This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/arrow-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 62a46e78ce5 Updating built site
62a46e78ce5 is described below
commit 62a46e78ce5c3e0038fe27623a55d13a05801152
Author: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
AuthorDate: Mon Mar 2 14:21:53 2026 +0000
Updating built site
---
feed.xml | 2 +-
release/index.html | 4 ++--
security/index.html | 33 +++++++--------------------------
3 files changed, 10 insertions(+), 29 deletions(-)
diff --git a/feed.xml b/feed.xml
index 3f1408b3b6e..03fcbee2ddf 100644
--- a/feed.xml
+++ b/feed.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?><feed
xmlns="http://www.w3.org/2005/Atom"; ><generator uri="https://jekyllrb.com/";
version="4.4.1">Jekyll</generator><link
href="https://arrow.apache.org/feed.xml"; rel="self" type="application/atom+xml"
/><link href="https://arrow.apache.org/"; rel="alternate" type="text/html"
/><updated>2026-03-02T01:58:45-05:00</updated><id>https://arrow.apache.org/feed.xml</id><title
type="html">Apache Arrow</title><subtitle>Apache Arrow is the universal
columnar fo [...]
+<?xml version="1.0" encoding="utf-8"?><feed
xmlns="http://www.w3.org/2005/Atom"; ><generator uri="https://jekyllrb.com/";
version="4.4.1">Jekyll</generator><link
href="https://arrow.apache.org/feed.xml"; rel="self" type="application/atom+xml"
/><link href="https://arrow.apache.org/"; rel="alternate" type="text/html"
/><updated>2026-03-02T09:17:20-05:00</updated><id>https://arrow.apache.org/feed.xml</id><title
type="html">Apache Arrow</title><subtitle>Apache Arrow is the universal
columnar fo [...]
-->
<p>The Apache Arrow team is pleased to announce the 0.8.0 release of
diff --git a/release/index.html b/release/index.html
index 00a41b117ad..07220aa2804 100644
--- a/release/index.html
+++ b/release/index.html
@@ -20,12 +20,12 @@
<meta property="og:site_name" content="Apache Arrow" />
<meta property="og:image"
content="https://arrow.apache.org/img/arrow-logo_horizontal_black-txt_white-bg.png";
/>
<meta property="og:type" content="article" />
-<meta property="article:published_time" content="2026-03-02T01:58:45-05:00" />
+<meta property="article:published_time" content="2026-03-02T09:17:20-05:00" />
<meta name="twitter:card" content="summary_large_image" />
<meta property="twitter:image"
content="https://arrow.apache.org/img/arrow-logo_horizontal_black-txt_white-bg.png";
/>
<meta property="twitter:title" content="Releases" />
<script type="application/ld+json">
-{"@context":"https://schema.org","@type":"BlogPosting","dateModified":"2026-03-02T01:58:45-05:00","datePublished":"2026-03-02T01:58:45-05:00","description":"Apache
Arrow Releases Navigate to the release page for downloads and the changelog.
23.0.1 (16 February 2026) 23.0.0 (18 January 2026) 22.0.0 (24 October 2025)
21.0.0 (17 July 2025) 20.0.0 (27 April 2025) 19.0.1 (16 February 2025) 19.0.0
(16 January 2025) 18.1.0 (24 November 2024) 18.0.0 (28 October 2024) 17.0.0 (16
July 2024) 16.1.0 [...]
+{"@context":"https://schema.org","@type":"BlogPosting","dateModified":"2026-03-02T09:17:20-05:00","datePublished":"2026-03-02T09:17:20-05:00","description":"Apache
Arrow Releases Navigate to the release page for downloads and the changelog.
23.0.1 (16 February 2026) 23.0.0 (18 January 2026) 22.0.0 (24 October 2025)
21.0.0 (17 July 2025) 20.0.0 (27 April 2025) 19.0.1 (16 February 2025) 19.0.0
(16 January 2025) 18.1.0 (24 November 2024) 18.0.0 (28 October 2024) 17.0.0 (16
July 2024) 16.1.0 [...]
