apache Flink CDC 3.2.0 released Qingsheng Ren
2024/09/03 [ANNOUNCE] Apache Pekko (Core) 1.1.0 released PJ Fanning
2024/09/03 CVE-2024-45507: Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE Jacques Le Roux
2024/09/03 CVE-2024-45195: Apache OFBiz: Confused controller-view authorization logic (forced browsing) Jacques Le Roux
2024/09/03 [ANNOUNCE] Apache OFBiz 18.12.16 released Jacopo Cappellato
2024/09/02 [ANN] Apache Maven 4.0.0-beta-4 released Tamás Cservenák
2024/08/30 [ANNOUNCE] Apache Commons Lang 3.17.0 Gary Gregory
2024/08/29 [ANNOUNCE] Apache Ant 1.10.15 released Jaikiran Pai
2024/08/29 CVE-2023-44313: Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API liubao
2024/08/28 [ANNOUNCE] Apache Traffic Server 10.0.0 has been released Chris McFarlen
2024/08/28 [ANNOUNCE] Apache Parquet release 1.14.2 Fokko Driesprong
2024/08/28 [ANNOUNCE] Apache Airflow Providers prepared on August 25, 2024 are released Elad Kalif
2024/08/28 [ANNOUNCEMENT] Apache SkyWalking Go 0.5.0 Released han liu
2024/08/27 [ANNOUNCE] Apache Sedona 1.6.1 released Jia Yu
2024/08/26 CVE-2023-49582: Apache Portable Runtime (APR): Unexpected lax shared memory permissions Eric Covener
2024/08/26 [ANNOUNCEMENT] Apache Portable Runtime 1.7.5 Released covener
2024/08/25 [ANN] Apache Maven Daemon 1.0.2 released Tamás Cservenák
2024/08/22 [ANNOUNCE] Apache Airflow Providers prepared on August 19, 2024 are released Elad Kalif
2024/08/21 CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on provider link Ephraim Anierobi
2024/08/21 [ANNOUNCE] Release Apache Iceberg Rust v0.3.0 Xuanwo
2024/08/20 CVE-2023-49198: Apache SeaTunnel Web: Arbitrary file read vulnerability Jun Gao
2024/08/20 [ANNOUNCE] Apache Commons Statistics Version 1.1 Released Alex Herbert
2024/08/20 CVE-2024-22281: Apache Helix Front (UI): Helix front hard-coded secret in the express-session Junkai Xue
2024/08/20 [ANNOUNCE] Apache Commons Compress version 1.27.1 Gary Gregory
2024/08/19 CVE-2024-43202: Apache DolphinScheduler: Remote Code Execution Vulnerability ShunFeng Cai
2024/08/19 [ANNOUNCE] Apache Impala 4.4.1 release Quanlong Huang
2024/08/19 [ANNOUNCE] Apache Commons Logging 1.3.4 Gary Gregory
2024/08/19 [ANNOUNCE] Apache Jackrabbit 1.68.0 released Julian Reschke
2024/08/16 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.7 Chris Bono
2024/08/15 [ANNOUNCE] Apache Airflow 2.10.0 Released Ephraim Anierobi
2024/08/15 Apache Kerby 2.1.0 released Colm O hEigeartaigh
2024/08/14 [ANNOUNCE] Apache Commons CLI Version 1.9.0 Gary Gregory
2024/08/14 [ANNOUNCE] Apache Accumulo 2.1.3 Christopher
2024/08/14 [ANNOUNCE] Apache APISIX 3.10.0 has been released Abhishek Choudhary
2024/08/13 [ANNOUNCE] Release Apache OpenDAL v0.49.0 Xuanwo
2024/08/13 [ANN] Apache Tomcat Connectors 1.2.50 released Mark Thomas
2024/08/13 [ANNOUNCE] Apache Camel 4.0.6 (LTS) Release Gregor Zurowski
2024/08/12 CVE-2024-41909: Apache MINA SSHD: integrity check bypass Arnout Engelen
2024/08/12 [ANNOUNCE] Apache Commons Numbers Version 1.2 Released Alex Herbert
2024/08/12 [ANNOUNCE] Apache Spark 3.5.2 released Kent Yao
2024/08/10 [ANNOUNCE] Apache Ranger 2.5.0 released Madhan Neethiraj
2024/08/09 CVE-2024-30188: Apache DolphinScheduler: Resource File Read And Write Vulnerability ShunFeng Cai
2024/08/09 CVE-2024-29831: Apache DolphinScheduler: RCE by arbitrary js execution ShunFeng Cai
2024/08/09 [ANNOUNCE] Apache Pulsar Go Client 0.13.1 released Zike Yang
2024/08/09 [ANNOUNCE] Apache PDFBox 3.0.3 released Andreas Lehmkühler
2024/08/09 [Announcement]: Apache LDAP API 2.1.7 Emmanuel Lecharny
2024/08/09 [ANNOUNCE] Apache Commons Compress 1.27.0 Gary Gregory
