announce  

Messages by Thread

• [ANNOUNCE] Apache flink-connector-parent 1.1.0 released Etienne Chauchot
• [ANNOUNCE] Apache Shiro 2.0.0 release fpapon
  • [ANNOUNCE] Apache Shiro 2.0.0 release fpapon
• CVE-2024-27906: Apache Airflow: Dag Code and Import Error Permissions Ignored Ephraim Anierobi
• [ANNOUNCE] fpapon
• CVE-2024-25065: Apache OFBiz: Path traversal allowing authentication bypass. Jacques Le Roux
• [ANNOUNCE] Apache OFBiz 18.12.12 released Jacopo Cappellato
• CVE-2024-25128: Apache Airlfow Vulnerability: custom, long deprecated OpenID (NOT OIDC) Jarek Potiuk
• CVE-2024-26016: Apache Superset: Improper authorization validation on dashboards and charts import Daniel Gaspar
• CVE-2024-24779: Apache Superset: Improper data authorization when creating a new dataset Daniel Gaspar
• CVE-2024-24772: Apache Superset: Improper Neutralisation of custom SQL on embedded context Daniel Gaspar
• CVE-2024-24773: Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Daniel Gaspar
• CVE-2024-27315: Apache Superset: Improper error handling on alerts Daniel Gaspar
• [ANNOUNCE] Apache Pekko 1.0.3-M1 released Arnout Engelen
• [ANNOUNCE] Apache Kafka 3.7.0 Stanislav Kozlovski
• CVE-2023-50380: Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server Brahma Reddy Battula
• CVE-2024-21742: Apache James Mime4J: Mime4J DOM header injection Benoit Tellier
• [ANNOUNCE] Apache Pulsar Helm Chart version 3.3.0 Released Lari Hotari
• CVE-2023-51747: SMTP smuggling in Apache James Benoit Tellier
• CVE-2024-27905: Apache Aurora: padding oracle can allow construction an authentication cookie Arnout Engelen
• [ANNOUNCE] Apache Airflow Providers prepared on February 23, 2024 are released Elad Kalif
• CVE-2023-50379: Apache Ambari: authenticated users could perform command injection to perform RCE Brahma Reddy Battula
• [ANNOUNCE] Apache Commons BCEL 3.8.2 Gary Gregory
• [ANNOUNCE] Apache Jackrabbit 2.21.25 released Julian Reschke
• CVE-2023-51518: Apache James server: Privilege escalation via JMX pre-authentication deserialisation Benoit Tellier
• [ANNOUNCE] Apache Airflow 2.8.2 Released Ephraim Anierobi
• [ANNOUNCE] Apache James MIME4J 0.8.10 released Benoit TELLIER
• [ANNOUNCE] Apache James 3.8.1 released Benoit TELLIER
• [ANNOUNCE] Apache James 3.7.5 released Benoit TELLIER
• CVE-2024-23320: Apache DolphinScheduler: Arbitrary js execution as root for authenticated users Jiajie Zhong
• [ANNOUNCE] Apache Arrow ADBC 0.10.0 released David Li
• CVE-2024-26578: Apache Answer: Repeated submission at registration created duplicate users with the same name Enxin Xie
• CVE-2024-22393: Apache Answer: Pixel Flood Attack by uploading the large pixel file Enxin Xie
• [ANNOUNCE] Apache NetBeans 21 released Geertjan Wielenga
• CVE-2024-23349: Apache Answer: XSS vulnerability when submitting summary Enxin Xie
• [ANNOUNCE] Apache Log4j 3.0.0-beta2 released Piotr P. Karwasz
• [ANNOUNCE] Apache Log4j 2.23.0 released Piotr P. Karwasz
• [ANNOUNCE] Apache Kyuubi 1.8.1 is available Cheng Pan
• [ANNOUNCE] Apache Accumulo Access 1.0.0-beta release Dominic Garguilo
• CVE-2024-25141: Apache Airflow Mongo Provider: Certificate validation isn't respected even if SSL is enabled for apache-airflow-providers-mongo Elad Kalif
• [ANNOUNCE] Apache Airflow Providers prepared on February 19, 2024 are released Elad Kalif
• [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.3 Chris Bono
• [ANNOUNCE] Apache Lucene 9.10.0 released Adrien Grand
• [ANNOUNCE] Apache PLC4X 0.12.0 released Christofer Dutz
• CVE-2023-49109: Remote Code Execution in Apache Dolphinscheduler Jiajie Zhong
• CVE-2023-50270: Apache DolphinScheduler: Session do not expire after password change Jiajie Zhong
• CVE-2023-51770: Apache DolphinScheduler: Arbitrary File Read Vulnerability Jiajie Zhong
