announce

Messages by Thread

CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash Maxim Solodovnik
[ANNOUNCE] Apache OpenMeetings 7.1.0 is released Maxim Solodovnik
[ANN] Apache Tomcat 9.0.75 available Rémy Maucherat
[ANNOUNCE] Apache flink-connector-gcp-pubsub v3.0.1 released Martijn Visser
[ANNOUNCE] Apache flink-connector-elasticsearch v3.0.1 released Martijn Visser
[ANNOUNCE] Apache flink-connector-pulsar v4.0.0 released Martijn Visser
[ANNOUNCE] Apache flink-connector-rabbitmq v3.0.1 released Martijn Visser
[ANNOUNCE] Apache flink-connector-opensearch v1.0.1 released Martijn Visser
[ANNOUNCE] Apache flink-shaded v17.0 released Martijn Visser
[ANNOUNCE] Apache Jackrabbit Oak 1.8.x deprecated Julian Reschke
[ANNOUNCE] Apache Lucene 9.6.0 released Alan Woodward
[ANN] Apache Tomcat 11.0.0-M6 (alpha) available Mark Thomas
[ANNOUNCE] Apache Jackrabbit 2.20.10 released Julian Reschke
[ANN] Apache Syncope 2.1.14 Francesco Chicchiriccò
[ANN] Apache Syncope 3.0.3 Francesco Chicchiriccò
CVE-2023-25754: Apache Airflow: Privilege escalation using airflow logs Jarek Potiuk
[ANNOUNCE] Apache Arrow 12.0.0 released Raúl Cumplido
[ANNOUNCE] Apache Groovy 4.0.12 Released Paul King
CVE-2023-31039: Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution Wang Weibing
CVE-2023-31038: Apache Log4cxx: SQL injection when using ODBC appender Robert Middleton
CVE-2023-29247: Stored XSS on Apache Airflow Pierre Jeambrun
[ANNOUNCE] Log4cxx 1.1.0 Released Robert Middleton
[ANNOUNCE] Apache Kvrocks(incubating) 2.4.0 Released hulk
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M15 released Timothy Bish
[ANNOUNCE] Apache Dubbo 3.0.x End-Of-Life (EOL) Announcement Albumen Kevin
[ANNOUNCE] Apache Dubbo 2.7.x End-Of-Life (EOL) Announcement Albumen Kevin
[ANNOUNCE] Apache Camel 4.0.0-M3 Released Gregor Zurowski
[ANNOUNCE] Apache Ignite 2.15.0 Released Aleksey Plekhanov
CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled Ramesh Mani
CVE-2022-45048: Apache Ranger: code execution vulnerability in policy expressions Madhan Neethiraj
[ANNOUNCE] Apache Pulsar 3.0.0 released Zike Yang
[ANNOUNCE] Apache Wicket 8.15.0 released Andrea Del Bene
CVE-2023-26268: Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes Nick Vatamaniuc
CVE-2023-32007: Apache Spark: Shell command injection via Spark UI Arnout Engelen
[ANNOUNCE] Apache BookKeeper 4.16.1 released Hang Chen
[ANNOUNCE] Apache BookKeeper 4.16.0 released Hang Chen
[ANNOUNCE] Apache Solr 9.2.1 released Justin Sweeney
[ANNOUNCE] Apache Airflow 2.6.0 Released Ephraim Anierobi
[ANNOUNCE] Apache Drill 1.21.1 Released James Turton
[ANNOUNCEMENT] Apache SkyWalking Python 1.0.1 Released Yihao Chen
- [ANNOUNCEMENT] Apache SkyWalking Python 1.0.1 Released Yihao Chen
[ANNOUNCE] Apache Accumulo 1.10.3 Christopher
[ANNOUNCE] Apache Curator 5.5.0 released Kezhu Wang
- [ANNOUNCE] Apache Curator 5.5.0 released Kezhu Wang
[ANNOUNCE] Apache bRPC 1.5.0 released Xiguo Hu
[ANNOUNCE] Apache Camel 3.20.4 (LTS) Released Gregor Zurowski
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.3.0 Christophe Bornet
[ANNOUNCE] Apache Empire-db 3.1.0 released doebele
[ANNOUNCE] Apache CouchDB 3.3.2 released Jan Lehnardt
[ANNOUNCE] Apache CouchDB 3.2.3 released Jan Lehnardt
[ANNOUNCE] Apache Hudi 0.12.3 released Sivabalan
[ANNOUNCE] Airflow Providers prepared on April 21, 2023 are released Elad Kalif
