announce

Messages by Thread

[ANNOUNCE] Apache Celeborn(incubating) 0.3.0 available zhongqiang chen
[ANNOUNCE] Apache Calcite 1.35.0 released Xiong Duan
[ANNOUNCE] Apache Pekko (Incubating) 1.0.1 available PJ Fanning
CVE-2023-38647: Apache Helix: Deserialization vulnerability in Helix workflow and REST Junkai Xue
CVE-2023-38435: Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webconsole plugin Carsten Ziegeler
CVE-2023-37895: Apache Jackrabbit RMI access can lead to RCE Julian Reschke
CVE-2023-35088: Apache InLong: SQL injection in audit endpoint Charles Zhang
CVE-2023-34434: Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param Charles Zhang
[ANNOUNCE] Release Apache InLong 1.8.0 Verne Deng
CVE-2023-34189: Apache InLong: General user can delete and update process Charles Zhang
[ANNOUNCE] Apache Jackrabbit Oak 1.54.0 released Julian Reschke
CVE-2023-34478: Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests. Brian Demers
[ANNOUNCE] Apache Jackrabbit 2.20.11 released Julian Reschke
[ANNOUNCE] Apache Kafka 3.5.1 Divij Vaidya
[ANNOUNCE] Apache Jackrabbit 2.21.18 released Julian Reschke
[ANNOUNCE] Apache APISIX 3.2.2 has been released Xin Rong
[ANNOUNCE] Apache Solr 9.3.0 released Houston Putman
[ANNOUNCE] Apache Solr Operator v0.7.1 released Houston Putman
[ANNOUNCE] Apache APISIX 3.4.1 has been released Xin Rong
[ANNOUNCE][CVE-2023-34478] Apache Shiro 1.12.0 released fpapon
[ANNOUNCE] Apache Airflow Providers prepared on July 17, 2023 are released Elad Kalif
[ANNOUNCE] Apache Shiro 1.12.0 released fpapon
[ANNOUNCE] Release Apache OpenDAL(incubating) 0.38.1 cai lue
[ANNOUNCE] Apache Commons FileUpload 2.0.0-M1 Gary Gregory
[ANNOUNCE] Apache Jackrabbit FileVault 3.7.0 released Konrad Windszus
[ANNOUNCE] Apache SkyWalking Kubernetes 4.5.0 is available kezhenxu94
CVE-2023-28754: ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent Weijie Wu
[ANNOUNCE] Apache ShardingSphere on Cloud 0.3.0 available Liyao Miao
[ANNOUNCE] Apache Jackrabbit Oak 1.22.16 released Julian Reschke
[ANNOUNCE] Airflow Providers prepared on July 12, 2023 are released Elad Kalif
CVE-2023-26512: Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data Xue Weiming
[ANN] Apache Causeway 2.0.0-RC2 released. Dan Haywood
[ANNOUNCE] Apache PDFBox 3.0.0-beta1 released Andreas Lehmkühler
[ANNOUNCE] Apache Pekko (Incubating) 1.0.0 available PJ Fanning
CVE-2023-37415: Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user Elad Kalif
CVE-2023-37582: Apache RocketMQ: Possible remote code execution when using the update configuration function Rongtong Jin
CVE-2023-32200: Apache Jena: Exposure of execution in script engine expressions. Andy Seaborne
[ANNOUNCE] Apache JMeter 5.6.2 released Milamber
[ANNOUNCE] Apache Avro 1.11.2 released Ryan Skraba
CVE-2023-37579: Apache Pulsar Function Worker: Incorrect Authorization for Function Worker Can Leak Sink/Source Credentials Dave Fisher
CVE-2023-31007: Apache Pulsar: Broker does not always disconnect client when authentication data expires Dave Fisher
CVE-2023-30429: Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy Dave Fisher
CVE-2023-22888: Apache Airflow: Scheduler remote DoS Ephraim Anierobi
CVE-2023-30428: Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer Dave Fisher
CVE-2023-36543: Apache Airflow: ReDoS via dags function Ephraim Anierobi
CVE-2022-46651: Apache Airflow: Security vulnerability on AirFlow Connections Ephraim Anierobi
CVE-2023-22887: Apache Airflow path traversal by authenticated user Ephraim Anierobi