• CVE-2023-49250: Apache DolphinScheduler: Insecure TLS TrustManager used in HttpUtil Jiajie Zhong
• [ANNOUNCE] Apache TsFile 1.0.0 released Haonan Hou
• [ANNOUNCE] Release Apache SeaTunnel 2.3.4 Yao Zhou
• [ANN] Apache Tomcat 8.5.99 Available Christopher Schultz
• https://camel.apache.org/security/CVE-2024-23114.html: CVE-2024-23114: Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository Andrea Cosentino
• https://camel.apache.org/security/CVE-2024-22369.html: CVE-2024-22369: Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository Andrea Cosentino
• [ANN] Apache Tomcat 9.0.86 available Rémy Maucherat
• [ANNOUNCE] Apache Commons Compress 1.26.0 Gary Gregory
• CVE-2024-26308: Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file Gary D. Gregory
• CVE-2024-25710: Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file Gary D. Gregory
• [ANNOUNCE] Apache Airflow Providers prepared on February 17, 2024 are released Elad Kalif
• [ANNOUNCE] Apache Camel 4.4.0 (LTS) Released Gregor Zurowski
• CVE-2024-23807: Apache Xerces C++: Use-after-free on external DTD scan Arnout Engelen
• [ANNOUNCE] Apache Airflow Providers prepared on February 12, 2024 are released Elad Kalif
• Apache Giraph is now retired Hervé Boutemy
• [ANNOUNCE] Beam 2.54.0 Released Robert Burke
• CVE-2023-50292: Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users Houston Putman
• Apache MXNet is now retired Hervé Boutemy
• [ANNOUNCEMENT] HttpComponents Core 5.3-alpha2 released Oleg Kalnichevski
• CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104) Daniel Gaspar
• [ANN] Apache Tomcat Native 1.3.0 released Mark Thomas
• [ANN] Apache Tomcat Native 2.0.7 released Mark Thomas
• [ANNOUNCE] Apache Solr 9.5.0 released Jason Gerlowski
• [ANNOUNCE] Apache Arrow nanoarrow 0.4.0 Released Dewey Dunnington
• [ANNOUNCE] Apache Qpid Broker-J 9.2.0 released Tomas Vavricka
• [ANNOUNCE] Apache Commons Codec 1.16.1 Gary Gregory
• CVE-2023-50291: Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords Houston Putman
• CVE-2023-50298: Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions Houston Putman
• CVE-2023-50386: Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets Houston Putman
• [ANNOUNCE] Apache Pekko (Incubating) HTTP 1.0.1 available PJ Fanning
• [ANNOUNCE] Apache Solr 8.11.3 released Houston Putman
• [ANNOUNCE] Apache Lucene 8.11.3 released Houston Putman
• [ANNOUNCE] Apache Jackrabbit 2.21.23 released Julian Reschke
• [ANNOUNCE] Apache UIMA Ruta v3.4.1 released Richard Eckart de Castilho
• CVE-2024-23452: Apache bRPC: HTTP request smuggling vulnerability Wang Weibing
• CVE-2023-39196: Apache Ozone: Missing mutual TLS authentication in one of the service internal Ozone Storage Container Manager endpoints István Fajth
• [ANNOUNCE] Apache flink-connector-kafka v3.1.0 released Martijn Visser
• CVE-2023-51437: Apache Pulsar: Timing attack in SASL token signature verification Michael Marshall
• [ANNOUNCE] Apache Pulsar Node.js client 1.10.0 released Baodi Shi
• [ANNOUNCE] Apache Celeborn(incubating) 0.4.0 available Fu Chen
• [ANNOUNCE] Apache Fineract 1.9.0 Release Aleksandar Vidakovic
• [Announcement] : Apache LDAP API 2.1.6 Emmanuel Lecharny
• CVE-2024-23673: Apache Sling Servlets Resolver: Malicious code execution via path traversal Carsten Ziegeler
• [ANNOUNCE] Apache bRPC 1.8.0 released Weibing Wang
• [ANNOUNCE] OpenNLP 2.3.2 released Richard Zowalla
• [ANNOUNCE] Apache Airflow Providers prepared on January 30, 2024 are released Elad Kalif
• [ANNOUNCE] Apache Storm 2.6.1 Released Richard Zowalla
• [ANNOUNCE] Apache Camel 4.0.4 (LTS) Release Gregor Zurowski
• [ANNOUNCE] MyFaces Core v4.0.2 Release Volodymyr Siedlecki
