announce@apache.org, 2023-12

You are viewing a plain text version of this content. The canonical link for it is here.

- [ANNOUNCE] Apache Jackrabbit Oak 1.22.18 released - posted by Julian Reschke <re...@apache.org> on 2023/12/01 14:06:33 UTC, 0 replies.
- [ANNOUNCE] Apache Pekko (Incubating) 1.0.2 available - posted by PJ Fanning <fa...@apache.org> on 2023/12/01 18:46:54 UTC, 0 replies.
- [ANNOUNCE] Apache Commons Logging 1.3.0 - posted by Gary Gregory <gg...@apache.org> on 2023/12/02 12:57:13 UTC, 0 replies.
- [ANNOUNCE] Apache Calcite Avatica 1.24.0 Released - posted by Francis Chuang <fr...@apache.org> on 2023/12/03 22:54:17 UTC, 0 replies.
- [ANNOUNCEMENT] Apache SkyWalking CLI 0.13.0 Released - posted by han liu <li...@apache.org> on 2023/12/04 04:23:00 UTC, 0 replies.
- [ANNOUNCE] Apache OFBiz 18.12.10 released - posted by Jacopo Cappellato <ja...@apache.org> on 2023/12/04 09:06:58 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Core 5.2.4 GA released - posted by Oleg Kalnichevski <ol...@apache.org> on 2023/12/04 09:55:43 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Client 5.2.3 GA Released - posted by Oleg Kalnichevski <ol...@apache.org> on 2023/12/04 10:08:21 UTC, 0 replies.
- [ANNOUNCE] Apache Lucene 9.9.0 released - posted by Chris Hegarty <ch...@apache.org> on 2023/12/04 15:38:38 UTC, 0 replies.
- CVE-2023-49070: Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present - posted by Jacques Le Roux <jl...@apache.org> on 2023/12/04 21:04:50 UTC, 0 replies.
- [ANNOUNCE] Apache CouchDB 3.3.3 released - posted by Jan Lehnardt <ja...@apache.org> on 2023/12/05 17:24:21 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit Oak 1.60.0 released - posted by Julian Reschke <re...@apache.org> on 2023/12/06 19:43:30 UTC, 0 replies.
- [ANNOUNCE] Apache SkyWalking 9.7.0 released - posted by Sheng Wu <wu...@apache.org> on 2023/12/06 20:06:30 UTC, 0 replies.
- [ANN] Apache Struts 6.3.0.2 & 2.5.33 - posted by Lukasz Lenart <lu...@apache.org> on 2023/12/07 07:30:24 UTC, 0 replies.
- CVE-2023-50164: Apache Struts: File upload component had a directory traversal vulnerability - posted by Lukasz Lenart <lu...@apache.org> on 2023/12/07 07:38:54 UTC, 0 replies.
- [ANNOUNCE] Apache Kafka 3.6.1 - posted by Mickael Maison <mi...@apache.org> on 2023/12/07 11:12:39 UTC, 0 replies.
- [ANNOUNCE] Apache Kyuubi Shaded released 0.2.0 - posted by Cheng Pan <ch...@apache.org> on 2023/12/07 11:30:00 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Client 5.3 GA Released - posted by Oleg Kalnichevski <ol...@apache.org> on 2023/12/07 15:48:18 UTC, 0 replies.
- [ANNOUNCE] Apache Guacamole 1.5.4 - posted by Michael Jumper <mj...@apache.org> on 2023/12/09 01:33:29 UTC, 0 replies.
- CVE-2023-41835: Apache Struts: excessive disk usage - posted by Lukasz Lenart <lu...@apache.org> on 2023/12/09 06:55:17 UTC, 0 replies.
- [ANNOUNCE] Release Apache Hop 2.7.0 - posted by Bart Maertens <ba...@apache.org> on 2023/12/09 12:59:44 UTC, 0 replies.
- Fwd: [ANNOUNCE] Apache Commons BCEL Version 6.8.0 - posted by Gary Gregory <gg...@apache.org> on 2023/12/09 16:58:08 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.1.1 released - posted by tison <ti...@apache.org> on 2023/12/11 04:16:20 UTC, 0 replies.
