announce

Messages by Date

2025/04/12 [ANNOUNCE] Apache Commons IO 2.19.0 Gary Gregory
2025/04/11 CVE-2025-32896: Apache SeaTunnel: Unauthenticated insecure access Hailin Wang
2025/04/11 CVE-2025-24859: Apache Roller: Insufficient Session Expiration on Password Change David M. Johnson
2025/04/11 [ANNOUNCE] Apache Commons Text 1.13.1 Gary Gregory
2025/04/10 [ANN] Apache Tomcat 11.0.6 Available Mark Thomas
2025/04/10 [ANNOUNCE] Apache Lucene 10.2.0 released Ignacio Vera
2025/04/09 [ANN] Apache Tomcat 9.0.104 available Rémy Maucherat
2025/04/09 [ANNOUNCE] Apache Geronimo XBean 4.27 released Francois Papon
2025/04/09 CVE-2025-27391: Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log Domenico Francesco Bruscino
2025/04/09 [ANNOUNCE] Apache Airflow Providers prepared on April 06, 2025 are released Elad Kalif
2025/04/09 [ANNOUNCE] Apache Pulsar 3.3.6 released Lari Hotari
2025/04/09 [ANNOUNCE] Apache Pulsar 4.0.4 released Lari Hotari
2025/04/09 [ANNOUNCE] Apache Pulsar 3.0.11 released Lari Hotari
2025/04/09 CVE-2025-30677: Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors Lari Hotari
2025/04/08 [ANN] Apache Causeway version 3.3.0 Released Dan Haywood
2025/04/08 CVE-2025-31672: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names PJ Fanning
2025/04/07 [ANNOUNCE] Apache Jackrabbit Oak 1.78.0 released Julian Reschke
2025/04/07 [ANNOUNCE] Apache OFBiz 24.09.01 released Nicolas Malin
2025/04/07 [ANNOUNCE] Apache POI 5.4.1 release PJ Fanning
2025/04/05 Apache Cocoon is now retired Hervé Boutemy
2025/04/05 [ANN] Apache OpenJPA 4.1.0 Francesco Chicchiriccò
2025/04/05 [ANNOUNCE] Apache Commons CSV 1.14.0 Gary Gregory
2025/04/05 CVE-2025-30474: Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message Gary D. Gregory
2025/04/04 CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Elad Kalif
2025/04/04 Apache Oozie is now retired Hervé Boutemy
2025/04/03 Apache Pivot is now retired Hervé Boutemy
2025/04/03 Apache Beam 2.64.0 Released! XQ Hu
2025/04/03 [ANNOUNCE] Apache Camel 4.11.0 Released Gregor Zurowski
2025/04/03 [ANNOUNCE] Release Apache SkyWalking Client JS version 1.0.0 xue fan
2025/04/02 [ANNOUNCE] Apache Traffic Server 10.0.5 Release Chris McFarlen
2025/04/02 [ANNOUNCE] Apache Airflow Helm Chart version 1.16.0 Released Jedidiah Cunningham
2025/04/01 [ANNOUNCE] Apache OFBiz 18.12.19 released Nicolas Malin
2025/04/01 CVE-2025-30676: Apache OFBiz: Stored XSS Vulnerability Jacques Le Roux
2025/04/01 [ANNOUNCE] Apache Camel 4.8.6 (LTS) Released Gregor Zurowski
2025/04/01 CVE-2025-30177: Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering Andrea Cosentino
2025/03/31 CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. Enxin Xie
2025/03/31 CVE-2025-30065: Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata Gang Wu
2025/03/31 CVE-2025-27427: Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission Justin Bertram
2025/03/31 [ANNOUNCE] Apache Airflow Providers prepared on March 26, 2025 are released Elad Kalif
2025/03/31 [ANNOUNCE] Apache Camel 4.10.3 (LTS) Released Gregor Zurowski
2025/03/28 [ANNOUNCE] Apache Jackrabbit Filevault 3.8.4 released Julian Reschke
