announce
Thread
Date
Earlier messages
Later messages
Messages by Thread
CVE-2023-30428: Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer
Dave Fisher
CVE-2023-36543: Apache Airflow: ReDoS via dags function
Ephraim Anierobi
CVE-2022-46651: Apache Airflow: Security vulnerability on AirFlow Connections
Ephraim Anierobi
CVE-2023-22887: Apache Airflow path traversal by authenticated user
Ephraim Anierobi
CVE-2023-35908: Apache Airflow: Access to DAGs without relevant permission
Ephraim Anierobi
[ANNOUNCE] Release Apache Kvrocks 2.5.0
Colin Chamber
[ANN] Apache Tomcat 11.0.0-M9 (alpha) available
Mark Thomas
[ANNOUNCE] Apache Airflow 2.6.3 Released
Ephraim Anierobi
[ANN] Apache Tomcat 8.5.91 available
Christopher Schultz
[ANN] Apache Tomcat 10.1.11 available
Christopher Schultz
[ANNOUNCE] Airflow Providers prepared on July 09, 2023 are released
Elad Kalif
[ANN] Apache Tomcat 9.0.78 available
Rémy Maucherat
[ANNOUNCE] Apache JMeter 5.6.1 released
Milamber
CVE-2022-45855: Apache Ambari: Allows authenticated metrics consumers to perform RCE
Brahma Reddy Battula
CVE-2022-42009: Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application.
Brahma Reddy Battula
[ANN] Apache Syncope 3.0.4
Francesco Chicchiriccò
[ANNOUNCE] Apache Pulsar Go Client 0.11.0 released
Zike Yang
[ANNOUNCE] Apache Pulsar Node.js client 1.9.0 released
Baodi Shi
[ANN] Apache Struts 6.2.0
Lukasz Lenart
[ANNOUNCE] Apache Uniffle (Incubating) 0.7.1 available
Jiafu Zhang
[ANNOUNCE] Airflow Providers prepared on July 06, 2023 are released
Elad Kalif
[ANNOUNCE] Apache DataFu-Spark 1.8.0 Released
Eyal Allweil
CVE-2023-35887: Apache MINA SSHD: Information disclosure bugs with RootedFilesystem
Guillaume Nodet
[ANNOUNCE] Apache EventMesh 1.9.0 available
mikexue
CVE-2023-34150: Apache Any23: Possible excessive allocation of resources reading input.
Arnout Engelen
[ANNOUNCE] Apache Camel 4.0.0-RC1 Released
Gregor Zurowski
[ANNOUNCE] Apache APISIX 3.4.0 has been released
Xin Rong
[ANN] Apache ActiveMQ 5.17.5 has been released!
Jean-Baptiste Onofré
[ANNOUNCEMENT] Apache SkyWalking BanyanDB 0.4.0 Released
Hongtao Gao
[ANN] Apache ActiveMQ 5.18.2 has been released!
Jean-Baptiste Onofré
CVE-2023-35797: Apache Airflow Hive Provider Beeline RCE with Principal
Elad Kalif
[ANNOUNCE] Apache PDFBox 2.0.29 released
Andreas Lehmkühler
Apache OODT is now retired
Hervé Boutemy
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M16 released
Timothy Bish
[ANNOUNCE] Apache Qpid JMS 2.4.0 released
Robbie Gemmell
Re: failure notice
Xin Rong
[ANNOUNCE] Apache Camel 3.21.0 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache Groovy 3.0.18 Released
Paul King
[ANNOUNCE] Apache flink-connector-jdbc 3.1.1 released
Martijn Visser
[ANNOUNCE] Apache Groovy 4.0.13 Released
Paul King
[ANNOUNCE] Apache Airflow Helm Chart version 1.10.0 Released
Jedidiah Cunningham
Fwd: [ANNOUNCE] Apache Hadoop 3.3.6 release
Ayush Saxena
[ANNOUNCE] Apache Daffodil 3.5.0 Released
Steve Lawrence
