announce
Thread
Date
Earlier messages
Later messages
Messages by Thread
CVE-2022-45047: Apache MINA SSHD: Java unsafe deserialization vulnerability
Thomas Wolf
CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories
Olivier Lamy
CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files
Olivier Lamy
CVE-2022-45402: Apache Airflow: Open redirect during login
Jedidiah Cunningham
[ANN] Apache Tomcat 9.0.69 available
Rémy Maucherat
[ANN] Apache Tomcat 10.1.2 available
Mark Thomas
CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB
Rob Vesse
[ANN] Apache Syncope 3.0.0
Francesco Chicchiriccò
[ANNOUNCEMENT] HttpComponents Core 5.1.5 GA released
Oleg Kalnichevski
CVE-2022-45378: Apache SOAP allows unauthenticated users to potentially invoke arbitrary code
Arnout Engelen
[ANNOUNCE] Apache Airflow 2.4.3 Released
Ephraim Anierobi
CVE-2022-27949: Apache Airflow: sensitive values in rendered template
Jarek Potiuk
Re: CVE-2022-27949: Apache Airflow: sensitive values in rendered template
Jarek Potiuk
CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example
Jarek Potiuk
[ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M11 released
Timothy Bish
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M6 released
Timothy Bish
[ANNOUNCE] Apache Qpid Proton 0.38.0 released
Robbie Gemmell
[ANNOUNCE] Apache APISIX Java Plugin Runner 0.4.0 has been released
tzssangglass
[ANNOUNCE] Apache Jackrabbit 2.20.7 released
Julian Reschke
[ANNOUNCEMENT] HttpComponents Client 5.2 GA Released
Oleg Kalnichevski
[ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.2.0 released
Jiajing LU
[ACCOUNCE] Apache Flink Elasticsearch Connector 3.0.0 released
Chesnay Schepler
[ANNOUNCE] Apache SkyWalking Java Agent 8.13.0 released
Sheng Wu
[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.5
Mark Thomas
[ANNOUNCE] Apache Daffodil 3.4.0 Released
Steve Lawrence
[ANN] Apache Tomcat Native 2.0.2 released
Mark Thomas
[ANNOUNCEMENT] HttpComponents Core 5.2 GA released
Oleg Kalnichevski
[ANNOUNCE] Apache Tika 2.6.0 released
Tim Allison
[ANNOUNCE] Apache PLC4X 0.10.0 released
Christofer Dutz
[ANNOUNCE] Apache Camel 3.14.6 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache ShenYu Nginx 1.0.0-1 available
ChenBin
CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
Gary D. Gregory
CVE-2022-37866: Apache Ivy: Ivy Path traversal
Stefan Bodewig
CVE-2022-37865: Apache Ivy allow create/overwrite any file on the system
Stefan Bodewig
[ANN] Apache Ivy 2.5.1 Released
Stefan Bodewig
[ANNOUNCE] Apache James JSIEVE 0.8 released
Benoit TELLIER
[ANNOUNCE] Apache James MIME4J 0.8.8 released
Benoit TELLIER
[ANNOUNCE] Apache James MIME4J 0.8.8 released
Benoit TELLIER
[ANNOUNCE] Apache James JSPF 1.0.2 released
Benoit TELLIER
[ANNOUNCEMENT] Apache Commons BCEL 6.6.1
Gary Gregory
[ANNOUNCE] Apache Pulsar Helm Chart version 3.0.0 Released
Michael Marshall
CVE-2022-33684: Apache Pulsar: Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack
Michael Marshall
CVE-2022-32287: Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives
Richard Eckart de Castilho
[ANNOUNCE] Apache Curator 5.4.0 released
Enrico Olivelli
[ANNOUNCE] Apache UIMA Java SDK version 3.3.1 released
Richard Eckart de Castilho
[ANNOUNCE] Apache Accumulo 2.1.0
Christopher
CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path
Dan Klco
[ANNOUNCE] Apache Commons Numbers Version 1.1 Released