CVE-2023-35908: Apache Airflow: Access to DAGs without relevant permission Ephraim Anierobi
[ANNOUNCE] Release Apache Kvrocks 2.5.0 Colin Chamber
[ANN] Apache Tomcat 11.0.0-M9 (alpha) available Mark Thomas
[ANNOUNCE] Apache Airflow 2.6.3 Released Ephraim Anierobi
[ANN] Apache Tomcat 8.5.91 available Christopher Schultz
[ANN] Apache Tomcat 10.1.11 available Christopher Schultz
[ANNOUNCE] Airflow Providers prepared on July 09, 2023 are released Elad Kalif
[ANN] Apache Tomcat 9.0.78 available Rémy Maucherat
[ANNOUNCE] Apache JMeter 5.6.1 released Milamber
CVE-2022-45855: Apache Ambari: Allows authenticated metrics consumers to perform RCE Brahma Reddy Battula
CVE-2022-42009: Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application. Brahma Reddy Battula
[ANN] Apache Syncope 3.0.4 Francesco Chicchiriccò
[ANNOUNCE] Apache Pulsar Go Client 0.11.0 released Zike Yang
[ANNOUNCE] Apache Pulsar Node.js client 1.9.0 released Baodi Shi
[ANN] Apache Struts 6.2.0 Lukasz Lenart
[ANNOUNCE] Apache Uniffle (Incubating) 0.7.1 available Jiafu Zhang
[ANNOUNCE] Airflow Providers prepared on July 06, 2023 are released Elad Kalif
[ANNOUNCE] Apache DataFu-Spark 1.8.0 Released Eyal Allweil
CVE-2023-35887: Apache MINA SSHD: Information disclosure bugs with RootedFilesystem Guillaume Nodet
[ANNOUNCE] Apache EventMesh 1.9.0 available mikexue
CVE-2023-34150: Apache Any23: Possible excessive allocation of resources reading input. Arnout Engelen
[ANNOUNCE] Apache Camel 4.0.0-RC1 Released Gregor Zurowski
[ANNOUNCE] Apache APISIX 3.4.0 has been released Xin Rong
[ANN] Apache ActiveMQ 5.17.5 has been released! Jean-Baptiste Onofré
[ANNOUNCEMENT] Apache SkyWalking BanyanDB 0.4.0 Released Hongtao Gao
[ANN] Apache ActiveMQ 5.18.2 has been released! Jean-Baptiste Onofré
CVE-2023-35797: Apache Airflow Hive Provider Beeline RCE with Principal Elad Kalif
[ANNOUNCE] Apache PDFBox 2.0.29 released Andreas Lehmkühler
Apache OODT is now retired Hervé Boutemy
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M16 released Timothy Bish
[ANNOUNCE] Apache Qpid JMS 2.4.0 released Robbie Gemmell
Re: failure notice Xin Rong
[ANNOUNCE] Apache Camel 3.21.0 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Groovy 3.0.18 Released Paul King
[ANNOUNCE] Apache flink-connector-jdbc 3.1.1 released Martijn Visser
[ANNOUNCE] Apache Groovy 4.0.13 Released Paul King
[ANNOUNCE] Apache Airflow Helm Chart version 1.10.0 Released Jedidiah Cunningham
Fwd: [ANNOUNCE] Apache Hadoop 3.3.6 release Ayush Saxena
[ANNOUNCE] Apache Daffodil 3.5.0 Released Steve Lawrence
CVE-2023-35798: Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability Elad Kalif
CVE-2023-22886: Apache Airflow JDBC Provider: RCE Vulnerability Elad Kalif
CVE-2023-34395: Apache Airflow ODBC Provider: Remote code execution vulnerability Elad Kalif
[ANNOUNCE] Apache Lucene 9.7.0 released Adrien Grand
Fwd: [ANNOUNCE] Apache Sedona 1.4.1 released Jia Yu
[ANNOUNCEMENT] Apache SkyWalking CLI 0.12.0 Released han liu
[ANNOUNCEMENT] Apache SkyWalking Rover 0.5.0 Released han liu
[ANNOUNCEMENT] Apache SkyWalking Satellite 1.2.0 Released han liu
[ANNOUNCE] Apache Arrow nanoarrow 0.2.0 Released Dewey Dunnington
[ANNOUNCE] Apache JMeter 5.6 released Milamber
[ANNOUNCE] Airflow Providers prepared on June 20, 2023 are released Elad Kalif
CVE-2023-31469: Apache StreamPipes: Privilege escalation through non-admin user Dominik Riemer
[ANNOUNCE] Apache StreamPipes 0.92.0 Philipp Zehnder
