announce@apache.org, 2023-05

You are viewing a plain text version of this content. The canonical link for it is here.

- [ANNOUNCE] Apache Solr 9.2.1 released - posted by Justin Sweeney <js...@apache.org> on 2023/05/01 15:00:28 UTC, 0 replies.
- [ANNOUNCE] Apache BookKeeper 4.16.0 released - posted by Hang Chen <ch...@apache.org> on 2023/05/02 07:21:22 UTC, 0 replies.
- [ANNOUNCE] Apache BookKeeper 4.16.1 released - posted by Hang Chen <ch...@apache.org> on 2023/05/02 07:24:45 UTC, 0 replies.
- CVE-2023-32007: Apache Spark: Shell command injection via Spark UI - posted by Arnout Engelen <en...@apache.org> on 2023/05/02 08:36:01 UTC, 0 replies.
- CVE-2023-26268: Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes - posted by Nick Vatamaniuc <va...@apache.org> on 2023/05/02 17:06:49 UTC, 0 replies.
- [ANNOUNCE] Apache Wicket 8.15.0 released - posted by Andrea Del Bene <ad...@apache.org> on 2023/05/02 20:50:26 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar 3.0.0 released - posted by Zike Yang <zi...@apache.org> on 2023/05/03 02:02:58 UTC, 0 replies.
- CVE-2022-45048: Apache Ranger: code execution vulnerability in policy expressions - posted by Madhan Neethiraj <ma...@apache.org> on 2023/05/04 20:59:50 UTC, 0 replies.
- CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled - posted by Ramesh Mani <rm...@apache.org> on 2023/05/04 21:37:03 UTC, 0 replies.
- [ANNOUNCE] Apache Ignite 2.15.0 Released - posted by Aleksey Plekhanov <al...@apache.org> on 2023/05/05 08:12:26 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 4.0.0-M3 Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/05/05 11:57:49 UTC, 0 replies.
- [ANNOUNCE] Apache Dubbo 2.7.x End-Of-Life (EOL) Announcement - posted by Albumen Kevin <al...@apache.org> on 2023/05/05 12:41:31 UTC, 0 replies.
- [ANNOUNCE] Apache Dubbo 3.0.x End-Of-Life (EOL) Announcement - posted by Albumen Kevin <al...@apache.org> on 2023/05/05 12:44:01 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid protonj2 1.0.0-M15 released - posted by Timothy Bish <ta...@apache.org> on 2023/05/05 16:12:48 UTC, 0 replies.
- [ANNOUNCE] Apache Kvrocks(incubating) 2.4.0 Released - posted by hulk <hu...@apache.org> on 2023/05/06 03:38:18 UTC, 0 replies.
- [ANNOUNCE] Log4cxx 1.1.0 Released - posted by Robert Middleton <rm...@apache.org> on 2023/05/06 13:46:36 UTC, 0 replies.
- CVE-2023-29247: Stored XSS on Apache Airflow - posted by Pierre Jeambrun <pi...@apache.org> on 2023/05/07 17:02:53 UTC, 0 replies.
- CVE-2023-31038: Apache Log4cxx: SQL injection when using ODBC appender - posted by Robert Middleton <rm...@apache.org> on 2023/05/07 19:32:59 UTC, 0 replies.
- CVE-2023-31039: Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution - posted by Wang Weibing <ww...@apache.org> on 2023/05/08 03:57:31 UTC, 0 replies.
- [ANNOUNCE] Apache Groovy 4.0.12 Released - posted by Paul King <pa...@apache.org> on 2023/05/08 08:26:08 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow 12.0.0 released - posted by Raúl Cumplido <ra...@apache.org> on 2023/05/08 11:06:29 UTC, 0 replies.
- CVE-2023-25754: Apache Airflow: Privilege escalation using airflow logs - posted by Jarek Potiuk <po...@apache.org> on 2023/05/08 11:50:58 UTC, 0 replies.
- [ANN] Apache Syncope 3.0.3 - posted by Francesco Chicchiriccò <il...@apache.org> on 2023/05/08 13:49:47 UTC, 0 replies.
- [ANN] Apache Syncope 2.1.14 - posted by Francesco Chicchiriccò <il...@apache.org> on 2023/05/08 14:33:08 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 2.20.10 released - posted by Julian Reschke <re...@apache.org> on 2023/05/08 15:51:30 UTC, 0 replies.
- [ANN] Apache Tomcat 11.0.0-M6 (alpha) available - posted by Mark Thomas <ma...@apache.org> on 2023/05/09 20:26:18 UTC, 0 replies.
- [ANNOUNCE] Apache Lucene 9.6.0 released - posted by Alan Woodward <ro...@apache.org> on 2023/05/10 08:02:56 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit Oak 1.8.x deprecated - posted by Julian Reschke <re...@apache.org> on 2023/05/10 10:52:18 UTC, 0 replies.
- [ANNOUNCE] Apache flink-connector-rabbitmq v3.0.1 released - posted by Martijn Visser <ma...@apache.org> on 2023/05/10 12:51:10 UTC, 0 replies.