2024/08/09 CVE-2024-41888: Apache Answer: The link for resetting user password is not Single-Use Enxin Xie
2024/08/09 CVE-2024-41890: Apache Answer: The link to reset the user's password will remain valid after sending a new link Enxin Xie
2024/08/08 [ANNOUNCE] Beam 2.58.0 Released Jack McCluskey
2024/08/08 [ANN] Apache ActiveMQ Classic 6.1.3 has been released! Jean-Baptiste Onofré
2024/08/07 [ANNOUNCE] Apache Commons Lang Version 3.16.0 Gary Gregory
2024/08/07 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.2.2 released David Jensen
2024/08/06 [ANNOUNCE] Apache Airflow Providers prepared on August 03, 2024 are released Elad Kalif
2024/08/06 [ANN] Apache Tomcat 10.1.28 Available Christopher Schultz
2024/08/06 CVE-2024-42062: Apache CloudStack: User Key Exposure to Domain Admins Rohit Yadav
2024/08/06 CVE-2024-42222: Apache CloudStack: Unauthorised Network List Access Rohit Yadav
2024/08/06 [ANNOUCE] Apache CloudStack LTS Security Releases 4.18.2.3 and 4.19.1.1 Nicolas Vazquez
2024/08/06 [ANN] Apache Tomcat 11.0.0-M24 (beta) available Mark Thomas
2024/08/06 [ANNOUNCE] Apache Pulsar Helm Chart version 3.5.0 Released Lari Hotari
2024/08/05 [ANN] Apache Tomcat 9.0.93 available Rémy Maucherat
2024/08/05 CVE-2024-36448: Apache IoTDB Workbench: SSRF Vulnerability (EOL) Haonan Hou
2024/08/04 [ANNOUNCE] Apache Answer(Incubating) v1.3.6 available Kumfo Yang
2024/08/04 CVE-2024-42447: Apache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow Jarek Potiuk
2024/08/04 CVE-2024-38856: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code Jacques Le Roux
2024/08/03 [ANNOUNCE] Apache OFBiz 18.12.15 released Jacopo Cappellato
2024/08/02 CVE-2024-36268: Apache InLong TubeMQ Client: Remote Code Execution vulnerability Charles Zhang
2024/08/01 [ANNOUNCE] Apache Pulsar 3.3.1 released Lari Hotari
2024/08/01 [ANNOUNCE] Release Apache OpenDAL 0.48.0 Xuanwo
2024/08/01 [ANNOUNCE] Apache Pulsar 3.2.4 released Lari Hotari
2024/08/01 CVE-2024-27182: Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability Heping Wang
2024/08/01 CVE-2024-27181: Apache Linkis Basic management services: Privilege Escalation Attack vulnerability Heping Wang
2024/08/01 [ANNOUNCE] Apache Pulsar 3.0.6 released Lari Hotari
2024/08/01 [ANNOUNCE] Apache YuniKorn v1.5.2 released Wilfred Spiegelenburg
2024/07/31 [ANNOUNCE] Apache Airflow Providers prepared on July 28, 2024 are released Elad Kalif
2024/07/30 CVE-2023-48396: Apache SeaTunnel Web: Authentication bypass Jun Gao
2024/07/29 [ANNOUNCE] Apache Kafka 3.8.0 Josep Prat
2024/07/29 [ANNOUNCE] Apache Kafka 3.8.0 Josep Prat
2024/07/29 [ANNOUNCE] Apache Celeborn 0.4.2 available Fu Chen
2024/07/28 Apache Bloodhound is now retired Hervé Boutemy
2024/07/28 Apache HAWQ is now retired Hervé Boutemy
2024/07/25 CVE-2024-25090: Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode David M. Johnson
2024/07/25 [ANNOUNCE] Apache Traffic Server 9.2.5 and 8.1.11 are released Bryan Call
2024/07/25 [ANNOUNCE] Apache Iceberg release 1.6.0 Jean-Baptiste Onofré
2024/07/25 [ANNOUNCE] Apache Airflow Providers prepared on July 21, 2024 are released Elad Kalif
2024/07/25 [ANN] Apache ActiveMQ Classic 5.18.5 has been released! Jean-Baptiste Onofré
2024/07/24 [ANN] Apache Tomcat Native 1.3.1 released Mark Thomas
2024/07/24 [ANN] Apache Tomcat Native 2.0.8 released Mark Thomas
2024/07/24 [ANNOUNCE] Apache PDFBox 2.0.32 released Andreas Lehmkühler
2024/07/24 [ANNOUNCE] Apache Airflow Helm Chart version 1.15.0 Released Jedidiah Cunningham
2024/07/24 [ANNOUNCE] Apache Commons BCEL Version 6.10.0 Gary Gregory
2024/07/23 Subject: [ANNOUNCE] Apache Storm 2.6.3 Released Rui Abreu
