announce  

Messages by Date

• 2023/10/13 CVE-2023-42780: Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature Ephraim Anierobi
• 2023/10/13 [ANN] Apache Tomcat 9.0.82 available Rémy Maucherat
• 2023/10/13 [ANNOUNCE] Apache SIS 1.4 Release Martin Desruisseaux
• 2023/10/12 [ANNOUNCE] Apache Sedona 1.5.0 released Jia Yu
• 2023/10/12 [ANNOUNCE] Apache Airflow 2.7.2 Released Ephraim Anierobi
• 2023/10/12 [Announcement] : Apache LDAP API 2.1.5 Emmanuel Lecharny
• 2023/10/11 CVE-2023-44981: Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication Andor Molnar
• 2023/10/11 [ANNOUNCE] Apache Camel 4.1.0 Released Gregor Zurowski
• 2023/10/11 [ANNOUNCE] Apache Jackrabbit 2.21.20 released Julian Reschke
• 2023/10/11 [ANNOUNCE] Apache Kafka 3.6.0 Satish Duggana
• 2023/10/10 Apache Traffic Server 9.2.3 and 8.1.9 are released Bryan Call
• 2023/10/10 [SECURITY] CVE-2023-42795 Apache Tomcat - information disclosure Mark Thomas
• 2023/10/10 [SECURITY] CVE-2023-45648 Apache Tomcat - Request Smuggling Mark Thomas
• 2023/10/10 [SECURITY] CVE-2023-44487 Apache Tomcat - HTTP/2 DoS Mark Thomas
• 2023/10/10 [SECURITY] CVE-2023-42794 Apache Tomcat - denial of service Mark Thomas
• 2023/10/10 [ANN] Apache Tomcat 9.0.81 available Rémy Maucherat
• 2023/10/10 [ANN] Apache Tomcat 11.0.0-M12 (alpha) available Mark Thomas
• 2023/10/10 [ANN] Apache Tomcat 8.5.94 available Christopher Schultz
• 2023/10/10 [ANN] Apache Tomcat 10.1.14 available Christopher Schultz
• 2023/10/10 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.4.0 Christophe Bornet
• 2023/10/07 [ANNOUNCE] Apache Celix 2.4.0 released Pepijn Noltes
• 2023/10/07 [ANNOUNCE] Apache Pekko (Incubating) Persistence Cassandra 1.0.0 available PJ Fanning
• 2023/10/07 [ANNOUNCE] Release Apache Kvrocks 2.6.0 Twice
• 2023/10/06 [ANNOUNCEMENT] Apache Commons Net 3.10.0 Gary Gregory
• 2023/10/06 [ANNOUNCE] Apache APISIX 3.6.0 has been released Xin Rong
• 2023/10/05 [ANN] Apache Maven 3.9.5 released Slawomir Jaranowski
• 2023/10/05 [ANNOUNCE] Apache HUDI 0.14.0 released Prashant Wason
• 2023/10/03 [ANNOUNCE] Apache Impala 4.3.0 release Michael Smith
• 2023/10/03 [ANN] Apache Tomcat Native 1.2.39 released Mark Thomas
• 2023/10/02 [ANNOUNCE] Apache Airflow Helm Chart version 1.11.0 Released Jedidiah Cunningham
• 2023/10/02 [ANNOUNCE] Apache Camel 3.20.7 (LTS) Released Gregor Zurowski
• 2023/10/02 [ANN] Apache Syncope 3.0.5 Francesco Chicchiriccò
• 2023/10/02 [ANN] Apache Tomcat Native 2.0.6 released Mark Thomas
• 2023/10/02 [ANNOUNCEMENT] Apache Commons Pool 2.12.0 Phil Steitz
• 2023/10/02 Apache Any23 is now retired Hervé Boutemy
• 2023/09/30 [ANNOUNCEMENT] Apache Commons IO 2.14.0 Gary Gregory
• 2023/09/30 [ANNOUNCE] Apache Arrow nanoarrow 0.3.0 Released Dewey Dunnington
• 2023/09/30 CVE-2023-39410: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK Ryan Skraba
• 2023/09/29 [ANNOUNCE] Apache Camel 3.21.1 (LTS) Released Gregor Zurowski
• 2023/09/29 [ANNOUNCE] Apache POI 5.2.4 released PJ Fanning
• 2023/09/29 [SECURITY] [CORRECTION] CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Authentication Bypass Christopher Schultz
• 2023/09/29 [ANNOUNCE] Apache Lucene 9.8.0 released Patrick Zhai
• 2023/09/28 [ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.5.0 released Jiajing LU