- [ANNOUNCE] Apache Calcite Avatica Go 5.3.0 released - posted by Francis Chuang <fr...@apache.org> on 2023/12/11 08:02:14 UTC, 0 replies.
- [ANNOUNCE] Apache Kafka 3.5.2 - posted by Luke Chen <sh...@apache.org> on 2023/12/11 11:34:22 UTC, 0 replies.
- [ANN] Apache ActiveMQ 6.0.1 has been released! - posted by Jean-Baptiste Onofré <jb...@apache.org> on 2023/12/11 13:28:01 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Providers prepared on December 08, 2023 are released - posted by Elad Kalif <el...@apache.org> on 2023/12/12 07:27:00 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 2.21.21 released - posted by Julian Reschke <re...@apache.org> on 2023/12/12 11:15:27 UTC, 0 replies.
- [ANN] Apache Tomcat 8.5.97 available - posted by Christopher Schultz <sc...@apache.org> on 2023/12/12 14:20:20 UTC, 0 replies.
- Apache Tomcat 10.1.17 Available - posted by Christopher Schultz <sc...@apache.org> on 2023/12/12 14:48:43 UTC, 0 replies.
- [ANN] Apache Tomcat 11.0.0-M15 (alpha) available - posted by Mark Thomas <ma...@apache.org> on 2023/12/12 15:50:16 UTC, 0 replies.
- [ANN] Apache Tomcat 9.0.84 available - posted by Rémy Maucherat <re...@apache.org> on 2023/12/12 16:17:35 UTC, 0 replies.
- CVE-2023-45725: Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents - posted by Nick Vatamaniuc <va...@apache.org> on 2023/12/12 20:09:47 UTC, 0 replies.
- [ANN] Apache Maven 4.0.0-alpha-9 released - posted by Guillaume Nodet <gn...@apache.org> on 2023/12/13 05:56:25 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 3.20.9 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/12/13 14:12:18 UTC, 0 replies.
- [ANNOUNCE] Apache Tika 3.0.0-BETA released - posted by Tim Allison <ta...@apache.org> on 2023/12/13 14:40:41 UTC, 0 replies.
- CVE-2023-46750: Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro. - posted by Brian Demers <bd...@apache.org> on 2023/12/13 21:24:22 UTC, 0 replies.
- [ANNOUNCE] Apache Uniffle (Incubating) V0.8.0 available - posted by Xianjing Feng <xi...@apache.org> on 2023/12/14 02:05:47 UTC, 0 replies.
- CVE-2023-29234: Bypass serialize checks in Apache Dubbo - posted by Albumen Kevin <al...@apache.org> on 2023/12/15 05:47:29 UTC, 0 replies.
- CVE-2023-46279: Apache Dubbo: Bypass deny serialize list check in Apache Dubbo - posted by Albumen Kevin <al...@apache.org> on 2023/12/15 05:49:54 UTC, 0 replies.
- CVE-2023-30867: Apache StreamPark (incubating): Authenticated system users could trigger SQL injection vulnerability - posted by Huajie Wang <be...@apache.org> on 2023/12/15 10:59:40 UTC, 0 replies.
- CVE-2023-49898: Apache StreamPark (incubating): Authenticated system users could trigger remote command execution - posted by Huajie Wang <be...@apache.org> on 2023/12/15 11:00:59 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 3.21.3 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/12/15 16:26:30 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Client C++ 3.4.2 released - posted by Yunze Xu <xy...@apache.org> on 2023/12/16 07:05:06 UTC, 0 replies.
- CVE-2023-41314: Apache Doris: Missing API authentication allowed DoS - posted by Mingyu Chen <mo...@apache.org> on 2023/12/16 16:01:55 UTC, 0 replies.
- [ANNOUNCE] Apache Lucene 9.9.1 released - posted by Chris Hegarty <ch...@apache.org> on 2023/12/16 23:11:11 UTC, 0 replies.
