You are viewing a plain text version of this content. The canonical link for it is here.

---

- [ANNOUNCE] Release Apache DolphinScheduler 3.0.4 - posted by Jay Chung <zh...@apache.org> on 2023/01/03 08:35:12 UTC, 0 replies.
- [RELEASE] Apache CouchDB 3.3.0 released - posted by Jan Lehnardt <ja...@apache.org> on 2023/01/03 10:42:13 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar 2.9.4 released - posted by 丛搏 <bo...@apache.org> on 2023/01/03 13:11:22 UTC, 0 replies.
- [SECURITY] CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection - posted by Mark Thomas <ma...@apache.org> on 2023/01/03 17:45:53 UTC, 0 replies.
- [ANNOUNCE] MyFaces Core v4.0.0-RC3 Release - posted by Volodymyr Siedlecki <vo...@apache.org> on 2023/01/03 20:47:03 UTC, 0 replies.
- [ANNOUNCE] Airflow Providers released on Janurary 02, 2023 released - posted by Elad Kalif <el...@apache.org> on 2023/01/05 16:27:46 UTC, 0 replies.
- [ANNOUNCEMENT] Apache SkyWalking Satellite 1.1.0 Released - posted by han liu <li...@apache.org> on 2023/01/06 03:15:37 UTC, 0 replies.
- [ANNOUNCE] Apache James JSPF 1.0.3 released - posted by Benoit TELLIER <bt...@apache.org> on 2023/01/06 07:20:42 UTC, 0 replies.
- [ANNOUNCE] Apache James MIME4J 0.8.8 released - posted by Benoit TELLIER <bt...@apache.org> on 2023/01/06 07:21:43 UTC, 0 replies.
- [ANNOUNCE] Apache James 3.7.3 released - posted by Benoit TELLIER <bt...@apache.org> on 2023/01/06 07:23:22 UTC, 0 replies.
- CVE-2022-45787: Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider - posted by Benoit Tellier <bt...@apache.org> on 2023/01/06 07:31:55 UTC, 0 replies.
- CVE-2022-45935: Apache James server: Temporary File Information Disclosure - posted by Benoit Tellier <bt...@apache.org> on 2023/01/06 07:32:32 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Node.js client 1.8.0 released - posted by Zike Yang <zi...@apache.org> on 2023/01/06 08:24:48 UTC, 0 replies.
- [ANNOUNCE] Log4cxx 1.0.0 Released - posted by Robert Middleton <rm...@apache.org> on 2023/01/07 01:40:22 UTC, 0 replies.
- [ANNOUNCE] Apache Drill 1.20.3 Released - posted by James Turton <dz...@apache.org> on 2023/01/07 13:12:08 UTC, 0 replies.
- [ANNOUNCE] Apache Jena 4.7.0 released - posted by Andy Seaborne <an...@apache.org> on 2023/01/07 14:36:38 UTC, 0 replies.
- CVE-2022-46769: Apache Sling App CMS: XSS in CMS Site Group Detail - posted by Dan Klco <dk...@apache.org> on 2023/01/07 15:52:42 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 3.20.1 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/01/08 08:52:14 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 2.20.8 released - posted by Julian Reschke <re...@apache.org> on 2023/01/10 06:53:46 UTC, 0 replies.
- [ANNOUNCE] Apache ShardingSphere 5.3.1 available - posted by Hongsheng Zhong <zh...@apache.org> on 2023/01/10 06:54:07 UTC, 1 replies.
- [ANNOUNCE] Apache Ant 1.10.13 released - posted by Jaikiran Pai <ja...@apache.org> on 2023/01/10 06:54:38 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow ADBC 0.1.0 Released - posted by David Li <li...@apache.org> on 2023/01/10 19:09:07 UTC, 0 replies.
- [ANNOUNCE] Apache ShardingSphere on Cloud 0.1.2 available - posted by Hongsheng Zhong <zh...@apache.org> on 2023/01/11 03:17:59 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit FileVault 3.6.8 released - posted by Julian Reschke <re...@apache.org> on 2023/01/11 06:53:52 UTC, 0 replies.
- [ANNOUNCE] Apache CouchDB 3.3.1 released - posted by Jan Lehnardt <ja...@apache.org> on 2023/01/11 07:59:54 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Core 5.2.1 GA released - posted by Oleg Kalnichevski <ol...@apache.org> on 2023/01/12 08:24:11 UTC, 0 replies.
- [ANN] Apache Tomcat 9.0.71 available - posted by Rémy Maucherat <re...@apache.org> on 2023/01/13 13:24:29 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar 2.11.0 released - posted by guo jiwei <te...@apache.org> on 2023/01/13 13:47:32 UTC, 0 replies.