[ANNOUNCE] Apache Log4j 3.0.0-alpha1 released Ralph Goers
[ANNOUNCE] Apache Commons Codec 1.16.0 Gary Gregory
[SECURITY] CVE-2023-34981 Apache Tomcat - Information disclosure Mark Thomas
CVE-2023-34340: Apache Accumulo: Accumulo 2.1.0 may incorrectly validate cached credentials Christopher Tubbs
[ANNOUNCE] Apache Accumulo 2.1.1 Christopher
[ANNOUNCE] Apache Arrow ADBC 0.5.0 released David Li
[ANNOUNCE] Apache Camel 3.20.6 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Camel 3.14.9 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache NiFi NAR Maven Plugin 1.5.1 release Nandor Soma Abonyi
[ANNOUNCE] Apache SkyWalking 9.5.0 released Sheng Wu
CVE-2023-35005: Apache Airflow: Information disclosure on configuration view Elad Kalif
[ANNOUNCE] Apache Arrow 12.0.1 released Raúl Cumplido
[ANNOUNCE] Apache Wicket 10.0.0-M1 released Andrea Del Bene
[ANNOUNCE] Apache Airflow 2.6.2 Released Elad Kalif
[ANNOUNCE] Apache Camel 3.18.8 (LTS) Released Gregor Zurowski
[ANNOUNCE] Release Apache Hop 2.5.0 Bart Maertens
[ANNOUNCE] Apache YuniKorn v1.3.0 released Wilfred Spiegelenburg
[ANNOUNCE] Apache Kafka 3.5.0 Mickael Maison
[ANNOUNCE] Apache IoTDB 1.1.1 released Haonan Hou
- [ANNOUNCE] Apache IoTDB 1.1.1 released Haonan Hou
S2-064: CVE-2023-34396: Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms Yasser Zamani
S2-063: CVE-2023-34149: Apache Struts: DoS via OOM owing to not properly checking of list bounds Yasser Zamani
[ANN] Apache Struts 6.1.2.1 Lukasz Lenart
[ANN] Apache Struts 2.5.31 Lukasz Lenart
[ANN] Apache TomEE 9.1.0 Richard Zowalla
[ANN] Apache Tomcat 10.1.10 available Christopher Schultz
[ANN] Apache Tomcat 8.5.90 available Christopher Schultz
[ANNOUNCE] Apache Traffic Server 9.2.1 and 8.1.7 are Released Bryan Call
- [ANNOUNCE] Apache Traffic Server 9.2.1 and 8.1.7 are Released Bryan Call
CVE-2023-34468: Apache NiFi: Potential Code Injection with Database Services using H2 David Handermann
CVE-2023-34212: Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components David Handermann
[ANNOUNCE] MyFaces Core v4.0.1 Release Volodymyr Siedlecki
[ANNOUNCE] Apache NiFi 1.22.0 release. Joe Witt
[ANNOUNCE] Apache Commons 2.13.0 Gary Gregory
[ANN] Apache Tomcat 9.0.76 available Rémy Maucherat
[ANN] Apache Maven Build Cache extension 1.0.1 Olivier Lamy
[ANNOUNCE] Apache HBase 3.0.0-alpha-4 is now available for download Duo Zhang
[ANN] Apache Tomcat 11.0.0-M7 (alpha) available Mark Thomas
[ANNOUNCE] Apache Kafka 3.4.1 Luke Chen
[SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Michael Jumper
[SECURITY] CVE-2023-30575: Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths Michael Jumper
[ANNOUNCE] Apache Qpid Proton 0.39.0 released Robbie Gemmell
[ANNOUNCE] Apache Pulsar Client Python 3.2.0 released Yunze Xu
[ANNOUNCE] Apache MINA 2.2.2, 2.1.7 and 2.0.24 released Emmanuel Lecharny
[ANNOUNCEMENT] Apache SkyWalking Go 0.1.0 Released han liu
[ANN] Apache Tomcat Native 1.2.37 released Mark Thomas
[ANN] Apache Tomcat Native 2.0.4 released Mark Thomas
[ANNOUNCE] Apache OFBiz 18.12.08 released Jacopo Cappellato
[ANNOUNCE] Apache Serf 1.3.10 released Evgeny Kotkov
[ANNOUNCE] ATS 10 Hackathon 6/8/23 Bryan Call
[ANNOUNCE] Release Apache DolphinScheduler 3.0.6 Jay Chung
[ANNOUNCE] Apache Camel 3.14.8 (LTS) Released Gregor Zurowski
CVE-2023-30601: Apache Cassandra: Privilege escalation when enabling FQL/Audit logs Marcus Eriksson
[ANNOUNCE] Apache Wicket 9.14.0 released Andrea Del Bene
[ANNOUNCE] Airflow Providers prepared on May 24, 2023 are released Elad Kalif