[ANNOUNCE] Apache Solr Operator v0.7.0 released Houston Putman
CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions. Andy Seaborne
CVE-2023-30776: Apache Superset: Database connection password leak Daniel Gaspar
CVE-2023-27524: Apache Superset: Session validation vulnerability when using provided default SECRET_KEY Daniel Gaspar
[ANNOUNCE] Apache Geronimo Arthur 1.0.6 fpapon
CVE-2023-25601: Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication Arnout Engelen
[ANNOUNCE] Apache Pulsar 2.10.4 released Xiangying Meng
[ANNOUNCE] Apache Pulsar Node.js client 1.8.2 released Baodi Shi
[ANNOUNCE] Apache Pulsar 2.11.1 released guo jiwei
[ANN] Apache Tomcat 10.1.8 available Christopher Schultz
[ANN] Apache Tomcat 8.5.88 available Christopher Schultz
[ANN] Apache Tomcat 11.0.0-M5 (alpha) available Mark Thomas
[ANNOUNCE] Release Apache SkyWalking Client JS version 0.10.0 xue fan
[ANNOUNCE] Apache NiFi MiNiFi C++ 0.14.0 release Gábor Gyimesi
[ANNOUNCE] Apache Wicket 9.13.0 released Andrea Del Bene
[ANN] Apache Tomcat 9.0.74 available Rémy Maucherat
CVE-2023-27525: Apache Superset: Incorrect default permissions for Gamma role Daniel Gaspar
CVE-2023-25504: Apache Superset: Possible SSRF on import datasets Daniel Gaspar
[ANNOUNCE] Apache StreamPipes 0.91.0 Tim Bossenmaier
CVE-2023-24831: Apache IoTDB grafana-connector Login Bypass Vulnerability Jialin Qiao
CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench Jialin Qiao
CVE-2023-22946: Apache Spark proxy-user privilege escalation from malicious configuration class Sean R. Owen
The Apache Software Foundation (ASF) welcomes 46 new Members Brian Proffitt
[ANN] Apache ActiveMQ 5.18.1 has been released! Jean-Baptiste Onofré
[ANNOUNCE] Apache Guacamole 1.5.1 Michael Jumper
[ANNOUNCE] Apache Airflow Helm Chart version 1.9.0 Released Jedidiah Cunningham
[ANNOUNCE] Apache DolphinScheduler Python SDK 4.0.3 Released Jay Chung
[ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M14 released Timothy Bish
[ANNOUNCE] Airflow Providers prepared on April 12, 2023 are released Elad Kalif
[ANNOUNCE] Apache PDFBox 2.0.28 released Andreas Lehmkuehler
[ANNOUNCE] Apache SkyWalking Java Agent 8.15.0 released Sheng Wu
[ANNOUNCE] Airflow Providers prepared on April 09, 2023 are released Elad Kalif
CVE-2022-45064: Apache Sling Engine: Include-based XSS Angela Schreiber
CVE-2023-30465: Apache InLong: SQL injection in apache inLong 1.5.0 Charles Zhang
- CVE-2023-30465: Apache InLong: SQL injection in apache inLong 1.5.0 Charles Zhang
[ANNOUNCE] Apache Impala 4.1.2 release Quanlong Huang
[Announcement] : Apache LDAP API 2.1.2 Emmanuel Lecharny
[ANNOUNCE] Apache Uniffle(Incubating) 0.7.0 available Junfan Zhang
CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Jacques Le Roux
[ANNOUNCE] Apache OFBiz 18.12.07 released Jacopo Cappellato
CVE-2023-29216: Apache Linkis DatasourceManager module has a deserialization command execution Heping Wang
CVE-2023-29215: Apache Linkis JDBC EngineCon has a deserialization command execution Heping Wang
CVE-2023-27987: Apache Linkis gateway module token authentication bypass Heping Wang
CVE-2023-27603: Apache Linkis Mangaer module engineConn material upload exists Zip Slip issue Heping Wang
CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file Heping Wang
[ANNOUNCE] Apache Jackrabbit Oak 1.22.15 released Julian Reschke