- [ANNOUNCE] Apache flink-shaded v17.0 released - posted by Martijn Visser <ma...@apache.org> on 2023/05/10 12:51:36 UTC, 0 replies.
- [ANNOUNCE] Apache flink-connector-pulsar v4.0.0 released - posted by Martijn Visser <ma...@apache.org> on 2023/05/10 12:51:57 UTC, 0 replies.
- [ANNOUNCE] Apache flink-connector-opensearch v1.0.1 released - posted by Martijn Visser <ma...@apache.org> on 2023/05/10 12:52:16 UTC, 0 replies.
- [ANNOUNCE] Apache flink-connector-elasticsearch v3.0.1 released - posted by Martijn Visser <ma...@apache.org> on 2023/05/10 13:16:15 UTC, 0 replies.
- [ANNOUNCE] Apache flink-connector-gcp-pubsub v3.0.1 released - posted by Martijn Visser <ma...@apache.org> on 2023/05/10 13:16:36 UTC, 0 replies.
- [ANN] Apache Tomcat 9.0.75 available - posted by Rémy Maucherat <re...@apache.org> on 2023/05/10 15:24:12 UTC, 0 replies.
- [ANNOUNCE] Apache OpenMeetings 7.1.0 is released - posted by Maxim Solodovnik <so...@apache.org> on 2023/05/11 01:43:30 UTC, 0 replies.
- CVE-2023-28936: Apache OpenMeetings: insufficient check of invitation hash - posted by Maxim Solodovnik <so...@apache.org> on 2023/05/12 01:14:09 UTC, 0 replies.
- CVE-2023-29032: Apache OpenMeetings: allows bypass authentication - posted by Maxim Solodovnik <so...@apache.org> on 2023/05/12 01:16:56 UTC, 0 replies.
- CVE-2023-29246: Apache OpenMeetings: allows null-byte Injection - posted by Maxim Solodovnik <so...@apache.org> on 2023/05/12 01:20:05 UTC, 0 replies.
- [ANNOUNCEMENT] Commons Daemon 1.3.4 Released - posted by Mark Thomas <ma...@apache.org> on 2023/05/12 13:50:59 UTC, 0 replies.
- CVE-2022-47937: Multiple parsing problems in the Apache Sling Commons JSON module - posted by Robert Munteanu <ro...@apache.org> on 2023/05/15 08:34:46 UTC, 0 replies.
- [ANNOUNCE] Apache Tika 2.8.0 released - posted by Tim Allison <ta...@apache.org> on 2023/05/15 12:20:13 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow ADBC 0.4.0 released - posted by David Li <li...@apache.org> on 2023/05/15 13:48:54 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M8 released - posted by Timothy Bish <ta...@apache.org> on 2023/05/15 14:57:03 UTC, 0 replies.
- [ANNOUNCE] Apache Beam 2.47.0 Released - posted by Jack McCluskey <jr...@apache.org> on 2023/05/15 16:15:41 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 1.52.0 released - posted by Julian Reschke <re...@apache.org> on 2023/05/15 17:06:56 UTC, 0 replies.
- [ANN] Apache TomEE 8.0.15 - posted by Richard Zowalla <rz...@apache.org> on 2023/05/16 12:14:40 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Client C++ 3.2.0 released - posted by Yunze Xu <xy...@apache.org> on 2023/05/16 12:47:15 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow 2.6.1 Released - posted by Ephraim Anierobi <ep...@apache.org> on 2023/05/16 14:14:08 UTC, 0 replies.
- [ANNOUNCE] Apache SDAP (incubating) 1.1.0 Released - posted by Nga Chung <nc...@apache.org> on 2023/05/16 21:11:50 UTC, 0 replies.
- [ANNOUNCEMENT] Apache Commons IO 2.12.0 - posted by Gary Gregory <gg...@apache.org> on 2023/05/17 12:19:27 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 2.16.x deprecated - posted by Julian Reschke <re...@apache.org> on 2023/05/18 08:05:14 UTC, 0 replies.
- [ANNOUNCE] Apache XBean 4.23 release - posted by fpapon <fp...@apache.org> on 2023/05/19 04:43:36 UTC, 0 replies.
- [ANN] Apache Tomcat 8.5.89 available - posted by Christopher Schultz <sc...@apache.org> on 2023/05/19 23:23:20 UTC, 0 replies.
- [ANN] Apache Tomcat 10.1.9 available - posted by Christopher Schultz <sc...@apache.org> on 2023/05/19 23:29:31 UTC, 0 replies.
- CVE-2023-31058: Apache InLong: JDBC URL bypassing by adding blanks - posted by Charles Zhang <do...@apache.org> on 2023/05/21 08:10:52 UTC, 0 replies.
- CVE-2023-31062: Apache InLong: Privilege escalation vulnerability for InLong - posted by Charles Zhang <do...@apache.org> on 2023/05/21 08:12:22 UTC, 0 replies.
- CVE-2023-31064: Apache InLong: Insecurity direct object references cancelling applications - posted by Charles Zhang <do...@apache.org> on 2023/05/21 08:15:00 UTC, 0 replies.