<!-- End Jekyll SEO tag -->
diff --git a/security/index.html b/security/index.html
index b2b1fe03cc2..d0d5a9444c7 100644
--- a/security/index.html
+++ b/security/index.html
@@ -251,32 +251,13 @@ issues can actually be usage issues.</p>
outlined by the Apache Software Foundation. We will assess your report, follow
up with our evaluation of the issue, and fix it as soon as possible if we deem
it to be an actual security vulnerability.</p>
-<hr class="my-5">
-<h3>
-<a href="https://www.cve.org/CVERecord?id=CVE-2023-47248"; target="_blank"
rel="noopener">CVE-2023-47248</a>: Arbitrary code execution when loading a
malicious data file in PyArrow</h3>
-<p><strong>Severity</strong>: Critical</p>
-<p><strong>Vendor</strong>: The Apache Software Foundation</p>
-<p><strong>Versions affected</strong>: 0.14.0 to 14.0.0</p>
-<p><strong>Description</strong>: Deserialization of untrusted data in IPC and
Parquet readers
-in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution.
-An application is vulnerable if it reads Arrow IPC, Feather or Parquet data
-from untrusted sources (for example user-supplied input files).</p>
-<p><strong>Mitigation</strong>: Upgrade to version 14.0.1 or greater. If not
possible, use the
-provided <a href="https://pypi.org/project/pyarrow-hotfix/"; target="_blank"
rel="noopener">hotfix package</a>.</p>
-<h3>
-<a href="https://www.cve.org/CVERecord?id=CVE-2019-12408"; target="_blank"
rel="noopener">CVE-2019-12408</a>: Uninitialized Memory in C++ ArrayBuilder</h3>
-<p><strong>Severity</strong>: High</p>
-<p><strong>Vendor</strong>: The Apache Software Foundation</p>
-<p><strong>Versions affected</strong>: 0.14.x</p>
-<p><strong>Description</strong>: It was discovered that the C++ implementation
(which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0
to 0.14.1 had a uninitialized memory bug when building arrays with null values
in some cases. This can lead to uninitialized memory being unintentionally
shared if Arrow Arrays are transmitted over the wire (for instance with Flight)
or persisted in the streaming IPC and file formats.</p>
-<p><strong>Mitigation</strong>: Upgrade to version 0.15.1 or greater.</p>
-<h3>
-<a href="https://www.cve.org/CVERecord?id=CVE-2019-12410"; target="_blank"
rel="noopener">CVE-2019-12410</a>: Uninitialized Memory in C++ Reading from
Parquet</h3>
-<p><strong>Severity</strong>: High</p>
-<p><strong>Vendor</strong>: The Apache Software Foundation</p>
-<p><strong>Versions affected</strong>: 0.12.0 - 0.14.1</p>
-<p><strong>Description</strong>: While investigating UBSAN errors in <a
href="https://github.com/apache/arrow/pull/5365"; target="_blank"
rel="noopener">ARROW-6549</a> it was discovered Apache Arrow versions 0.12.0 to
0.14.1 left memory Array data uninitialized when reading RLE null data from
parquet. This affected the C++, Python, Ruby, and R implementations. The
uninitialized memory could potentially be shared if are transmitted over the
wire (for instance with Flight) or persisted in t [...]
-<p><strong>Mitigation</strong>: Upgrade to version 0.15.1 or greater.</p>
+<h1>Published Security Issues</h1>
+<p>For security advisories published since 2023, please refer to
+<a href="https://security.apache.org/projects/arrow/"; target="_blank"
rel="noopener">this page</a> maintained by the Apache
+Security Team.</p>
+<p>For security advisories published before 2023, one can use
+<a
href="https://www.cve.org/CVERecord/SearchResults?query=%22Apache+Software+Foundation%22+%22arrow%22";
target="_blank" rel="noopener">a targeted search query</a>
+on the CVE website.</p>
</main>
![https://arrow.apache.org/img/arrow-logo_horizontal_black-txt_white-bg.png"](https://arrow.apache.org/img/arrow-logo_horizontal_black-txt_white-bg.png"){kind=link}