[ANNOUNCE] Apache NiFi 1.21.0 release. Joe Witt
CVE-2023-28710: Apache Airflow Spark Provider Arbitrary File Read via JDBC Jarek Potiuk
CVE-2023-28706: Apache Airflow Hive Provider Beeline Remote Command Execution Jarek Potiuk
CVE-2023-28707: Airflow Apache Drill Provider Arbitrary File Read Vulnerability Jarek Potiuk
[ANNOUNCEMENT] Apache HTTP Server 2.4.57 Released covener
[ANNOUNCE] Apache Linkis 1.3.2 available Ling Xu
[ANNOUNCE] Airflow Providers prepared on April 02, 2023 are ready Elad Kalif
[ANNOUNCE] Apache Jackrabbit 2.21.16 released Julian Reschke
CVE-2022-46365: Apache StreamPark (incubating): Logic error causing any account reset Huajie Wang
CVE-2022-45802: Apache StreamPark (incubating): Upload any file to any directory Huajie Wang
CVE-2022-45801: Apache StreamPark (incubating): LDAP Injection Vulnerability Huajie Wang
[ANNOUNCE] Apache Teaclave (incubating) 0.5.0 released He Sun
- [ANNOUNCE] Apache Teaclave (incubating) 0.5.0 released He Sun
[ANNCOUNCE] Apache Flume Spring Boot 2.0.0 released Ralph Goers
[ANNOUNCE] Apache Pulsar Go Client 0.10.0 released Zike Yang
[ANNOUNCE] Apache Camel 3.18.6 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache IoTDB 1.1.0 released Haonan Hou
[ANNOUNCE] Release Apache DolphinScheduler 3.0.5 Jay Chung
[ANNOUNCE] Release Apache Hop 2.4.0 Bart Maertens
[ANNOUNCE] Apache Airflow 2.5.3 Released Pierre Jeambrun
[ANNOUNCEMENT] Apache XalanJ 2.7.3 Mukul Gandhi
[ANNOUNCE] Apache Ranger 2.4.0 released Selvamohan Neethiraj
[ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M13 released Timothy Bish
[ANNOUNCEMENT] Apache Portable Runtime 1.7.3 Released rpluem
CVE-2023-26269: Apache James server: Privilege escalation through unauthenticated JMX Benoit Tellier
[ANNOUNCE] Apache James 3.7.4 released Benoit TELLIER
[ANNOUNCE] Apache Groovy 4.0.11 Released Paul King
[ANNOUNCE] Apache ShardingSphere 5.3.2 available 吴伟杰
[ANNOUNCE] Apache ShardingSphere ElasticJob 3.0.3 available 吴伟杰
[ANNOUNCE] Apache Groovy 3.0.17 Released Paul King
[ANNOUNCE] Apache Groovy 2.5.22 Released Paul King
CVE-2023-28935: Apache UIMA DUCC: DUCC (EOL) allows RCE Arnout Engelen
[ANNOUNCE] Apache Camel 3.20.3 (LTS) Released Gregor Zurowski
[ANNOUNCEMENT] Apache Commons Configuration 2.9.0 Gary Gregory
n/a: CVE-2023-28158: Apache Archiva privilege escalation Olivier Lamy
CVE-2023-28326: Apache OpenMeetings: allows user impersonation Maxim Solodovnik
[ANNOUNCE] Apache DolphinScheduler SDK Python 4.0.2 Released Jay Chung
[ANNOUNCE] Apache Solr 9.2.0 released Houston Putman
CVE-2023-25196: Apache Fineract: SQL injection vulnerability James Dailey
CVE-2023-25197: apache fineract: SQL injection vulnerability in certain procedure calls James Dailey
CVE-2023-25195: Apache Fineract: SSRF template type vulnerability in certain authenticated users James Dailey
CVE-2023-27296: Apache InLong: JDBC Deserialization Vulnerability in InLong Charles Zhang
[ANN] Apache Causeway version 2.0.0-RC1 Released Dan Haywood
[ANN] Apache ActiveMQ 5.18.0 has been released! Jean-Baptiste Onofré
CVE-2022-38745: Apache OpenOffice: Empty entry in Java class path Marcus Lange
CVE-2022-47502: Apache OpenOffice: Macro URL arbitrary script execution Marcus Lange
[ANNOUNCE] Apache Fineract 1.8.4 Release Aleksandar Vidakovic
[ANNOUNCE] Apache Fineract 1.7.3 Release Aleksandar Vidakovic
[ANNOUNCE] Apache Jackrabbit Oak 1.50.0 released Julian Reschke
