announce@apache.org, 2024-02

You are viewing a plain text version of this content. The canonical link for it is here.

- CVE-2023-44312: Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server - posted by liubao <li...@apache.org> on 2024/02/01 03:26:38 UTC, 0 replies.
- CVE-2023-44313: Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API - posted by liubao <li...@apache.org> on 2024/02/01 03:52:16 UTC, 0 replies.
- [ANNOUNCE] MyFaces Core v4.0.2 Release - posted by Volodymyr Siedlecki <vo...@apache.org> on 2024/02/01 15:32:18 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 4.0.4 (LTS) Release - posted by Gregor Zurowski <gz...@apache.org> on 2024/02/01 15:36:33 UTC, 0 replies.
- [ANNOUNCE] Apache Storm 2.6.1 Released - posted by Richard Zowalla <rz...@apache.org> on 2024/02/02 12:12:14 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Providers prepared on January 30, 2024 are released - posted by Elad Kalif <el...@apache.org> on 2024/02/04 07:56:26 UTC, 0 replies.
- [ANNOUNCE] OpenNLP 2.3.2 released - posted by Richard Zowalla <rz...@apache.org> on 2024/02/04 13:31:33 UTC, 0 replies.
- [ANNOUNCE] Apache bRPC 1.8.0 released - posted by Weibing Wang <ww...@apache.org> on 2024/02/05 08:57:31 UTC, 0 replies.
- CVE-2024-23673: Apache Sling Servlets Resolver: Malicious code execution via path traversal - posted by Carsten Ziegeler <cz...@apache.org> on 2024/02/06 09:11:56 UTC, 0 replies.
- [Announcement] : Apache LDAP API 2.1.6 - posted by Emmanuel Lecharny <el...@apache.org> on 2024/02/06 13:00:38 UTC, 0 replies.
- [ANNOUNCE] Apache Fineract 1.9.0 Release - posted by Aleksandar Vidakovic <al...@apache.org> on 2024/02/07 02:03:33 UTC, 0 replies.
- [ANNOUNCE] Apache Celeborn(incubating) 0.4.0 available - posted by Fu Chen <fc...@apache.org> on 2024/02/07 02:21:17 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Node.js client 1.10.0 released - posted by Baodi Shi <ba...@apache.org> on 2024/02/07 03:55:37 UTC, 0 replies.
- CVE-2023-51437: Apache Pulsar: Timing attack in SASL token signature verification - posted by Michael Marshall <mm...@apache.org> on 2024/02/07 06:43:26 UTC, 0 replies.
- [ANNOUNCE] Apache flink-connector-kafka v3.1.0 released - posted by Martijn Visser <ma...@apache.org> on 2024/02/07 12:46:42 UTC, 0 replies.
- CVE-2023-39196: Apache Ozone: Missing mutual TLS authentication in one of the service internal Ozone Storage Container Manager endpoints - posted by István Fajth <pi...@apache.org> on 2024/02/07 12:49:17 UTC, 0 replies.
- CVE-2024-23452: Apache bRPC: HTTP request smuggling vulnerability - posted by Wang Weibing <ww...@apache.org> on 2024/02/08 03:28:39 UTC, 0 replies.
- [ANNOUNCE] Apache UIMA Ruta v3.4.1 released - posted by Richard Eckart de Castilho <re...@apache.org> on 2024/02/08 17:16:55 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 2.21.23 released - posted by Julian Reschke <re...@apache.org> on 2024/02/08 17:23:42 UTC, 0 replies.
- [ANNOUNCE] Apache Lucene 8.11.3 released - posted by Houston Putman <ho...@apache.org> on 2024/02/08 23:56:30 UTC, 0 replies.
- [ANNOUNCE] Apache Solr 8.11.3 released - posted by Houston Putman <ho...@apache.org> on 2024/02/09 00:04:18 UTC, 0 replies.
- [ANNOUNCE] Apache Pekko (Incubating) HTTP 1.0.1 available - posted by PJ Fanning <fa...@apache.org> on 2024/02/09 12:37:36 UTC, 0 replies.
- CVE-2023-50386: Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets - posted by Houston Putman <ho...@apache.org> on 2024/02/09 17:17:45 UTC, 0 replies.
- CVE-2023-50298: Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions - posted by Houston Putman <ho...@apache.org> on 2024/02/09 17:19:48 UTC, 0 replies.
- CVE-2023-50291: Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords - posted by Houston Putman <ho...@apache.org> on 2024/02/09 17:23:52 UTC, 0 replies.
