announce
Thread
Date
Earlier messages
Messages by Thread
[ANNOUNCE] Apache Commons IO 2.19.0
Gary Gregory
CVE-2025-32896: Apache SeaTunnel: Unauthenticated insecure access
Hailin Wang
CVE-2025-24859: Apache Roller: Insufficient Session Expiration on Password Change
David M. Johnson
[ANNOUNCE] Apache Commons Text 1.13.1
Gary Gregory
[ANN] Apache Tomcat 11.0.6 Available
Mark Thomas
[ANNOUNCE] Apache Lucene 10.2.0 released
Ignacio Vera
[ANN] Apache Tomcat 9.0.104 available
Rémy Maucherat
[ANNOUNCE] Apache Geronimo XBean 4.27 released
Francois Papon
CVE-2025-27391: Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log
Domenico Francesco Bruscino
[ANNOUNCE] Apache Airflow Providers prepared on April 06, 2025 are released
Elad Kalif
[ANNOUNCE] Apache Pulsar 3.3.6 released
Lari Hotari
[ANNOUNCE] Apache Pulsar 4.0.4 released
Lari Hotari
[ANNOUNCE] Apache Pulsar 3.0.11 released
Lari Hotari
CVE-2025-30677: Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors
Lari Hotari
[ANN] Apache Causeway version 3.3.0 Released
Dan Haywood
CVE-2025-31672: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names
PJ Fanning
[ANNOUNCE] Apache Jackrabbit Oak 1.78.0 released
Julian Reschke
[ANNOUNCE] Apache OFBiz 24.09.01 released
Nicolas Malin
[ANNOUNCE] Apache POI 5.4.1 release
PJ Fanning
Apache Cocoon is now retired
Hervé Boutemy
[ANN] Apache OpenJPA 4.1.0
Francesco Chicchiriccò
[ANNOUNCE] Apache Commons CSV 1.14.0
Gary Gregory
CVE-2025-30474: Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message
Gary D. Gregory
CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection
Elad Kalif
Apache Oozie is now retired
Hervé Boutemy
Apache Pivot is now retired
Hervé Boutemy
Apache Beam 2.64.0 Released!
XQ Hu
[ANNOUNCE] Apache Camel 4.11.0 Released
Gregor Zurowski
[ANNOUNCE] Release Apache SkyWalking Client JS version 1.0.0
xue fan
[ANNOUNCE] Apache Traffic Server 10.0.5 Release
Chris McFarlen
[ANNOUNCE] Apache Airflow Helm Chart version 1.16.0 Released
Jedidiah Cunningham
[ANNOUNCE] Apache OFBiz 18.12.19 released
Nicolas Malin
CVE-2025-30676: Apache OFBiz: Stored XSS Vulnerability
Jacques Le Roux
[ANNOUNCE] Apache Camel 4.8.6 (LTS) Released
Gregor Zurowski
CVE-2025-30177: Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering
Andrea Cosentino
CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy.
Enxin Xie
CVE-2025-30065: Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
Gang Wu
CVE-2025-27427: Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission
Justin Bertram
[ANNOUNCE] Apache Airflow Providers prepared on March 26, 2025 are released
Elad Kalif
[ANNOUNCE] Apache Camel 4.10.3 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache Jackrabbit Filevault 3.8.4 released
Julian Reschke
[ANN] Apache TomEE 10.0.1
Richard Zowalla
[ANNOUNCEMENT] HttpComponents Client 5.4.3 GA Released
Oleg Kalnichevski
[ANNOUNCE] Apache Jackrabbit Oak 1.22.22 released
Julian Reschke
CVE-2025-30067: Apache Kylin: The remote code execution via jdbc url
Li Yang
CVE-2024-48944: Apache Kylin: SSRF vulnerability in the diagnosis api
Li Yang
[ANNOUNCE] Apache Iceberg Go Release v0.2.0
Matt Topol
[ANNOUNCE] Apache Solr Operator v0.9.1 released
Jason Gerlowski
[ANNOUNCE] release of Apache VCL 2.5.2
Josh Thompson
CVE-2024-53678: Apache VCL: SQL injection vulnerability in New Block Allocation form
Josh Thompson
CVE-2024-53679: Apache VCL: XSS vulnerability in User Lookup impacting user privileges
Josh Thompson
[ANNOUNCE] Apache Answer v1.4.5 available
Luffy
[ANNOUNCE] Apache StormCrawler (Incubating) 3.3.0 released
Tim Allison
CVE-2025-27553: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT
Gary D. Gregory
[ANN] Apache ActiveMQ Classic 5.17.7 has been released!