2025/03/27 [ANN] Apache TomEE 10.0.1 Richard Zowalla
2025/03/27 [ANNOUNCEMENT] HttpComponents Client 5.4.3 GA Released Oleg Kalnichevski
2025/03/27 [ANNOUNCE] Apache Jackrabbit Oak 1.22.22 released Julian Reschke
2025/03/26 CVE-2025-30067: Apache Kylin: The remote code execution via jdbc url Li Yang
2025/03/26 CVE-2024-48944: Apache Kylin: SSRF vulnerability in the diagnosis api Li Yang
2025/03/26 [ANNOUNCE] Apache Iceberg Go Release v0.2.0 Matt Topol
2025/03/25 [ANNOUNCE] Apache Solr Operator v0.9.1 released Jason Gerlowski
2025/03/24 [ANNOUNCE] release of Apache VCL 2.5.2 Josh Thompson
2025/03/24 CVE-2024-53678: Apache VCL: SQL injection vulnerability in New Block Allocation form Josh Thompson
2025/03/24 CVE-2024-53679: Apache VCL: XSS vulnerability in User Lookup impacting user privileges Josh Thompson
2025/03/24 [ANNOUNCE] Apache Answer v1.4.5 available Luffy
2025/03/24 [ANNOUNCE] Apache StormCrawler (Incubating) 3.3.0 released Tim Allison
2025/03/23 CVE-2025-27553: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT Gary D. Gregory
2025/03/22 [ANN] Apache ActiveMQ Classic 5.17.7 has been released! Jean-Baptiste Onofré
2025/03/22 [ANN] Apache ActiveMQ Classic 5.18.7 has been released! Jean-Baptiste Onofré
2025/03/22 [ANN] Apache ActiveMQ Classic 5.16.8 has been released! Jean-Baptiste Onofré
2025/03/21 CVE-2025-26796: Apache Oozie: XSS in Oozie Web Console Arnout Engelen
2025/03/20 [ANNOUNCEMENT] HttpComponents Core 5.3.4 GA released Oleg Kalnichevski
2025/03/19 CVE-2025-27888: Apache Druid: Server-Side Request Forgery and Cross-Site Scripting Adarsh Sanjeev
2025/03/19 CVE-2024-54016: compression bomb attack in Apache Seata Server Min Ji
2025/03/19 CVE-2024-47552: Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server Min Ji
2025/03/19 CVE-2025-27018: Apache Airflow MySQL Provider: SQL injection in MySQL provider core function Elad Kalif
2025/03/18 [ANNOUNCE] Apache YuniKorn v1.6.2 released Wilfred Spiegelenburg
2025/03/18 [ANNOUNCE] Apache Kafka 4.0.0 David Jacot
2025/03/18 [ANNOUNCE] Apache CouchDB 3.4.3 released Jan Lehnardt
2025/03/16 [ANNOUNCE] Apache Arrow Go v18.2.0 Released Matt Topol
2025/03/16 [ANNOUNCE] Apache BVal 3.0.2 Markus Jung
2025/03/16 [ANNOUNCE] Apache Calcite 1.39.0 released Stamatis Zampetakis
2025/03/15 [ANNOUNCE] Apache James JSPF 1.0.5 released Rene Cordier
2025/03/15 [ANNOUNCE] Apache Geronimo Java Mail 2.1_1.0.1 Francois Papon
2025/03/15 [ANN] Apache Maven Daemon 2.0.0-rc-3 released Guillaume Nodet
2025/03/14 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.2.1 released David Jensen
2025/03/14 [ANNOUNCE] Apache Pulsar Helm Chart version 4.0.0 Released Lari Hotari
2025/03/14 [ANN] Apache Maven 4.0.0-rc-3 released Guillaume Nodet
2025/03/13 [ANNOUNCE] Apache Airflow Providers prepared on March 09, 2025 are released Elad Kalif
2025/03/13 [ANNOUNCE] Apache James JDKIM 0.4 released Rene Cordier
2025/03/12 FELIX-6753: CVE-2025-27867: Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin Carsten Ziegeler
2025/03/12 CVE-2025-29891: Apache Camel: Camel Message Header Injection through request parameters Andrea Cosentino