- [ANNOUNCE] Apache Commons Codec 1.16.1 - posted by Gary Gregory <gg...@apache.org> on 2024/02/09 23:27:51 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid Broker-J 9.2.0 released - posted by Tomas Vavricka <va...@apache.org> on 2024/02/12 10:06:44 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow nanoarrow 0.4.0 Released - posted by Dewey Dunnington <pa...@apache.org> on 2024/02/12 14:01:35 UTC, 0 replies.
- [ANNOUNCE] Apache Solr 9.5.0 released - posted by Jason Gerlowski <ge...@apache.org> on 2024/02/12 18:50:11 UTC, 0 replies.
- [ANN] Apache Tomcat Native 2.0.7 released - posted by Mark Thomas <ma...@apache.org> on 2024/02/13 08:44:45 UTC, 0 replies.
- [ANN] Apache Tomcat Native 1.3.0 released - posted by Mark Thomas <ma...@apache.org> on 2024/02/13 08:46:42 UTC, 0 replies.
- CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104) - posted by Daniel Gaspar <dp...@apache.org> on 2024/02/14 11:03:06 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Core 5.3-alpha2 released - posted by Oleg Kalnichevski <ol...@apache.org> on 2024/02/14 14:32:25 UTC, 0 replies.
- Apache MXNet is now retired - posted by Hervé Boutemy <hb...@apache.org> on 2024/02/14 18:42:10 UTC, 0 replies.
- CVE-2023-50292: Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users - posted by Houston Putman <ho...@apache.org> on 2024/02/14 18:51:26 UTC, 0 replies.
- [ANNOUNCE] Beam 2.54.0 Released - posted by Robert Burke <lo...@apache.org> on 2024/02/14 19:56:45 UTC, 0 replies.
- Apache Giraph is now retired - posted by Hervé Boutemy <hb...@apache.org> on 2024/02/14 21:40:55 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Providers prepared on February 12, 2024 are released - posted by Elad Kalif <el...@apache.org> on 2024/02/15 16:05:30 UTC, 0 replies.
- CVE-2024-23807: Apache Xerces C++: Use-after-free on external DTD scan - posted by Arnout Engelen <en...@apache.org> on 2024/02/16 15:01:16 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 4.4.0 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2024/02/17 19:02:12 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Providers prepared on February 17, 2024 are released - posted by Elad Kalif <el...@apache.org> on 2024/02/18 15:55:11 UTC, 0 replies.
- CVE-2024-25710: Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file - posted by "Gary D. Gregory" <gg...@apache.org> on 2024/02/19 01:25:47 UTC, 0 replies.
- CVE-2024-26308: Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file - posted by "Gary D. Gregory" <gg...@apache.org> on 2024/02/19 01:26:00 UTC, 0 replies.
- [ANNOUNCE] Apache Commons Compress 1.26.0 - posted by Gary Gregory <gg...@apache.org> on 2024/02/19 01:28:37 UTC, 0 replies.
- [ANN] Apache Tomcat 11.0.0-M17 (alpha) available - posted by Mark Thomas <ma...@apache.org> on 2024/02/19 09:11:02 UTC, 0 replies.
- [ANN] Apache Tomcat 9.0.86 available - posted by Rémy Maucherat <re...@apache.org> on 2024/02/19 10:31:11 UTC, 0 replies.
- https://camel.apache.org/security/CVE-2024-22369.html: CVE-2024-22369: Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository - posted by Andrea Cosentino <ac...@apache.org> on 2024/02/19 13:34:17 UTC, 0 replies.
- https://camel.apache.org/security/CVE-2024-23114.html: CVE-2024-23114: Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository - posted by Andrea Cosentino <ac...@apache.org> on 2024/02/19 13:34:45 UTC, 0 replies.
- [ANN] Apache Tomcat 10.1.19 Available - posted by Christopher Schultz <sc...@apache.org> on 2024/02/19 16:34:47 UTC, 0 replies.
- [ANN] Apache Tomcat 8.5.99 Available - posted by Christopher Schultz <sc...@apache.org> on 2024/02/19 16:40:09 UTC, 0 replies.
- [ANNOUNCE] Release Apache SeaTunnel 2.3.4 - posted by Yao Zhou <zh...@apache.org> on 2024/02/20 03:06:17 UTC, 0 replies.
- [ANNOUNCE] Apache TsFile 1.0.0 released - posted by Haonan Hou <ha...@apache.org> on 2024/02/20 04:18:02 UTC, 0 replies.
- CVE-2023-49250: Apache DolphinScheduler: Insecure TLS TrustManager used in HttpUtil - posted by Jiajie Zhong <zh...@apache.org> on 2024/02/20 05:51:45 UTC, 0 replies.