Alex Herbert
CVE-2022-43985: Apache Airflow: Open Redirect
Jedidiah Cunningham
CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query Argument in URL
Jedidiah Cunningham
CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript
Sean R. Owen
CVE-2022-34662: Apache DolphinScheduler prior to 3.0.0 allows path traversal
Jiajie Zhong
[ANNOUNCE] Apache Pulsar 2.10.2 released
Haiting Jiang
CVE-2022-31764: Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC
Weijie Wu
[SECURITY] CVE-2022-42252 Apache Tomcat - Request Smuggling
Mark Thomas
[ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M10 released
Timothy Bish
[ANNOUNCE] Apache Camel 3.18.3 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache brpc (Incubating) 1.3.0 released
Xiguo Hu
[ANNOUNCE] Apache ShardingSphere ElasticJob UI 3.0.2 available
吴伟杰
[ANN] Apache Syncope 3.0.0-M2
Francesco Chicchiriccò
[ANN] Apache Karaf OSGi Runtime 4.3.8 has been released
Jean-Baptiste Onofré
[ANN] Apache Karaf OSGi Runtime 4.4.2 release
Jean-Baptiste Onofré
CVE-2022-26884: Apache DolphinScheduler exposes files without authentication
ShunFeng Cai
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M5 released
Timothy Bish
CVE-2022-39944: The Apache Linkis JDBC EngineConn module has a RCE Vulnerability
Arnout Engelen
CVE-2022-43766: Apache IoTDB: ReDoS Vulnerability by REGEXP
Haonan Hou
CVE-2022-42468 - Apache Flume Improper Input Validation (JNDI Injection) in JMSSource
Ralph Goers
[ANNOUNCE] Release of Apache Flume 1.11.0
Ralph Goers
[ANNOUNCE] Apache IoTDB 0.13.3 released
Jialin Qiao
[ANN] Apache TomEE 8.0.13
Richard Zowalla
CVE-2022-34870: Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application
Dan Smith
[ANNOUNCE] MyFaces Core v4.0.0-RC2 Release
Volodymyr Siedlecki
[ANNOUNCE] Apache Lucene 9.4.1 released
Ignacio Vera
[ANNOUNCE] Apache Airflow 2.4.2 Released
Ephraim Anierobi
[ANNOUNCE] Apache ShardingSphere ElasticJob 3.0.2 available
吴伟杰
[ANNOUNCE] Heron 0.20.5-incubating release
Josh Fischer
CVE-2021-42010: Apache Heron (Incubating): CRLF log injection
Josh Fischer
[ANNOUNCE] Apache ShenYu .NET client 1.0.0 available
Han Gao
[ANNOUNCE] Apache Iceberg release 1.0.0
Ryan Blue
[ANNOUNCE] Apache Impala 4.1.1 release
Quanlong Huang
[ANNOUNCE] Apache TVM v0.10.0 Release
Andrew Luo
CVE-2022-42466: Apache Isis: XSS vulnerability, eg for String properties.
Dan Haywood
ISIS-3128: CVE-2022-42467: Apache Isis: h2 webconsole (available only in prototype mode) should nevertheless be disabled by default.
Dan Haywood
[ANN] Apache Isis version 2.0.0-M9 Released
Dan Haywood
[ANNOUNCE] Apache Hop 2.1.0
Bart Maertens
CVE-2022-39198: Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass
Albumen Kevin
[ANN] Apache Syncope 3.0.0-M1
Francesco Chicchiriccò
[ANNOUNCE] Apache James JDKIM 0.3 released
Benoit TELLIER
[ANNOUNCE] Apache Jackrabbit 2.21.13 released
Julian Reschke
[ANNOUNCE] Apache Groovy 4.0.6 released
Paul King
[ANNOUNCE] Apache Groovy 2.5.19 released
Paul King
[ANNOUNCE] Apache Wicket 9.12.0 released
Andrea Del Bene
[ANNOUNCE] Apache James 3.7.2 released
Benoit TELLIER
[ANNOUNCE] Apache StreamPipes (incubating) 0.70.0
Tim Bossenmaier
[ANNOUNCE] Apache Airflow Helm Chart version 1.7.0 Released
Jedidiah Cunningham
The Apache Weekly News Round-up: week ending 14 October 2022
Swapnil M Mane
[ANNOUNCE] Release Apache SkyWalking Client JS version 0.9.0
xue fan
CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
Gary D. Gregory
[ANNOUNCE] Apache Calcite Avatica Go 5.2.0 released
Francis Chuang
[ANNOUNCE] Apache Flink Table Store 0.2.1 released
Jingsong Lee
[ANNOUNCEMENT] Apache Commons BCEL 6.6.0
Gary Gregory
[ANN] Apache Tomcat 10.1.1 available
Mark Thomas
[ANNOUNCE] Apache Ignite 2.14.0 Released
Taras Ledkov
[ANNOUNCE] Apache Commons RNG 1.5 released
Alex Herbert
CVE-2022-24697: Apache Kylin: Command injection exists when the configuration overwrites function overwrites system parameters
Xiaoxiang Yu
[ANN] Apache Tomcat 8.5.83 available
Mark Thomas
[ANNOUNCE] Apache Geode 1.15.1
Owen Nichols
[ANNOUNCEMENT] Commons Daemon 1.3.2 Released
Mark Thomas
[ANN] Apache Tomcat 10.0.27 available
Mark Thomas
[ANN] Apache Archiva 2.2.9
Olivier Lamy
[ANNOUNCE] Apache APISIX Ingress controller v1.5.0 released
Jintao Zhang
Fwd: [ANNOUNCE] Release Apache DolphinScheduler 3.1.0
ShunFeng Cai
[ANNOUNCEMENT] Apache SkyWalking PHP 0.1.0 Released
Yanlong He
[ANNOUNCE] Apache Tuweni (incubating) 2.3.0 released
Antoine Toulme
[ANN] Apache Tomcat 9.0.68 available
Mark Thomas
[ANNOUNCE] Apache NiFi 1.18.0 release
Joe Witt
Airflow Providers released on October 06, 2022 are ready
Jarek Potiuk
[ANN] Apache Isis version 2.0.0-M8 Released
Dan Haywood
CVE-2022-41672: Apache Airflow: Session still funtional after user is deactivated
Jedidiah Cunningham
[ANNOUNCE] Apache Tika 2.5.0 released
Tim Allison
[ANNOUNCE] Apache Kafka 3.3.1
José Armando García Sancio
[ANNOUNCE] Apache Camel 3.19.0 Released
Gregor Zurowski
[ANNOUNCE] Release Apache SeaTunnel (Incubating) 2.2.0-beta
Calvin Kirs
Airflow Providers released on October 1, 2022 are ready
Jarek Potiuk
[ANNOUNCE] Apache Lucene 9.4.0 released
Michael Sokolov
[ANNOUNCE] Apache Airflow 2.4.1 Released
Jedidiah Cunningham
[ANNOUNCEMENT] Apache Commons Text 1.10.0
Gary Gregory
[ANNOUNCE] Apache PDFBox 2.0.27 released
Andreas Lehmkuehler
[ANNOUNCE] Apache APISIX 3.0.0-beta has been released
Zexuan Luo
[SECURITY] CVE-2021-43980 Apache Tomcat - Information Disclosure
Mark Thomas
[ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M9 released
Timothy Bish
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M4 released
Timothy Bish
[ANN] Apache Tomcat 10.0.26 available
Mark Thomas
[ANNOUCE] Apache CloudStack 4.17.1.0 LTS Release
Abhishek Kumar
[ANN] Apache Tomcat 9.0.67 available
Rémy Maucherat
[ANN] Apache Tomcat 10.1.0 (stable) available
Mark Thomas
[ANNOUNCE] Apache Allura 1.14.0 released
Dave Brondsema
CVE-2022-33683: Apache Pulsar: Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack
Michael Marshall
CVE-2022-33682: Apache Pulsar: Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack
Michael Marshall
CVE-2022-33681: Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM
Michael Marshall
CVE-2022-24280: Apache Pulsar Proxy target broker address isn't validated
Lari Hotari
CVE-2022-40955: Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC
Arnout Engelen
CVE-2022-40705: Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP
Arnout Engelen
[ANNOUNCE] Apache Qpid JMS 2.1.0 released
Robbie Gemmell
[ANNOUNCE] Apache Qpid JMS 1.7.0 released
Robbie Gemmell
CVE-2022-40754: Apache Airflow: Open Redirect
Jedidiah Cunningham
CVE-2022-40604: Apache Airflow: Format String Vulnerability
Jedidiah Cunningham
[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.4
Mark Thomas