Jean-Baptiste Onofré
[ANN] Apache ActiveMQ Classic 5.18.7 has been released!
Jean-Baptiste Onofré
[ANN] Apache ActiveMQ Classic 5.16.8 has been released!
Jean-Baptiste Onofré
CVE-2025-26796: Apache Oozie: XSS in Oozie Web Console
Arnout Engelen
[ANNOUNCEMENT] HttpComponents Core 5.3.4 GA released
Oleg Kalnichevski
CVE-2025-27888: Apache Druid: Server-Side Request Forgery and Cross-Site Scripting
Adarsh Sanjeev
CVE-2024-54016: compression bomb attack in Apache Seata Server
Min Ji
CVE-2024-47552: Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server
Min Ji
CVE-2025-27018: Apache Airflow MySQL Provider: SQL injection in MySQL provider core function
Elad Kalif
[ANNOUNCE] Apache YuniKorn v1.6.2 released
Wilfred Spiegelenburg
[ANNOUNCE] Apache Kafka 4.0.0
David Jacot
[ANNOUNCE] Apache CouchDB 3.4.3 released
Jan Lehnardt
[ANNOUNCE] Apache Arrow Go v18.2.0 Released
Matt Topol
[ANNOUNCE] Apache BVal 3.0.2
Markus Jung
[ANNOUNCE] Apache Calcite 1.39.0 released
Stamatis Zampetakis
[ANNOUNCE] Apache James JSPF 1.0.5 released
Rene Cordier
[ANNOUNCE] Apache Geronimo Java Mail 2.1_1.0.1
Francois Papon
[ANN] Apache Maven Daemon 2.0.0-rc-3 released
Guillaume Nodet
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.2.1 released
David Jensen
[ANNOUNCE] Apache Pulsar Helm Chart version 4.0.0 Released
Lari Hotari
[ANN] Apache Maven 4.0.0-rc-3 released
Guillaume Nodet
[ANNOUNCE] Apache Airflow Providers prepared on March 09, 2025 are released
Elad Kalif
[ANNOUNCE] Apache James JDKIM 0.4 released
Rene Cordier
FELIX-6753: CVE-2025-27867: Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin
Carsten Ziegeler
CVE-2025-29891: Apache Camel: Camel Message Header Injection through request parameters
Andrea Cosentino
[ANNOUNCE] Apache Pulsar Node.js client 1.13.1 released
Baodi Shi
[ANNOUNCE] Apache Solr 9.8.1 released
Houston Putman
[ANN] Apache Syncope 4.0.0-M1
Francesco Chicchiriccò
[SECURITY] CVE-2025-24813 Potential RCE and/or information disclosure and/or information corruption with partial PUT
Mark Thomas
[ANN] Apache Syncope 3.0.11
Francesco Chicchiriccò
[ANN] Apache ActiveMQ Classic 5.19.0 has been released!
Jean-Baptiste Onofré
CVE-2025-27017: Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record
Pierre Villard
[ANNOUNCE] Apache NiFi 2.3.0 Released
Pierre Villard
[ANN] Apache ActiveMQ Classic 6.1.6 has been released!
