announce@apache.org, 2024-03

You are viewing a plain text version of this content. The canonical link for it is here.

- [ANNOUNCE] Release Apache Groovy 5.0.0-alpha-6 - posted by Paul King <pa...@apache.org> on 2024/03/01 09:59:36 UTC, 0 replies.
- CVE-2024-26280: Apache Airflow: Overly broad default permissions for Viewer/Ops (audit logs) - posted by Ephraim Anierobi <ep...@apache.org> on 2024/03/01 10:30:43 UTC, 0 replies.
- CVE-2024-27140: Apache Archiva: reflected XSS - posted by Arnout Engelen <en...@apache.org> on 2024/03/01 10:42:22 UTC, 0 replies.
- CVE-2024-27139: Apache Archiva: incorrect authentication potentially leading to account takeover - posted by Arnout Engelen <en...@apache.org> on 2024/03/01 10:44:00 UTC, 0 replies.
- CVE-2024-27138: Apache Archiva: disabling user registration is not effective - posted by Arnout Engelen <en...@apache.org> on 2024/03/01 10:44:35 UTC, 0 replies.
- [ANNOUNCE] Apache Groovy 4.0.19 Released - posted by Paul King <pa...@apache.org> on 2024/03/01 12:21:27 UTC, 0 replies.
- [ANNOUNCE] Apache Groovy 3.0.21 Released - posted by Paul King <pa...@apache.org> on 2024/03/01 12:30:59 UTC, 0 replies.
- CVE-2023-50378: Apache Ambari: Various XSS problems - posted by Brahma Reddy Battula <br...@apache.org> on 2024/03/01 14:31:18 UTC, 0 replies.
- [ANNOUNCE] Apache Commons DBCP 2.12.0 - posted by Gary Gregory <gg...@apache.org> on 2024/03/04 14:50:30 UTC, 0 replies.
- CVE-2024-26580: Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability - posted by Charles Zhang <do...@apache.org> on 2024/03/06 11:08:23 UTC, 0 replies.
- CVE-2023-50740: Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged - posted by Heping Wang <pe...@apache.org> on 2024/03/06 13:27:54 UTC, 0 replies.
- ANNOUNCE] Apache Jackrabbit 2.21.25 released - posted by Julian Reschke <re...@apache.org> on 2024/03/07 08:43:09 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 2.20.15 released - posted by Julian Reschke <re...@apache.org> on 2024/03/07 08:49:01 UTC, 0 replies.
- [ANNOUNCE] Apache Kyuubi Shaded released 0.3.0 - posted by Cheng Pan <ch...@apache.org> on 2024/03/07 14:50:36 UTC, 0 replies.
- [ANNOUNCE] Release Apache Kvrocks 2.8.0 - posted by Pengbo Cai <ca...@apache.org> on 2024/03/08 03:52:40 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Providers prepared on March 04, 2024 are released - posted by Elad Kalif <el...@apache.org> on 2024/03/08 10:46:34 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar 2.10.6 released - posted by Xiangying Meng <xi...@apache.org> on 2024/03/08 12:09:46 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar 2.11.4 released - posted by Lari Hotari <lh...@apache.org> on 2024/03/08 15:09:08 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar 3.1.3 released - posted by Ran Gao <rg...@apache.org> on 2024/03/09 00:11:09 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Go Client 0.12.1 released - posted by Zike Yang <zi...@apache.org> on 2024/03/09 05:36:33 UTC, 0 replies.
- [ANNOUNCE] Apache Commons Compress Version 1.26.1 - posted by Gary Gregory <gg...@apache.org> on 2024/03/09 14:28:18 UTC, 0 replies.
- [ANNOUNCE] Apache jclouds 2.6.0 released - posted by Andrew Gaul <ga...@apache.org> on 2024/03/10 06:50:37 UTC, 0 replies.
- CVE-2023-41313: Apache Doris: Timing Attack weakness - posted by Mingyu Chen <mo...@apache.org> on 2024/03/10 15:38:19 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar 3.0.3 released - posted by Heesung Sohn <he...@apache.org> on 2024/03/10 20:06:44 UTC, 0 replies.