• CVE-2023-44312: Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server liubao
• CVE-2023-44313: Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API liubao
  • CVE-2023-44313: Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API liubao
• [ANNOUNCE] Release Apache Traffic Control 8.0.0 R S
• [ANNOUNCE] Apache Geronimo Arthur 1.0.8 release fpapon
  • [ANNOUNCE] Apache Geronimo Arthur 1.0.8 release fpapon
• [ANNOUNCE] Apache Camel 3.22.1 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache Camel 3.21.4 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache NiFi 2.0.0-M2 Released David Handermann
• [ANNOUNCE] MyFaces Core v4.1.0-RC1 Release Volodymyr Siedlecki
• [ANNOUNCE] Apache Lucene 9.9.2 released Chris Hegarty
• CVE-2023-29055: Apache Kylin: Insufficiently protected credentials in config file Li Yang
• [ANNOUNCE] Apache Pulsar Go Client 0.12.0 released Zike Yang
• [ANNOUNCE] Apache Creadur RAT 0.16.1 released P. Ottlinger
• [ANNOUNCE] Apache Airflow Providers prepared on January 26, 2024 are released Jarek Potiuk
• [ANNOUNCE] Apache Pekko (Incubating) Connectors 1.0.2 available PJ Fanning
• [ANNOUNCE] Apache Pulsar Helm Chart version 3.2.0 Released Lari Hotari
• [ANNOUNCEMENT] HttpComponents Client 5.3.1 GA Released Oleg Kalnichevski
• CVE-2023-50944: Apache Airflow: Bypass permission verification to read code of other dags Ephraim Anierobi
• CVE-2023-50943: Apache Airflow: Potential pickle deserialization vulnerability in XComs Ephraim Anierobi
• CVE-2023-51702: Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service Ephraim Anierobi
• CVE-2023-49657: Apache Superset: Stored XSS in Dashboard Title and Chart Title Daniel Gaspar
• [ANNOUNCE] Apache Arrow 15.0.0 released Raúl Cumplido
• [ANNOUNCE] Release Apache OpenDAL 0.44.2 Manjusaka
• [ANNOUNCE] Apache UIMA Ruta v3.4.0 released Richard Eckart de Castilho
• [ANNOUNCE] Apache Airflow 2.8.1 Released Ephraim Anierobi
• [ANNOUNCE] Apache Groovy 5.0.0-alpha-5 Released Paul King
• [ANNOUNCE] Apache HBase 3.0.0-beta-1 is now available for download Duo Zhang
• [SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure Mark Thomas
  • Re: [SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure Mark Thomas
• [ANNOUNCE] Apache Directory SCIMple 1.0.0-M1 released Brian Demers
• [ANNOUNCE] Apache Groovy 4.0.18 Released Paul King
• [ANNOUNCE] Apache Solr 9.4.1 released David Smiley
• [ANN] Apache Maven 4.0.0-alpha-12 released Guillaume Nodet
• [ANNOUNCE] Apache MINA SSHD 2.12.0 released Guillaume Nodet
• [ANNOUNCE] Apache Sedona 1.5.1 released Jia Yu
• [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.2 Chris Bono
• [ANNOUNCE] Apache APISIX 3.8.0 has been released Xin Rong
• CVE-2023-46226: Apache IoTDB: Remote Code Execution (RCE) risk via the UDF Haonan Hou
• [ANNOUNCE] Apache Commons BCEL 6.8.1 Gary Gregory
• [ANNOUNCE] Apache Qpid protonj2 1.0.0-M19 Timothy Bish
• CVE-2023-50290: Apache Solr: Host environment variables are published via the Metrics API Houston Putman
• CVE-2023-46749: Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Brian Demers
• [ANN] Apache Cocoon 2.1 and 3.0 retired Cédric Damioli
• [ANNOUNCE] Apache Jackrabbit 2.20.14 released Julian Reschke
• [ANN] Apache Karaf OSGi Runtime 4.4.5 has been released! Jean-Baptiste Onofré
• [ANNOUNCE] Apache Airflow Providers prepared on January 07, 2024 are released Elad Kalif
• CVE-2023-49619: Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions. Enxin Xie
• [ANN] Apache Tomcat 9.0.85 available Rémy Maucherat
• [ANN] Apache Tomcat 11.0.0-M16 (alpha) available Mark Thomas
• Apache Tomcat 8.5.98 Available Christopher Schultz
• Apache Tomcat 10.1.18 Available Christopher Schultz
• [ANNOUNCE] Apache Pekko (Incubating) gRPC 1.0.2 available PJ Fanning
