announce  

Messages by Date

• 2026/03/06 [ANNOUNCEMENT] HttpComponents Core 5.4.2 GA released Oleg Kalnichevski
• 2026/03/06 [ANN] Apache Maven 3.9.13 released Tamás Cservenák
• 2026/03/06 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 5.2.2 released David Jensen
• 2026/03/05 [ANNOUNCE] Apache Iceberg Go Release v0.5.0 Matt Topol
• 2026/03/05 [ANNOUNCE] Apache Accumulo ClassLoader Extras 1.0.0 Christopher
• 2026/03/05 [ANNOUNCE] Apache IoTDB 1.3.7 released Haonan Hou
• 2026/03/05 [ANNOUNCE] Apache IoTDB 2.0.7 released Haonan Hou
• 2026/03/04 [ANNOUNCE] Apache Airflow Providers prepared on 2026-03-03 are released Jarek Potiuk
• 2026/03/04 [ANNOUNCE] Apache Solr 10.0.0 released Anshum Gupta
• 2026/03/03 [ANNOUNCE] Apache Jackrabbit Oak 1.92.0 Julian Reschke
• 2026/03/03 CVE-2025-66168: Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated Christopher L. Shannon
• 2026/03/03 CVE-2026-27446: Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation Justin Bertram
• 2026/03/03 Apache Airflow Providers prepared on 2026-02-26 are released Jarek Potiuk
• 2026/03/02 CVE-2025-59059: Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator Velmurugan Periasamy
• 2026/03/02 CVE-2025-59060: Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient Velmurugan Periasamy
• 2026/03/02 [ANNOUNCE] Apache Artemis 2.52.0 Released Justin Bertram
• 2026/03/02 [ANNOUNCE] Apache Fluss 0.9.0-incubating released yuxia luo
• 2026/03/02 [ANNOUNCE] Apache Ranger 2.8.0 released Madhan Neethiraj
• 2026/03/01 [ANNOUNCE] Apache ShardingSphere 5.5.3 available Longtao Jiang
• 2026/02/28 [ANNOUNCE] Release Apache Kvrocks 2.15.0 hulk
• 2026/02/27 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 5.2.1 released David Jensen
• 2026/02/27 [ANNOUNCE] Apache NiFi NAR Maven Plugin 2.3.0 Released Pierre Villard
• 2026/02/26 [ANNOUNCE] Apache Arrow nanoarrow 0.8.0 Released Dewey Dunnington
• 2026/02/26 [ANNOUNCE] Apache Wayang 1.1.1 released Mads Sejer
• 2026/02/24 [ANNOUNCE] OpenNLP 3.0.0-M1 released Richard Zowalla
• 2026/02/24 [ANNOUNCE] Apache NetBeans 29 Released Eric Barboni
• 2026/02/24 CVE-2026-23984: Apache Superset: SQLLab Read-Only Bypass on PostgreSQL Daniel Gaspar
• 2026/02/24 CVE-2026-23983: Apache Superset: Sensitive Data Exposure via REST API (disabled by default) Daniel Gaspar
• 2026/02/24 CVE-2026-23982: Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass Daniel Gaspar
• 2026/02/24 CVE-2026-23980: Apache Superset: Improper Neutralization of Special Elements used in a SQL Command Daniel Gaspar
• 2026/02/24 CVE-2026-23969: Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering Daniel Gaspar
• 2026/02/23 CVE-2024-56373: Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information Jarek Potiuk
• 2026/02/23 CVE-2025-27555: Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli Jarek Potiuk
• 2026/02/23 [ANNOUNCE] Apache Pulsar Helm Chart version 4.5.0 Released Lari Hotari
• 2026/02/23 [ANN] Apache Syncope 4.1.0-M0 Francesco Chicchiriccò
• 2026/02/21 [ANNOUNCE] Apache Airflow 2.11.1 and Fab provider 1.5.4 Released Jarek Potiuk
• 2026/02/19 [ANNOUNCE] Apache Pulsar 4.1.3 released Lari Hotari
• 2026/02/19 [ANNOUNCE] Apache Pulsar 4.0.9 released Lari Hotari
• 2026/02/18 https://camel.apache.org/security/CVE-2026-23552.html: CVE-2026-23552: Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Andrea Cosentino