- CVE-2023-22602: Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request - posted by Brian Demers <bd...@apache.org> on 2023/01/13 17:18:24 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid JMS 1.8.0 released - posted by Robbie Gemmell <ro...@apache.org> on 2023/01/13 17:37:08 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid JMS 2.2.0 released - posted by Robbie Gemmell <ro...@apache.org> on 2023/01/13 17:39:41 UTC, 0 replies.
- [ANN] Apache Karaf OSGi Runtime 4.4.3 has been released! - posted by Jean-Baptiste Onofré <jb...@apache.org> on 2023/01/13 18:15:21 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid ProtonJ2 1.0.0-M12 released - posted by Timothy Bish <ta...@apache.org> on 2023/01/13 22:24:24 UTC, 0 replies.
- [ANN] Apache Karaf OSGi runtime 4.3.9 has been released! - posted by Jean-Baptiste Onofré <jb...@apache.org> on 2023/01/15 10:18:17 UTC, 0 replies.
- [ANNOUNCE] Apache FreeMarker 2.3.32 is released - posted by Daniel Dekany <dd...@apache.org> on 2023/01/15 16:35:36 UTC, 0 replies.
- [ANN] Apache Syncope 3.0.1 - posted by Francesco Chicchiriccò <il...@apache.org> on 2023/01/16 08:04:07 UTC, 0 replies.
- CVE-2022-43717: Apache Superset: Cross-Site Scripting on dashboards - posted by Daniel Gaspar <dp...@apache.org> on 2023/01/16 09:08:13 UTC, 0 replies.
- CVE-2022-43718: Apache Superset: Cross-Site Scripting vulnerability on upload forms - posted by Daniel Gaspar <dp...@apache.org> on 2023/01/16 09:14:35 UTC, 0 replies.
- CVE-2022-43719: Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API - posted by Daniel Gaspar <dp...@apache.org> on 2023/01/16 09:19:57 UTC, 0 replies.
- CVE-2022-43720: Apache Superset: Improper rendering of user input - posted by Daniel Gaspar <dp...@apache.org> on 2023/01/16 09:23:12 UTC, 0 replies.
- CVE-2022-43721: Apache Superset: Open Redirect Vulnerability - posted by Daniel Gaspar <dp...@apache.org> on 2023/01/16 09:25:56 UTC, 0 replies.
- CVE-2022-45438: Apache Superset: Dashboard metadata information leak - posted by Daniel Gaspar <dp...@apache.org> on 2023/01/16 09:31:37 UTC, 0 replies.
- CVE-2022-41703: Apache Superset: SQL injection vulnerability in adhoc clauses - posted by Daniel Gaspar <dp...@apache.org> on 2023/01/16 09:34:30 UTC, 0 replies.
- [ANNOUNCEMENT] Apache HTTP Server 2.4.55 Released - posted by covener <co...@apache.org> on 2023/01/17 16:33:05 UTC, 0 replies.
- CVE-2006-20001: Apache HTTP Server: mod_dav out of bounds read, or write of zero byte - posted by Eric Covener <co...@apache.org> on 2023/01/17 19:06:20 UTC, 0 replies.
- CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp Possible request smuggling - posted by Eric Covener <co...@apache.org> on 2023/01/17 19:09:18 UTC, 0 replies.
- CVE-2022-37436: Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting - posted by Eric Covener <co...@apache.org> on 2023/01/17 19:09:35 UTC, 0 replies.
- [ANNOUNCE] Airflow Providers released on January 14, 2023 are ready - posted by Elad Kalif <el...@apache.org> on 2023/01/17 21:57:02 UTC, 0 replies.
- [ANNOUNCE] Apache StreamPipes 0.90.0 - posted by Dominik Riemer <ri...@apache.org> on 2023/01/18 21:41:07 UTC, 0 replies.
- [ANN] Apache Tomcat 8.5.84 available - posted by Christopher Schultz <sc...@apache.org> on 2023/01/19 20:15:16 UTC, 0 replies.
- [ANNOUNCE] Apache Calcite Avatica 1.23.0 Released - posted by Julian Hyde <jh...@apache.org> on 2023/01/19 22:23:04 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 2.21.14 released - posted by Julian Reschke <re...@apache.org> on 2023/01/20 06:53:02 UTC, 0 replies.
- [ANN] Apache TomEE 8.0.14 - posted by Richard Zowalla <rz...@apache.org> on 2023/01/20 19:24:22 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow 2.5.1 Released - posted by Pierre Jeambrun <pi...@apache.org> on 2023/01/20 19:46:25 UTC, 0 replies.
- [ANNOUNCE] Apache Fineract 1.8.3 Release - posted by Aleksandar Vidakovic <al...@apache.org> on 2023/01/20 20:05:08 UTC, 0 replies.
- [ANNOUNCE] Apache SDAP (incubating) 1.0.0 Released - posted by Riley Kuttruff <rk...@apache.org> on 2023/01/20 23:31:22 UTC, 0 replies.
