announce

Messages by Thread

[ANNOUNCE] Release Apache OpenDAL 0.48.0 Xuanwo
[ANNOUNCE] Apache Pulsar 3.2.4 released Lari Hotari
CVE-2024-27182: Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability Heping Wang
CVE-2024-27181: Apache Linkis Basic management services: Privilege Escalation Attack vulnerability Heping Wang
[ANNOUNCE] Apache Pulsar 3.0.6 released Lari Hotari
[ANNOUNCE] Apache YuniKorn v1.5.2 released Wilfred Spiegelenburg
[ANNOUNCE] Apache Airflow Providers prepared on July 28, 2024 are released Elad Kalif
CVE-2023-48396: Apache SeaTunnel Web: Authentication bypass Jun Gao
[ANNOUNCE] Apache Kafka 3.8.0 Josep Prat
- [ANNOUNCE] Apache Kafka 3.8.0 Josep Prat
[ANNOUNCE] Apache Celeborn 0.4.2 available Fu Chen
Apache Bloodhound is now retired Hervé Boutemy
Apache HAWQ is now retired Hervé Boutemy
CVE-2024-25090: Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode David M. Johnson
[ANNOUNCE] Apache Traffic Server 9.2.5 and 8.1.11 are released Bryan Call
[ANNOUNCE] Apache Iceberg release 1.6.0 Jean-Baptiste Onofré
[ANNOUNCE] Apache Airflow Providers prepared on July 21, 2024 are released Elad Kalif
[ANN] Apache ActiveMQ Classic 5.18.5 has been released! Jean-Baptiste Onofré
[ANN] Apache Tomcat Native 1.3.1 released Mark Thomas
[ANN] Apache Tomcat Native 2.0.8 released Mark Thomas
[ANNOUNCE] Apache PDFBox 2.0.32 released Andreas Lehmkühler
[ANNOUNCE] Apache Airflow Helm Chart version 1.15.0 Released Jedidiah Cunningham
[ANNOUNCE] Apache Commons BCEL Version 6.10.0 Gary Gregory
Subject: [ANNOUNCE] Apache Storm 2.6.3 Released Rui Abreu
CVE-2023-48362: Apache Drill: XXE Vulnerability in XML Format Reader James Turton
CVE-2024-39676: Apache Pinot: Unauthorized endpoint exposed sensitive information Yupeng Fu
CVE-2024-41178: Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files Andrew Lamb
[ANNOUNCE] Apache Kyuubi v1.9.2 is available Fu Chen
[ANNOUNCE] Apache Pekko Persistence Cassandra 1.1.0-M1 released PJ Fanning
[ANNOUNCE] Apache BVal 3.0.1 Markus Jung
[ANNOUNCE] Apache Jackrabbit 2.23.0-beta released Julian Reschke
[ANN] Apache TomEE 10.0.0-M2 Richard Zowalla
CVE-2024-29070: Apache StreamPark: session not invalidated after logout Huajie Wang
[ANNOUNCE] Apache Pulsar Go Client 0.13.0 released Zike Yang
[ANNOUNCE] Apache Kyuubi Shaded released 0.4.1 Cheng Pan
[ANN] Apache Syncope 3.0.8 Francesco Chicchiriccò
CVE-2024-38503: Apache Syncope: HTML tags can be injected into Console or Enduser text fields Francesco Chicchiriccò
CVE-2024-34457: Apache StreamPark IDOR Vulnerability Huajie Wang
CVE-2024-23321: Apache RocketMQ: Unauthorized Exposure of Sensitive Data Rongtong Jin
Apache Submarine is now retired Hervé Boutemy
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M21 released Timothy Bish
[ANNOUNCE] Apache bRPC 1.10.0 released Xiaofeng
[ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion Abhishek Kumar
CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE Colm O hEigeartaigh
CVE-2024-41172: Unrestricted memory consumption in CXF HTTP clients Colm O hEigeartaigh
CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter Colm O hEigeartaigh
CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion Rohit Yadav
[ANNOUNCE] Apache Arrow 17.0.0 released Raúl Cumplido
[ANNOUNCE] Apache Commons Lang Version 3.15.0 Gary Gregory
CVE-2024-29178: Apache StreamPark: FreeMarker SSTI RCE Vulnerability Huajie Wang
CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows Eric Covener
CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType Eric Covener
CVE-2024-29120: Apache StreamPark: Information leakage vulnerability Huajie Wang
[ANNOUNCE] Apache Tika 3.0.0-BETA2 released Tim Allison
CVE-2024-29737: Apache StreamPark (incubating): maven build params could trigger remote command execution Huajie Wang
CVE-2023-52291: Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution Huajie Wang
[ANNOUNCE] Apache StreamPipes 0.95.1 Dominik Riemer
CVE-2024-31979: Apache StreamPipes: Possibility of SSRF in pipeline element installation process Dominik Riemer
CVE-2024-31411: Apache StreamPipes: Potential remote code execution (RCE) via file upload Dominik Riemer
CVE-2024-30471: Apache StreamPipes: Potential creation of multiple identical accounts Dominik Riemer
[ANNOUNCE] Apache Linkis 1.6.0 released peacewong
[ANNOUNCE] Apache Commons RNG 1.6 released Alex Herbert
[ANNOUNCE] Apache Airflow 2.9.3 Released Utkarsh Sharma
CVE-2024-39877: Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler Ephraim Anierobi
CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability Ephraim Anierobi
CVE-2024-39887: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar
[ANNOUNCE] Apache Uniffle (Incubating) 0.9.0 available Enrico Minack
[ANNOUNCE] Apache Commons Codec 1.17.1 Gary Gregory
CVE-2023-52290: Apache StreamPark (incubating): Unchecked SQL query fields trigger SQL injection vulnerability Huajie Wang
[ANNOUNCE] Apache Camel 4.7.0 Released Gregor Zurowski
[ANN] Apache Tomcat 10.1.26 Available Christopher Schultz
[ANNOUNCE] Apache Airflow Providers prepared on July 12, 2024 are released Elad Kalif
[ANNOUNCE] Release Apache SkyWalking Client JS version 0.12.0 xue fan
CVE-2023-49566: Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability Heping Wang
CVE-2023-46801: Apache Linkis DataSource: Remote code execution vulnerability in apache Linkis 1.4.0 Heping Wang
CVE-2023-41916: Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading Heping Wang
[ANNOUNCE] Apache Airflow Providers prepared on July 09, 2024 are released Elad Kalif
[ANNOUNCE] Apache Pekko Connectors 1.1.0-M1 released PJ Fanning
[ANNOUNCE] Apache Jackrabbit Oak 1.66.0 released Julian Reschke
CVE-2024-36522: Apache Wicket: Remote code execution via XSLT injection Martin Tzvetanov Grigorov
[ANNOUNCE] Apache NiFi 1.27.0 Released David Handermann
[ANNOUNCE] Apache Bigtop 3.3.0 released Masatake Iwasaki
[ANNOUNCE] Apache Pulsar Node.js client 1.11.1 released Baodi Shi
[ANN] Apache Causeway version 2.1.0 and 3.1.0 Released Dan Haywood
[ANN] Apache Tomcat 9.0.91 available Rémy Maucherat
CVE-2024-37389: Apache NiFi: Improper Neutralization of Input in Parameter Context Description David Handermann
[ANNOUNCE] Release Apache OpenDAL 0.47.3 Xuanwo
[SECURITY] CVE-2024-34750 Apache Tomcat - Denial of Service Mark Thomas
[ANN] Apache Tomcat 11.0.0-M22 (beta) available Mark Thomas
[ANNOUNCE] Apache CloudStack LTS Security Releases 4.18.2.1 and 4.19.0.2 Abhishek Kumar
[ANNOUNCE] Apache Airflow Providers prepared on July 02, 2024 are released Jarek Potiuk
[ANNOUNCE] Apache ServiceComb Java Chassis version 3.2.0 Released liubao
[ANNOUNCE] Apache ServiceComb Java Chassis version 2.8.18 Released liubao
[ANNOUNCE] Apache Arrow ADBC 13 released David Li
