announce@apache.org, 2022-11

You are viewing a plain text version of this content. The canonical link for it is here.

- CVE-2022-31764: Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC - posted by Weijie Wu <wu...@apache.org> on 2022/11/01 02:20:21 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar 2.10.2 released - posted by Haiting Jiang <ji...@apache.org> on 2022/11/01 03:12:51 UTC, 0 replies.
- CVE-2022-34662: Apache DolphinScheduler prior to 3.0.0 allows path traversal - posted by Jiajie Zhong <zh...@apache.org> on 2022/11/01 14:32:09 UTC, 0 replies.
- CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript - posted by "Sean R. Owen" <sr...@apache.org> on 2022/11/01 15:03:50 UTC, 0 replies.
- CVE-2022-43982: Apache Airflow: Reflected XSS via Origin Query Argument in URL - posted by Jedidiah Cunningham <je...@apache.org> on 2022/11/01 20:59:06 UTC, 0 replies.
- CVE-2022-43985: Apache Airflow: Open Redirect - posted by Jedidiah Cunningham <je...@apache.org> on 2022/11/01 20:59:26 UTC, 0 replies.
- [ANNOUNCE] Apache Commons Numbers Version 1.1 Released - posted by Alex Herbert <ah...@apache.org> on 2022/11/02 11:12:41 UTC, 0 replies.
- CVE-2022-43670: Apache Sling App CMS: XSS in Sling CMS Reference App Taxonomy Path - posted by Dan Klco <dk...@apache.org> on 2022/11/02 11:50:30 UTC, 0 replies.
- [ANNOUNCE] Apache Accumulo 2.1.0 - posted by Christopher <ct...@apache.org> on 2022/11/02 16:28:49 UTC, 0 replies.
- [ANNOUNCE] Apache UIMA Java SDK version 3.3.1 released - posted by Richard Eckart de Castilho <re...@apache.org> on 2022/11/03 10:33:01 UTC, 0 replies.
- [ANNOUNCE] Apache Curator 5.4.0 released - posted by Enrico Olivelli <eo...@apache.org> on 2022/11/03 10:41:16 UTC, 0 replies.
- CVE-2022-32287: Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives - posted by Richard Eckart de Castilho <re...@apache.org> on 2022/11/03 11:12:27 UTC, 0 replies.
- CVE-2022-33684: Apache Pulsar: Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack - posted by Michael Marshall <mm...@apache.org> on 2022/11/03 18:40:12 UTC, 0 replies.
- [ANNOUNCEMENT] Apache Commons BCEL 6.6.1 - posted by Gary Gregory <gg...@apache.org> on 2022/11/03 23:11:23 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Helm Chart version 3.0.0 Released - posted by Michael Marshall <mm...@apache.org> on 2022/11/04 04:17:13 UTC, 0 replies.
- [ANNOUNCE] Apache James JSPF 1.0.2 released - posted by Benoit TELLIER <bt...@apache.org> on 2022/11/04 07:41:23 UTC, 0 replies.
- [ANNOUNCE] Apache James MIME4J 0.8.8 released - posted by Benoit TELLIER <bt...@apache.org> on 2022/11/04 07:42:46 UTC, 0 replies.
- [ANNOUNCE] Apache James JSIEVE 0.8 released - posted by Benoit TELLIER <bt...@apache.org> on 2022/11/04 07:43:36 UTC, 0 replies.
- [ANN] Apache Ivy 2.5.1 Released - posted by Stefan Bodewig <bo...@apache.org> on 2022/11/04 11:05:11 UTC, 0 replies.
- CVE-2022-37865: Apache Ivy allow create/overwrite any file on the system - posted by Stefan Bodewig <bo...@apache.org> on 2022/11/04 11:07:51 UTC, 0 replies.
- CVE-2022-37866: Apache Ivy: Ivy Path traversal - posted by Stefan Bodewig <bo...@apache.org> on 2022/11/04 11:08:54 UTC, 0 replies.
- CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing - posted by "Gary D. Gregory" <gg...@apache.org> on 2022/11/04 17:35:34 UTC, 0 replies.
- [ANNOUNCE] Apache ShenYu Nginx 1.0.0-1 available - posted by ChenBin <si...@apache.org> on 2022/11/05 06:49:04 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 3.14.6 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2022/11/05 20:12:55 UTC, 0 replies.
- [ANNOUNCE] Apache PLC4X 0.10.0 released - posted by Christofer Dutz <cd...@apache.org> on 2022/11/06 17:10:40 UTC, 0 replies.
- [ANNOUNCE] Apache Tika 2.6.0 released - posted by Tim Allison <ta...@apache.org> on 2022/11/07 11:47:03 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Core 5.2 GA released - posted by Oleg Kalnichevski <ol...@apache.org> on 2022/11/07 14:23:03 UTC, 0 replies.
- [ANNOUNCE] Apache Daffodil 3.4.0 Released - posted by Steve Lawrence <sl...@apache.org> on 2022/11/08 12:35:11 UTC, 0 replies.
