announce  

Messages by Thread

• CVE-2025-27888: Apache Druid: Server-Side Request Forgery and Cross-Site Scripting Adarsh Sanjeev
• CVE-2024-54016: compression bomb attack in Apache Seata Server Min Ji
• CVE-2024-47552: Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server Min Ji
• CVE-2025-27018: Apache Airflow MySQL Provider: SQL injection in MySQL provider core function Elad Kalif
• [ANNOUNCE] Apache YuniKorn v1.6.2 released Wilfred Spiegelenburg
• [ANNOUNCE] Apache Kafka 4.0.0 David Jacot
• [ANNOUNCE] Apache CouchDB 3.4.3 released Jan Lehnardt
• [ANNOUNCE] Apache Arrow Go v18.2.0 Released Matt Topol
• [ANNOUNCE] Apache BVal 3.0.2 Markus Jung
• [ANNOUNCE] Apache Calcite 1.39.0 released Stamatis Zampetakis
• [ANNOUNCE] Apache James JSPF 1.0.5 released Rene Cordier
• [ANNOUNCE] Apache Geronimo Java Mail 2.1_1.0.1 Francois Papon
• [ANN] Apache Maven Daemon 2.0.0-rc-3 released Guillaume Nodet
• [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.2.1 released David Jensen
• [ANNOUNCE] Apache Pulsar Helm Chart version 4.0.0 Released Lari Hotari
• [ANN] Apache Maven 4.0.0-rc-3 released Guillaume Nodet
• [ANNOUNCE] Apache Airflow Providers prepared on March 09, 2025 are released Elad Kalif
• [ANNOUNCE] Apache James JDKIM 0.4 released Rene Cordier
• FELIX-6753: CVE-2025-27867: Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin Carsten Ziegeler
• CVE-2025-29891: Apache Camel: Camel Message Header Injection through request parameters Andrea Cosentino
• [ANNOUNCE] Apache Pulsar Node.js client 1.13.1 released Baodi Shi
• [ANNOUNCE] Apache Solr 9.8.1 released Houston Putman
• [ANN] Apache Syncope 4.0.0-M1 Francesco Chicchiriccò
• [SECURITY] CVE-2025-24813 Potential RCE and/or information disclosure and/or information corruption with partial PUT Mark Thomas
• [ANN] Apache Syncope 3.0.11 Francesco Chicchiriccò
• [ANN] Apache ActiveMQ Classic 5.19.0 has been released! Jean-Baptiste Onofré
• CVE-2025-27017: Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record Pierre Villard
• [ANNOUNCE] Apache NiFi 2.3.0 Released Pierre Villard
• [ANN] Apache ActiveMQ Classic 6.1.6 has been released! Jean-Baptiste Onofré
• Fwd: Announcing Fineract Release 1.11.0 James Dailey
• [ANNOUNCE] Apache Camel 3.22.4 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache Camel 4.10.2 (LTS) Released Gregor Zurowski
• CVE-2025-27636: Apache Camel: Camel Message Header Injection via Improper Filtering Andrea Cosentino
• [ANNOUNCE] Apache Pulsar Client Python 3.6.1 released Yunze Xu
• [ANNOUNCE] Apache Camel 4.8.5 (LTS) Released Gregor Zurowski
• CVE-2025-26865: Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE Jacques Le Roux
• [ANNOUNCE] Apache OFBiz 18.12.18 released Jacopo Cappellato
• [ANNOUNCE] Apache Pekko Projection 1.1.0 released PJ Fanning
• [ANNOUNCE] Apache Arrow ADBC 17 Released David Li
• [ANNOUNCE] Apache Curator 5.8.0 released tison
• [ANN] Apache Tomcat 9.0.102 available Rémy Maucherat
• [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.2.0 released David Jensen
• [ANNOUNCE] Apache Traffic Server 10.0.4 Release Chris McFarlen
• [ANN] Apache Struts 6.7.4 Lukasz Lenart
• [ANNOUNCE] Apache Calcite Avatica Go 5.4.0 released Francis Chuang
• [ANNOUNCE] Apache Pulsar Node.js client 1.13.0 released Baodi Shi
• [ANNOUNCE] Apache Camel 4.10.1 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache Camel 4.8.4 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache Impala 4.5.0 release Peter Rozsa