[ANNOUNCE] Apache Guacamole 1.5.2 released Michael Jumper
CVE-2023-33234: Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration Elad Kalif
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M9 released Timothy Bish
[ANNOUNCE] Apache Camel 3.20.5 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Camel 3.18.7 (LTS) Released Gregor Zurowski
CVE-2022-46907: Apache JSPWiki Cross-site scripting on several plugins Juan Pablo Santos Rodríguez
[ANNOUNCE] Apache JSPWiki 2.12.0 released Juan Pablo Santos Rodríguez
CVE-2023-33246: Apache RocketMQ: RocketMQ may have a remote code execution vulnerability when using the update configuration function Rongtong Jin
[ANNOUNCE] Airflow Providers prepared on May 19, 2023 are released Elad Kalif
[ANNOUNCE] Apache Qpid JMS 2.3.0 released Robbie Gemmell
[ANNOUNCE] Apache Qpid JMS 1.9.0 released Robbie Gemmell
[SECURITY] CVE-2023-28709 Apache Tomcat - Fix for CVE-2023-24998 was incomplete Mark Thomas
[ANNOUNCE] Apache Kyuubi Shaded released 0.1.0 Cheng Pan
CVE-2023-31454: Apache InLong: IDOR make users can bind any cluster Charles Zhang
CVE-2023-31453: Apache InLong: IDOR make users can delete others' subscription Charles Zhang
CVE-2023-31206: Apache InLong: Attackers can change the immutable name and type of nodes Charles Zhang
CVE-2023-31103: Apache InLong: Attackers can change the immutable name and type of cluster Charles Zhang
CVE-2023-31101: Apache InLong: Users who joined later can see the data of deleted users Charles Zhang
CVE-2023-31098: Apache InLong: Weak Password Implementation in InLong Charles Zhang
CVE-2023-31066: Apache InLong: Insecure direct object references for inlong sources Charles Zhang
CVE-2023-31065: Apache InLong: Insufficient Session Expiration in InLong Charles Zhang
CVE-2023-31064: Apache InLong: Insecurity direct object references cancelling applications Charles Zhang
CVE-2023-31062: Apache InLong: Privilege escalation vulnerability for InLong Charles Zhang
CVE-2023-31058: Apache InLong: JDBC URL bypassing by adding blanks Charles Zhang
[ANN] Apache Tomcat 8.5.89 available Christopher Schultz
[ANNOUNCE] Apache XBean 4.23 release fpapon
[ANNOUNCE] Apache Jackrabbit 2.16.x deprecated Julian Reschke
[ANNOUNCEMENT] Apache Commons IO 2.12.0 Gary Gregory
[ANNOUNCE] Apache SDAP (incubating) 1.1.0 Released Nga Chung
[ANNOUNCE] Apache Airflow 2.6.1 Released Ephraim Anierobi
[ANNOUNCE] Apache Pulsar Client C++ 3.2.0 released Yunze Xu
[ANN] Apache TomEE 8.0.15 Richard Zowalla
[ANNOUNCE] Apache Jackrabbit 1.52.0 released Julian Reschke
[ANNOUNCE] Apache Beam 2.47.0 Released Jack McCluskey
[ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M8 released Timothy Bish
[ANNOUNCE] Apache Arrow ADBC 0.4.0 released David Li
[ANNOUNCE] Apache Tika 2.8.0 released Tim Allison
CVE-2022-47937: Multiple parsing problems in the Apache Sling Commons JSON module Robert Munteanu
[ANNOUNCEMENT] Commons Daemon 1.3.4 Released Mark Thomas
CVE-2023-29246: Apache OpenMeetings: allows null-byte Injection Maxim Solodovnik
CVE-2023-29032: Apache OpenMeetings: allows bypass authentication Maxim Solodovnik
CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash Maxim Solodovnik
[ANNOUNCE] Apache OpenMeetings 7.1.0 is released Maxim Solodovnik
[ANN] Apache Tomcat 9.0.75 available Rémy Maucherat
[ANNOUNCE] Apache flink-connector-gcp-pubsub v3.0.1 released Martijn Visser
[ANNOUNCE] Apache flink-connector-elasticsearch v3.0.1 released Martijn Visser