- [ANN] Apache Tomcat Native 2.0.2 released - posted by Mark Thomas <ma...@apache.org> on 2022/11/08 13:29:20 UTC, 0 replies.
- [ANN] Apache Tomcat Migration tool for Jakarta EE 1.0.5 - posted by Mark Thomas <ma...@apache.org> on 2022/11/08 18:48:07 UTC, 0 replies.
- [ANNOUNCE] Apache SkyWalking Java Agent 8.13.0 released - posted by Sheng Wu <wu...@apache.org> on 2022/11/09 02:06:34 UTC, 0 replies.
- [ACCOUNCE] Apache Flink Elasticsearch Connector 3.0.0 released - posted by Chesnay Schepler <ch...@apache.org> on 2022/11/10 11:50:51 UTC, 0 replies.
- [ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.2.0 released - posted by Jiajing LU <lu...@apache.org> on 2022/11/10 15:12:28 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Client 5.2 GA Released - posted by Oleg Kalnichevski <ol...@apache.org> on 2022/11/10 21:23:19 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 2.20.7 released - posted by Julian Reschke <re...@apache.org> on 2022/11/11 08:18:06 UTC, 0 replies.
- [ANNOUNCE] Apache APISIX Java Plugin Runner 0.4.0 has been released - posted by tzssangglass <tz...@apache.org> on 2022/11/11 09:10:24 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid Proton 0.38.0 released - posted by Robbie Gemmell <ro...@apache.org> on 2022/11/11 16:24:37 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M6 released - posted by Timothy Bish <ta...@apache.org> on 2022/11/11 21:54:08 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M11 released - posted by Timothy Bish <ta...@apache.org> on 2022/11/11 22:06:35 UTC, 0 replies.
- CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example - posted by Jarek Potiuk <po...@apache.org> on 2022/11/13 22:48:47 UTC, 0 replies.
- CVE-2022-27949: Apache Airflow: sensitive values in rendered template - posted by Jarek Potiuk <po...@apache.org> on 2022/11/13 23:50:40 UTC, 1 replies.
- [ANN] Apache Syncope 3.0.0 - posted by Francesco Chicchiriccò <il...@apache.org> on 2022/11/14 09:59:12 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Core 5.1.5 GA released - posted by Oleg Kalnichevski <ol...@apache.org> on 2022/11/14 10:47:55 UTC, 0 replies.
- CVE-2022-45378: Apache SOAP allows unauthenticated users to potentially invoke arbitrary code - posted by Arnout Engelen <en...@apache.org> on 2022/11/14 13:27:39 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow 2.4.3 Released - posted by Ephraim Anierobi <ep...@apache.org> on 2022/11/14 14:22:29 UTC, 0 replies.
- CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB - posted by Rob Vesse <rv...@apache.org> on 2022/11/14 15:26:45 UTC, 0 replies.
- [ANN] Apache Tomcat 10.1.2 available - posted by Mark Thomas <ma...@apache.org> on 2022/11/14 16:37:19 UTC, 0 replies.
- [ANN] Apache Tomcat 9.0.69 available - posted by Rémy Maucherat <re...@apache.org> on 2022/11/14 20:29:54 UTC, 0 replies.
- CVE-2022-45402: Apache Airflow: Open redirect during login - posted by Jedidiah Cunningham <je...@apache.org> on 2022/11/15 00:16:10 UTC, 0 replies.
- CVE-2022-40308: Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files - posted by Olivier Lamy <ol...@apache.org> on 2022/11/15 11:35:42 UTC, 0 replies.
- CVE-2022-40309: Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories - posted by Olivier Lamy <ol...@apache.org> on 2022/11/15 11:35:59 UTC, 0 replies.
- CVE-2022-45047: Apache MINA SSHD: Java unsafe deserialization vulnerability - posted by Thomas Wolf <tw...@apache.org> on 2022/11/15 23:08:17 UTC, 0 replies.
- [ANNOUNCE] Apache Hive 4.0.0-alpha-2 Released - posted by Denys Kuzmenko <dk...@apache.org> on 2022/11/16 16:52:34 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Client C++ 3.0.0 released - posted by Matteo Merli <mm...@apache.org> on 2022/11/16 21:51:05 UTC, 0 replies.
- [ANNOUNCE] Apache APISIX 2.15.1 has been released - posted by Zexuan Luo <sp...@apache.org> on 2022/11/18 07:53:16 UTC, 0 replies.
- [ANNOUNCE] Apache Kyuubi (Incubating) released 1.6.1-incubating - posted by Shaoyun Chen <cs...@apache.org> on 2022/11/18 09:52:10 UTC, 0 replies.
- Airflow Providers relesead on 18th of November - posted by Jarek Potiuk <po...@apache.org> on 2022/11/18 11:21:01 UTC, 0 replies.
- [ANNOUNCE] Beam 2.43.0 Released - posted by Chamikara Jayalath <ch...@apache.org> on 2022/11/18 19:07:25 UTC, 0 replies.
- [ANNOUNCE] Apache Shiro 1.10.1 released - posted by Benjamin Marwell <bm...@apache.org> on 2022/11/19 09:47:11 UTC, 0 replies.