2024/07/23 CVE-2023-48362: Apache Drill: XXE Vulnerability in XML Format Reader James Turton
2024/07/23 CVE-2024-39676: Apache Pinot: Unauthorized endpoint exposed sensitive information Yupeng Fu
2024/07/23 CVE-2024-41178: Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files Andrew Lamb
2024/07/23 [ANNOUNCE] Apache Kyuubi v1.9.2 is available Fu Chen
2024/07/23 [ANNOUNCE] Apache Pekko Persistence Cassandra 1.1.0-M1 released PJ Fanning
2024/07/23 [ANNOUNCE] Apache BVal 3.0.1 Markus Jung
2024/07/23 [ANNOUNCE] Apache Jackrabbit 2.23.0-beta released Julian Reschke
2024/07/23 [ANN] Apache TomEE 10.0.0-M2 Richard Zowalla
2024/07/22 CVE-2024-29070: Apache StreamPark: session not invalidated after logout Huajie Wang
2024/07/22 [ANNOUNCE] Apache Pulsar Go Client 0.13.0 released Zike Yang
2024/07/22 [ANNOUNCE] Apache Kyuubi Shaded released 0.4.1 Cheng Pan
2024/07/22 [ANN] Apache Syncope 3.0.8 Francesco Chicchiriccò
2024/07/22 CVE-2024-38503: Apache Syncope: HTML tags can be injected into Console or Enduser text fields Francesco Chicchiriccò
2024/07/22 CVE-2024-34457: Apache StreamPark IDOR Vulnerability Huajie Wang
2024/07/22 CVE-2024-23321: Apache RocketMQ: Unauthorized Exposure of Sensitive Data Rongtong Jin
2024/07/20 Apache Submarine is now retired Hervé Boutemy
2024/07/19 [ANNOUNCE] Apache Qpid protonj2 1.0.0-M21 released Timothy Bish
2024/07/19 [ANNOUNCE] Apache bRPC 1.10.0 released Xiaofeng
2024/07/19 [ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion Abhishek Kumar
2024/07/19 CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE Colm O hEigeartaigh
2024/07/19 CVE-2024-41172: Unrestricted memory consumption in CXF HTTP clients Colm O hEigeartaigh
2024/07/19 CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter Colm O hEigeartaigh
2024/07/19 CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion Rohit Yadav
2024/07/19 [ANNOUNCE] Apache Arrow 17.0.0 released Raúl Cumplido
2024/07/18 [ANNOUNCE] Apache Commons Lang Version 3.15.0 Gary Gregory
2024/07/18 CVE-2024-29178: Apache StreamPark: FreeMarker SSTI RCE Vulnerability Huajie Wang
2024/07/17 CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows Eric Covener
2024/07/17 CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType Eric Covener
2024/07/17 CVE-2024-29120: Apache StreamPark: Information leakage vulnerability Huajie Wang
2024/07/17 [ANNOUNCE] Apache Tika 3.0.0-BETA2 released Tim Allison
2024/07/16 CVE-2024-29737: Apache StreamPark (incubating): maven build params could trigger remote command execution Huajie Wang
2024/07/16 CVE-2023-52291: Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution Huajie Wang
2024/07/16 [ANNOUNCE] Apache StreamPipes 0.95.1 Dominik Riemer
2024/07/16 CVE-2024-31979: Apache StreamPipes: Possibility of SSRF in pipeline element installation process Dominik Riemer
2024/07/16 CVE-2024-31411: Apache StreamPipes: Potential remote code execution (RCE) via file upload Dominik Riemer
2024/07/16 CVE-2024-30471: Apache StreamPipes: Potential creation of multiple identical accounts Dominik Riemer
2024/07/16 [ANNOUNCE] Apache Linkis 1.6.0 released peacewong
2024/07/16 [ANNOUNCE] Apache Commons RNG 1.6 released Alex Herbert
2024/07/16 [ANNOUNCE] Apache Airflow 2.9.3 Released Utkarsh Sharma
2024/07/16 CVE-2024-39877: Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler Ephraim Anierobi
2024/07/16 CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability Ephraim Anierobi
2024/07/16 CVE-2024-39887: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar
2024/07/16 [ANNOUNCE] Apache Uniffle (Incubating) 0.9.0 available Enrico Minack