• [ANNOUNCEMENT] Apache CloudStack 4.19.2.0 release Daan Hoogland
• CVE-2024-55532: Apache Ranger: Improper Neutralization of Formula Elements in a CSV File Velmurugan Periasamy
• CVE-2024-24778: Apache StreamPipes: Resources Permission Escalation Philipp Zehnder
• [ANN] Apache Struts 7.0.3 Lukasz Lenart
• [ANNOUNCE] Apache log4cxx 1.4.0 released Stephen Webb
• [ANNOUNCE] Apache Gluten (Incubating) 1.2.0 available WeitingChen
• [ANNOUNCE] Apache Qpid Broker-J 9.2.1 released Tomas Vavricka
• [ANNOUNCE] Apache Gluten (Incubating) 1.3.0 available WeitingChen
• [ANNOUNCE] Apache Pulsar 3.3.5 released Lari Hotari
• [ANNOUNCE] Apache Doris 3.0.4 release ChenMingyu
• [ANNOUNCE] Apache Groovy 4.0.26 Released Paul King
• [ANNOUNCE] Apache Pulsar 4.0.3 released Lari Hotari
• [ANNOUNCE]] Apache Groovy 3.0.24 Released Paul King
• [ANNOUNCE] Apache Pulsar 3.0.10 released Lari Hotari
• [ANNOUNCE] Apache Gluten (Incubating) 1.2.1 available WeitingChen
• CVE-2025-27531: Apache InLong: An arbitrary file read vulnerability for JDBC Charles Zhang
• [ANNOUNCE] Release Apache Hop 2.12.0 Bart Maertens
• [ANNOUNCE] Apache Airflow Providers prepared on February 21, 2025 are released Elad Kalif
• [ANNOUNCE] Apache MINA SSHD 2.15.0 released Guillaume Nodet
• [ANNOUNCE] Apache Ignite 3.0 released Pavel Tupitsyn
• [ANNOUNCEMENT] Apache SkyWalking Satellite 1.3.0 Released han liu
• [ANNOUNCE] Apache Calcite Avatica 1.26.0 Released Francis Chuang
• [ANNOUNCE] Apache HBase 2.6.2 is now available for download Duo Zhang
• [ANNOUNCE] Apache NetBeans 25 Released Eric Barboni
• [ANNOUNCE] Apache Arrow Java 18.2.0 released Jean-Baptiste Onofré
• [ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M11 released Timothy Bish
• [ANNOUNCE] Apache Qpid protonj2 1.0.0-M23 released Timothy Bish
• [ANNOUNCE] Apache Arrow 19.0.1 released Bryce Mecum
• [ANNOUNCE] Apache Flink 1.19.2 released Alexander Fedulov
• [ANNOUNCE] Apache Flink 1.20.1 released Alexander Fedulov
• [ANNOUNCE] Apache Qpid JMS 2.7.0 released Robbie Gemmell
• [ANNOUNCE] Apache Qpid JMS 1.13.0 released Robbie Gemmell
• Apache StreamPipes 0.97.0 Philipp Zehnder
• [ANN] Apache Apache Maven Clean Plugin 3.4.1 Released Slawomir Jaranowski
• [ANNOUNCEMENT] HttpComponents Client 5.5 alpha1 Released Oleg Kalnichevski
• [ANNOUNCE] Apache Pekko (Core) 1.2.0-M1 released PJ Fanning
• [ANN] Apache Tomcat 9.0.100 available Rémy Maucherat
• [ANNOUNCE] Apache Ranger 2.6.0 released Madhan Neethiraj
• [ANNOUNCE] Apache IoTDB 2.0.1-beta released Haonan Hou
  • [ANNOUNCE] Apache IoTDB 2.0.1-beta released Haonan Hou
• [ANN] Apache Tomcat 11.0.4 Available Mark Thomas
• [ANNOUNCE] Apache Commons VFS Project 2.10.0 Gary Gregory
• Apache WSS4J 4.0.0 released Colm O hEigeartaigh
• [ANNOUNCE] Apache Ignite 2.17.0 Released Nikita Amelchev
• CVE-2024-56180: Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution Xue Weiming
• CVE-2024-52577: Apache Ignite: Possible RCE when deserializing incoming messages by the server node Nikita Amelchev
• [ANNOUNCE] Apache Commons BeanUtils 1.10.1 Gary Gregory
• [ANNOUNCE] Apache Jackrabbit Oak 1.76.0 released Julian Reschke
• CVE-2024-46910: Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user Madhan Neethiraj
• [ANNOUNCE] Apache ManifoldCF SDK 1.0.2 released Piergiorgio Lucidi
• CVE-2024-32838: Apache Fineract: SQL injection vulnerabilities in offices API endpoint Arnout Engelen