- [ANNOUNCE] Release Apache Kvrocks 2.7.0 - posted by hulk <hu...@apache.org> on 2023/12/17 13:11:25 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Providers prepared on 12 December 2023 are released - posted by Jarek Potiuk <po...@apache.org> on 2023/12/17 17:47:07 UTC, 0 replies.
- [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.1 - posted by Chris Bono <on...@apache.org> on 2023/12/17 23:45:31 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 4.3.0 Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/12/18 18:04:38 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow 2.8.0 Released - posted by Ephraim Anierobi <ep...@apache.org> on 2023/12/18 19:09:01 UTC, 0 replies.
- [ANNOUNCE] Apache Olingo 5.0.0 has been released - posted by mibo <mi...@apache.org> on 2023/12/18 20:49:38 UTC, 0 replies.
- CVE-2023-46104: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb - posted by Daniel Gaspar <dp...@apache.org> on 2023/12/19 09:14:12 UTC, 0 replies.
- CVE-2023-49736: Apache Superset: SQL Injection on where_in JINJA macro - posted by Daniel Gaspar <dp...@apache.org> on 2023/12/19 09:31:15 UTC, 0 replies.
- CVE-2023-49734: Apache Superset: Privilege Escalation Vulnerability - posted by Daniel Gaspar <dp...@apache.org> on 2023/12/19 09:44:03 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 2.21.22 released - posted by Julian Reschke <re...@apache.org> on 2023/12/19 10:27:07 UTC, 0 replies.
- [SECURITY] CVE-2023-43826: Apache Guacamole: Integer overflow in handling of VNC image buffers - posted by Michael Jumper <mj...@apache.org> on 2023/12/19 19:02:39 UTC, 0 replies.
- CVE-2023-37544: Apache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoS - posted by Michael Marshall <mm...@apache.org> on 2023/12/20 03:25:55 UTC, 0 replies.
- CVE-2023-48291: Apache Airflow: Improper access control to DAG resources - posted by Ephraim Anierobi <ep...@apache.org> on 2023/12/21 07:04:36 UTC, 0 replies.
- CVE-2023-47265: Apache Airflow: DAG Params alllow to embed unchecked Javascript - posted by Ephraim Anierobi <ep...@apache.org> on 2023/12/21 07:04:46 UTC, 0 replies.
- CVE-2023-49920: Apache Airflow: Missing CSRF protection on DAG/trigger - posted by Ephraim Anierobi <ep...@apache.org> on 2023/12/21 07:05:04 UTC, 0 replies.
- CVE-2023-50783: Apache Airflow: Improper access control vulnerability on the "varimport" endpoint - posted by Ephraim Anierobi <ep...@apache.org> on 2023/12/21 07:05:17 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Helm Chart version 3.1.0 Released - posted by Lari Hotari <lh...@apache.org> on 2023/12/21 09:38:11 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow 14.0.2 released - posted by Raúl Cumplido <ra...@apache.org> on 2023/12/21 09:57:00 UTC, 0 replies.
- CVE-2023-51656: Apache IoTDB: Unsafe deserialize map in Sync Tool - posted by Haonan Hou <ha...@apache.org> on 2023/12/21 10:57:26 UTC, 0 replies.
- [ANNOUNCE] Apache OFBiz 18.12.11 released - posted by Jacopo Cappellato <ja...@apache.org> on 2023/12/21 17:14:15 UTC, 0 replies.
- [ANNOUNCE] Release Apache InLong 1.10.0 - posted by Verne Deng <ve...@apache.org> on 2023/12/22 01:31:25 UTC, 0 replies.
- [ANNOUNCE] Release Apache Groovy 5.0.0-alpha-4 - posted by Paul King <pa...@apache.org> on 2023/12/22 02:48:12 UTC, 0 replies.
- [ANNOUNCE] Apache Groovy 4.0.17 Released - posted by Paul King <pa...@apache.org> on 2023/12/22 03:02:53 UTC, 0 replies.
- [ANNOUNCE] Apache Groovy 3.0.20 Released - posted by Paul King <pa...@apache.org> on 2023/12/22 04:16:49 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Python Client 2.8.0 Released - posted by Ephraim Anierobi <ep...@apache.org> on 2023/12/23 08:21:00 UTC, 0 replies.