• 2023/09/26 [ANNOUNCE] Apache Avro 1.11.3 released Ryan Skraba
• 2023/09/25 [ANNOUNCEMENT] Apache SkyWalking BanyanDB Helm 0.1.0 Released Hongtao Gao
• 2023/09/25 [ANNOUNCE] Apache Camel 4.0.1 Release Gregor Zurowski
• 2023/09/25 [ANNOUNCEMENT] HttpComponents Core 5.2.3 GA released Oleg Kalnichevski
• 2023/09/25 [ANNOUNCE] Apache Kyuubi released 1.7.3 Zhen Wang
• 2023/09/24 [ANNOUNCE] Apache Arrow ADBC 0.7.0 released David Li
• 2023/09/22 [ANNOUNCE] Release Apache Hop 2.6.0 Bart Maertens
• 2023/09/21 [ANN] Apache Karaf OSGi runtime 4.3.10 has been released! Jean-Baptiste Onofré
• 2023/09/21 [ANNOUNCE] Release Apache OpenDAL(incubating) v0.40.0 Xuanwo
• 2023/09/20 [ANNOUNCE] Apache Pinot 1.0.0 Released Xiang Fu
• 2023/09/19 [ANNOUNCE] Apache Pinot 1.0.0 Released Xiang Fu
• 2023/09/19 [ANNOUNCE] Apache Pinot 1.0.0 release Saurabh Dubey
• 2023/09/19 [ANNOUNCE] Apache Pinot 1.0.0 release Saurabh Dubey
• 2023/09/19 [ANNOUNCE] Apache Pinot 1.0.0 release Saurabh Dubey
• 2023/09/19 [ANNOUNCE] Apache Pinot 1.0.0 release Saurabh Dubey
• 2023/09/19 [ANNOUNCE] Apache Flink Stateful Functions Release 3.3.0 released Martijn Visser
• 2023/09/18 [ANNOUNCE] Apache IoTDB 1.2.1 released Haonan Hou
• 2023/09/18 [ANNOUNCE] Apache Wicket 9.15.0 released Andrea Del Bene
• 2023/09/18 [ANNOUNCE] Apache Allura 1.15.0 released Dave Brondsema
• 2023/09/18 [ANNOUNCEMENT] Apache Commons JCS 3.2 Released Thomas Vandahl
• 2023/09/18 [ANN] Apache Karaf OSGi runtime 4.4.4 has been released! Jean-Baptiste Onofré
• 2023/09/18 [ANNOUNCE] Apache Kyuubi released 1.7.2 Zhen Wang
• 2023/09/18 [ANNOUNCE] Apache APISIX Ingress controller v1.7.0 released Jintao Zhang
• 2023/09/17 [ANNOUNCE] Apache Airflow Providers prepared on September 14, 2023 are released Elad Kalif
• 2023/09/15 [ANNOUNCEMENT] Apache Commons DbUtils 1.8.1 Gary Gregory
• 2023/09/15 [ANNOUNCE] Apache Jackrabbit Oak 1.22.17 released Julian Reschke
• 2023/09/14 [ANNOUNCE] Apache Groovy 4.0.15 Released Paul King
• 2023/09/14 [ANNOUNCE] Apache Groovy 5.0.0-alpha-2 Released Paul King
• 2023/09/14 [ANNOUNCE] Apache Airflow Providers prepared on September 12, 2023 are released Elad Kalif
• 2023/09/14 CVE-2023-41267: Apache HDFS Provider error message suggested installation of incorrect pip package Elad Kalif
• 2023/09/14 [ANNOUNCE] Apache Arrow Flight SQL adapter for PostgreSQL 0.1.0 released Sutou Kouhei
• 2023/09/14 CVE-2023-42503: Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file Gary D. Gregory
• 2023/09/13 [ANN] Apache Struts 6.3.0.1, 6.1.2.2, 2.5.32 Lukasz Lenart
• 2023/09/13 [ANNOUNCE] Apache Kudu 1.17.0 Released Yingchun Lai
• 2023/09/13 [SECURITY] CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Information Disclosure Mark Thomas
• 2023/09/13 [ANNOUNCE] - Establishing ALC Bangalore Chapter Aditya Sharma
• 2023/09/13 [ANN] Apache Tomcat Connectors 1.2.49 released Mark Thomas
• 2023/09/12 CVE-2023-40611: Apache Airflow Dag Runs Broken Access Control Vulnerability Ephraim Anierobi
• 2023/09/12 CVE-2023-40712: Apache Airflow: Secrets can be unmasked in the "Rendered Template" Ephraim Anierobi
• 2023/09/12 [ANNOUNCE] Apache MINA 2.2.3, 2.1.8 and 2.0.25 released Emmanuel Lecharny
