announce

Messages by Date

2023/05/08 CVE-2023-31038: Apache Log4cxx: SQL injection when using ODBC appender Robert Middleton
2023/05/08 CVE-2023-29247: Stored XSS on Apache Airflow Pierre Jeambrun
2023/05/06 [ANNOUNCE] Log4cxx 1.1.0 Released Robert Middleton
2023/05/06 [ANNOUNCE] Apache Kvrocks(incubating) 2.4.0 Released hulk
2023/05/05 [ANNOUNCE] Apache Qpid protonj2 1.0.0-M15 released Timothy Bish
2023/05/05 [ANNOUNCE] Apache Dubbo 3.0.x End-Of-Life (EOL) Announcement Albumen Kevin
2023/05/05 [ANNOUNCE] Apache Dubbo 2.7.x End-Of-Life (EOL) Announcement Albumen Kevin
2023/05/05 [ANNOUNCE] Apache Camel 4.0.0-M3 Released Gregor Zurowski
2023/05/05 [ANNOUNCE] Apache Ignite 2.15.0 Released Aleksey Plekhanov
2023/05/05 CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled Ramesh Mani
2023/05/05 CVE-2022-45048: Apache Ranger: code execution vulnerability in policy expressions Madhan Neethiraj
2023/05/03 [ANNOUNCE] Apache Pulsar 3.0.0 released Zike Yang
2023/05/02 [ANNOUNCE] Apache Wicket 8.15.0 released Andrea Del Bene
2023/05/02 CVE-2023-26268: Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes Nick Vatamaniuc
2023/05/02 CVE-2023-32007: Apache Spark: Shell command injection via Spark UI Arnout Engelen
2023/05/02 [ANNOUNCE] Apache BookKeeper 4.16.1 released Hang Chen
2023/05/02 [ANNOUNCE] Apache BookKeeper 4.16.0 released Hang Chen
2023/05/01 [ANNOUNCE] Apache Solr 9.2.1 released Justin Sweeney
2023/04/30 [ANNOUNCE] Apache Airflow 2.6.0 Released Ephraim Anierobi
2023/04/30 [ANNOUNCE] Apache Drill 1.21.1 Released James Turton
2023/04/30 [ANNOUNCEMENT] Apache SkyWalking Python 1.0.1 Released Yihao Chen
2023/04/30 [ANNOUNCEMENT] Apache SkyWalking Python 1.0.1 Released Yihao Chen
2023/04/28 [ANNOUNCE] Apache Accumulo 1.10.3 Christopher
2023/04/28 [ANNOUNCE] Apache Curator 5.5.0 released Kezhu Wang
2023/04/28 [ANNOUNCE] Apache Curator 5.5.0 released Kezhu Wang
2023/04/27 [ANNOUNCE] Apache bRPC 1.5.0 released Xiguo Hu
2023/04/27 [ANNOUNCE] Apache Camel 3.20.4 (LTS) Released Gregor Zurowski
2023/04/26 [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.3.0 Christophe Bornet
2023/04/26 [ANNOUNCE] Apache Empire-db 3.1.0 released doebele
2023/04/25 [ANNOUNCE] Apache CouchDB 3.3.2 released Jan Lehnardt
2023/04/25 [ANNOUNCE] Apache CouchDB 3.2.3 released Jan Lehnardt
2023/04/25 [ANNOUNCE] Apache Hudi 0.12.3 released Sivabalan
2023/04/24 [ANNOUNCE] Airflow Providers prepared on April 21, 2023 are released Elad Kalif
2023/04/24 [ANNOUNCE] Apache Solr Operator v0.7.0 released Houston Putman
2023/04/24 CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions. Andy Seaborne
2023/04/24 CVE-2023-30776: Apache Superset: Database connection password leak Daniel Gaspar
2023/04/24 CVE-2023-27524: Apache Superset: Session validation vulnerability when using provided default SECRET_KEY Daniel Gaspar
2023/04/22 [ANNOUNCE] Apache Geronimo Arthur 1.0.6 fpapon
2023/04/20 CVE-2023-25601: Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication Arnout Engelen
2023/04/20 [ANNOUNCE] Apache Pulsar 2.10.4 released Xiangying Meng
2023/04/20 [ANNOUNCE] Apache Pulsar Node.js client 1.8.2 released Baodi Shi