[ANNOUNCE] Apache Commons Logging 1.3.3 Gary Gregory
[ANNOUNCEMENT] Apache HTTP Server 2.4.61 Released covener
CVE-2024-39884: Apache HTTP Server: source code disclosure with handlers configured via AddType Eric Covener
[ANNOUNCEMENT] HttpComponents Core 5.2.5 GA released Oleg Kalnichevski
[ANNOUNCE] Release Apache OpenDAL 0.47.2 Xuanwo
[ANNOUNCE] Apache POI 5.3.0 release PJ Fanning
[ANNOUNCEMENT] Apache HTTP Server 2.4.60 Released covener
[ANNOUNCE] Apache NiFi 2.0.0-M4 Released David Handermann
CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy handler substitution Eric Covener
CVE-2024-38477: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request Eric Covener
CVE-2024-38476: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect Eric Covener
CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences Eric Covener
CVE-2024-38475: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. Eric Covener
CVE-2024-38473: Apache HTTP Server proxy encoding problem Eric Covener
CVE-2024-38472: Apache HTTP Server on WIndows UNC SSRF Eric Covener
CVE-2024-36387: Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 Eric Covener
[ANNOUNCE] Apache Kafka 3.7.1 Igor Soarez
[ANNOUNCE] Apache IoTDB 1.3.2 released Haonan Hou
[ANNOUNCE] Apache Commons Email Parent POM 2.0.0-M1 Gary Gregory
[ANNOUNCE] Apache Groovy 5.0.0-alpha-9 Released Paul King
[ANNOUNCE] Apache Groovy 4.0.22 Released Paul King
[ANNOUNCE] Apache Groovy 3.0.22 Released Paul King
[ANNOUNCE] Apache Doris 2.0.12 & 2.1.4 release ChenMingyu
[ANNOUNCE] Apache Camel 4.4.3 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Lucene 9.11.1 released Ignacio Vera
[ANNOUNCE] Apache Airflow Providers prepared on June 22, 2024 are released Elad Kalif
[ANNOUNCEMENT] HttpComponents Client 5.4-beta1 Released Oleg Kalnichevski
[ANNOUNCE] Apache BookKeeper 4.17.1 released ZhangJian He
[ANNOUNCEMENT] HttpComponents Core 5.3-beta1 released Oleg Kalnichevski
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.3.1 released David Jensen
CVE-2024-27136: Apache JSPWiki: Cross-site scripting vulnerability on upload page Juan Pablo Santos Rodríguez
[ANNOUNCE] Apache Pekko (Core) 1.0.3 released PJ Fanning
Fwd: [ANNOUNCE] Apache MINA SSHD 2.13.1 released Guillaume Nodet
[ANNOUNCE] Apache Drill 1.21.2 Released James Turton
[ANNOUNCE] Apache Camel 3.21.5 (LTS) Released Gregor Zurowski
CVE-2024-29868: Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation Dominik Riemer
[ANNOUNCE] Apache Impala 3.4.2 release Quanlong Huang
[ANNOUNCE] Apache Allura 1.17.1 released Dave Brondsema
CVE-2024-38379: Apache Allura: Stored authenticated XSS David Philip Brondsema
[ANNOUNCE] Release Apache OpenDAL v0.47.1 Xuanwo
CVE-2024-34693: Apache Superset: Server arbitrary file read Daniel Gaspar
[ANNOUNCE] Apache Pekko Connectors Kafka 1.1.0-M1 released PJ Fanning
[ANN] Apache Tomcat 10.1.25 Available Christopher Schultz
[ANNOUNCE] Apache Ant 1.9.x release series EOL Jaikiran Pai
[ANN] Apache Tomcat 9.0.90 available Rémy Maucherat
[ANNOUNCE] Apache SDAP 1.3.0 Released Riley Kuttruff
[ANNOUNCE] Apache Commons Collections 4.5.0-M2 Gary Gregory
[ANN] Apache Tomcat 11.0.0-M21 (beta) available Mark Thomas
[ANNOUNCE] Apache Pekko Management 1.1.0-M1 released PJ Fanning
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.6 Chris Bono
[ANNOUNCE] Apache StreamPipes 0.95.0 Dominik Riemer