[ANNOUNCE] Apache Creadur RAT 0.15 is released
P. Ottlinger
[ANNOUNCE] Release Apache InLong 1.3.0
Zirui Sting
[ANNOUNCEMENT] Apache SkyWalking CLI 0.11.0 Released
kezhenxu94
[ANNOUNCE] Apache SkyWalking Kubernetes 4.3.0 is available
kezhenxu94
CVE-2022-28220: STARTTLS command injection in Apache JAMES
Benoit Tellier
CVE-2022-34917: Unauthenticated clients may cause OutOfMemoryError on Apache Kafka Brokers
Manikumar
[ANNOUNCE] Apache Kafka 3.2.3
Manikumar
[ANNOUNCE] Apache Kafka 3.1.2
Manikumar
[ANNOUNCE] Apache Kafka 3.0.2
Manikumar
[ANNOUNCE] Apache Kafka 2.8.2
Manikumar
[ANNOUNCE] Apache Pulsar 2.8.4 released
Yunze Xu
[ANNOUNCE] Apache Airflow 2.4.0 Released
Ephraim Anierobi
[ANNOUNCE] Apache Groovy 3.0.13 Released
Paul King
[ANNOUNCE] Apache Log4j 2.19.0 released
Ralph Goers
[ANNOUNCE] Apache POI 5.2.3 released
PJ Fanning
[ANNOUNCEMENT] Apache SkyWalking Cloud on Kubernetes 0.7.0 Released
Ye Cao
[ANNOUNCEMENT] Apache SkyWalking Could on Kubernetes 0.7.0 Released
Ye Cao
[ANNOUNCE] Apache PDFBox 1.8.17 released
Andreas Lehmkuehler
[ANN] Apache Struts ver. 6.0.3 GA
Lukasz Lenart
The Apache Weekly News Round-up: week ending 16 September 2022
Swapnil M Mane
[ANNOUNCE] Apache Tika 1.28.5 released
Tim Allison
[ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.3
Mark Thomas
[ANNOUNCEMENT] Apache SkyWalking Rover 0.3.0 Released
han liu
CVE-2022-39135: Apache Calcite: potential XEE attacks
Ruben Q L
[ANNOUNCE] Apache Jackrabbit 2.16.10 released
Julian Reschke
[ANNOUNCE] Apache Jackrabbit 2.16.10 released
Julian Reschke
[ANNOUNCE] Apache Calcite 1.32.0 released
Julian Hyde
[ANNOUNCE] Apache Groovy 4.0.5 Released
Paul King
The Apache Weekly News Round-up: week ending 9 September 2022
Swapnil M Mane
[ANNOUNCE] Apache Camel 3.18.2 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache Pinot 0.11.0 release
Xiang Fu
[ANNOUNCE] Apache IoTDB 0.13.2 released
Jialin Qiao
[ANNOUNCE] Apache NetBeans 15 released
Geertjan Wielenga
[ANNOUNCE] Apache Kyuubi (Incubating) released 1.6.0-incubating
Nicholas Jiang
[ANNOUNCE] Apache Pulsar 2.7.5 released
Haiting Jiang
[ANNOUNCE] Apache Linkis (Incubating) 1.2.0 available
Zhen Wang
CVE-2022-38370: Apache IoTDB: No authorization of DatabaseConnectController in grafana-connector.
Haonan Hou
CVE-2022-38369: Apache IoTDB: Login check vulnerability by session Id
Haonan Hou
[ANNOUNCE] Apache APISIX Ingress controller v1.5.0-rc1 released
Jintao Zhang
[ANNOUNCE] Apache HBase 2.5.0 is now available for download
Nick Dimiduk
[ANNOUNCE] Apache SkyWalking Java Agent 8.12.0 released
Sheng Wu
[ANN] Apache ActiveMQ 5.17.2 has been released!
Jean-Baptiste Onofré
[ANNOUNCE] Apache Qpid Proton-J 0.34.0 released
Robbie Gemmell
Apache OFBiz - Unauth Stored XSS (CVE-2022-25370)
Jacques Le Roux
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
Jacques Le Roux
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
Jacques Le Roux
Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
Jacques Le Roux
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
Jacques Le Roux
Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063)
Jacques Le Roux
Subject: Apache OFBiz - Server-Side Template Injection (CVE-2022-25813)
Jacques Le Roux
[ANNOUNCE] Apache OFBiz 18.12 End-Of-Life (EOL) announcement
Jacques Le Roux
CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons
Jedidiah Cunningham
Earlier messages
Later messages