2023/04/20 [ANNOUNCE] Apache Pulsar 2.11.1 released guo jiwei
2023/04/19 [ANN] Apache Tomcat 10.1.8 available Christopher Schultz
2023/04/19 [ANN] Apache Tomcat 8.5.88 available Christopher Schultz
2023/04/19 [ANN] Apache Tomcat 11.0.0-M5 (alpha) available Mark Thomas
2023/04/19 [ANNOUNCE] Release Apache SkyWalking Client JS version 0.10.0 xue fan
2023/04/18 [ANNOUNCE] Apache NiFi MiNiFi C++ 0.14.0 release Gábor Gyimesi
2023/04/18 [ANNOUNCE] Apache Wicket 9.13.0 released Andrea Del Bene
2023/04/18 [ANN] Apache Tomcat 9.0.74 available Rémy Maucherat
2023/04/17 CVE-2023-27525: Apache Superset: Incorrect default permissions for Gamma role Daniel Gaspar
2023/04/17 CVE-2023-25504: Apache Superset: Possible SSRF on import datasets Daniel Gaspar
2023/04/16 [ANNOUNCE] Apache StreamPipes 0.91.0 Tim Bossenmaier
2023/04/16 CVE-2023-24831: Apache IoTDB grafana-connector Login Bypass Vulnerability Jialin Qiao
2023/04/16 CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench Jialin Qiao
2023/04/16 CVE-2023-22946: Apache Spark proxy-user privilege escalation from malicious configuration class Sean R. Owen
2023/04/15 The Apache Software Foundation (ASF) welcomes 46 new Members Brian Proffitt
2023/04/15 [ANN] Apache ActiveMQ 5.18.1 has been released! Jean-Baptiste Onofré
2023/04/15 [ANNOUNCE] Apache Guacamole 1.5.1 Michael Jumper
2023/04/15 [ANNOUNCE] Apache Airflow Helm Chart version 1.9.0 Released Jedidiah Cunningham
2023/04/14 [ANNOUNCE] Apache DolphinScheduler Python SDK 4.0.3 Released Jay Chung
2023/04/14 [ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M14 released Timothy Bish
2023/04/13 [ANNOUNCE] Airflow Providers prepared on April 12, 2023 are released Elad Kalif
2023/04/13 [ANNOUNCE] Apache PDFBox 2.0.28 released Andreas Lehmkuehler
2023/04/13 [ANNOUNCE] Apache SkyWalking Java Agent 8.15.0 released Sheng Wu
2023/04/12 [ANNOUNCE] Airflow Providers prepared on April 09, 2023 are released Elad Kalif
2023/04/12 CVE-2022-45064: Apache Sling Engine: Include-based XSS Angela Schreiber
2023/04/11 CVE-2023-30465: Apache InLong: SQL injection in apache inLong 1.5.0 Charles Zhang
2023/04/11 CVE-2023-30465: Apache InLong: SQL injection in apache inLong 1.5.0 Charles Zhang
2023/04/11 [ANNOUNCE] Apache Impala 4.1.2 release Quanlong Huang
2023/04/11 [Announcement] : Apache LDAP API 2.1.2 Emmanuel Lecharny
2023/04/10 [ANNOUNCE] Apache Uniffle(Incubating) 0.7.0 available Junfan Zhang
2023/04/10 CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Jacques Le Roux
2023/04/10 [ANNOUNCE] Apache OFBiz 18.12.07 released Jacopo Cappellato
2023/04/10 CVE-2023-29216: Apache Linkis DatasourceManager module has a deserialization command execution Heping Wang
2023/04/10 CVE-2023-29215: Apache Linkis JDBC EngineCon has a deserialization command execution Heping Wang
2023/04/10 CVE-2023-27987: Apache Linkis gateway module token authentication bypass Heping Wang
2023/04/10 CVE-2023-27603: Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue Heping Wang
2023/04/10 CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file Heping Wang
2023/04/09 [ANNOUNCE] Apache Jackrabbit Oak 1.22.15 released Julian Reschke