Jean-Baptiste Onofré
Fwd: Announcing Fineract Release 1.11.0
James Dailey
[ANNOUNCE] Apache Camel 3.22.4 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache Camel 4.10.2 (LTS) Released
Gregor Zurowski
CVE-2025-27636: Apache Camel: Camel Message Header Injection via Improper Filtering
Andrea Cosentino
[ANNOUNCE] Apache Pulsar Client Python 3.6.1 released
Yunze Xu
[ANNOUNCE] Apache Camel 4.8.5 (LTS) Released
Gregor Zurowski
CVE-2025-26865: Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE
Jacques Le Roux
[ANNOUNCE] Apache OFBiz 18.12.18 released
Jacopo Cappellato
[ANNOUNCE] Apache Pekko Projection 1.1.0 released
PJ Fanning
[ANNOUNCE] Apache Arrow ADBC 17 Released
David Li
[ANNOUNCE] Apache Curator 5.8.0 released
tison
[ANN] Apache Tomcat 9.0.102 available
Rémy Maucherat
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.2.0 released
David Jensen
[ANNOUNCE] Apache Traffic Server 10.0.4 Release
Chris McFarlen
[ANN] Apache Struts 6.7.4
Lukasz Lenart
[ANNOUNCE] Apache Calcite Avatica Go 5.4.0 released
Francis Chuang
[ANNOUNCE] Apache Pulsar Node.js client 1.13.0 released
Baodi Shi
[ANNOUNCE] Apache Camel 4.10.1 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache Camel 4.8.4 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache Impala 4.5.0 release
Peter Rozsa
[ANNOUNCEMENT] Apache CloudStack 4.19.2.0 release
Daan Hoogland
CVE-2024-55532: Apache Ranger: Improper Neutralization of Formula Elements in a CSV File
Velmurugan Periasamy
CVE-2024-24778: Apache StreamPipes: Resources Permission Escalation
Philipp Zehnder
[ANN] Apache Struts 7.0.3
Lukasz Lenart
[ANNOUNCE] Apache log4cxx 1.4.0 released
Stephen Webb
[ANNOUNCE] Apache Gluten (Incubating) 1.2.0 available
WeitingChen
[ANNOUNCE] Apache Qpid Broker-J 9.2.1 released
Tomas Vavricka
[ANNOUNCE] Apache Gluten (Incubating) 1.3.0 available
WeitingChen
[ANNOUNCE] Apache Pulsar 3.3.5 released
Lari Hotari
[ANNOUNCE] Apache Doris 3.0.4 release
ChenMingyu
[ANNOUNCE] Apache Groovy 4.0.26 Released
Paul King
[ANNOUNCE] Apache Pulsar 4.0.3 released
Lari Hotari
[ANNOUNCE]] Apache Groovy 3.0.24 Released
Paul King
[ANNOUNCE] Apache Pulsar 3.0.10 released
Lari Hotari
[ANNOUNCE] Apache Gluten (Incubating) 1.2.1 available
WeitingChen
CVE-2025-27531: Apache InLong: An arbitrary file read vulnerability for JDBC
Charles Zhang
[ANNOUNCE] Release Apache Hop 2.12.0
Bart Maertens
[ANNOUNCE] Apache Airflow Providers prepared on February 21, 2025 are released
Elad Kalif
[ANNOUNCE] Apache MINA SSHD 2.15.0 released
Guillaume Nodet
[ANNOUNCE] Apache Ignite 3.0 released
Pavel Tupitsyn
[ANNOUNCEMENT] Apache SkyWalking Satellite 1.3.0 Released
han liu
[ANNOUNCE] Apache Calcite Avatica 1.26.0 Released
Francis Chuang
[ANNOUNCE] Apache HBase 2.6.2 is now available for download
Duo Zhang
[ANNOUNCE] Apache NetBeans 25 Released
Eric Barboni
[ANNOUNCE] Apache Arrow Java 18.2.0 released
Jean-Baptiste Onofré
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M11 released
Timothy Bish
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M23 released
Timothy Bish
[ANNOUNCE] Apache Arrow 19.0.1 released
Bryce Mecum
[ANNOUNCE] Apache Flink 1.19.2 released
Alexander Fedulov
[ANNOUNCE] Apache Flink 1.20.1 released
Alexander Fedulov
[ANNOUNCE] Apache Qpid JMS 2.7.0 released
Robbie Gemmell
[ANNOUNCE] Apache Qpid JMS 1.13.0 released
Robbie Gemmell
Apache StreamPipes 0.97.0
Philipp Zehnder
[ANN] Apache Apache Maven Clean Plugin 3.4.1 Released
Slawomir Jaranowski
[ANNOUNCEMENT] HttpComponents Client 5.5 alpha1 Released
Oleg Kalnichevski
[ANNOUNCE] Apache Pekko (Core) 1.2.0-M1 released
PJ Fanning
[ANN] Apache Tomcat 9.0.100 available
Rémy Maucherat
[ANNOUNCE] Apache Ranger 2.6.0 released
Madhan Neethiraj
