announce@apache.org, 2023-11

You are viewing a plain text version of this content. The canonical link for it is here.

- [ANN] Apache TomEE 8.0.16 - posted by Richard Zowalla <rz...@apache.org> on 2023/11/03 08:22:06 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 3.20.8 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/11/03 15:09:48 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit FileVault 3.7.2 released - posted by Julian Reschke <re...@apache.org> on 2023/11/04 12:00:39 UTC, 0 replies.
- [ANNOUNCE] Apache bRPC 1.7.0 released - posted by Lorin Lee <lo...@apache.org> on 2023/11/04 15:16:42 UTC, 0 replies.
- [ANNOUNCE] Apache Pekko (Incubating) Connectors 1.0.1 available - posted by PJ Fanning <fa...@apache.org> on 2023/11/04 20:48:02 UTC, 0 replies.
- [ANNOUNCE] Apache PDFBox 2.0.30 released - posted by Andreas Lehmkühler <le...@apache.org> on 2023/11/05 11:29:38 UTC, 0 replies.
- [ANNOUNCE] Apache OFBiz 18.12.09 released - posted by Jacopo Cappellato <ja...@apache.org> on 2023/11/05 15:28:45 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow 2.7.3 Released - posted by Ephraim Anierobi <ep...@apache.org> on 2023/11/06 06:59:22 UTC, 0 replies.
- [ANNOUNCE] Apache UIMA Java SDK version 3.5.0 released - posted by Richard Eckart de Castilho <re...@apache.org> on 2023/11/06 12:03:43 UTC, 0 replies.
- [ANNOUNCE] Apache Daffodil 3.6.0 Released - posted by Steve Lawrence <sl...@apache.org> on 2023/11/06 12:21:36 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow 14.0.0 released - posted by Raúl Cumplido <ra...@apache.org> on 2023/11/06 19:21:08 UTC, 0 replies.
- CVE-2023-46851: Apache Allura: sensitive information exposure via import - posted by Dave Brondsema <br...@apache.org> on 2023/11/06 22:30:58 UTC, 0 replies.
- [ANNOUNCE] Apache Allura 1.16.0 released, contains critical security fix - posted by Dave Brondsema <br...@apache.org> on 2023/11/06 22:36:46 UTC, 0 replies.
- [ANNOUNCE] Apache Kyuubi released 1.8.0 - posted by Cheng Pan <ch...@apache.org> on 2023/11/07 06:28:20 UTC, 0 replies.
- CVE-2023-46819: Apache OFBiz: Execution of Solr plugin queries without authentication - posted by Jacques Le Roux <jl...@apache.org> on 2023/11/07 09:53:35 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Go Client 0.11.1 released - posted by Zike Yang <zi...@apache.org> on 2023/11/07 10:57:00 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 2.20.13 released - posted by Julian Reschke <re...@apache.org> on 2023/11/07 14:07:59 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid protonj2 1.0.0-M18 released - posted by Timothy Bish <ta...@apache.org> on 2023/11/07 16:39:59 UTC, 0 replies.
- CVE-2023-39913: Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK: Potential untrusted code execution when deserializing certain binary CAS formats - posted by Richard Eckart de Castilho <re...@apache.org> on 2023/11/08 07:38:44 UTC, 0 replies.
- CVE-2023-47248: PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file - posted by Antoine Pitrou <ap...@apache.org> on 2023/11/08 18:05:51 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow ADBC 0.8.0 released - posted by David Li <li...@apache.org> on 2023/11/09 15:26:15 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 3.14.10 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/11/09 19:40:28 UTC, 0 replies.
- [ANNOUNCE] Apache Calcite 1.36.0 released - posted by Benchao Li <li...@apache.org> on 2023/11/10 13:48:58 UTC, 0 replies.
- [ANNOUNCE] Apache Shiro 1.13.0 with fix CVE-2023-46750 - posted by fpapon <fp...@apache.org> on 2023/11/12 08:27:10 UTC, 0 replies.
- CVE-2023-47037: Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access) - posted by Ephraim Anierobi <ep...@apache.org> on 2023/11/12 11:11:07 UTC, 0 replies.
- CVE-2023-42781: Apache Airflow: Permission verification bypass allows viewing dagruns of other dags - posted by Ephraim Anierobi <ep...@apache.org> on 2023/11/12 11:11:12 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Providers prepared on November 08, 2023 are released - posted by Elad Kalif <el...@apache.org> on 2023/11/12 19:00:20 UTC, 1 replies.
- [ANNOUNCE] Apache Olingo 4.10.0 has been released - posted by mibo <mi...@apache.org> on 2023/11/12 20:24:34 UTC, 0 replies.
- [ANNOUNCE] Apache Olingo 2.0.13 has been released - posted by mibo <mi...@apache.org> on 2023/11/12 20:24:38 UTC, 0 replies.
- [ANNOUNCE] Apache APISIX Ingress controller v1.7.1 released - posted by Ling Samuel <li...@apache.org> on 2023/11/13 07:15:08 UTC, 1 replies.