2025/03/12 [ANNOUNCE] Apache Pulsar Node.js client 1.13.1 released Baodi Shi
2025/03/12 [ANNOUNCE] Apache Solr 9.8.1 released Houston Putman
2025/03/11 [ANN] Apache Syncope 4.0.0-M1 Francesco Chicchiriccò
2025/03/11 [SECURITY] CVE-2025-24813 Potential RCE and/or information disclosure and/or information corruption with partial PUT Mark Thomas
2025/03/11 [ANN] Apache Syncope 3.0.11 Francesco Chicchiriccò
2025/03/11 [ANN] Apache ActiveMQ Classic 5.19.0 has been released! Jean-Baptiste Onofré
2025/03/11 CVE-2025-27017: Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record Pierre Villard
2025/03/11 [ANNOUNCE] Apache NiFi 2.3.0 Released Pierre Villard
2025/03/10 [ANN] Apache ActiveMQ Classic 6.1.6 has been released! Jean-Baptiste Onofré
2025/03/09 Fwd: Announcing Fineract Release 1.11.0 James Dailey
2025/03/09 [ANNOUNCE] Apache Camel 3.22.4 (LTS) Released Gregor Zurowski
2025/03/09 [ANNOUNCE] Apache Camel 4.10.2 (LTS) Released Gregor Zurowski
2025/03/09 CVE-2025-27636: Apache Camel: Camel Message Header Injection via Improper Filtering Andrea Cosentino
2025/03/08 [ANNOUNCE] Apache Pulsar Client Python 3.6.1 released Yunze Xu
2025/03/08 [ANNOUNCE] Apache Camel 4.8.5 (LTS) Released Gregor Zurowski
2025/03/07 CVE-2025-26865: Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE Jacques Le Roux
2025/03/07 [ANNOUNCE] Apache OFBiz 18.12.18 released Jacopo Cappellato
2025/03/07 [ANNOUNCE] Apache Pekko Projection 1.1.0 released PJ Fanning
2025/03/06 [ANNOUNCE] Apache Arrow ADBC 17 Released David Li
2025/03/06 [ANNOUNCE] Apache Curator 5.8.0 released tison
2025/03/06 [ANN] Apache Tomcat 9.0.102 available Rémy Maucherat
2025/03/06 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.2.0 released David Jensen
2025/03/05 [ANNOUNCE] Apache Traffic Server 10.0.4 Release Chris McFarlen
2025/03/05 [ANN] Apache Struts 6.7.4 Lukasz Lenart
2025/03/05 [ANNOUNCE] Apache Calcite Avatica Go 5.4.0 released Francis Chuang
2025/03/05 [ANNOUNCE] Apache Pulsar Node.js client 1.13.0 released Baodi Shi
2025/03/04 [ANNOUNCE] Apache Camel 4.10.1 (LTS) Released Gregor Zurowski
2025/03/04 [ANNOUNCE] Apache Camel 4.8.4 (LTS) Released Gregor Zurowski
2025/03/04 [ANNOUNCE] Apache Impala 4.5.0 release Peter Rozsa
2025/03/03 [ANNOUNCEMENT] Apache CloudStack 4.19.2.0 release Daan Hoogland
2025/03/03 CVE-2024-55532: Apache Ranger: Improper Neutralization of Formula Elements in a CSV File Velmurugan Periasamy
2025/03/03 CVE-2024-24778: Apache StreamPipes: Resources Permission Escalation Philipp Zehnder
2025/03/03 [ANN] Apache Struts 7.0.3 Lukasz Lenart
2025/03/01 [ANNOUNCE] Apache log4cxx 1.4.0 released Stephen Webb
2025/02/28 [ANNOUNCE] Apache Gluten (Incubating) 1.2.0 available WeitingChen
2025/02/28 [ANNOUNCE] Apache Qpid Broker-J 9.2.1 released Tomas Vavricka
2025/02/28 [ANNOUNCE] Apache Gluten (Incubating) 1.3.0 available WeitingChen
2025/02/27 [ANNOUNCE] Apache Pulsar 3.3.5 released Lari Hotari
2025/02/27 [ANNOUNCE] Apache Doris 3.0.4 release ChenMingyu
2025/02/27 [ANNOUNCE] Apache Groovy 4.0.26 Released Paul King
2025/02/27 [ANNOUNCE] Apache Pulsar 4.0.3 released Lari Hotari
