announce  

Messages by Thread

• [ANNOUNCE] Apache Pulsar 4.1.0 released Cong Zhao
• [ANNOUNCE] Apache TsFile 1.1.2 released Haonan Hou
• [ANNOUNCE] Apache Bigtop 3.5.0 released Masatake Iwasaki
• [ANN] Apache Tomcat 9.0.109 available Rémy Maucherat
• [ANNOUNCE] Apache MINA SSHD 3.0.0-M1 released Thomas Wolf
• CVE-2025-48208: Apache HertzBeat (incubating): Jmx JNDI injection vulnerability Chao Gong
• CVE-2025-24404: Apache HertzBeat (incubating): RCE by parse http sitemap xml response Chao Gong
• CVE-2025-58782: Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory Marcel Reutegger
• [ANN] Apache Tomcat 11.0.11 Available Mark Thomas
• CVE-2025-30001: Apache StreamPark: Authenticated users can trigger remote command execution Huajie Wang
• [ANNOUNCE] Apache Kafka 4.1.0 Mickael Maison
• [ANNOUNCE] Apache Parquet Java 1.16.0 Gang Wu
• [ANNOUNCE] Apache Pekko (Core) 1.2.0 released PJ Fanning
• [ANNOUNCE] Release Apache Fory 0.12.1 Shawn Yang
• CVE-2024-43166: Apache DolphinScheduler: CWE-276 Incorrect Default Permissions Lidong Dai
• CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack Lidong Dai
• [ANNOUNCE] Apache APISIX Ingress controller v2.0.0-rc4 released Xin Rong
• [ANNOUNCEMENT] HttpComponents Core 5.3.5 GA released Oleg Kalnichevski
• [ANNOUNCE] Apache CloudStack CloudMonkey v6.5.0 Abhishek Kumar
• [ANNOUNCE] Apache SpamAssassin 4.0.2 available Giovanni Bechis
• [ANNOUNCE] Apache Qpid protonj2 1.0.0 released Timothy Bish
• [ANNOUNCE] Apache Qpid JMS 1.14.0 released Robbie Gemmell
• [ANNOUNCE] Apache Qpid JMS 2.8.0 released Robbie Gemmell
• [ANNOUNCE] Apache Cloudberry (Incubating) 2.0.0 Released Ed Espino
• [ANNOUNCE] Apache Groovy 5.0.0 Released! Paul King
• [ANNOUNCE] Apache NiFi API 2.3.0 Released Pierre Villard
• Apache MINA SSHD 2.16.0 released Thomas Wolf
• [ANNOUNCE] Apache MINA SSHD 2.16.0 released Thomas Wolf
• [ANNOUNCE] Apache log4net 3.2.0 released Jan Friedrich
• CVE-2025-54813: Apache Log4cxx: Improper escaping with JSONLayout Piotr Karwasz
• CVE-2025-54812: Apache Log4cxx: Improper HTML escaping in HTMLLayout Piotr Karwasz
• CVE-2024-48988: Apache StreamPark: SQL injection vulnerability Huajie Wang
• [ANNOUNCE] Apache flink-connector-kafka 4.0.1 release Fabian Paul
• [ANNOUNCE] Apache NetBeans 27 Released Neil C Smith
• [ANNOUNCE] Apache IoTDB 2.0.5 released Haonan Hou
• [ANNOUNCE] Apache Accumulo 2.1.4 Christopher
  • Re: [ANNOUNCE] Apache Accumulo 2.1.4 Christopher
• CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Tim Allison
• [ANNOUNCE] Apache Polaris (incubating) 1.0.1-incubating has been released! Jean-Baptiste Onofré
• [ANNOUNCE] Apache Camel 4.14.0 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache Karaf runtime 4.4.8 has been released! Jean-Baptiste Onofré
• [ANNOUNCE] Apache TomEE 10.1.1 Markus Jung
• CVE-2025-53192: Apache Commons OGNL: Expression Injection leading to RCE Arnout Engelen
• [ANNOUNCE] Apache Fory 0.12.0 released Shawn Yang
• [ANNOUNCE] Apache TsFile 2.1.1 released Haonan Hou
• [ANNOUNCE] Apache Airflow Providers prepared on August 12, 2025 are released Elad Kalif
• CVE-2025-55675: Apache Superset: Incorrect datasource authorization on REST API Daniel Gaspar
• CVE-2025-55674: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar
• CVE-2025-55672: Apache Superset: Store XSS on charts metadata Daniel Gaspar
• CVE-2025-55673: Apache Superset: Metadata exposure in embedded charts Daniel Gaspar