[ANNOUNCE] Apache IoTDB 2.0.1-beta released
Haonan Hou
[ANNOUNCE] Apache IoTDB 2.0.1-beta released
Haonan Hou
[ANN] Apache Tomcat 11.0.4 Available
Mark Thomas
[ANNOUNCE] Apache Commons VFS Project 2.10.0
Gary Gregory
Apache WSS4J 4.0.0 released
Colm O hEigeartaigh
[ANNOUNCE] Apache Ignite 2.17.0 Released
Nikita Amelchev
CVE-2024-56180: Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution
Xue Weiming
CVE-2024-52577: Apache Ignite: Possible RCE when deserializing incoming messages by the server node
Nikita Amelchev
[ANNOUNCE] Apache Commons BeanUtils 1.10.1
Gary Gregory
[ANNOUNCE] Apache Jackrabbit Oak 1.76.0 released
Julian Reschke
CVE-2024-46910: Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
Madhan Neethiraj
[ANNOUNCE] Apache ManifoldCF SDK 1.0.2 released
Piergiorgio Lucidi
CVE-2024-32838: Apache Fineract: SQL injection vulnerabilities in offices API endpoint
Arnout Engelen
[ANNOUNCE] Apache flink-connector-hive 3.0.0 released
Sergey Nuyanzin
CVE-2025-26467: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
Paulo Motta
[ANNOUNCE] Apache Camel 4.10.0 (LTS) Released
Gregor Zurowski
[ANNOUNCE] Apache Hudi 1.0.1 released
Sivabalan
[ANN] Apache Tomcat 11.0.3 Available
Mark Thomas
[ANN] Apache Tomcat 9.0.99 available
Rémy Maucherat
[ANNOUNCE] Apache Airflow 2.10.5 Released
Utkarsh Sharma
[ANNOUNCE] Apache TsFile 2.0.1 released
Haonan Hou
FELIX-6751: CVE-2025-25247: Apache Felix Webconsole: XSS in services console
Carsten Ziegeler
[ANNOUNCE] Apache Airflow Providers prepared on February 04, 2025
Jarek Potiuk
[ANNOUNCE] Apache Zeppelin 0.12.0 available
Jongyoul Lee
[ANNOUNCE] Apache Commons Logging 1.3.5
Gary Gregory
CVE-2025-25069: Apache Kvrocks: Cross-Protocol Scripting Vulnerability
Mingyang Liu
[ANNOUNCE] Release Apache OpenDAL v0.51.2
tison
[ANNOUNCE] Apache Tika 2.9.3 released
Tim Allison
[ANNOUNCE] Apache NiFi MiNiFi C++ 0.99.1 release
Marton Szasz
[ANNOUNCE] Apache James 3.7.6 released
Benoit TELLIER
[ANNOUNCE] Apache James 3.8.2 released
Benoit TELLIER
CVE-2024-45626: Apache James: denial of service through JMAP HTML to text conversion
Benoit Tellier
CVE-2024-37358: Apache James: denial of service through the use of IMAP literals
Benoit Tellier
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.1.0 released
David Jensen
CVE-2024-48019: Apache Doris: allows admin users to read arbitrary files through the REST API
Mingyu Chen
CVE-2025-24860: Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Paulo Motta
CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
Paulo Motta
Re: CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
Paulo Motta
CVE-2024-27137: Apache Cassandra: unrestricted deserialization of JMX authentication credentials
Paulo Motta
[ANNOUNCEMENT] HttpComponents Client 5.4.2 GA Released
Oleg Kalnichevski
[ANNOUNCE] Apache YuniKorn v1.6.1 released
Wilfred Spiegelenburg
[ANNOUNCE] Apache FtpServer 1.2.1 released
Emmanuel Lecharny
[ANNOUNCE] Apache Tika 3.1.0 released
Tim Allison
[ANNOUNCE] Apache Pulsar Helm Chart version 3.9.0 Released
Lari Hotari
[ANNOUNCE] Apache Wicket 8.17.0 released
Andrea Del Bene
[ANNOUNCE] Apache Traffic Server 10.0.3 Release
Chris McFarlen
[ANNOUNCE] Apache jclouds 2.7.0 released
Andrew Gaul
[ANNOUNCEMENT] HttpComponents Core 5.3.3 GA released
Oleg Kalnichevski
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.0.0 released
David Jensen
CVE-2024-29869: Apache Hive: Credentials file created with non restrictive permissions
Ayush Saxena
[ANNOUNCE] Apache Commons Codec 1.18.0
Gary Gregory
[ANNOUNCE] Apache Commons Pool 2.12.1
Gary Gregory
CVE-2024-23953: Apache Hive: Timing Attack Against Signature in LLAP util
Ayush Saxena
[ANNOUNCE] Apache NiFi 2.2.0 Released
Pierre Villard
Earlier messages