CVE-2023-35798: Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability
Elad Kalif
CVE-2023-22886: Apache Airflow JDBC Provider: RCE Vulnerability
Elad Kalif
CVE-2023-34395: Apache Airflow ODBC Provider: Remote code execution vulnerability
Elad Kalif
[ANNOUNCE] Apache Lucene 9.7.0 released
Adrien Grand
Fwd: [ANNOUNCE] Apache Sedona 1.4.1 released
Jia Yu
[ANNOUNCEMENT] Apache SkyWalking CLI 0.12.0 Released
han liu
[ANNOUNCEMENT] Apache SkyWalking Rover 0.5.0 Released
han liu
[ANNOUNCEMENT] Apache SkyWalking Satellite 1.2.0 Released
han liu
[ANNOUNCE] Apache Arrow nanoarrow 0.2.0 Released
Dewey Dunnington
[ANNOUNCE] Apache JMeter 5.6 released
Milamber
[ANNOUNCE] Airflow Providers prepared on June 20, 2023 are released
Elad Kalif
CVE-2023-31469: Apache StreamPipes: Privilege escalation through non-admin user
Dominik Riemer
[ANNOUNCE] Apache StreamPipes 0.92.0
Philipp Zehnder
[ANNOUNCE] Apache Log4j 3.0.0-alpha1 released
Ralph Goers
[ANNOUNCE] Apache Commons Codec 1.16.0
Gary Gregory
[SECURITY] CVE-2023-34981 Apache Tomcat - Information disclosure
Mark Thomas
CVE-2023-34340: Apache Accumulo: Accumulo 2.1.0 may incorrectly validate cached credentials
Christopher Tubbs
[ANNOUNCE] Apache Accumulo 2.1.1
Christopher
[ANNOUNCE] Apache Arrow ADBC 0.5.0 released
David Li
[ANNOUNCE] Apache Camel 3.20.6 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache Camel 3.14.9 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache NiFi NAR Maven Plugin 1.5.1 release
Nandor Soma Abonyi
[ANNOUNCE] Apache SkyWalking 9.5.0 released
Sheng Wu
CVE-2023-35005: Apache Airflow: Information disclosure on configuration view
Elad Kalif
[ANNOUNCE] Apache Arrow 12.0.1 released
Raúl Cumplido
[ANNOUNCE] Apache Wicket 10.0.0-M1 released
Andrea Del Bene
[ANNOUNCE] Apache Airflow 2.6.2 Released
Elad Kalif
[ANNOUNCE] Apache Camel 3.18.8 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Release Apache Hop 2.5.0
Bart Maertens
[ANNOUNCE] Apache YuniKorn v1.3.0 released
Wilfred Spiegelenburg
[ANNOUNCE] Apache Kafka 3.5.0
Mickael Maison
[ANNOUNCE] Apache IoTDB 1.1.1 released
Haonan Hou
[ANNOUNCE] Apache IoTDB 1.1.1 released
Haonan Hou
S2-064: CVE-2023-34396: Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms
Yasser Zamani
S2-063: CVE-2023-34149: Apache Struts: DoS via OOM owing to not properly checking of list bounds
Yasser Zamani
[ANN] Apache Struts 6.1.2.1
Lukasz Lenart
[ANN] Apache Struts 2.5.31
Lukasz Lenart
[ANN] Apache TomEE 9.1.0
Richard Zowalla
[ANN] Apache Tomcat 10.1.10 available
Christopher Schultz
[ANN] Apache Tomcat 8.5.90 available
Christopher Schultz
[ANNOUNCE] Apache Traffic Server 9.2.1 and 8.1.7 are Released
Bryan Call
[ANNOUNCE] Apache Traffic Server 9.2.1 and 8.1.7 are Released
Bryan Call
CVE-2023-34468: Apache NiFi: Potential Code Injection with Database Services using H2
David Handermann
CVE-2023-34212: Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components
David Handermann
[ANNOUNCE] MyFaces Core v4.0.1 Release
Volodymyr Siedlecki
[ANNOUNCE] Apache NiFi 1.22.0 release.