2023/04/07 [ANNOUNCE] Apache NiFi 1.21.0 release. Joe Witt
2023/04/07 CVE-2023-28710: Apache Airflow Spark Provider Arbitrary File Read via JDBC Jarek Potiuk
2023/04/07 CVE-2023-28706: Apache Airflow Hive Provider Beeline Remote Command Execution Jarek Potiuk
2023/04/07 CVE-2023-28707: Airflow Apache Drill Provider Arbitrary File Read Vulnerability Jarek Potiuk
2023/04/07 [ANNOUNCEMENT] Apache HTTP Server 2.4.57 Released covener
2023/04/07 [ANNOUNCE] Apache Linkis 1.3.2 available Ling Xu
2023/04/06 [ANNOUNCE] Airflow Providers prepared on April 02, 2023 are ready Elad Kalif
2023/04/05 [ANNOUNCE] Apache Jackrabbit 2.21.16 released Julian Reschke
2023/04/04 CVE-2022-46365: Apache StreamPark (incubating): Logic error causing any account reset Huajie Wang
2023/04/04 CVE-2022-45802: Apache StreamPark (incubating): Upload any file to any directory Huajie Wang
2023/04/04 CVE-2022-45801: Apache StreamPark (incubating): LDAP Injection Vulnerability Huajie Wang
2023/04/04 [ANNOUNCE] Apache Teaclave (incubating) 0.5.0 released He Sun
2023/04/04 [ANNOUNCE] Apache Teaclave (incubating) 0.5.0 released He Sun
2023/04/04 [ANNCOUNCE] Apache Flume Spring Boot 2.0.0 released Ralph Goers
2023/04/03 [ANNOUNCE] Apache Pulsar Go Client 0.10.0 released Zike Yang
2023/04/03 [ANNOUNCE] Apache Camel 3.18.6 (LTS) Released Gregor Zurowski
2023/04/03 [ANNOUNCE] Apache IoTDB 1.1.0 released Haonan Hou
2023/04/03 [ANNOUNCE] Release Apache DolphinScheduler 3.0.5 Jay Chung
2023/04/01 [ANNOUNCE] Release Apache Hop 2.4.0 Bart Maertens
2023/04/01 [ANNOUNCE] Apache Airflow 2.5.3 Released Pierre Jeambrun
2023/04/01 [ANNOUNCEMENT] Apache XalanJ 2.7.3 Mukul Gandhi
2023/04/01 [ANNOUNCE] Apache Ranger 2.4.0 released Selvamohan Neethiraj
2023/03/31 [ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M13 released Timothy Bish
2023/03/31 [ANNOUNCEMENT] Apache Portable Runtime 1.7.3 Released rpluem
2023/03/31 CVE-2023-26269: Apache James server: Privilege escalation through unauthenticated JMX Benoit Tellier
2023/03/31 [ANNOUNCE] Apache James 3.7.4 released Benoit TELLIER
2023/03/31 [ANNOUNCE] Apache Groovy 4.0.11 Released Paul King
2023/03/31 [ANNOUNCE] Apache ShardingSphere 5.3.2 available 吴伟杰
2023/03/31 [ANNOUNCE] Apache ShardingSphere ElasticJob 3.0.3 available 吴伟杰
2023/03/31 [ANNOUNCE] Apache Groovy 3.0.17 Released Paul King
2023/03/31 [ANNOUNCE] Apache Groovy 2.5.22 Released Paul King
2023/03/30 CVE-2023-28935: Apache UIMA DUCC: DUCC (EOL) allows RCE Arnout Engelen
2023/03/29 [ANNOUNCE] Apache Camel 3.20.3 (LTS) Released Gregor Zurowski
2023/03/29 [ANNOUNCEMENT] Apache Commons Configuration 2.9.0 Gary Gregory
2023/03/29 n/a: CVE-2023-28158: Apache Archiva privilege escalation Olivier Lamy
2023/03/28 CVE-2023-28326: Apache OpenMeetings: allows user impersonation Maxim Solodovnik
2023/03/28 [ANNOUNCE] Apache DolphinScheduler SDK Python 4.0.2 Released Jay Chung
2023/03/27 [ANNOUNCE] Apache Solr 9.2.0 released Houston Putman
2023/03/27 CVE-2023-25196: Apache Fineract: SQL injection vulnerability James Dailey
2023/03/27 CVE-2023-25197: apache fineract: SQL injection vulnerability in certain procedure calls James Dailey