- [ANNOUNCE] Apache OpenOffice 4.1.15 released - posted by Marcus <ma...@apache.org> on 2023/12/23 14:50:42 UTC, 1 replies.
- [ANNOUNCE] Apache OpenMeetings 7.2.0 is released - posted by Maxim Solodovnik <so...@apache.org> on 2023/12/24 14:12:46 UTC, 0 replies.
- [ANN] Apache Syncope 3.0.6 - posted by Francesco Chicchiriccò <il...@apache.org> on 2023/12/26 08:30:26 UTC, 0 replies.
- CVE-2023-50968: Apache OFBiz: Arbitrary file properties reading and SSRF attack - posted by Nicolas Malin <nm...@apache.org> on 2023/12/26 10:17:25 UTC, 0 replies.
- CVE-2023-51467: Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability - posted by Deepak Dixit <de...@apache.org> on 2023/12/26 12:02:13 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Core 5.3-alpha1 released - posted by Oleg Kalnichevski <ol...@apache.org> on 2023/12/26 14:11:03 UTC, 0 replies.
- [ANNOUNCE] Apache Ignite 2.16.0 Released - posted by Nikita Amelchev <na...@apache.org> on 2023/12/26 19:31:56 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 3.22.0 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2023/12/26 21:44:43 UTC, 0 replies.
- [ANNOUNCE] Apache Linkis 1.5.0 available - posted by 郭飞 <gu...@apache.org> on 2023/12/27 12:20:23 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Providers prepared on 23rd December 2023 are released - posted by Jarek Potiuk <po...@apache.org> on 2023/12/27 23:54:30 UTC, 0 replies.
- [ANN] Apache Iceberg 1.4.3 release - posted by Jean-Baptiste Onofré <jb...@apache.org> on 2023/12/28 06:23:47 UTC, 0 replies.
- [ANNOUNCE] Apache Commons FileUpload 2.0.0-M2 - posted by Gary Gregory <gg...@apache.org> on 2023/12/28 14:58:44 UTC, 0 replies.
- [ANNOUNCE] Apache Pekko (Incubating) Persistence R2DBC 1.0.0 available - posted by PJ Fanning <fa...@apache.org> on 2023/12/28 19:04:00 UTC, 0 replies.
- CVE-2023-47804: Apache OpenOffice: Macro URL arbitrary script execution - posted by Arrigo Marchiori <ar...@apache.org> on 2023/12/28 20:30:33 UTC, 0 replies.
- CVE-2023-1183: Apache OpenOffice: Arbitrary file write in Apache OpenOffice Base - posted by Arrigo Marchiori <ar...@apache.org> on 2023/12/28 20:56:39 UTC, 0 replies.
- CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat - posted by Arrigo Marchiori <ar...@apache.org> on 2023/12/28 21:06:08 UTC, 0 replies.
- CVE-2012-5639: Apache OpenOffice: Loading internal / external resources without warning - posted by Arrigo Marchiori <ar...@apache.org> on 2023/12/28 21:09:04 UTC, 0 replies.
- CVE-2023-49299: Apache DolphinScheduler: Arbitrary js execute as root for authenticated users - posted by Jiajie Zhong <zh...@apache.org> on 2023/12/29 02:54:22 UTC, 0 replies.
- [ANNOUNCE] Apache Subversion 1.14.3 released - posted by ha...@apache.org on 2023/12/29 22:34:14 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Client 5.4-alpha1 Released - posted by Oleg Kalnichevski <ol...@apache.org> on 2023/12/30 07:58:39 UTC, 0 replies.
- [ANNOUNCE] Release Apache OpenDAL(incubating) 0.44.0 - posted by Liuqing Yue <li...@apache.org> on 2023/12/31 03:14:09 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Providers prepared on 28th December 2023 are releasedcccccbctlvggtjkkvhgtgdefghndgvtufdrhvndclclj - posted by Jarek Potiuk <po...@apache.org> on 2023/12/31 11:26:00 UTC, 0 replies.