Joe Witt
[ANNOUNCE] Apache Commons 2.13.0
Gary Gregory
[ANN] Apache Tomcat 9.0.76 available
Rémy Maucherat
[ANN] Apache Maven Build Cache extension 1.0.1
Olivier Lamy
[ANNOUNCE] Apache HBase 3.0.0-alpha-4 is now available for download
Duo Zhang
[ANN] Apache Tomcat 11.0.0-M7 (alpha) available
Mark Thomas
[ANNOUNCE] Apache Kafka 3.4.1
Luke Chen
[SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer
Michael Jumper
[SECURITY] CVE-2023-30575: Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths
Michael Jumper
[ANNOUNCE] Apache Qpid Proton 0.39.0 released
Robbie Gemmell
[ANNOUNCE] Apache Pulsar Client Python 3.2.0 released
Yunze Xu
[ANNOUNCE] Apache MINA 2.2.2, 2.1.7 and 2.0.24 released
Emmanuel Lecharny
[ANNOUNCEMENT] Apache SkyWalking Go 0.1.0 Released
han liu
[ANN] Apache Tomcat Native 1.2.37 released
Mark Thomas
[ANN] Apache Tomcat Native 2.0.4 released
Mark Thomas
[ANNOUNCE] Apache OFBiz 18.12.08 released
Jacopo Cappellato
[ANNOUNCE] Apache Serf 1.3.10 released
Evgeny Kotkov
[ANNOUNCE] ATS 10 Hackathon 6/8/23
Bryan Call
[ANNOUNCE] Release Apache DolphinScheduler 3.0.6
Jay Chung
[ANNOUNCE] Apache Camel 3.14.8 (LTS) Released
Gregor Zurowski
CVE-2023-30601: Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
Marcus Eriksson
[ANNOUNCE] Apache Wicket 9.14.0 released
Andrea Del Bene
[ANNOUNCE] Airflow Providers prepared on May 24, 2023 are released
Elad Kalif
[ANNOUNCE] Apache Guacamole 1.5.2 released
Michael Jumper
CVE-2023-33234: Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration
Elad Kalif
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M9 released
Timothy Bish
[ANNOUNCE] Apache Camel 3.20.5 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache Camel 3.18.7 (LTS) Released
Gregor Zurowski
CVE-2022-46907: Apache JSPWiki Cross-site scripting on several plugins
Juan Pablo Santos Rodríguez
[ANNOUNCE] Apache JSPWiki 2.12.0 released
Juan Pablo Santos Rodríguez
CVE-2023-33246: Apache RocketMQ: RocketMQ may have a remote code execution vulnerability when using the update configuration function
Rongtong Jin
[ANNOUNCE] Airflow Providers prepared on May 19, 2023 are released
Elad Kalif
[ANNOUNCE] Apache Qpid JMS 2.3.0 released
Robbie Gemmell
[ANNOUNCE] Apache Qpid JMS 1.9.0 released
Robbie Gemmell
[SECURITY] CVE-2023-28709 Apache Tomcat - Fix for CVE-2023-24998 was incomplete
Mark Thomas
[ANNOUNCE] Apache Kyuubi Shaded released 0.1.0
Cheng Pan
CVE-2023-31454: Apache InLong: IDOR make users can bind any cluster
Charles Zhang
CVE-2023-31453: Apache InLong: IDOR make users can delete others' subscription
Charles Zhang
CVE-2023-31206: Apache InLong: Attackers can change the immutable name and type of nodes
Charles Zhang
CVE-2023-31103: Apache InLong: Attackers can change the immutable name and type of cluster
Charles Zhang
CVE-2023-31101: Apache InLong: Users who joined later can see the data of deleted users
Charles Zhang
CVE-2023-31098: Apache InLong: Weak Password Implementation in InLong
Charles Zhang
CVE-2023-31066: Apache InLong: Insecure direct object references for inlong sources
Charles Zhang
CVE-2023-31065: Apache InLong: Insufficient Session Expiration in InLong
Charles Zhang
CVE-2023-31064: Apache InLong: Insecurity direct object references cancelling applications
Charles Zhang
CVE-2023-31062: Apache InLong: Privilege escalation vulnerability for InLong
Charles Zhang
CVE-2023-31058: Apache InLong: JDBC URL bypassing by adding blanks
Charles Zhang
[ANN] Apache Tomcat 8.5.89 available
Christopher Schultz
[ANNOUNCE] Apache XBean 4.23 release
fpapon
[ANNOUNCE] Apache Jackrabbit 2.16.x deprecated
Julian Reschke
[ANNOUNCEMENT] Apache Commons IO 2.12.0
Gary Gregory
[ANNOUNCE] Apache SDAP (incubating) 1.1.0 Released
Nga Chung
[ANNOUNCE] Apache Airflow 2.6.1 Released
Ephraim Anierobi