2023/03/27 CVE-2023-25195: Apache Fineract: SSRF template type vulnerability in certain authenticated users James Dailey
2023/03/27 CVE-2023-27296: Apache InLong: JDBC Deserialization Vulnerability in InLong Charles Zhang
2023/03/26 [ANN] Apache Causeway version 2.0.0-RC1 Released Dan Haywood
2023/03/26 [ANN] Apache ActiveMQ 5.18.0 has been released! Jean-Baptiste Onofré
2023/03/26 CVE-2022-38745: Apache OpenOffice: Empty entry in Java class path Marcus Lange
2023/03/26 CVE-2022-47502: Apache OpenOffice: Macro URL arbitrary script execution Marcus Lange
2023/03/24 [ANNOUNCE] Apache Fineract 1.8.4 Release Aleksandar Vidakovic
2023/03/24 [ANNOUNCE] Apache Fineract 1.7.3 Release Aleksandar Vidakovic
2023/03/23 [ANNOUNCE] Apache Jackrabbit Oak 1.50.0 released Julian Reschke
2023/03/23 [ANNOUNCEMENT] Apache Commons Compress 1.23.0 Gary Gregory
2023/03/22 [SECURITY] CVE-2023-28708 Apache Tomcat - Information Disclosure Mark Thomas
2023/03/21 [ANNOUNCE] Apache Arrow ADBC 0.3.0 Released David Li
2023/03/21 [ANN] Apache Archiva 2.2.10 Olivier Lamy
2023/03/20 CVE-2023-26513: Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS Radu Cotescu
2023/03/20 [ANNOUNCE] Apache Sedona 1.4.0 released Jia Yu
2023/03/16 [ANNOUNCE] Apache SystemDS 3.1.0 Released Janardhan
2023/03/16 [ANNOUNCE] Apache SystemDS 3.0.0 has been Released Janardhan
2023/03/15 [ANNOUNCE] Apache Pulsar Client Python 3.1.0 released Yunze Xu
2023/03/15 CVE-2023-25695: Information disclosure in Apache Airflow Jarek Potiuk
2023/03/15 [ANNOUNCE] Apache Airflow 2.5.2 Released Pierre Jeambrun
2023/03/14 [ANNOUNCE] Apache Calcite 1.34.0 released Stamatis Zampetakis
2023/03/12 [ANNOUNCE] Apache SkyWalking 9.4.0 released Sheng Wu
2023/03/12 [ANNOUNCE] Apache Groovy 4.0.10 Released Paul King
2023/03/12 [ANNOUNCE] Apache Groovy 3.0.16 Released Paul King
2023/03/10 [ANNOUNCE] Airflow Providers prepared on March 07, 2023 are released Elad Kalif
2023/03/10 [ANNOUNCE] Apache Jackrabbit 2.20.9 released Julian Reschke
2023/03/10 [ANNOUNCE] Apache Camel 4.0.0-M2 Released Gregor Zurowski
2023/03/10 CVE-2023-26464: Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender Arnout Engelen
2023/03/10 [ANNOUNCE] Apache APISIX 3.2.0 has been released Zexuan Luo
2023/03/10 [ANN] Apache Struts 6.1.2 Lukasz Lenart
2023/03/10 [ANNOUNCE] Apache APISIX 2.15.3 has been released Zexuan Luo
2023/03/09 [ANNOUNCE] Apache Arrow nanoarrow 0.1.0 Released Dewey Dunnington
2023/03/09 [ANNOUNCE] Apache Pulsar Adapters 2.11.0 released Christophe Bornet
2023/03/08 CVE-2023-23638: Apache Dubbo Deserialization Vulnerability Gadgets Bypass Albumen Kevin
2023/03/07 CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting Eric Covener
2023/03/07 CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy Eric Covener
2023/03/07 [ANNOUNCEMENT] Apache HTTP Server 2.4.56 Released covener
2023/03/06 [ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.3.1 released Hongtao Gao
2023/03/06 [ANNOUNCE] Airflow Providers prepared on March 03, 2023 released Elad Kalif
2023/03/06 [ANNOUNCE] Apache UIMA Java SDK JSON CAS I/O v0.5.0 released Richard Eckart de Castilho
2023/03/06 [ANN] Apache Tomcat 11.0.0-M4 (alpha) available Mark Thomas