• [ANNOUNCE] Apache flink-connector-hive 3.0.0 released Sergey Nuyanzin
• CVE-2025-26467: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) Paulo Motta
• [ANNOUNCE] Apache Camel 4.10.0 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache Hudi 1.0.1 released Sivabalan
• [ANN] Apache Tomcat 11.0.3 Available Mark Thomas
• [ANN] Apache Tomcat 9.0.99 available Rémy Maucherat
• [ANNOUNCE] Apache Airflow 2.10.5 Released Utkarsh Sharma
• [ANNOUNCE] Apache TsFile 2.0.1 released Haonan Hou
• FELIX-6751: CVE-2025-25247: Apache Felix Webconsole: XSS in services console Carsten Ziegeler
• [ANNOUNCE] Apache Airflow Providers prepared on February 04, 2025 Jarek Potiuk
• [ANNOUNCE] Apache Zeppelin 0.12.0 available Jongyoul Lee
• [ANNOUNCE] Apache Commons Logging 1.3.5 Gary Gregory
• CVE-2025-25069: Apache Kvrocks: Cross-Protocol Scripting Vulnerability Mingyang Liu
• [ANNOUNCE] Release Apache OpenDAL v0.51.2 tison
• [ANNOUNCE] Apache Tika 2.9.3 released Tim Allison
• [ANNOUNCE] Apache NiFi MiNiFi C++ 0.99.1 release Marton Szasz
• [ANNOUNCE] Apache James 3.7.6 released Benoit TELLIER
• [ANNOUNCE] Apache James 3.8.2 released Benoit TELLIER
• CVE-2024-45626: Apache James: denial of service through JMAP HTML to text conversion Benoit Tellier
• CVE-2024-37358: Apache James: denial of service through the use of IMAP literals Benoit Tellier
• [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.1.0 released David Jensen
• CVE-2024-48019: Apache Doris: allows admin users to read arbitrary files through the REST API Mingyu Chen
• CVE-2025-24860: Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Paulo Motta
• CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Paulo Motta
  • Re: CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Paulo Motta
• CVE-2024-27137: Apache Cassandra: unrestricted deserialization of JMX authentication credentials Paulo Motta
• [ANNOUNCEMENT] HttpComponents Client 5.4.2 GA Released Oleg Kalnichevski
• [ANNOUNCE] Apache YuniKorn v1.6.1 released Wilfred Spiegelenburg
• [ANNOUNCE] Apache FtpServer 1.2.1 released Emmanuel Lecharny
• [ANNOUNCE] Apache Tika 3.1.0 released Tim Allison
• [ANNOUNCE] Apache Pulsar Helm Chart version 3.9.0 Released Lari Hotari
• [ANNOUNCE] Apache Wicket 8.17.0 released Andrea Del Bene
• [ANNOUNCE] Apache Traffic Server 10.0.3 Release Chris McFarlen
• [ANNOUNCE] Apache jclouds 2.7.0 released Andrew Gaul
• [ANNOUNCEMENT] HttpComponents Core 5.3.3 GA released Oleg Kalnichevski
• [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.0.0 released David Jensen
• CVE-2024-29869: Apache Hive: Credentials file created with non restrictive permissions Ayush Saxena
• [ANNOUNCE] Apache Commons Codec 1.18.0 Gary Gregory
• [ANNOUNCE] Apache Commons Pool 2.12.1 Gary Gregory
• CVE-2024-23953: Apache Hive: Timing Attack Against Signature in LLAP util Ayush Saxena
• [ANNOUNCE] Apache NiFi 2.2.0 Released Pierre Villard
• [ANNOUNCE] Apache Wicket 9.20.0 released Andrea Del Bene
• [ANNOUNCE] Apache Airflow Providers prepared on January 26, 2025 are released Elad Kalif
• CVE-2025-24783: Apache Cocoon: continuations may not be private Arnout Engelen
• [ANNOUNCE] Apache Pulsar Client Python 3.6.0 released Yunze Xu
• [ANNOUNCE] Apache Dubbo Python 3.0.0b1 released Albumen Kevin
  • [ANNOUNCE] Apache Dubbo Python 3.0.0b1 released Albumen Kevin
• [ANNOUNCE] Apache Gravitino (Incubating) 0.8.0 available Fanng
• [ANNOUNCE] Release Apache Kvrocks 2.11.0 Twice
• [ANNOUNCE] Apache Storm 2.8.0 Released Rui Abreu