- CVE-2022-45470: Apache Hama allows XSS and information disclosure - posted by Arnout Engelen <en...@apache.org> on 2022/11/21 09:31:56 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Client 5.1.4 GA Released - posted by Oleg Kalnichevski <ol...@apache.org> on 2022/11/21 13:20:23 UTC, 0 replies.
- [ANNOUNCE] Apache Solr 9.1.0 released - posted by Ishan Chattopadhyaya <is...@apache.org> on 2022/11/21 17:07:26 UTC, 0 replies.
- CVE-2022-38649: Apache Airflow Pinot Provider, Apache Airflow: PinotAdminHook Command Injection - posted by Jarek Potiuk <po...@apache.org> on 2022/11/21 20:24:03 UTC, 0 replies.
- CVE-2022-40189: Apache Airlfow Pig Provider RCE - posted by Jarek Potiuk <po...@apache.org> on 2022/11/21 20:33:44 UTC, 0 replies.
- CVE-2022-40954: Apache Airflow Spark Provider, Apache Airflow: Airflow 2.3.4 spark provider RCE that bypass restrictions to read arbitrary files - posted by Jarek Potiuk <po...@apache.org> on 2022/11/21 20:41:11 UTC, 1 replies.
- CVE-2022-41131: Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection) - posted by Jarek Potiuk <po...@apache.org> on 2022/11/21 20:48:59 UTC, 0 replies.
- [ANNOUNCE] Release Apache DolphinScheduler 3.0.2 - posted by Jiajie Zhong <zh...@apache.org> on 2022/11/22 08:28:01 UTC, 0 replies.
- [ANN] Apache Tomcat 8.5.84 available - posted by Christopher Schultz <sc...@apache.org> on 2022/11/22 19:03:16 UTC, 0 replies.
- CVE-2022-45462: Apache DolphinScheduler prior to 2.0.5 have command execution vulnerability - posted by Jiajie Zhong <zh...@apache.org> on 2022/11/23 02:19:51 UTC, 0 replies.
- [ANNOUNCE] Apache Lucene 9.4.2 released - posted by Adrien Grand <jp...@apache.org> on 2022/11/23 08:33:09 UTC, 0 replies.
- CVE-2022-26885: Apache DolphinScheduler config file read by task risk - posted by ShunFeng Cai <ca...@apache.org> on 2022/11/24 11:54:38 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid Broker-J 9.0.0 released - posted by Tomas Vavricka <va...@apache.org> on 2022/11/24 13:07:09 UTC, 0 replies.
- [ANNOUNCE] Apache Flink 1.15.3 released - posted by Fabian Paul <fp...@apache.org> on 2022/11/25 13:22:08 UTC, 0 replies.
- [ANNOUNCE] Apache Fineract 1.7.1 Release - posted by Aleksandar Vidakovic <al...@apache.org> on 2022/11/25 13:52:58 UTC, 0 replies.
- [ANNOUNCE] Apache Fineract 1.8.1 Release - posted by Aleksandar Vidakovic <al...@apache.org> on 2022/11/25 13:56:13 UTC, 0 replies.
- [ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.2.1 released - posted by Jiajing LU <lu...@apache.org> on 2022/11/26 09:15:14 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow 10.0.0 released - posted by Sutou Kouhei <ko...@apache.org> on 2022/11/28 08:33:20 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow 10.0.1 released - posted by Sutou Kouhei <ko...@apache.org> on 2022/11/28 08:46:13 UTC, 0 replies.
- [ANN] Apache Struts 6.1.1 - posted by Lukasz Lenart <lu...@apache.org> on 2022/11/28 14:33:48 UTC, 1 replies.
- [ANNOUNCE] Apache NiFi 1.19.0 release - posted by Joe Witt <jo...@apache.org> on 2022/11/28 16:01:43 UTC, 0 replies.
- [ANN] Apache Struts 6.1.1 (proper list of issues) - posted by Lukasz Lenart <lu...@apache.org> on 2022/11/28 18:04:07 UTC, 0 replies.
- [ANNOUNCE] Apache Fineract 1.8.2 Release - posted by Aleksandar Vidakovic <al...@apache.org> on 2022/11/29 11:38:00 UTC, 0 replies.
- CVE-2022-44635: Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal - posted by Arnout Engelen <en...@apache.org> on 2022/11/29 14:21:52 UTC, 0 replies.
- Airflow Providers released on November 29, 2022 are ready - posted by Jarek Potiuk <po...@apache.org> on 2022/11/29 14:26:23 UTC, 0 replies.
- [ANNOUNCE] Apache Tuweni (incubating) 2.3.1 released - posted by Antoine Toulme <to...@apache.org> on 2022/11/29 21:10:09 UTC, 0 replies.
- [ANNOUNCE] Apache Fineract 1.7.2 Release - posted by Aleksandar Vidakovic <al...@apache.org> on 2022/11/30 06:26:34 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Core 4.4.16 Released - posted by Oleg Kalnichevski <ol...@apache.org> on 2022/11/30 18:19:53 UTC, 0 replies.