2023/03/06 [ANNOUNCE] Apache Qpid Proton-J 0.34.1 released Robbie Gemmell
2023/03/06 [ANNOUNCE] Apache Pulsar Node.js client 1.8.1 released Baodi Shi
2023/03/05 [ANN] Apache Tomcat 10.1.7 available Christopher Schultz
2023/03/05 [ANN] Apache Tomcat 8.5.87 available Christopher Schultz
2023/03/05 [ANNOUNCE] Apache NLPCraft 1.0.0 (incubating) released Sergey Kamov
2023/03/05 Apache NLPCraft 1.0.0 (incubating) released Sergey Kamov
2023/03/03 [ANN] Apache Tomcat 9.0.73 available Rémy Maucherat
2023/03/01 [ANNOUNCE] Apache Celeborn(incubating) 0.2.0 available Ethan Feng
2023/02/28 [ANNOUNCE] Apache NetBeans 17 released Geertjan Wielenga
2023/02/27 [ANNOUNCE] Apache OpenOffice 4.1.14 released Carl Marcum
2023/02/27 [ANNOUNCE] OpenNLP 2.1.1 released Jeff Zemerick
2023/02/27 [ANNOUNCEMENT] Apache Juneau 9.0.0 Released James Bognar
2023/02/27 [ANNOUNCEMENT] Apache SkyWalking BanyanDB 0.3.1 Released Hongtao Gao
2023/02/27 Apache jUDDI is now retired Hervé Boutemy
2023/02/27 [ANN] Apache ActivveMQ "Classic" 5.17.4 has been released! Jean-Baptiste Onofré
2023/02/27 [ANN] Apache Karaf Decanter 2.10.0 has been released! Jean-Baptiste Onofré
2023/02/27 [ANNOUNCE] Apache DolphinScheduler SDK Python 4.0.1 Released Jay Chung
2023/02/24 [ANN] Apache Tomcat 10.1.6 available Christopher Schultz
2023/02/24 [ANN] Apache Tomcat 8.5.86 available Christopher Schultz
2023/02/24 [ANNOUNCE] Apache UIMA Ruta v3.3.0 released Richard Eckart de Castilho
2023/02/24 [ANNOUNCE] Apache UIMA Java SDK version 3.4.1 released Richard Eckart de Castilho
2023/02/23 CVE-2023-25956: Apache Airflow AWS Provider: Arbitrary file read via AWS provider Jarek Potiuk
2023/02/23 CVE-2023-25696: Apache Airflow Hive Provider Beeline RCE Jarek Potiuk
2023/02/23 CVE-2023-25693: Sqoop Apache Airflow Provider Remote Code Execution Vulnerability Jarek Potiuk
2023/02/23 CVE-2023-25692: Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service Jarek Potiuk
2023/02/23 Re: CVE-2023-25691: Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution Jarek Potiuk
2023/02/23 CVE-2023-25691: Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution Jarek Potiuk
2023/02/23 [ANNOUNCE] Apache HugeGraph(incubating) 1.0.0 available Imba Jin
2023/02/23 [ANN] Apache Tomcat 11.0.0-M3 (alpha) available Mark Thomas
2023/02/23 [ANN] Apache Tomcat 9.0.72 available Rémy Maucherat
2023/02/23 CVE-2023-25621: Apache Sling does not allow to handle i18n content in a secure way Carsten Ziegeler
2023/02/23 [ANNOUNCE] Apache IoTDB 0.13.4 released 刘旭鑫
2023/02/22 [ANNOUNCE] Apache Kvrocks(incubating) 2.3.0 Released Pengbo Cai
2023/02/22 [ANNOUNCE] Apache Log4j 2.20.0 released Ralph Goers
2023/02/22 [ANN] Apache ActiveMQ 5.16.6 has been released! Jean-Baptiste Onofré
2023/02/22 [ANNOUNCE] Apache IoTDB 1.0.1 released Gaofei Cao
2023/02/22 [ANNOUNCE] Airflow Providers prepared on February 18, 2023 are ready Elad Kalif
2023/02/20 [SECURITY] CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Mark Thomas
2023/02/20 [SECURITY] CVE-2023-24998 Apache Tomcat - FileUpload DoS with excessive parts Mark Thomas
2023/02/20 [SECURITY] CVE-2023-24998 Apache Commons FileUpload - DoS with excessive parts Mark Thomas