[ANNOUNCE] Apache James JSPF 1.0.4 released Benoit TELLIER
[ANNOUNCE] Apache Wicket 8.16.0 released Andrea Del Bene
[ANNOUNCE] Apache Curator 5.7.0 released tison
[ANNOUNCE] Apache Daffodil 3.8.0 Released Mike Beckerle
[ANNOUNCE] Apache Jackrabbit 2.22.0 released Julian Reschke
CVE-2024-25142: Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache Jarek Potiuk
CVE-2024-36265: Apache Submarine Server Core: authorization bypass Arnout Engelen
CVE-2024-36264: Apache Submarine Commons Utils: default secret Arnout Engelen
CVE-2024-36263: Apache Submarine Server Core: SQL injection Arnout Engelen
[ANNOUNCE] Apache Pekko Persistence JDBC 1.1.0-M1 released PJ Fanning
[ANNOUNCE] Apache Pekko gRPC 1.1.0-M1 released PJ Fanning
[ANNOUNCE] Apache Commons Configuration 2.11.0 Gary Gregory
[ANNOUNCE] Apache Commons Net 3.11.1 Gary Gregory
[ANNOUNCE] Release Apache OpenDAL 0.47.0 tison
[ANNOUNCE] Apache Allura 1.17.0 released Dave Brondsema
CVE-2024-36471: Apache Allura: sensitive information exposure via DNS rebinding David Philip Brondsema
[ANNOUNCE] Apache Airflow 2.9.2 Released Utkarsh Sharma
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.3.0 released David Jensen
[ANNOUNCE] Apache Airflow Providers prepared on June 07, 2024 are released Elad Kalif
[ANNOUNCE] Apache Lucene 9.11.0 released Benjamin Trent
[ANNOUNCE] Apache ServiceComb Java Chassis version 3.1.2 Released liubao
[ANNOUNCE] Apache Jackrabbit 2.21.27-beta released Julian Reschke
[ANNOUNCE] Apache Commons JEXL 3.4.0 Gary Gregory
- [ANNOUNCE] Apache Commons JEXL 3.4.0 Gary Gregory
[ANNOUNCE] Apache Pulsar Helm Chart version 3.4.1 Released Lari Hotari
[ANNOUNCE] Apache NetBeans 22 released Eric Barboni
[ANNOUNCE] Apache Commons JCS 3.2.1 Thomas Vandahl
CVE-2024-36104: Apache OFBiz: Path traversal leading to a RCE Jacques Le Roux
[ANNOUNCE] Apache Airflow Providers prepared on May 30, 2024 are released Elad Kalif
[ANNOUNCE] Apache Kyuubi released 1.9.1 Cheng Pan
[ANNOUNCE] Apache FreeMarker 2.3.33 is released Daniel Dekany
[ANNOUNCE] Apache Wicket 9.18.0 released Andrea Del Bene
[ANNOUNCE] Apache Wicket 10.1.0 released Andrea Del Bene
[ANNOUNCE] Apache Commons Net 3.11.0 Gary Gregory
[ANNOUNCE] Apache OFBiz 18.12.14 released Jacopo Cappellato
[ANNOUNCE] Release Apache Hop 2.9.0 Bart Maertens
[ANNOUNCE] Apache Airflow Providers prepared on May 26, 2024 are released Elad Kalif
[ANNOUNCE] Apache Solr 9.6.1 released Houston Putman
[ANNOUNCE] Apache Arrow nanoarrow 0.5.0 Released Dewey Dunnington
[ANNOUNCE] Apache Jackrabbit Oak 1.64.0 released Julian Reschke
[ANNOUNCE] Apache Pekko HTTP 1.1.0-M1 released PJ Fanning
[ANNOUNCE] Apache XMLBeans 5.2.1 release PJ Fanning
[ANN] Apache Maven 3.9.7 released Slawomir Jaranowski
[ANNOUNCE] Apache Impala 4.4.0 release Zoltán Borók-Nagy
[ANNOUNCE] Apache HBase 2.4.18 is now available for download Duo Zhang
[ANNOUNCEMENT] Commons Daemon 1.4.0 Released Mark Thomas
[ANNOUNCE] Apache Commons CLI Version 1.8.0 Gary Gregory
[ANN] Apache Syncope 3.0.7 Francesco Chicchiriccò
[ANNOUNCE] Apache YuniKorn v1.5.1 released Wilfred Spiegelenburg
[ANNOUNCE] Apache Arrow ADBC 12 released David Li
[ANNOUNCE] Hive 2.x EOL Ayush Saxena
[ANNOUNCE] Apache Arrow 16.1.0 released Raúl Cumplido
[ANNOUNCE] Apache Pekko 1.1.0-M1 released PJ Fanning
[ANNOUNCE] Apache NiFi MiNiFi C++ 0.99.0 release Gábor Gyimesi
[ANNOUNCE] Apache Sedona 1.6.0 released Jia Yu