2025/02/27 [ANNOUNCE]] Apache Groovy 3.0.24 Released Paul King
2025/02/27 [ANNOUNCE] Apache Pulsar 3.0.10 released Lari Hotari
2025/02/27 [ANNOUNCE] Apache Gluten (Incubating) 1.2.1 available WeitingChen
2025/02/27 CVE-2025-27531: Apache InLong: An arbitrary file read vulnerability for JDBC Charles Zhang
2025/02/26 [ANNOUNCE] Release Apache Hop 2.12.0 Bart Maertens
2025/02/26 [ANNOUNCE] Apache Airflow Providers prepared on February 21, 2025 are released Elad Kalif
2025/02/25 [ANNOUNCE] Apache MINA SSHD 2.15.0 released Guillaume Nodet
2025/02/25 [ANNOUNCE] Apache Ignite 3.0 released Pavel Tupitsyn
2025/02/24 [ANNOUNCEMENT] Apache SkyWalking Satellite 1.3.0 Released han liu
2025/02/24 [ANNOUNCE] Apache Calcite Avatica 1.26.0 Released Francis Chuang
2025/02/22 [ANNOUNCE] Apache HBase 2.6.2 is now available for download Duo Zhang
2025/02/21 [ANNOUNCE] Apache NetBeans 25 Released Eric Barboni
2025/02/20 [ANNOUNCE] Apache Arrow Java 18.2.0 released Jean-Baptiste Onofré
2025/02/19 [ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M11 released Timothy Bish
2025/02/19 [ANNOUNCE] Apache Qpid protonj2 1.0.0-M23 released Timothy Bish
2025/02/19 [ANNOUNCE] Apache Arrow 19.0.1 released Bryce Mecum
2025/02/19 [ANNOUNCE] Apache Flink 1.19.2 released Alexander Fedulov
2025/02/19 [ANNOUNCE] Apache Flink 1.20.1 released Alexander Fedulov
2025/02/19 [ANNOUNCE] Apache Qpid JMS 2.7.0 released Robbie Gemmell
2025/02/19 [ANNOUNCE] Apache Qpid JMS 1.13.0 released Robbie Gemmell
2025/02/19 Apache StreamPipes 0.97.0 Philipp Zehnder
2025/02/19 [ANN] Apache Apache Maven Clean Plugin 3.4.1 Released Slawomir Jaranowski
2025/02/17 [ANNOUNCEMENT] HttpComponents Client 5.5 alpha1 Released Oleg Kalnichevski
2025/02/17 [ANNOUNCE] Apache Pekko (Core) 1.2.0-M1 released PJ Fanning
2025/02/17 [ANN] Apache Tomcat 9.0.100 available Rémy Maucherat
2025/02/17 [ANNOUNCE] Apache Ranger 2.6.0 released Madhan Neethiraj
2025/02/17 [ANNOUNCE] Apache IoTDB 2.0.1-beta released Haonan Hou
2025/02/17 [ANNOUNCE] Apache IoTDB 2.0.1-beta released Haonan Hou
2025/02/17 [ANN] Apache Tomcat 11.0.4 Available Mark Thomas
2025/02/14 [ANNOUNCE] Apache Commons VFS Project 2.10.0 Gary Gregory
2025/02/14 Apache WSS4J 4.0.0 released Colm O hEigeartaigh
2025/02/14 [ANNOUNCE] Apache Ignite 2.17.0 Released Nikita Amelchev
2025/02/14 CVE-2024-56180: Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution Xue Weiming
2025/02/13 CVE-2024-52577: Apache Ignite: Possible RCE when deserializing incoming messages by the server node Nikita Amelchev
2025/02/13 [ANNOUNCE] Apache Commons BeanUtils 1.10.1 Gary Gregory
2025/02/13 [ANNOUNCE] Apache Jackrabbit Oak 1.76.0 released Julian Reschke
2025/02/12 CVE-2024-46910: Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user Madhan Neethiraj
2025/02/12 [ANNOUNCE] Apache ManifoldCF SDK 1.0.2 released Piergiorgio Lucidi
2025/02/12 CVE-2024-32838: Apache Fineract: SQL injection vulnerabilities in offices API endpoint Arnout Engelen
2025/02/11 [ANNOUNCE] Apache flink-connector-hive 3.0.0 released Sergey Nuyanzin
2025/02/11 CVE-2025-26467: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) Paulo Motta