• 2023/09/12 [ANNOUNCE] Apache Airflow Providers prepared on September 08, 2023 are released Elad Kalif
• 2023/09/09 [ANNOUNCEMENT] Apache Commons Compress 1.24.0 Gary Gregory
• 2023/09/09 [ANNOUNCE] Apache SkyWalking License Eyes 0.5.0 is out kezhenxu94
• 2023/09/08 [ANNOUNCE] Apache Jackrabbit 2.20.12 released Julian Reschke
• 2023/09/08 [ANNOUNCE] Apache Qpid Broker-J 9.1.0 released Tomas Vavricka
• 2023/09/08 [ANNOUNCE] Apache Mynewt 1.11.0 and Apache Mynewt NimBLE 1.6.0 released Szymon Janc
• 2023/09/08 [ANNOUNCE] Apache IoTDB 1.2.0 released Haonan Hou
• 2023/09/07 [ANNOUNCE] Apache Airflow 2.7.1 Released Ephraim Anierobi
• 2023/09/06 [ANNOUNCE] Apache Doris 2.0.1 & 1.2.7 release ChenMingyu
• 2023/09/06 [ANNOUNCE] Apache Fortress 3.0.0 Released Shawn McKinney
• 2023/09/06 CVE-2023-32672: Apache Superset: SQL parser edge case bypasses data access authorization Daniel Gaspar
• 2023/09/06 CVE-2023-37941: Apache Superset: Metadata db write access can lead to remote code execution Daniel Gaspar
• 2023/09/06 CVE-2023-39265: Apache Superset: Possible Unauthorized Registration of SQLite Database Connections Daniel Gaspar
• 2023/09/06 CVE-2023-39264: Apache Superset: Stack traces enabled by default Daniel Gaspar
• 2023/09/06 CVE-2023-27526: Apache Superset: Improper Authorization check on import charts Daniel Gaspar
• 2023/09/06 CVE-2023-27523: Apache Superset: Improper data permission validation on Jinja templated queries Daniel Gaspar
• 2023/09/06 CVE-2023-36388: Apache Superset: Improper API permission for low privilege users allows for SSRF Daniel Gaspar
• 2023/09/06 CVE-2023-36387: Apache Superset: Improper API permission for low privilege users Daniel Gaspar
• 2023/09/06 [ANNOUNCE] Apache Pekko (Incubating) CONNECTORS 1.0.0 available Matthew de Detrich
• 2023/09/06 [ANNOUNCE] Apache Pekko (Incubating) Persistence JDBC 1.0.0 available PJ Fanning
• 2023/09/05 CVE-2023-40743: Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Arnout Engelen
• 2023/09/05 [ANN] Apache Struts 6.3.0 Lukasz Lenart
• 2023/09/05 [ANNOUNCEMENT] Apache Commons DBCP 2.10.0 Gary Gregory
• 2023/09/05 [ANNOUNCE] Apache SkyWalking 9.6.0 released Sheng Wu
• 2023/09/03 [ANNOUNCE] Apache NiFi MiNiFi C++ 0.15.0 release Martin Zink
• 2023/09/02 CVE-2023-41180: Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++ Marton Szasz
• 2023/09/02 [ANNOUNCE] Apache Jackrabbit Oak 1.56.0 released Julian Reschke
• 2023/09/02 [ANNOUNCE] Apache Airflow Providers prepared on August 29, 2023 are released Elad Kalif
• 2023/09/02 [ANNOUNCE] Apache APISIX 3.5.0 has been released Xin Rong
• 2023/09/02 [ANNOUNCE] Apache SkyWalking Java Agent 9.0.0 released Sheng Wu
• 2023/09/01 [ANNOUNCE] Beam 2.50.0 Released Robert Burke
• 2023/08/30 [ANNOUNCE] Apache Pulsar Client Python 3.3.0 released Baodi Shi
• 2023/08/29 [ANNOUNCE] Apache Pekko (Incubating) Sbt Paradox 1.0.0 available PJ Fanning
• 2023/08/29 [ANNOUNCE] Apache Airflow Providers prepared on August 26, 2023 are released Elad Kalif
• 2023/08/25 [ANN] Apache Tomcat 8.5.93 available Mark Thomas
• 2023/08/25 [SECURITY] CVE-2023-41080 Apache Tomcat - open redirect Mark Thomas
• 2023/08/25 [ANN] Apache Tomcat 10.1.13 available Mark Thomas
• 2023/08/25 [ANN] Apache Tomcat 9.0.80 available Mark Thomas