• [ANNOUNCE] Apache Creadur RAT 0.16 released P. Ottlinger
• [ANNOUNCE] Apache Arrow ADBC 0.9.0 released David Li
• [ANNOUNCE] Apache Curator 5.6.0 released tison
• [ANNOUNCE] Apache JMeter 5.6.3 released Milamber
• [ANNOUNCE] Apache Commons Exec Version 1.4.0 Gary Gregory
• [ANNOUNCE] Beam 2.53.0 Released Jack McCluskey
• CVE-2023-51441: Apache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP API Arnout Engelen
• Fwd: [ANNOUNCE] Apache Hudi 0.14.1 released Sivabalan
• [ANNOUNCE] Apache Pulsar 3.1.2 released houxiaoyu
• [ANN] Apache Causeway version 2.0.0-RC4 Released Dan Haywood
• [ANNOUNCE] Apache Pulsar 2.11.3 released Baodi Shi
• [ANNOUNCE] Apache Pulsar Client Python 3.4.0 released Zike Yang
• CVE-2023-51785: Apache InLong: Arbitrary File Read Vulnerability in Apache InLong Manager Charles Zhang
• CVE-2023-51784: Apache InLong: Remote Code Execution vulnerability in Apache InLong Manager Charles Zhang
• [ANNOUNCE] Apache Airflow Providers prepared on December 31, 2023 are released Jarek Potiuk
• [ANNOUNCE] Apache IoTDB 1.3.0 released Haonan Hou
• [ANNOUNCE] Log4cxx 1.2.0 Released Robert Middleton
• [ANNOUNCE] Apache Airflow Providers prepared on 28th December 2023 are releasedcccccbctlvggtjkkvhgtgdefghndgvtufdrhvndclclj Jarek Potiuk
• [ANNOUNCE] Release Apache OpenDAL(incubating) 0.44.0 Liuqing Yue
• [ANNOUNCEMENT] HttpComponents Client 5.4-alpha1 Released Oleg Kalnichevski
• [ANNOUNCE] Apache Subversion 1.14.3 released hartmannathan
• CVE-2023-49299: Apache DolphinScheduler: Arbitrary js execute as root for authenticated users Jiajie Zhong
• CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat Arrigo Marchiori
• CVE-2012-5639: Apache OpenOffice: Loading internal / external resources without warning Arrigo Marchiori
  • CVE-2012-5639: Apache OpenOffice: Loading internal / external resources without warning Marcus
• CVE-2023-47804: Apache OpenOffice: Macro URL arbitrary script execution Arrigo Marchiori
  • CVE-2023-47804: Apache OpenOffice: Macro URL arbitrary script execution Marcus
• CVE-2023-1183: Apache OpenOffice: Arbitrary file write in Apache OpenOffice Base Arrigo Marchiori
  • CVE-2023-1183: Apache OpenOffice: Arbitrary file write in Apache OpenOffice Base Marcus
• [ANNOUNCE] Apache Pekko (Incubating) Persistence R2DBC 1.0.0 available PJ Fanning
• [ANNOUNCE] Apache Commons FileUpload 2.0.0-M2 Gary Gregory
• [ANN] Apache Iceberg 1.4.3 release Jean-Baptiste Onofré
• [ANNOUNCE] Apache Airflow Providers prepared on 23rd December 2023 are released Jarek Potiuk
• [ANNOUNCE] Apache Linkis 1.5.0 available 郭飞
• [ANNOUNCE] Apache Camel 3.22.0 (LTS) Released Gregor Zurowski
• [ANNOUNCE] Apache Ignite 2.16.0 Released Nikita Amelchev
• [ANNOUNCEMENT] HttpComponents Core 5.3-alpha1 released Oleg Kalnichevski
• CVE-2023-51467: Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability Deepak Dixit
• CVE-2023-50968: Apache OFBiz: Arbitrary file properties reading and SSRF attack Nicolas Malin
• [ANN] Apache Syncope 3.0.6 Francesco Chicchiriccò
• [ANNOUNCE] Apache OpenMeetings 7.2.0 is released Maxim Solodovnik
• [ANNOUNCE] Apache Airflow Python Client 2.8.0 Released Ephraim Anierobi
• [ANNOUNCE] Apache Groovy 3.0.20 Released Paul King
• [ANNOUNCE] Release Apache Groovy 5.0.0-alpha-4 Paul King
• [ANNOUNCE] Release Apache InLong 1.10.0 Verne Deng
• [ANNOUNCE] Apache Groovy 4.0.17 Released Paul King
• [ANNOUNCE] Apache OFBiz 18.12.11 released Jacopo Cappellato
• CVE-2023-51656: Apache IoTDB: Unsafe deserialize map in Sync Tool Haonan Hou
• [ANNOUNCE] Apache Arrow 14.0.2 released Raúl Cumplido
• [ANNOUNCE] Apache Pulsar Helm Chart version 3.1.0 Released Lari Hotari
• CVE-2023-49920: Apache Airflow: Missing CSRF protection on DAG/trigger Ephraim Anierobi

• Earlier messages
• Later messages