- CVE-2023-51770: Apache DolphinScheduler: Arbitrary File Read Vulnerability - posted by Jiajie Zhong <zh...@apache.org> on 2024/02/20 05:53:13 UTC, 0 replies.
- CVE-2023-50270: Apache DolphinScheduler: Session do not expire after password change - posted by Jiajie Zhong <zh...@apache.org> on 2024/02/20 05:53:54 UTC, 0 replies.
- CVE-2023-49109: Remote Code Execution in Apache Dolphinscheduler - posted by Jiajie Zhong <zh...@apache.org> on 2024/02/20 05:55:06 UTC, 0 replies.
- [ANNOUNCE] Apache PLC4X 0.12.0 released - posted by Christofer Dutz <cd...@apache.org> on 2024/02/20 07:37:05 UTC, 0 replies.
- [ANNOUNCE] Apache Lucene 9.10.0 released - posted by Adrien Grand <jp...@apache.org> on 2024/02/20 17:34:41 UTC, 0 replies.
- [ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.3 - posted by Chris Bono <on...@apache.org> on 2024/02/20 17:50:40 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Providers prepared on February 19, 2024 are released - posted by Elad Kalif <el...@apache.org> on 2024/02/20 19:29:14 UTC, 0 replies.
- CVE-2024-25141: Apache Airflow Mongo Provider: Certificate validation isn't respected even if SSL is enabled for apache-airflow-providers-mongo - posted by Elad Kalif <el...@apache.org> on 2024/02/20 19:31:59 UTC, 0 replies.
- [ANNOUNCE] Apache Accumulo Access 1.0.0-beta release - posted by Dominic Garguilo <Do...@apache.org> on 2024/02/20 21:20:35 UTC, 0 replies.
- [ANNOUNCE] Apache Kyuubi 1.8.1 is available - posted by Cheng Pan <ch...@apache.org> on 2024/02/21 05:57:41 UTC, 0 replies.
- [ANNOUNCE] Apache Log4j 2.23.0 released - posted by "Piotr P. Karwasz" <pk...@apache.org> on 2024/02/21 12:23:00 UTC, 0 replies.
- [ANNOUNCE] Apache Log4j 3.0.0-beta2 released - posted by "Piotr P. Karwasz" <pk...@apache.org> on 2024/02/21 12:23:52 UTC, 0 replies.
- [ANNOUNCE] Apache NetBeans 21 released - posted by Geertjan Wielenga <ge...@apache.org> on 2024/02/21 14:46:54 UTC, 0 replies.
- CVE-2024-22393: Apache Answer: Pixel Flood Attack by uploading the large pixel file - posted by Enxin Xie <li...@apache.org> on 2024/02/22 07:07:19 UTC, 0 replies.
- CVE-2024-23349: Apache Answer: XSS vulnerability when submitting summary - posted by Enxin Xie <li...@apache.org> on 2024/02/22 07:36:40 UTC, 0 replies.
- CVE-2024-26578: Apache Answer: Repeated submission at registration created duplicate users with the same name - posted by Enxin Xie <li...@apache.org> on 2024/02/22 08:44:25 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow ADBC 0.10.0 released - posted by David Li <li...@apache.org> on 2024/02/22 14:40:58 UTC, 0 replies.
- CVE-2024-23320: Apache DolphinScheduler: Arbitrary js execution as root for authenticated users - posted by Jiajie Zhong <zh...@apache.org> on 2024/02/23 16:33:08 UTC, 0 replies.
- CVE-2024-22371: Apache Camel issue on ExchangeCreatedEvent - posted by Otavio Rodolfo Piske <or...@apache.org> on 2024/02/23 19:34:19 UTC, 0 replies.
- [ANNOUNCE] Apache James 3.7.5 released - posted by Benoit TELLIER <bt...@apache.org> on 2024/02/23 19:51:18 UTC, 0 replies.
- [ANNOUNCE] Apache James 3.8.1 released - posted by Benoit TELLIER <bt...@apache.org> on 2024/02/23 19:52:39 UTC, 0 replies.
- [ANNOUNCE] Apache James MIME4J 0.8.10 released - posted by Benoit TELLIER <bt...@apache.org> on 2024/02/23 19:54:03 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow 2.8.2 Released - posted by Ephraim Anierobi <ep...@apache.org> on 2024/02/26 08:46:06 UTC, 0 replies.
- CVE-2023-51518: Apache James server: Privilege escalation via JMX pre-authentication deserialisation - posted by Benoit Tellier <bt...@apache.org> on 2024/02/26 17:10:05 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 2.21.25 released - posted by Julian Reschke <re...@apache.org> on 2024/02/26 17:32:21 UTC, 0 replies.