• 2023/08/25 [ANN] Apache Tomcat 11.0.0-M11 (alpha) available Mark Thomas
• 2023/08/25 CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE Elad Kalif
• 2023/08/25 CVE-2023-27604: Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability Elad Kalif
• 2023/08/25 [ANNOUNCE] Apache Arrow 13.0.0 released Raúl Cumplido
• 2023/08/24 [ANNOUNCE] Apache Airflow Python Client 2.7.0 Released Ephraim Anierobi
• 2023/08/23 [ANNOUNCE] Apache Accumulo 2.1.2 and 3.0.0 Christopher
• 2023/08/23 CVE-2023-39441: Apache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow: SMTP/IMAP client components allowed MITM due to missing Certificate Validation Ephraim Anierobi
• 2023/08/23 CVE-2023-37379: Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature Ephraim Anierobi
• 2023/08/23 CVE-2023-40273: Session fixation in Apache Airflow web interface Ephraim Anierobi
• 2023/08/23 [ANNOUNCE] Apache Groovy 5.0.0-alpha-1 Released Paul King
• 2023/08/23 [ANNOUNCE] Apache NiFi 1.23.2 Released David Handermann
• 2023/08/22 [ANNOUNCE] Call for Tracks - Community over Code EU 2024 Bratislava Ryan Skraba
• 2023/08/22 [ANNOUNCE] Apache Groovy 2.5.23 Released Paul King
• 2023/08/22 [ANNOUNCE] Apache Groovy 3.0.19 Released Paul King
• 2023/08/22 [ANNOUNCE] Apache Groovy 4.0.14 Released Paul King
• 2023/08/22 [ANNOUNCE] Apache Bigtop 3.2.1 released Masatake Iwasaki
• 2023/08/21 [ANNOUNCEMENT] HttpComponents Client 5.2.1 GA Released Oleg Kalnichevski
• 2023/08/21 [ANNOUNCEMENT] HttpComponents Client 5.3-alpha1 Released (corrected) Oleg Kalnichevski
• 2023/08/21 [ANNOUNCE] Apache Pekko (Incubating) gRPC 1.0.0 available PJ Fanning
• 2023/08/21 CVE-2022-46751: Apache Ivy: XML External Entity vulnerability in Apache Ivy Stefan Bodewig
• 2023/08/21 [ANN] Apache Ivy 2.5.2 Released Stefan Bodewig
• 2023/08/19 [ANNOUNCE] Apache PDFBox 1.8.x End-Of-Life (EOL) Announcement Andreas Lehmkühler
• 2023/08/19 CVE-2023-40037: Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs David Handermann
• 2023/08/19 [ANNOUNCE] Apache NiFi 1.23.1 Released David Handermann
• 2023/08/19 [ANNOUNCE] Release Apache OpenDAL(incubating) 0.39.0 Jun Ouyang
• 2023/08/18 [ANNOUNCE] Apache PDFBox 3.0.0 released Andreas Lehmkühler
• 2023/08/17 CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC Elad Kalif
• 2023/08/17 [ANNOUNCE] Apache Linkis 1.4.0 available Chen Xia
• 2023/08/15 Re: CVE-2023-39553: Apache Airflow Drill Provider Arbitrary File Read Vulnerability Elad Kalif
• 2023/08/15 [ANNOUNCE] Apache Hive 4.0.0-beta-1 Released Stamatis Zampetakis
• 2023/08/15 [ANN] Apache Tomcat 9.0.79 available Rémy Maucherat
• 2023/08/14 [ANN] Apache Tomcat 8.5.92 available Mark Thomas
• 2023/08/14 [ANN] Apache Tomcat 10.1.12 available Mark Thomas
• 2023/08/14 [ANN] Apache Tomcat 11.0.0-M10 (alpha) available Mark Thomas
• 2023/08/14 [ANNOUNCE] Apache Camel 4.0.0 Released Gregor Zurowski
• 2023/08/14 [ANNOUNCE] Apache Libcloud v3.8.0 Tomaz Muraus
• 2023/08/14 [ANNOUNCE] Apache Airflow Providers prepared on August 11, 2023 are released Elad Kalif
• 2023/08/13 [ANNOUNCE] Apache Pekko (Incubating) Management 1.0.0 available PJ Fanning
• 2023/08/11 [ANNOUNCE] Apache Jackrabbit 2.21.19 released Julian Reschke
• 2023/08/11 CVE-2023-39553: Apache Airflow Drill Provider Arbitrary File Read Vulnerability Elad Kalif