- [ANNOUNCEMENT] Apache SkyWalking Infra E2E 1.3.0 Released - posted by Hoshea Jiang <ho...@apache.org> on 2023/11/13 07:21:07 UTC, 0 replies.
- [ANNOUNCE] Apache UIMA uimaFIT version 3.5.0 released - posted by Richard Eckart de Castilho <re...@apache.org> on 2023/11/13 09:16:19 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Client C++ 3.4.0 released - posted by Yunze Xu <xy...@apache.org> on 2023/11/13 13:33:03 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Python Client 2.7.3 Released - posted by Ephraim Anierobi <ep...@apache.org> on 2023/11/14 09:03:33 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow 14.0.1 released - posted by Raúl Cumplido <ra...@apache.org> on 2023/11/14 14:24:24 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 4.2.0 Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/11/14 19:53:31 UTC, 0 replies.
- [ANN] Apache Tomcat 8.5.96 available - posted by Christopher Schultz <sc...@apache.org> on 2023/11/14 21:11:55 UTC, 0 replies.
- [ANN] Apache Tomcat 10.1.16 available - posted by Christopher Schultz <sc...@apache.org> on 2023/11/14 22:55:17 UTC, 0 replies.
- [ANN] Apache Tomcat 9.0.83 available - posted by Rémy Maucherat <re...@apache.org> on 2023/11/15 11:03:49 UTC, 0 replies.
- [ANN] Apache Tomcat 11.0.0-M14 (alpha) available - posted by Mark Thomas <ma...@apache.org> on 2023/11/15 11:22:30 UTC, 0 replies.
- [ANNOUNCE] Apache Derby 10.17.1.0 released - posted by Richard Hillegas <rh...@apache.org> on 2023/11/15 23:23:14 UTC, 0 replies.
- CVE-2023-26031: Privilege escalation in Apache Haoop Yarn container-executor binary on Linux systems - posted by Masatake Iwasaki <iw...@apache.org> on 2023/11/16 05:24:27 UTC, 0 replies.
- [ANNOUNCE] Release Apache OpenDAL incubating 0.42.0 - posted by Mingzhuo Yin <si...@apache.org> on 2023/11/16 06:12:45 UTC, 0 replies.
- [ANNOUNCE] Apache XMLBeans 5.2.0 release - posted by PJ Fanning <fa...@apache.org> on 2023/11/17 10:55:20 UTC, 0 replies.
- [ANNOUNCE] Apache Commons Compress 1.25.0 - posted by Gary Gregory <gg...@apache.org> on 2023/11/17 14:14:06 UTC, 0 replies.
- [ANNOUNCE] Apache Accumulo 1.10.4 - posted by Christopher <ct...@apache.org> on 2023/11/17 14:56:57 UTC, 0 replies.
- [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.0 - posted by Christophe Bornet <cb...@apache.org> on 2023/11/18 11:11:57 UTC, 0 replies.
- CVE-2023-46302: Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization - posted by Xiang Chen <cd...@apache.org> on 2023/11/19 07:59:35 UTC, 0 replies.
- [ANNOUNCE] Apache Pekko (Incubating) Persistence DynamoDB 1.0.0 available - posted by PJ Fanning <fa...@apache.org> on 2023/11/19 09:04:18 UTC, 0 replies.
- [ANN] Apache ActiveMQ 6.0.0 has been released! - posted by Jean-Baptiste Onofré <jb...@apache.org> on 2023/11/19 16:39:37 UTC, 0 replies.
- CVE-2022-46337: Apache Derby: LDAP injection vulnerability in authenticator - posted by "Richard N. Hillegas" <rh...@apache.org> on 2023/11/19 18:42:36 UTC, 0 replies.
- [ANNOUNCE] Apache YuniKorn v1.4.0 released - posted by Wilfred Spiegelenburg <wi...@apache.org> on 2023/11/20 04:46:01 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 4.0.3 (LTS) Release - posted by Gregor Zurowski <gz...@apache.org> on 2023/11/20 20:14:11 UTC, 0 replies.
- [ANNOUNCE] Apache Ratis 3.0.0 released - posted by William Song <wi...@apache.org> on 2023/11/21 07:08:21 UTC, 0 replies.
- [ANNOUNCE] Apache Ratis 3.0.0 released! - posted by William Song <wi...@apache.org> on 2023/11/21 07:39:54 UTC, 0 replies.
- [ANNOUNCE] Apache APISIX 3.7.0 has been released - posted by Xin Rong <al...@apache.org> on 2023/11/21 13:30:00 UTC, 0 replies.
- CVE-2023-37924: Apache Submarine: SQL injection from unauthorized login - posted by Xiang Chen <cd...@apache.org> on 2023/11/22 00:15:24 UTC, 0 replies.
- CVE-2022-45875: Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin - posted by Wenjun Ruan <we...@apache.org> on 2023/11/22 04:31:28 UTC, 0 replies.
- CVE-2023-43123: Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files - posted by Julien Nioche <jn...@apache.org> on 2023/11/23 09:05:48 UTC, 0 replies.
- CVE-2023-48796: Apache dolphinscheduler sensitive information disclosure - posted by Zhenxu Ke <ke...@apache.org> on 2023/11/24 04:50:00 UTC, 0 replies.