- [ANNOUNCE] Apache Commons BCEL 3.8.2 - posted by Gary Gregory <gg...@apache.org> on 2024/02/27 02:03:09 UTC, 0 replies.
- CVE-2023-50379: Apache Ambari: authenticated users could perform command injection to perform RCE - posted by Brahma Reddy Battula <br...@apache.org> on 2024/02/27 03:14:44 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Providers prepared on February 23, 2024 are released - posted by Elad Kalif <el...@apache.org> on 2024/02/27 05:51:35 UTC, 0 replies.
- CVE-2024-27905: Apache Aurora: padding oracle can allow construction an authentication cookie - posted by Arnout Engelen <en...@apache.org> on 2024/02/27 10:21:39 UTC, 0 replies.
- CVE-2023-51747: SMTP smuggling in Apache James - posted by Benoit Tellier <bt...@apache.org> on 2024/02/27 12:28:33 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Helm Chart version 3.3.0 Released - posted by Lari Hotari <lh...@apache.org> on 2024/02/27 14:07:14 UTC, 0 replies.
- CVE-2024-21742: Apache James Mime4J: Mime4J DOM header injection - posted by Benoit Tellier <bt...@apache.org> on 2024/02/27 16:14:54 UTC, 0 replies.
- CVE-2023-50380: Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server - posted by Brahma Reddy Battula <br...@apache.org> on 2024/02/27 16:42:32 UTC, 0 replies.
- [ANNOUNCE] Apache Kafka 3.7.0 - posted by Stanislav Kozlovski <st...@apache.org> on 2024/02/27 18:01:00 UTC, 0 replies.
- [ANNOUNCE] Apache Pekko 1.0.3-M1 released - posted by Arnout Engelen <en...@apache.org> on 2024/02/28 08:20:43 UTC, 0 replies.
- CVE-2024-27315: Apache Superset: Improper error handling on alerts - posted by Daniel Gaspar <dp...@apache.org> on 2024/02/28 10:00:29 UTC, 0 replies.
- CVE-2024-24773: Apache Superset: Improper validation of SQL statements allows for unauthorized access to data - posted by Daniel Gaspar <dp...@apache.org> on 2024/02/28 10:12:53 UTC, 0 replies.
- CVE-2024-24772: Apache Superset: Improper Neutralisation of custom SQL on embedded context - posted by Daniel Gaspar <dp...@apache.org> on 2024/02/28 10:23:39 UTC, 0 replies.
- CVE-2024-24779: Apache Superset: Improper data authorization when creating a new dataset - posted by Daniel Gaspar <dp...@apache.org> on 2024/02/28 10:33:39 UTC, 0 replies.
- CVE-2024-26016: Apache Superset: Improper authorization validation on dashboards and charts import - posted by Daniel Gaspar <dp...@apache.org> on 2024/02/28 10:44:04 UTC, 0 replies.
- CVE-2024-25128: Apache Airlfow Vulnerability: custom, long deprecated OpenID (NOT OIDC) - posted by Jarek Potiuk <po...@apache.org> on 2024/02/28 13:54:16 UTC, 0 replies.
- [ANNOUNCE] Apache OFBiz 18.12.12 released - posted by Jacopo Cappellato <ja...@apache.org> on 2024/02/28 14:23:03 UTC, 0 replies.
- https://ofbiz.apache.org/security.html: CVE-2024-23946: Apache OFBiz: Path traversal or file inclusion - posted by Jacques Le Roux <jl...@apache.org> on 2024/02/28 14:52:25 UTC, 0 replies.
- CVE-2024-25065: Apache OFBiz: Path traversal allowing authentication bypass. - posted by Jacques Le Roux <jl...@apache.org> on 2024/02/28 14:52:32 UTC, 0 replies.
- [ANNOUNCE] - posted by fpapon <fp...@apache.org> on 2024/02/29 09:10:04 UTC, 0 replies.
- CVE-2024-27906: Apache Airflow: Dag Code and Import Error Permissions Ignored - posted by Ephraim Anierobi <ep...@apache.org> on 2024/02/29 10:41:40 UTC, 0 replies.
- [ANNOUNCE] Apache Shiro 2.0.0 release - posted by fpapon <fp...@apache.org> on 2024/02/29 13:38:50 UTC, 0 replies.
- [ANNOUNCE] Apache flink-connector-parent 1.1.0 released - posted by Etienne Chauchot <ec...@apache.org> on 2024/02/29 14:25:42 UTC, 0 replies.