• [ANNOUNCE] Apache Jackrabbit Oak 1.84.0 released Julian Reschke
• [ANNOUNCE] Apache Traffic Server 10.1.0 Release Chris McFarlen
• [SECURITY] CVE-2025-55668 Apache Tomcat - Session fixation via rewrite valve Mark Thomas
• [SECURITY] CVE-2025-48989 Apache Tomcat - DoS in HTP/2 - Made You Reset Mark Thomas
• [ANNOUNCE] Apache Fory Graduates to Top-Level Project! Shawn Yang
• [ANNOUNCE] Apache Allura 1.18.0 released Dave Brondsema
• Apache Beam 2.67.0 Released! Vitalii Terentev
• CVE-2025-54472: Apache bRPC: Redis Parser Remote Denial of Service Wang Weibing
• [ANN] Apache Syncope 3.0.13 Francesco Chicchiriccò
• [ANN] Apache Syncope 4.0.1 Francesco Chicchiriccò
• [ANNOUNCE] Apache Airflow Providers prepared on August 07, 2025 are released Elad Kalif
• [ANNOUNCE] Apache Grails (incubating) 7.0.0-RC1 James Daugherty
• [ANNOUNCE] Apache YuniKorn v1.7.0 released Wilfred Spiegelenburg
• [ANNOUNCE] Apache Tika 3.2.2 released Tim Allison
• [ANN] Apache Tomcat 10.1.44 Available Christopher Schultz
• CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE Colm O hEigeartaigh
• CVE-2025-53606: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji
• [SECURITY] Upcoming updates to recent(ish)Tomcat CVEs Mark Thomas
• [ANN] Apache Tomcat 11.0.10 Available Mark Thomas
• [ANN] Apache Tomcat 9.0.108 available Rémy Maucherat
• Apache jclouds is now retired Niall Pemberton
  • Re: Apache jclouds is now retired tison
• [ANNOUNCE] Apache Groovy 5.0.0-rc-1 Released! Paul King
• [ANNOUNCE] Apache Pulsar Helm Chart version 4.2.0 Released Lari Hotari
• [ANNOUNCE] Apache bRPC 1.14.1 released Weibing Wang
• [ANNOUNCE] Apache Pulsar Go Client 0.16.0 released Zike Yang
• CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin Nicolas Malin
• [ANNOUNCE] Apache APISIX Ingress controller v2.0.0-rc3 released Xin Rong
• [ANNOUNCE] Apache OFBiz 24.09.02 released Nicolas Malin
• [ANNOUNCE] Apache Storm 2.8.2 Released Rui Abreu
• [ANNOUNCE] Apache log4cxx 1.5.0 released Stephen Webb
• [ANNOUNCE] Apache Grails (incubating) Plugins compatible with 7.0.0-M5 James Daugherty
• CVE-2024-51775: Apache Zeppelin: Command Injection via CSWSH PJ Fanning
• CVE-2024-41177: Apache Zeppelin: XSS in the Helium module PJ Fanning
• CVE-2024-52279: Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string PJ Fanning
• [ANNOUNCE] Apache Airflow Providers prepared on July 29, 2025 are released Elad Kalif
• [ANNOUNCE] Apache Jackrabbit 2.22.2 released Julian Reschke
• [ANNOUNCE] Apache Pulsar 4.0.6 released Lari Hotari
• [ANNOUNCE] Apache Pulsar 3.3.8 released Lari Hotari
• [ANNOUNCE] Apache Pulsar 3.0.13 released Lari Hotari
• [ANNOUNCE] Apache Ranger 2.7.0 released Madhan Neethiraj
• CVE-2025-24854: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin Juan Pablo Santos Rodríguez
• CVE-2025-24853: Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing Juan Pablo Santos Rodríguez
• [ANNOUNCE] Apache JSPWiki 2.12.3 released Juan Pablo Santos Rodríguez
• CVE-2025-54656: Apache Struts Extras: Improper Output Neutralization for Logs Arnout Engelen
• [ANNOUNCE] Apache Fortress 3.0.1 Released Shawn McKinney
• [ANNOUNCE] Apache Fineract 1.12.1 Release Adam Monsen
• [ANNOUNCE] Apache bRPC 1.14.0 released Weibing Wang
• [ANNOUNCE] Apache James MIME4J 0.8.13 released [email protected]
• [ANNOUNCE] Apache Kyuubi Shaded v0.6.0 is available Cheng Pan
• [ANNOUNCE] Apache Curator 5.9.0 released Kezhu Wang
• CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 Eric Covener
• [ANNOUNCEMENT] Apache HTTP Server 2.4.65 Released covener
• [ANNOUNCE] Apache Groovy 4.0.28 Released Paul King
• [ANNOUNCE] Apache Groovy 5.0.0-beta-2 Paul King
• [ANNOUNCE] Apache OpenNLP 2.5.5 released Martin Wiesner
• [ANNOUNCE] Apache NiFi 2.5.0 Released Pierre Villard
• [ANNOUNCE] Apache Arrow 21.0.0 released Bryce Mecum
• [ANNOUNCE] Apache Pulsar Client Python 3.8.0 released Yunze Xu
• [ANNOUNCE] Apache Pekko (Core) 1.2.0-M2 released PJ Fanning
• [ANNOUNCE] Apache Nutch 1.21 Release Sebastian Nagel
• CVE-2025-50151: Apache Jena: Configuration files uploaded by administrative users are not check properly Andy Seaborne
• CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI Andy Seaborne
• [ANN] Struts Annotations 2.0 Lukasz Lenart
• [ANNOUNCE] Apache Airflow 3.0.3 reference images rebuilt Jarek Potiuk
• [ANNOUNCE] Apache Commons IO 2.20.0 Gary Gregory
• [ANNOUNCE] Apache Airflow Providers prepared on July 17, 2025 are released Elad Kalif
• [ANNOUNCE] Apache Doris 3.0.6.1 released ChenMingyu
• [ANNOUNCE] Apache Pekko (Core) 1.1.5 released PJ Fanning
• [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.3.1 released David Jensen
• [ANNOUNCE] Apache Grails (incubating) 7.0.0-M5 James Daugherty
• [ANN] Apache Maven 3.9.11 released Slawomir Jaranowski
• CVE-2025-48795: Apache CXF: Denial of Service and sensitive data exposure in logs Colm O hEigeartaigh
• [ANNOUNCE] Apache HBase 2.6.3 is now available for download Duo Zhang
• [ANNOUNCE] Apache TsFile 2.1.0 released Colin Lee
• [ANNOUNCE] Apache NiFi API 2.2.0 Released David Handermann
• [IMPORTANT] [ANNOUNCE] Critical Vulnerability in Apache Jackrabbit Julian Reschke
• [ANNOUNCE] Apache Jackrabbit 2.20.17 released Julian Reschke
• [ANNOUNCE] Apache Jackrabbit 2.22.1 released Julian Reschke
• [ANNOUNCE] Apache Jackrabbit 2.23.2-beta released Julian Reschke
• CVE-2025-53689: Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons Julian Reschke
• [ANNOUNCE] Apache Wicket 10.6.0 released Andrea Del Bene
• https://issues.apache.org/jira/browse/ZEPPELIN-6101: CVE-2024-41169: Apache Zeppelin: raft directory listing and file read PJ Fanning
• [ANNOUNCE] Apache Airflow Providers prepared on July 08, 2025 are released Elad Kalif
• [ANNOUNCE] Apache Log4j `2.25.1` released Piotr P. Karwasz
• [ANNOUNCE] Apache Pulsar Client C++ 3.7.2 released Yunze Xu
  • [ANNOUNCE] Apache Pulsar Client C++ 3.7.2 released Yunze Xu
• [ANNOUNCE] Apache APISIX Ingress controller v2.0.0-rc2 released Xin Rong
• [ANNOUNCE] Apache Commons Lang 3.18.0 Gary Gregory
• [ANNOUNCE] Apache KIE (Incubating) 10.1.0 released Alex Porcelli
• [ANNOUNCEMENT] Apache HTTP Server 2.4.64 Released covener
• CVE-2025-48924: Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs Gary D. Gregory
• [SECURITY] CVE-2025-53506 Apache Tomcat - DoS in HTP/2 Mark Thomas
  • [SECURITY] CVE-2025-53506 Apache Tomcat - DoS in HTP/2 Mark Thomas
• [SECURITY] CVE-2025-52520 Apache Tomcat - DoS in multipart upload Mark Thomas
  • [SECURITY] CVE-2025-52520 Apache Tomcat - DoS in multipart upload Mark Thomas
• [SECURITY] CVE-2025-52434 Apache Tomcat -APR/native Connector crash leading to DoS Mark Thomas
• CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase Eric Covener
• CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack Eric Covener
• CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service Eric Covener
• CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption Eric Covener
• CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping Eric Covener
• CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths Eric Covener
• CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header Eric Covener
• CVE-2024-42516: Apache HTTP Server: HTTP response splitting Eric Covener
• [ANNOUNCE] Release Apache Fory(incubating) 0.11.2 Pan Li
• [ANNOUNCE] Apache Tika 3.2.1 released Tim Allison
• [ANNOUNCE] Apache Commons Validator 1.10.0 Gary Gregory
• [ANNOUNCE] Apache IoTDB 2.0.4 released Haonan Hou
• [ANNOUNCE] Apache Camel 4.13.0 Released Gregor Zurowski
• [ANNOUNCE] Apache Arrow Swift 21.0.0 released Sutou Kouhei
• [ANNOUNCE] Apache Arrow ADBC 19 Released David Li
• [ANNOUNCE] Apache Airflow Providers prepared on July 03, 2025 are released Elad Kalif
• [ANN] Apache Tomcat 9.0.107 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.9 Available Mark Thomas
• [ANN] Apache Tomcat 10.1.43 Available Christopher Schultz
• [ANNOUNCE] Apache Arrow JS 21.0.0 released Sutou Kouhei
• [ANNOUNCE] Apache Pulsar Node.js client 1.14.0 released Baodi Shi
• [ANNOUNCE] Apache Jackrabbit Oak 1.82.0 released Julian Reschke
• CVE-2025-46647: Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect Junxu Chen
• [SECURITY] CVE-2024-35164: Apache Guacamole: Improper input validation of console codes Michael Jumper
• [ANNOUNCE] Apache APISIX Ingress controller v2.0.0-rc1 released Xin Rong
• CVE-2024-39954: Apache EventMesh Runtime: SSRF Xue Weiming
  • Re: CVE-2024-39954: Apache EventMesh Runtime: SSRF Eason Chen
• [ANNOUNCE] Apache Drill 1.22.0 Released James Turton
• CVE-2025-32897: Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server Min Ji
• [ANNOUNCE] Apache APISIX 3.13.0 has been released. Ashish Tiwari
• [ANNOUNCE] Apache Camel 4.10.6 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache StormCrawler 3.4.0 released Richard Zowalla
• [ANNOUNCE] Apache Camel 4.8.8 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache Camel Karaf 4.10.5 released Jean-Baptiste Onofré
• [ANN] Maven 4.0.0-rc-4 released ! Guillaume Nodet
• [ANNOUNCE] Apache Ratis 3.2.0 Release Xinyu Tan
• [ANNOUNCE] Apache Guacamole 1.6.0 released Michael Jumper
• CVE-2025-50213: Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator Elad Kalif
• [ANNOUNCE] Apache Airflow Providers prepared on June 20, 2025 are released Elad Kalif
• [ANN] Apache ActiveMQ Classic 6.1.7 has been released! Jean-Baptiste Onofré
• [ANNOUNCE] Apache Lucene 10.2.2 released Chris Hegarty
• [ANNOUNCE] Apache Lucene 9.12.2 released Chris Hegarty
• [ANNOUNCE] Apache Gluten (Incubating) 1.4.0 available WeitingChen
• [ANNOUNCE] Apache Grails (incubating) Plugins - Redis 5.0.0-M4 & Spring Security 7.0.0-M4 James Fredley
• [ANNOUNCE] Apache Airflow Providers prepared on June 15, 2025 are released Elad Kalif
• [ANNOUNCE] Apache Traffic Server 10.0.6 Release Chris McFarlen
• [ANNOUNCE] Apache Daffodil SBT Plugin 1.4.0 Released Josh Adams
• [ANNOUNCE] Apache Daffodil 3.11.0 Released Josh Adams
• [ANNOUNCE] Release Apache Fory(incubating) 0.11.0 Shawn Yang
• [ANN] Apache TomEE 10.1.0 Richard Zowalla
• [ANNOUNCE] Apache Log4j `2.25.0` released Piotr P. Karwasz
• CVE-2025-48976: Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers Gary D. Gregory
• [ANNOUNCE] Apache Commons FileUpload 2.0.0-M4 Gary Gregory

• Earlier messages
• Later messages