- CVE-2023-31065: Apache InLong: Insufficient Session Expiration in InLong - posted by Charles Zhang <do...@apache.org> on 2023/05/21 08:16:20 UTC, 0 replies.
- CVE-2023-31066: Apache InLong: Insecure direct object references for inlong sources - posted by Charles Zhang <do...@apache.org> on 2023/05/21 08:17:38 UTC, 0 replies.
- CVE-2023-31098: Apache InLong: Weak Password Implementation in InLong - posted by Charles Zhang <do...@apache.org> on 2023/05/21 08:18:30 UTC, 0 replies.
- CVE-2023-31101: Apache InLong: Users who joined later can see the data of deleted users - posted by Charles Zhang <do...@apache.org> on 2023/05/21 08:19:26 UTC, 0 replies.
- CVE-2023-31103: Apache InLong: Attackers can change the immutable name and type of cluster - posted by Charles Zhang <do...@apache.org> on 2023/05/21 08:20:24 UTC, 0 replies.
- CVE-2023-31206: Apache InLong: Attackers can change the immutable name and type of nodes - posted by Charles Zhang <do...@apache.org> on 2023/05/21 08:21:19 UTC, 0 replies.
- CVE-2023-31453: Apache InLong: IDOR make users can delete others' subscription - posted by Charles Zhang <do...@apache.org> on 2023/05/21 08:22:34 UTC, 0 replies.
- CVE-2023-31454: Apache InLong: IDOR make users can bind any cluster - posted by Charles Zhang <do...@apache.org> on 2023/05/21 08:23:21 UTC, 0 replies.
- [ANNOUNCE] Apache Kyuubi Shaded released 0.1.0 - posted by Cheng Pan <ch...@apache.org> on 2023/05/21 14:21:12 UTC, 0 replies.
- [SECURITY] CVE-2023-28709 Apache Tomcat - Fix for CVE-2023-24998 was incomplete - posted by Mark Thomas <ma...@apache.org> on 2023/05/22 10:01:20 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid JMS 1.9.0 released - posted by Robbie Gemmell <ro...@apache.org> on 2023/05/22 12:09:33 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid JMS 2.3.0 released - posted by Robbie Gemmell <ro...@apache.org> on 2023/05/22 12:10:34 UTC, 0 replies.
- [ANNOUNCE] Airflow Providers prepared on May 19, 2023 are released - posted by Elad Kalif <el...@apache.org> on 2023/05/22 19:38:08 UTC, 0 replies.
- CVE-2023-33246: Apache RocketMQ: RocketMQ may have a remote code execution vulnerability when using the update configuration function - posted by Rongtong Jin <ji...@apache.org> on 2023/05/23 09:48:07 UTC, 0 replies.
- [ANNOUNCE] Apache JSPWiki 2.12.0 released - posted by Juan Pablo Santos Rodríguez <ju...@apache.org> on 2023/05/24 20:31:02 UTC, 0 replies.
- CVE-2022-46907: Apache JSPWiki Cross-site scripting on several plugins - posted by Juan Pablo Santos Rodríguez <ju...@apache.org> on 2023/05/24 20:41:12 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 3.18.7 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/05/26 04:01:48 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 3.20.5 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/05/26 11:26:40 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid proton-dotnet 1.0.0-M9 released - posted by Timothy Bish <ta...@apache.org> on 2023/05/26 16:15:51 UTC, 0 replies.
- CVE-2023-33234: Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration - posted by Elad Kalif <el...@apache.org> on 2023/05/26 19:54:53 UTC, 0 replies.
- [ANNOUNCE] Apache Guacamole 1.5.2 released - posted by Michael Jumper <mj...@apache.org> on 2023/05/26 23:42:20 UTC, 0 replies.
- [ANNOUNCE] Airflow Providers prepared on May 24, 2023 are released - posted by Elad Kalif <el...@apache.org> on 2023/05/27 16:45:15 UTC, 0 replies.
- [ANNOUNCE] Apache Wicket 9.14.0 released - posted by Andrea Del Bene <ad...@apache.org> on 2023/05/28 20:34:30 UTC, 0 replies.
- CVE-2023-30601: Apache Cassandra: Privilege escalation when enabling FQL/Audit logs - posted by Marcus Eriksson <ma...@apache.org> on 2023/05/29 10:25:54 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 3.14.8 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/05/29 15:12:53 UTC, 0 replies.
- [ANNOUNCE] Release Apache DolphinScheduler 3.0.6 - posted by Jay Chung <zh...@apache.org> on 2023/05/30 05:59:42 UTC, 0 replies.
- [ANNOUNCE] ATS 10 Hackathon 6/8/23 - posted by Bryan Call <bc...@apache.org> on 2023/05/30 18:37:32 UTC, 0 replies.
- [ANNOUNCE] Apache Serf 1.3.10 released - posted by Evgeny Kotkov <ko...@apache.org> on 2023/05/31 19:06:48 UTC, 0 replies.