2025/02/11 [ANNOUNCE] Apache Camel 4.10.0 (LTS) Released Gregor Zurowski
2025/02/10 [ANNOUNCE] Apache Hudi 1.0.1 released Sivabalan
2025/02/10 Re: CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Paulo Motta
2025/02/10 [ANN] Apache Tomcat 11.0.3 Available Mark Thomas
2025/02/10 [ANN] Apache Tomcat 9.0.99 available Rémy Maucherat
2025/02/10 [ANNOUNCE] Apache Airflow 2.10.5 Released Utkarsh Sharma
2025/02/10 [ANNOUNCE] Apache TsFile 2.0.1 released Haonan Hou
2025/02/09 FELIX-6751: CVE-2025-25247: Apache Felix Webconsole: XSS in services console Carsten Ziegeler
2025/02/09 [ANNOUNCE] Apache Airflow Providers prepared on February 04, 2025 Jarek Potiuk
2025/02/09 [ANNOUNCE] Apache Zeppelin 0.12.0 available Jongyoul Lee
2025/02/08 [ANNOUNCE] Apache Commons Logging 1.3.5 Gary Gregory
2025/02/07 CVE-2025-25069: Apache Kvrocks: Cross-Protocol Scripting Vulnerability Mingyang Liu
2025/02/07 [ANNOUNCE] Release Apache OpenDAL v0.51.2 tison
2025/02/06 [ANNOUNCE] Apache Tika 2.9.3 released Tim Allison
2025/02/05 [ANNOUNCE] Apache NiFi MiNiFi C++ 0.99.1 release Marton Szasz
2025/02/05 [ANNOUNCE] Apache James 3.7.6 released Benoit TELLIER
2025/02/05 [ANNOUNCE] Apache James 3.8.2 released Benoit TELLIER
2025/02/05 CVE-2024-45626: Apache James: denial of service through JMAP HTML to text conversion Benoit Tellier
2025/02/05 CVE-2024-37358: Apache James: denial of service through the use of IMAP literals Benoit Tellier
2025/02/05 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.1.0 released David Jensen
2025/02/04 CVE-2024-48019: Apache Doris: allows admin users to read arbitrary files through the REST API Mingyu Chen
2025/02/03 CVE-2025-24860: Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Paulo Motta
2025/02/03 CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Paulo Motta
2025/02/03 CVE-2024-27137: Apache Cassandra: unrestricted deserialization of JMX authentication credentials Paulo Motta
2025/02/03 [ANNOUNCEMENT] HttpComponents Client 5.4.2 GA Released Oleg Kalnichevski
2025/02/03 [ANNOUNCE] Apache YuniKorn v1.6.1 released Wilfred Spiegelenburg
2025/02/02 [ANNOUNCE] Apache FtpServer 1.2.1 released Emmanuel Lecharny
2025/02/01 [ANNOUNCE] Apache Tika 3.1.0 released Tim Allison
2025/02/01 [ANNOUNCE] Apache Pulsar Helm Chart version 3.9.0 Released Lari Hotari
2025/02/01 [ANNOUNCE] Apache Wicket 8.17.0 released Andrea Del Bene
2025/02/01 [ANNOUNCE] Apache Traffic Server 10.0.3 Release Chris McFarlen
2025/01/30 [ANNOUNCE] Apache jclouds 2.7.0 released Andrew Gaul
2025/01/29 [ANNOUNCEMENT] HttpComponents Core 5.3.3 GA released Oleg Kalnichevski
2025/01/29 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 4.0.0 released David Jensen
2025/01/28 CVE-2024-29869: Apache Hive: Credentials file created with non restrictive permissions Ayush Saxena
2025/01/28 [ANNOUNCE] Apache Commons Codec 1.18.0 Gary Gregory
2025/01/28 [ANNOUNCE] Apache Commons Pool 2.12.1 Gary Gregory
2025/01/27 CVE-2024-23953: Apache Hive: Timing Attack Against Signature in LLAP util Ayush Saxena
2025/01/27 [ANNOUNCE] Apache NiFi 2.2.0 Released Pierre Villard

Earlier messages