• 2026/02/18 https://camel.apache.org/security/CVE-2026-25747.html: CVE-2026-25747: Apache Camel: Deserialization of Untrusted Data in Camel LevelDB Andrea Cosentino
• 2026/02/17 [ANNOUNCE] Apache ActiveMQ 6.2.1 has been released! Jean-Baptiste Onofré
• 2026/02/17 [ANNOUNCE] Apache Airflow Helm Chart version 1.19.0 Released Jedidiah Cunningham
• 2026/02/17 [ANNOUNCE] Apache Camel 4.18.0 (LTS) Released Gregor Zurowski
• 2026/02/17 [SECURITY] CVE-2026-24733 Apache Tomcat - Security constraint bypass with HTTP/0.9 Mark Thomas
• 2026/02/17 [SECURITY] CVE-2026-24734 Apache Tomcat and Tomcat Native - OCSP revocation bypass Mark Thomas
• 2026/02/17 [SECURITY] CVE-2025-66614 Apache Tomcat - Client certificate verification bypass due to virtual host mapping Mark Thomas
• 2026/02/17 [ANNOUNCE] Apache Commons FileUpload 2.0.0-M5 Gary Gregory
• 2026/02/17 [ANNOUNCE] Apache Kafka 4.2.0 Christo Lolov
• 2026/02/17 [ANNOUNCE] Apache Arrow 23.0.1 released Raúl Cumplido
• 2026/02/17 CVE-2026-25087: Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering Antoine Pitrou
• 2026/02/16 CVE-2026-25903: Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates David Handermann
• 2026/02/16 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 5.2.0 released David Jensen
• 2026/02/16 [ANNOUNCE] Apache Pulsar 3.0.16 released Lari Hotari
• 2026/02/15 [ANNOUNCE] Apache Grails Spring Security 7.0.1 Mattias Reichel
• 2026/02/14 [ANNOUNCE] Apache Grails Quartz Plugin 4.0.1 James Daugherty
• 2026/02/14 [ANNOUNCE] Apache Grails Redis Plugin 5.0.1 James Daugherty
• 2026/02/14 [ANNOUNCE] Apache NiFi 2.8.0 Released Pierre Villard
• 2026/02/14 [ANNOUNCE] Apache ActiveMQ 5.19.2 has been released! Jean-Baptiste Onofré
• 2026/02/14 [ANNOUNCE] Apache Karaf runtime 4.4.10 has been released! Jean-Baptiste Onofré
• 2026/02/13 [ANNOUNCE] Apache Camel 4.14.5 (LTS) Released Gregor Zurowski
• 2026/02/13 [ANNOUNCEMENT] HttpComponents Core 5.4.1 GA released Oleg Kalnichevski
• 2026/02/13 [ANNOUNCE] Apache Artemis 2.51.0 Released Domenico Francesco Bruscino
• 2026/02/13 [ANNOUNCE] Apache Camel 4.10.9 (LTS) Released Gregor Zurowski
• 2026/02/13 [ANNOUNCE] Release Apache Hop 2.17.0 Bart Maertens
• 2026/02/12 CVE-2025-33042: Apache Avro Java SDK: Code injection on Java generated code Ryan Skraba
• 2026/02/11 [ANNOUNCE] Apache Fesod (Incubating) 2.0.1-incubating released Shuxin Pan
• 2026/02/11 [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Mark Thomas
• 2026/02/11 [ANN] End of support for Apache Tomcat Native 1.3.x Mark Thomas
• 2026/02/11 [ANN] Apache Tomcat Native 1.3.6 released Mark Thomas
• 2026/02/11 [ANN] Apache Tomcat Native 2.0.13 released Mark Thomas
• 2026/02/11 [ANN] Apache Struts IntelliJ IDEA plugin ver. 253.18970.1 Lukasz Lenart
• 2026/02/10 [ANNOUNCE] Apache Fory 0.15.0 released Shawn Yang
• 2026/02/09 [ANNOUNCE] Apache Druid 36.0.0 release Zoltan Haindrich
• 2026/02/09 CVE-2026-23906: Apache Druid: Authentication Bypass via LDAP Anonymous Bind Karan Kumar
• 2026/02/09 CVE-2026-24343: Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions Qingran Zhao
• 2026/02/09 CVE-2026-24098: Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors Ephraim Anierobi
• 2026/02/09 CVE-2026-22922: Apache Airflow: Airflow externalLogUrl Permission Bypass Ephraim Anierobi
• 2026/02/08 CVE-2026-23901: Apache Shiro: Brute force attack possible to determine valid user names Lenny Primak