[ANNOUNCE] Apache Pulsar Client C++ 3.2.0 released
Yunze Xu
[ANN] Apache TomEE 8.0.15
Richard Zowalla
[ANNOUNCE] Apache Jackrabbit 1.52.0 released
Julian Reschke
[ANNOUNCE] Apache Beam 2.47.0 Released
Jack McCluskey
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M8 released
Timothy Bish
[ANNOUNCE] Apache Arrow ADBC 0.4.0 released
David Li
[ANNOUNCE] Apache Tika 2.8.0 released
Tim Allison
CVE-2022-47937: Multiple parsing problems in the Apache Sling Commons JSON module
Robert Munteanu
[ANNOUNCEMENT] Commons Daemon 1.3.4 Released
Mark Thomas
CVE-2023-29246: Apache OpenMeetings: allows null-byte Injection
Maxim Solodovnik
CVE-2023-29032: Apache OpenMeetings: allows bypass authentication
Maxim Solodovnik
CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash
Maxim Solodovnik
[ANNOUNCE] Apache OpenMeetings 7.1.0 is released
Maxim Solodovnik
[ANN] Apache Tomcat 9.0.75 available
Rémy Maucherat
[ANNOUNCE] Apache flink-connector-gcp-pubsub v3.0.1 released
Martijn Visser
[ANNOUNCE] Apache flink-connector-elasticsearch v3.0.1 released
Martijn Visser
[ANNOUNCE] Apache flink-connector-pulsar v4.0.0 released
Martijn Visser
[ANNOUNCE] Apache flink-connector-rabbitmq v3.0.1 released
Martijn Visser
[ANNOUNCE] Apache flink-connector-opensearch v1.0.1 released
Martijn Visser
[ANNOUNCE] Apache flink-shaded v17.0 released
Martijn Visser
[ANNOUNCE] Apache Jackrabbit Oak 1.8.x deprecated
Julian Reschke
[ANNOUNCE] Apache Lucene 9.6.0 released
Alan Woodward
[ANN] Apache Tomcat 11.0.0-M6 (alpha) available
Mark Thomas
[ANNOUNCE] Apache Jackrabbit 2.20.10 released
Julian Reschke
[ANN] Apache Syncope 2.1.14
Francesco Chicchiriccò
[ANN] Apache Syncope 3.0.3
Francesco Chicchiriccò
CVE-2023-25754: Apache Airflow: Privilege escalation using airflow logs
Jarek Potiuk
[ANNOUNCE] Apache Arrow 12.0.0 released
Raúl Cumplido
[ANNOUNCE] Apache Groovy 4.0.12 Released
Paul King
CVE-2023-31039: Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution
Wang Weibing
CVE-2023-31038: Apache Log4cxx: SQL injection when using ODBC appender
Robert Middleton
CVE-2023-29247: Stored XSS on Apache Airflow
Pierre Jeambrun
[ANNOUNCE] Log4cxx 1.1.0 Released
Robert Middleton
[ANNOUNCE] Apache Kvrocks(incubating) 2.4.0 Released
hulk
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M15 released
Timothy Bish
[ANNOUNCE] Apache Dubbo 3.0.x End-Of-Life (EOL) Announcement
Albumen Kevin
[ANNOUNCE] Apache Dubbo 2.7.x End-Of-Life (EOL) Announcement
Albumen Kevin
[ANNOUNCE] Apache Camel 4.0.0-M3 Released
Gregor Zurowski
[ANNOUNCE] Apache Ignite 2.15.0 Released
Aleksey Plekhanov
CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled
Ramesh Mani
CVE-2022-45048: Apache Ranger: code execution vulnerability in policy expressions
Madhan Neethiraj
[ANNOUNCE] Apache Pulsar 3.0.0 released
Zike Yang
[ANNOUNCE] Apache Wicket 8.15.0 released
Andrea Del Bene
CVE-2023-26268: Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes
Nick Vatamaniuc
CVE-2023-32007: Apache Spark: Shell command injection via Spark UI
Arnout Engelen
[ANNOUNCE] Apache BookKeeper 4.16.1 released
Hang Chen
[ANNOUNCE] Apache BookKeeper 4.16.0 released
Hang Chen
[ANNOUNCE] Apache Solr 9.2.1 released
Justin Sweeney
[ANNOUNCE] Apache Airflow 2.6.0 Released
Ephraim Anierobi
[ANNOUNCE] Apache Drill 1.21.1 Released
James Turton
[ANNOUNCEMENT] Apache SkyWalking Python 1.0.1 Released
Yihao Chen
[ANNOUNCEMENT] Apache SkyWalking Python 1.0.1 Released
Yihao Chen
[ANNOUNCE] Apache Accumulo 1.10.3
Christopher
[ANNOUNCE] Apache Curator 5.5.0 released
Kezhu Wang
[ANNOUNCE] Apache Curator 5.5.0 released
Kezhu Wang
[ANNOUNCE] Apache bRPC 1.5.0 released
Xiguo Hu
[ANNOUNCE] Apache Camel 3.20.4 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.3.0
Christophe Bornet
[ANNOUNCE] Apache Empire-db 3.1.0 released
doebele
Earlier messages
Later messages