• CVE-2024-52012: Apache Solr: Configset upload on Windows allows arbitrary path write-access Jason Gerlowski
• CVE-2025-24814: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files Jason Gerlowski
• [ANNOUNCE] Apache Groovy 4.0.25 Released Paul King
• [ANNOUNCE] Apache Groovy 5.0.0-alpha-12 released Paul King
• [ANNOUNCE] Apache Wicket 10.4.0 released Andrea Del Bene
• [ANN] Apache ActiveMQ Classic 6.1.5 has been released! Jean-Baptiste Onofré
• [ANNOUNCE] Apache Arrow 19.0.0 released Bryce Mecum
• [ANNOUNCEMENT] Apache HTTP Server 2.4.63 Released jim
• [ANNOUNCE] Apache Solr 9.8.0 released Anshum Gupta
• [ANNOUNCE] Apache PDFBox 3.0.4 released Andreas Lehmkühler
• [ANNOUNCE] Apache bRPC 1.12.1 released Guangming Chen
• [ANNOUNCE] Apache Solr Operator v0.9.0 released Jason Gerlowski
• CVE-2024-53299: Apache Wicket: An attacker can intentionally trigger a memory leak Pedro Henrique Oliveira dos Santos
• [ANNOUNCE] Apache Camel 4.4.5 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache TsFile 2.0.0 released Haonan Hou
• CVE-2024-51941: Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts Viraj Jasani
• CVE-2025-23196: Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition Viraj Jasani
• CVE-2025-23195: Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie Viraj Jasani
• CVE-2024-45479: Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost Velmurugan Periasamy
• CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input Velmurugan Periasamy
• [ANNOUNCE] Apache Daffodil 3.10.0 Released Josh Adams
• [ANNOUNCE] Apache Pekko Persistence Cassandra 1.1.0 released PJ Fanning
• [ANNOUNCE] Release Apache SeaTunnel 2.3.9 Lucifer Tyrant
• [ANNOUNCE] Apache Flink CDC 3.3.0 released Hang Ruan
• [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.9 Mark Thomas
• [ANNOUNCE] Apache Arrow ADBC 16 Release David Li
• [ANNOUNCE] Apache Pulsar 4.0.2 released Lari Hotari
• CVE-2025-23184: Apache CXF: Denial of Service vulnerability with temporary files Colm O hEigeartaigh
• [ANNOUNCE] Apache Pulsar 3.0.9 released Lari Hotari
• [ANNOUNCE] Apache Pulsar 3.3.4 released Lari Hotari
• [ANNOUNCEMENT] Apache SkyWalking Ruby 0.1.0 Released Zixin Zhou
• [ANNOUNCE] Apache ShenYu 2.7.0 available Hongyu Liu
• [ANNOUNCE] Apache Commons BeanUtils 2.0.0-M1 (now with download link) Gary Gregory
• [ANN] Apache Sling 13 Released Stefan Seifert
• [ANNOUNCE] Release Apache InLong 2.1.0 黄文伟
• [ANNOUNCE] Apache ManifoldCF 2.28 released Piergiorgio Lucidi
• [ANNOUNCE] Apache PDFBox 2.0.33 released Andreas Lehmkühler
• [ANNOUNCE] Apache Pekko Connectors 1.1.0 released PJ Fanning
• [ANNOUNCE] Apache Jackrabbit Oak 1.74.0 released Julian Reschke
• [ANNOUNCE] Apache bRPC 1.12.0 released Guangming Chen
• [ANNOUNCE] Apache Pulsar Client C++ 3.7.0 released Yunze Xu
• [ANNOUNCE] Apache Arrow Go v18.1.0 Released David Li
• [ANNOUNCEMENT] HttpComponents Core 5.3.2 GA released Oleg Kalnichevski
• CVE-2024-45627: Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability Heping Wang
• CVE-2025-22828: Apache CloudStack: Unauthorised access to annotations Nux
• Apache Streams is now retired Hervé Boutemy
• [ANNOUNCE] Apache Camel 4.8.3 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache OpenNLP 2.5.3 released Richard Zowalla
• [ANNOUNCE] Apache James MIME4J 0.8.12 released Benoit TELLIER
• [ANNOUNCE] Apache Pekko (Core) 1.1.3 released PJ Fanning

• Earlier messages
• Later messages