- CVE-2023-22884: Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow - posted by Jarek Potiuk <po...@apache.org> on 2023/01/21 00:50:27 UTC, 1 replies.
- [ANN] Apache Tomcat 8.5.85 available [CORRECTION] - posted by Christopher Schultz <sc...@apache.org> on 2023/01/21 15:01:22 UTC, 0 replies.
- [ANNOUNCE] Apache Groovy 2.5.21 Released - posted by Paul King <pa...@apache.org> on 2023/01/22 06:20:14 UTC, 0 replies.
- [ANNOUNCE] Apache Groovy 4.0.8 Released - posted by Paul King <pa...@apache.org> on 2023/01/22 08:45:53 UTC, 0 replies.
- [ANNOUCEMENT] Apache Commons Crypto 1.2.0 - posted by Gary Gregory <gg...@apache.org> on 2023/01/23 14:38:00 UTC, 0 replies.
- [ANN] Apache Tomcat 10.1.5 available - posted by Mark Thomas <ma...@apache.org> on 2023/01/23 20:42:15 UTC, 0 replies.
- [ANNOUNCE] Apache Traffic Server v9.2.0 is Released! - posted by Leif Hedstrom <zw...@apache.org> on 2023/01/23 21:33:15 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 3.18.5 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/01/25 11:24:51 UTC, 0 replies.
- [ANNOUNCE] Apache Solr 9.1.1 released - posted by Michael Gibney <ma...@apache.org> on 2023/01/25 14:47:40 UTC, 0 replies.
- [ANNOUNCE] Apache Pinot 0.12.0 released - posted by Xiang Fu <xi...@apache.org> on 2023/01/25 20:12:53 UTC, 0 replies.
- [ANNOUNCE] Apache DataFu-Spark 1.7.0 Released - posted by Eyal Allweil <ey...@apache.org> on 2023/01/26 11:25:50 UTC, 0 replies.
- [ANNOUNCE] Airflow Providers prepared on January 23, 2023 are ready - posted by Elad Kalif <el...@apache.org> on 2023/01/26 14:54:47 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit Oak 1.48.0 released - posted by Julian Reschke <re...@apache.org> on 2023/01/28 06:52:32 UTC, 0 replies.
- [ANNOUNCE] Apache EventMesh (incubating) 1.8.0 available - posted by walterzywei <wa...@apache.org> on 2023/01/30 01:57:01 UTC, 0 replies.
- [ANNOUNCE] Apache ZooKeeper 3.8.1 released - posted by Enrico Olivelli <eo...@apache.org> on 2023/01/30 07:55:47 UTC, 0 replies.
- [ANNOUNCE] MyFaces Core v4.0.0-RC4 Release - posted by Volodymyr Siedlecki <vo...@apache.org> on 2023/01/30 14:34:52 UTC, 0 replies.
- CVE-2023-24829: Apache IoTDB: apache/iotdb-web-workbench: forge the JWTToken to access workbench - posted by Jialin Qiao <qi...@apache.org> on 2023/01/30 15:41:45 UTC, 0 replies.
- CVE-2023-24830: Apache IoTDB: apache/iotdb-web-workbench: create a user without authorization - posted by Jialin Qiao <qi...@apache.org> on 2023/01/30 15:49:25 UTC, 0 replies.
- [ANNOUNCE] Apache Lucene 9.5.0 released - posted by Luca Cavanna <ja...@apache.org> on 2023/01/30 16:08:13 UTC, 0 replies.
- [ANNOUNCE] Apache APISIX Ingress controller v1.6.0 released - posted by Jintao Zhang <zh...@apache.org> on 2023/01/31 06:22:04 UTC, 0 replies.
- CVE-2022-44644: Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability - posted by Heping Wang <pe...@apache.org> on 2023/01/31 07:31:04 UTC, 0 replies.
- CVE-2022-44645: Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability - posted by Heping Wang <pe...@apache.org> on 2023/01/31 07:31:21 UTC, 0 replies.
- [ANNOUNCEMENT] Apache Portable Runtime 1.7.1 Released - posted by covener <co...@apache.org> on 2023/01/31 14:50:51 UTC, 0 replies.
- [ANNOUNCEMENT] Apache Portable Runtime Utility 1.6.2 Released - posted by covener <co...@apache.org> on 2023/01/31 14:51:19 UTC, 0 replies.
- CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions - posted by Eric Covener <co...@apache.org> on 2023/01/31 15:12:33 UTC, 0 replies.
- CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds writes in the apr_base64 family of functions - posted by Eric Covener <co...@apache.org> on 2023/01/31 15:13:06 UTC, 0 replies.
- CVE-2022-28331: Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function - posted by Eric Covener <co...@apache.org> on 2023/01/31 15:13:23 UTC, 0 replies.