[ANNOUNCEMENT] Apache Commons Compress 1.23.0 Gary Gregory
[SECURITY] CVE-2023-28708 Apache Tomcat - Information Disclosure Mark Thomas
[ANNOUNCE] Apache Arrow ADBC 0.3.0 Released David Li
[ANN] Apache Archiva 2.2.10 Olivier Lamy
CVE-2023-26513: Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS Radu Cotescu
[ANNOUNCE] Apache Sedona 1.4.0 released Jia Yu
[ANNOUNCE] Apache SystemDS 3.1.0 Released Janardhan
[ANNOUNCE] Apache SystemDS 3.0.0 has been Released Janardhan
[ANNOUNCE] Apache Pulsar Client Python 3.1.0 released Yunze Xu
CVE-2023-25695: Information disclosure in Apache Airflow Jarek Potiuk
[ANNOUNCE] Apache Airflow 2.5.2 Released Pierre Jeambrun
[ANNOUNCE] Apache Calcite 1.34.0 released Stamatis Zampetakis
[ANNOUNCE] Apache SkyWalking 9.4.0 released Sheng Wu
[ANNOUNCE] Apache Groovy 4.0.10 Released Paul King
[ANNOUNCE] Apache Groovy 3.0.16 Released Paul King
[ANNOUNCE] Airflow Providers prepared on March 07, 2023 are released Elad Kalif
[ANNOUNCE] Apache Jackrabbit 2.20.9 released Julian Reschke
[ANNOUNCE] Apache Camel 4.0.0-M2 Released Gregor Zurowski
CVE-2023-26464: Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender Arnout Engelen
[ANNOUNCE] Apache APISIX 3.2.0 has been released Zexuan Luo
[ANN] Apache Struts 6.1.2 Lukasz Lenart
[ANNOUNCE] Apache APISIX 2.15.3 has been released Zexuan Luo
[ANNOUNCE] Apache Arrow nanoarrow 0.1.0 Released Dewey Dunnington
[ANNOUNCE] Apache Pulsar Adapters 2.11.0 released Christophe Bornet
CVE-2023-23638: Apache Dubbo Deserialization Vulnerability Gadgets Bypass Albumen Kevin
CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting Eric Covener
CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy Eric Covener
[ANNOUNCEMENT] Apache HTTP Server 2.4.56 Released covener
[ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.3.1 released Hongtao Gao
[ANNOUNCE] Airflow Providers prepared on March 03, 2023 released Elad Kalif
[ANNOUNCE] Apache UIMA Java SDK JSON CAS I/O v0.5.0 released Richard Eckart de Castilho
[ANN] Apache Tomcat 11.0.0-M4 (alpha) available Mark Thomas
[ANNOUNCE] Apache Qpid Proton-J 0.34.1 released Robbie Gemmell
[ANNOUNCE] Apache Pulsar Node.js client 1.8.1 released Baodi Shi
[ANN] Apache Tomcat 10.1.7 available Christopher Schultz
[ANN] Apache Tomcat 8.5.87 available Christopher Schultz
[ANNOUNCE] Apache NLPCraft 1.0.0 (incubating) released Sergey Kamov
Apache NLPCraft 1.0.0 (incubating) released Sergey Kamov
[ANN] Apache Tomcat 9.0.73 available Rémy Maucherat
[ANNOUNCE] Apache Celeborn(incubating) 0.2.0 available Ethan Feng
[ANNOUNCE] Apache NetBeans 17 released Geertjan Wielenga
[ANNOUNCE] Apache OpenOffice 4.1.14 released Carl Marcum
[ANNOUNCE] OpenNLP 2.1.1 released Jeff Zemerick
[ANNOUNCEMENT] Apache Juneau 9.0.0 Released James Bognar
[ANNOUNCEMENT] Apache SkyWalking BanyanDB 0.3.1 Released Hongtao Gao
Apache jUDDI is now retired Hervé Boutemy
[ANN] Apache ActivveMQ "Classic" 5.17.4 has been released! Jean-Baptiste Onofré
[ANN] Apache Karaf Decanter 2.10.0 has been released! Jean-Baptiste Onofré
[ANNOUNCE] Apache DolphinScheduler SDK Python 4.0.1 Released Jay Chung
[ANN] Apache Tomcat 10.1.6 available Christopher Schultz
[ANN] Apache Tomcat 8.5.86 available Christopher Schultz
[ANNOUNCE] Apache UIMA Ruta v3.3.0 released Richard Eckart de Castilho
[ANNOUNCE] Apache UIMA Java SDK version 3.4.1 released Richard Eckart de Castilho