• 2026/02/08 CVE-2026-23903: Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems Lenny Primak
• 2026/02/08 [ANNOUNCE] Apache ShardingSphere ElasticJob-3.0.5 available Longtao Jiang
• 2026/02/07 [ANNOUNCE] Apache Traffic Server 10.1.1 Release Chris McFarlen
• 2026/02/06 [ANNOUNCE] Apache Flink Agents 0.2.0 released Xuannan Su
• 2026/02/06 [ANNOUNCE] Apache APISIX 3.15.0 has been released Abhishek Choudhary
• 2026/02/05 [ANNOUNCE] Apache Daffodil 4.1.0 Released Steve Lawrence
• 2026/02/04 [ANNOUNCE] Apache YuniKorn v1.8.0 released Wilfred Spiegelenburg
• 2026/02/04 [ANNOUNCE] Apache Airflow 3.1.7 Released Ephraim Anierobi
• 2026/02/04 [ANN] Apache Syncope 3.0.16 Francesco Chicchiriccò
• 2026/02/04 [ANNOUNCE] Apache TomEE 10.1.4 Markus Jung
• 2026/02/04 [ANN] Apache Syncope 4.0.4 Francesco Chicchiriccò
• 2026/02/04 [ANNOUNCE] Apache Teaclave™ TrustZone SDK 0.8.0 Released Zehui Chen
• 2026/02/04 [ANNOUNCE] Apache StormCrawler 3.5.1 released Richard Zowalla
• 2026/02/04 [ANNOUNCE] Apache SIS 1.6 Release Martin Desruisseaux
• 2026/02/04 CVE-2026-24735: Apache Answer: Revision API Improper Access Control leads to Information Disclosure Enxin Xie
• 2026/02/03 [ANNOUNCE] Apache Airflow Providers prepared on 2026-01-27 are released Vincent Beck
• 2026/02/02 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 5.1.2 released David Jensen
• 2026/02/02 CVE-2026-23795: Apache Syncope: Console XXE on Keymaster parameters Francesco Chicchiriccò
• 2026/02/02 CVE-2026-23794: Apache Syncope: Reflected XSS on Enduser Login Francesco Chicchiriccò
• 2026/02/01 [ANNOUNCE] Apache Grails 7.0.7 James Fredley
• 2026/02/01 [ANNOUNCE] Apache SIS 1.6 Release Martin Desruisseaux
• 2026/01/30 [ANN] Apache Tomcat 11.0.18 Available Mark Thomas
• 2026/01/29 [ANNOUNCE] Apache Pulsar Client C++ 4.0.1 released Yunze Xu
• 2026/01/27 [ANN] Apache Tomcat 10.1.52 Available Christopher Schultz
• 2026/01/27 [ANNOUNCE] Apache MINA SSHD 2.17.1 released Thomas Wolf
• 2026/01/27 [ANNOUNCE] Apache Arrow 23.0.0 released Raúl Cumplido
• 2026/01/27 [ANNOUNCE] Apache Groovy 5.0.4 Released Paul King
• 2026/01/26 [ANNOUNCE] Apache Grails 7.0.6 James Daugherty
• 2026/01/26 [ANNOUNCE] Apache bRPC 1.16.0 released Xiaofeng
• 2026/01/26 CVE-2016-15057: Apache Continuum: Command injection leading to RCE Arnout Engelen
• 2026/01/23 https://karaf.apache.org/security/cve-2026-24656.txt: CVE-2026-24656: Apache Karaf: Decanter log-socket collector has deserialization vulnerability Jean-Baptiste Onofré
• 2026/01/23 [ANNOUNCE] Apache NiFi API 2.6.0 Released Pierre Villard
• 2026/01/23 [ANNOUNCE] Apache Artemis 2.50.0 Released Justin Bertram
• 2026/01/23 CVE-2025-27821: HDFS native client: Out of bounds write in URI parser of native HDFS client Chris Nauroth
• 2026/01/23 [ANNOUNCE] Apache Qpid JMS 2.10.0 released Robbie Gemmell
• 2026/01/23 [ANNOUNCE] Apache Qpid JMS 1.16.0 released Robbie Gemmell
• 2026/01/23 [ANN] Apache Tomcat 9.0.115 available Rémy Maucherat
• 2026/01/22 [ANNOUNCE] Apache Commons BCEL Version 6.12.0 Gary Gregory
• 2026/01/21 [ANNOUNCE] Apache MINA SSHD 2.17.0 released Thomas Wolf
• 2026/01/21 [ANNOUNCE] Apache Airflow Providers prepared on 2026-01-17 are released Jens Scheffler
• 2026/01/21 [ANNOUNCE] Apache Groovy 4.0.30 Released Paul King