- CVE-2023-49068: Apache DolphinScheduler: Information Leakage Vulnerability - posted by Zihao Xiang <zi...@apache.org> on 2023/11/24 05:29:43 UTC, 0 replies.
- [ANNOUNCE] Apache POI 5.2.5 released - posted by PJ Fanning <fa...@apache.org> on 2023/11/25 20:07:22 UTC, 0 replies.
- [ANNOUNCE] Apache NiFi 2.0.0-M1 Released - posted by David Handermann <ex...@apache.org> on 2023/11/26 05:47:32 UTC, 0 replies.
- [ANN] Apache IvyDE Retired - posted by Stefan Bodewig <bo...@apache.org> on 2023/11/26 16:11:07 UTC, 0 replies.
- [ANNOUNCE] Apache Wicket 9.16.0 released - posted by Andrea Del Bene <ad...@apache.org> on 2023/11/26 19:27:20 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Client C++ 3.4.1 released - posted by Yunze Xu <xy...@apache.org> on 2023/11/27 04:35:20 UTC, 0 replies.
- CVE-2023-40610: Apache Superset: Privilege escalation with default examples database - posted by Daniel Gaspar <dp...@apache.org> on 2023/11/27 09:31:05 UTC, 0 replies.
- [ANNOUNCE] OpenNLP 2.3.1 released - posted by Martin Wiesner <ma...@apache.org> on 2023/11/27 09:31:57 UTC, 0 replies.
- CVE-2023-42501: Apache Superset: Unnecessary read permissions within the Gamma role - posted by Daniel Gaspar <dp...@apache.org> on 2023/11/27 09:39:08 UTC, 0 replies.
- [ANNOUNCE] Apache Commons Lang Version 3.14.0 - posted by Gary Gregory <gg...@apache.org> on 2023/11/27 12:36:52 UTC, 0 replies.
- CVE-2023-49145: Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt - posted by David Handermann <ex...@apache.org> on 2023/11/27 21:58:37 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.1.0 released - posted by tison <ti...@apache.org> on 2023/11/28 09:11:32 UTC, 0 replies.
- [ANN] Apache Cocoon 2.3.0 Released - posted by Cédric Damioli <cd...@apache.org> on 2023/11/28 13:17:11 UTC, 0 replies.
- CVE-2022-41678: Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE - posted by Jean-Baptiste Onofré <jb...@apache.org> on 2023/11/28 14:54:23 UTC, 0 replies.
- [SECURITY] CVE-2023-46589 Apache Tomcat - Request Smuggling - posted by Mark Thomas <ma...@apache.org> on 2023/11/28 15:27:23 UTC, 0 replies.
- CVE-2023-42502: Apache Superset: Open Redirect Vulnerability - posted by Daniel Gaspar <dp...@apache.org> on 2023/11/28 16:08:27 UTC, 0 replies.
- CVE-2023-42505: Apache Superset: Sensitive information disclosure on db connection details - posted by Daniel Gaspar <dp...@apache.org> on 2023/11/28 16:20:15 UTC, 0 replies.
- CVE-2023-42504: Apache Superset: Lack of rate limiting allows for possible denial of service - posted by Daniel Gaspar <dp...@apache.org> on 2023/11/28 16:39:26 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Providers prepared on November 24, 2023 are released - posted by Elad Kalif <el...@apache.org> on 2023/11/29 07:27:00 UTC, 0 replies.
- [ANNOUNCE] Apache StreamPipes 0.93.0 - posted by Tim Bossenmaier <bo...@apache.org> on 2023/11/29 11:50:24 UTC, 0 replies.
- [ANNOUNCE] Apache Groovy 4.0.16 Released - posted by Paul King <pa...@apache.org> on 2023/11/29 22:28:13 UTC, 0 replies.
- [ANNOUNCE] Apache Groovy 5.0.0-alpha-3 Released - posted by Paul King <pa...@apache.org> on 2023/11/29 22:53:59 UTC, 0 replies.
- CVE-2022-45135: Apache Cocoon: SQL injection in DatabaseCookieAuthenticatorAction - posted by Cédric Damioli <cd...@apache.org> on 2023/11/29 23:02:30 UTC, 0 replies.
- CVE-2023-49620: Apache DolphinScheduler: Authenticated users could delete UDFs in resouece center they were not authorized - posted by Jiajie Zhong <zh...@apache.org> on 2023/11/30 03:02:05 UTC, 0 replies.
- CVE-2023-49733: Apache Cocoon's StreamGenerator is vulnerable to XXE injection - posted by Cédric Damioli <cd...@apache.org> on 2023/11/30 11:16:38 UTC, 0 replies.
- CVE-2023-49735: Apache Tiles: Unvalidated input may lead to path traversal and XXE - posted by Arnout Engelen <en...@apache.org> on 2023/11/30 16:34:09 UTC, 0 replies.
- [ANNOUNCE] Apache PDFBox 3.0.1 released - posted by Andreas Lehmkühler <le...@apache.org> on 2023/11/30 19:07:54 UTC, 0 replies.