• 2023/08/10 [ANNOUNCEMENT] Apache Storm 2.5.0 Bipin Prasad
• 2023/08/10 [ANNOUNCEMENT] Apache Storm 2.5.0 Bipin Prasad
• 2023/08/10 [ANNOUNCE] Apache Airflow Providers prepared on August 09, 2023 are released Elad Kalif
• 2023/08/10 [ANNOUNCEMENT] Apache Commons DbUtils 1.8.0 Gary Gregory
• 2023/08/09 [ANNOUNCE] Apache Pulsar 3.0.1 released Zike Yang
• 2023/08/09 [ANNOUNCE] Apache Airflow Providers prepared on August 08, 2023 are released Elad Kalif
• 2023/08/09 [ANNOUNCE] Apache Pulsar Client C++ 3.3.0 released Yunze Xu
• 2023/08/08 [ANNOUNCE] Apache Airflow Providers prepared on are released Elad Kalif
• 2023/08/07 Fwd: [Announce] Breakout Schedule for Community Over Code NA Available Brian Proffitt
• 2023/08/06 [ANNOUNCE] Release Apache Kvrocks 2.5.1 hulk
• 2023/08/06 CVE-2023-39508: Apache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges Jarek Potiuk
• 2023/08/04 [ANNOUNCE] Apache Traffic Server 9.2.1 and 8.1.7 are Released Bryan Call
• 2023/08/03 [ANN] Apache OpenNLP 2.3.0 released Richard Zowalla
• 2023/08/03 [ANNOUNCE] Apache bRPC 1.6.0 released Guangming Chen
• 2023/08/02 [ANNOUNCE] Apache Pekko (Incubating) HTTP 1.0.0 available PJ Fanning
• 2023/08/02 [ANNOUNCEMENT] Apache SkyWalking Cloud on Kubernetes 0.8.0 Released Ye Cao
• 2023/08/02 [ANNOUNCE] Apache bRPC 1.6.0 released Guangming Chen
• 2023/08/02 [ANNOUNCE] Apache Guacamole 1.5.3 released Michael Jumper
• 2023/08/02 [ANNOUNCE] Apache Airflow Providers prepared on July 29, 2023 are released Elad Kalif
• 2023/08/01 [ANNOUNCE] Apache Pulsar 2.10.5 released Xiangying Meng
• 2023/08/01 [ANNOUNCE] Apache Qpid protonj2 1.0.0-M17 released Timothy Bish
• 2023/07/31 [ANNOUNCEMENT] Apache SkyWalking Go 0.2.0 Released han liu
• 2023/07/30 [ANNOUNCE] Apache Camel 4.0.0-RC2 Released Gregor Zurowski
• 2023/07/29 CVE-2023-36542: Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources David Handermann
• 2023/07/29 [ANNOUNCEMENT] Apache Commons Lang 3.13.0 Gary Gregory
• 2023/07/28 [ANNOUNCE] Apache IoTDB 1.1.2 released Haonan Hou
• 2023/07/27 [ANNOUNCE] Apache Celeborn(incubating) 0.3.0 available zhongqiang chen
• 2023/07/27 [ANNOUNCE] Apache Calcite 1.35.0 released Xiong Duan
• 2023/07/26 [ANNOUNCE] Apache Pekko (Incubating) 1.0.1 available PJ Fanning
• 2023/07/25 CVE-2023-38647: Apache Helix: Deserialization vulnerability in Helix workflow and REST Junkai Xue
• 2023/07/25 CVE-2023-38435: Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webconsole plugin Carsten Ziegeler
• 2023/07/25 CVE-2023-37895: Apache Jackrabbit RMI access can lead to RCE Julian Reschke
• 2023/07/25 CVE-2023-35088: Apache InLong: SQL injection in audit endpoint Charles Zhang
• 2023/07/25 CVE-2023-34434: Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param Charles Zhang
• 2023/07/25 [ANNOUNCE] Release Apache InLong 1.8.0 Verne Deng
• 2023/07/25 CVE-2023-34189: Apache InLong: General user can delete and update process Charles Zhang
• 2023/07/25 [ANNOUNCE] Apache Jackrabbit Oak 1.54.0 released Julian Reschke
• 2023/07/25 CVE-2023-34478: Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests. Brian Demers
• 2023/07/24 [ANNOUNCE] Apache Jackrabbit 2.20.11 released Julian Reschke

• Earlier messages
• Later messages