• 2026/01/20 CVE-2026-22444: Apache Solr: Insufficient file-access checking in standalone core-creation requests Jason Gerlowski
• 2026/01/20 CVE-2026-22022: Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin Jason Gerlowski
• 2026/01/20 [ANNOUNCE] Apache OFBiz 24.09.05 released Nicolas Malin
• 2026/01/20 [ANNOUNCE] Apache IoTDB 2.0.6 released Haonan Hou
• 2026/01/17 [ANNOUNCE] Apache Airflow Providers prepared on 2026-01-13 are released Jens Scheffler
• 2026/01/16 [ANNOUNCE] Apache Jackrabbit 2.22.3 released Julian Reschke
• 2026/01/16 [ANNOUNCE] Apache Qpid protonj2 1.1.0 released Timothy Bish
• 2026/01/15 CVE-2025-60021: Apache bRPC: Remote command injection vulnerability in heap builtin service Guangming Chen
• 2026/01/15 CVE-2025-68675: Apache Airflow: proxy credentials for various providers might leak in task logs Ephraim Anierobi
• 2026/01/15 CVE-2025-68438: Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated Ephraim Anierobi
• 2026/01/15 [ANNOUNCE] Apache DataSketches Rust 0.2.0 Released tison
• 2026/01/13 [ANNOUNCE] Apache Airflow 3.1.6 Released Ephraim Anierobi
• 2026/01/13 CVE-2025-66169: Apache Camel: Cypher injection vulnerability in Camel-Neo4j component Andrea Cosentino
• 2026/01/13 [ANNOUNCE] Apache Flink-shaded 21.0 released Martijn Visser
• 2026/01/12 [ANNOUNCE] Apache Grails 7.0.5 James Fredley
• 2026/01/12 [ANNOUNCE] Grails Publish Gradle Plugin 0.0.4 James Fredley
• 2026/01/12 [ANNOUNCE] Apache Camel 4.17.0 Released Gregor Zurowski
• 2026/01/12 [ANN] Apache Tomcat Native 1.3.4 released Mark Thomas
• 2026/01/12 [ANN] Apache Tomcat Native 2.0.12 released Mark Thomas
• 2026/01/11 S2-069: CVE-2025-68493: Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component Lukasz Lenart
• 2026/01/10 [ANNOUNCE] Apache Camel 4.14.4 (LTS) Released Gregor Zurowski
• 2026/01/10 [ANNOUNCE] Apache Kudu 1.18.1 Released Abhishek Chennaka
• 2026/01/09 [ANNOUNCE] Apache Fineract 1.14.0 Release Adam Monsen
• 2026/01/08 [ANNOUNCE] Apache IoTDB 1.3.6 released Haonan Hou
• 2026/01/08 [ANNOUNCE] Apache Jackrabbit Oak 1.90.0 released Jörg Hoh
• 2026/01/08 CVE-2025-62235: Apache NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing Szymon Janc
• 2026/01/08 CVE-2025-53477: Apache NimBLE: NULL Pointer Dereference in NimBLE host HCI layer Szymon Janc
• 2026/01/08 CVE-2025-53470: Apache NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver Szymon Janc
• 2026/01/08 CVE-2025-52435: Apache NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller Szymon Janc
• 2026/01/05 CVE-2025-68280: Apache SIS: XML External Entity (XXE) vulnerability Martin Desruisseaux
• 2026/01/05 [ANNOUNCE] Apache Fory 0.14.1 released Shawn Yang
• 2026/01/04 CVE-2025-66518: Apache Kyuubi: Unauthorized directory access due to missing path normalization Akira Ajisaka
• 2026/01/02 [ANNOUNCE] Apache Airflow Providers prepared on 2025-12-30 are released Shahar Epstein
• 2026/01/02 Apache Commons Pool 2.13.1 Gary Gregory
• 2026/01/02 [ANNOUNCE] Apache Kyuubi v1.10.3 is available Akira Ajisaka
• 2026/01/01 [ANNOUNCE] Apache Camel 4.14.3 (LTS) Released Gregor Zurowski
• 2025/12/31 [ANNOUNCE] Apache Kyuubi v1.11.0 is available Cheng Pan
• 2025/12/31 [ANNOUNCE] Apache EventMesh 1.12.0 available mikexue
• 2025/12/31 [ANNOUNCE] Apache TsFile 2.2.0 released Haonan Hou
• 2025/12/31 CVE-2025-48769: Apache NuttX RTOS: fs/vfs/fs_rename: use after free Tomasz Cedro
• 2025/12/31 CVE-2025-48768: Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal Tomasz Cedro
• 2025/12/30 [ANNOUNCE] Apache Pulsar Node.js client 1.16.0 released Baodi Shi
• 2025/12/29 CVE-2025-47411: Apache StreamPipes: Leverage of User ID for Privilege Escalation Philipp Zehnder
• 2025/12/29 [ANNOUNCE] Apache CloudStack Kubernetes Provider v1.2.0 Vishesh
• 2025/12/29 [ANNOUNCE] Apache Gravitino 1.1.0 is available Qi Yu
• 2025/12/27 CVE-2025-68637: : Insecure SSL Configuration in Uniffle HTTP Client roryqi
• 2025/12/25 [ANNOUNCE] Apache TsFile 1.1.3 released Haonan Hou
• 2025/12/22 [ANNOUNCEMENT] HttpComponents Client 5.6 GA Released Oleg Kalnichevski
• 2025/12/22 [ANNOUNCEMENT] HttpComponents Client 5.5.2 GA Released Oleg Kalnichevski
• 2025/12/21 [ANNOUNCE] Apache Pekko Persistence JDBC 1.2.0 released PJ Fanning
• 2025/12/19 [ANNOUNCE] Apache Mynewt 1.14.0 and Apache Mynewt NimBLE 1.9.0 released Szymon Janc
• 2025/12/19 [ANNOUNCE] Apache NiFi 2.7.2 Released David Handermann
• 2025/12/18 CVE-2025-66524: Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor David Handermann
• 2025/12/18 CVE-2025-68161: Apache Log4j Core: Missing TLS hostname verification in Socket appender Piotr Karwasz
• 2025/12/18 [ANNOUNCEMENT] HttpComponents Core 5.4 GA released Oleg Kalnichevski
• 2025/12/16 [ANN] Apache Maven 3.9.12 released Slawomir Jaranowski
• 2025/12/16 [ANNOUNCEMENT] Commons Daemon 1.5.1 Released Mark Thomas
• 2025/12/16 [ANNOUNCE] Apache Commons DBCP 2.14.0 Gary Gregory
• 2025/12/15 [ANNOUNCE] Apache StreamPipes 0.98.0 Philipp Zehnder
• 2025/12/15 [ANNOUNCE] Apache Pekko Management 1.2.0 released PJ Fanning
• 2025/12/15 CVE-2025-67895: Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2 Jarek Potiuk
• 2025/12/14 [ANNOUNCE] Apache TomEE 10.1.3 Richard Zowalla
• 2025/12/13 [ANNOUNCE] Apache log4cxx 1.6.0 released Stephen Webb
• 2025/12/13 [ANNOUNCE] Apache Airflow Providers prepared on 2025-12-09 are released Jarek Potiuk
• 2025/12/13 [ANNOUNCE] Apache Camel 4.10.8 (LTS) Released Gregor Zurowski
• 2025/12/13 [ANNOUNCE] Apache HBase Operator Tools 1.3.0 is now available for download Duo Zhang
• 2025/12/13 [ANNOUNCE] Apache Qpid Broker-J 10.0.1 released Tomas Vavricka
• 2025/12/13 [ANNOUNCE] Apache NiFi 2.7.1 Released David Handermann
• 2025/12/13 [ANNOUNCE] Apache Airflow 3.1.5 Released Ephraim Anierobi
• 2025/12/12 [ANNOUNCE] Apache Pekko (Core) 1.4.0 released PJ Fanning
• 2025/12/12 CVE-2025-54947: Apache StreamPark: Use hard-coded key vulnerability Huajie Wang
• 2025/12/12 [ANNOUNCE] Apache Pulsar Client C++ 4.0.0 released Yunze Xu
• 2025/12/12 CVE-2025-26866: Apache HugeGraph-Server: RAFT and deserialization vulnerability VGalaxies
• 2025/12/12 CVE-2025-65995: Apache Airflow: Disclosure of secrets to UI via kwargs Ephraim Anierobi
• 2025/12/12 CVE-2025-66388: Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI Ephraim Anierobi
• 2025/12/11 CVE-2025-58137: Apache Fineract: IDOR via self-service API Adam Monsen
• 2025/12/11 CVE-2025-58130: Apache Fineract: Server Key not masked Adam Monsen
• 2025/12/11 CVE-2025-23408: Apache Fineract: weak password policy Adam Monsen
• 2025/12/11 [ANNOUNCE] Apache OpenNLP 2.5.7 released Richard Zowalla
• 2025/12/11 [ANNOUNCE] Apache Jackrabbit 2.23.3-beta released Julian Reschke
• 2025/12/10 [ANNOUNCE] Apache Airflow 3.1.4 Released Ephraim Anierobi

• Earlier messages