- [ANNOUNCE] Apache Doris 2.1.0 & 2.0.5 & 1.2.8 release - posted by ChenMingyu <mo...@apache.org> on 2024/03/11 01:57:26 UTC, 0 replies.
- [ANNOUNCEMENT] HttpComponents Client 5.4-alpha2 Released - posted by Oleg Kalnichevski <ol...@apache.org> on 2024/03/11 12:27:16 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow 2.8.3 Released - posted by Ephraim Anierobi <ep...@apache.org> on 2024/03/11 12:39:17 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow 15.0.1 released - posted by Raúl Cumplido <ra...@apache.org> on 2024/03/11 16:46:15 UTC, 0 replies.
- [ANNOUNCE] Apache Wicket 10.0.0 released - posted by Andrea Del Bene <ad...@apache.org> on 2024/03/12 03:13:29 UTC, 0 replies.
- CVE-2022-34321: Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint - posted by Lari Hotari <lh...@apache.org> on 2024/03/12 16:27:19 UTC, 0 replies.
- CVE-2024-27135: Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution - posted by Lari Hotari <lh...@apache.org> on 2024/03/12 16:28:25 UTC, 0 replies.
- CVE-2024-27317: Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification - posted by Lari Hotari <lh...@apache.org> on 2024/03/12 16:28:44 UTC, 0 replies.
- CVE-2024-27894: Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying - posted by Lari Hotari <lh...@apache.org> on 2024/03/12 16:29:16 UTC, 0 replies.
- CVE-2024-28098: Apache Pulsar: Improper Authorization For Topic-Level Policy Management - posted by Lari Hotari <lh...@apache.org> on 2024/03/12 16:29:32 UTC, 0 replies.
- [SECURITY] CVE-2024-24549 Apache Tomcat - Denial of Service - posted by Mark Thomas <ma...@apache.org> on 2024/03/13 15:42:40 UTC, 0 replies.
- [SECURITY] CVE-2024-23672 Apache Tomcat - Denial of Service - posted by Mark Thomas <ma...@apache.org> on 2024/03/13 15:42:43 UTC, 0 replies.
- CVE-2024-28746: Apache Airflow: Ignored Airflow Permissions - posted by Ephraim Anierobi <ep...@apache.org> on 2024/03/13 17:50:30 UTC, 0 replies.
- [ANNOUNCE] Apache Commons Configuration 2.10.0 - posted by Gary Gregory <gg...@apache.org> on 2024/03/13 19:19:36 UTC, 0 replies.
- [ANNOUNCE] Apache Groovy 5.0.0-alpha-7 Released - posted by Paul King <pa...@apache.org> on 2024/03/14 01:11:20 UTC, 0 replies.
- [ANNOUNCE] Apache Groovy 4.0.20 Released - posted by Paul King <pa...@apache.org> on 2024/03/14 01:11:24 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit Oak 1.22.19 released - posted by Julian Reschke <re...@apache.org> on 2024/03/14 09:23:13 UTC, 0 replies.
- [ANNOUNCE] Apache James MIME4J 0.8.11 released - posted by Benoit TELLIER <bt...@apache.org> on 2024/03/14 14:06:45 UTC, 0 replies.
- CVE-2024-23944: Apache ZooKeeper: Information disclosure in persistent watcher handling - posted by Andor Molnar <an...@apache.org> on 2024/03/14 15:52:52 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 4.4.1 (LTS) Released - posted by Gregor Zurowski <gz...@apache.org> on 2024/03/14 19:18:55 UTC, 0 replies.
- CVE-2024-28752: Apache CXF SSRF Vulnerability using the Aegis databinding - posted by Colm O hEigeartaigh <co...@apache.org> on 2024/03/14 19:47:13 UTC, 0 replies.
- [ANNOUNCE] Apache PDFBox 3.0.2 released - posted by Andreas Lehmkühler <le...@apache.org> on 2024/03/14 20:55:50 UTC, 0 replies.
- [ANNOUNCE] Apache YuniKorn v1.5.0 released - posted by Wilfred Spiegelenburg <wi...@apache.org> on 2024/03/14 22:09:54 UTC, 0 replies.
- [ANN] Apache Tomcat 9.0.87 available - posted by Rémy Maucherat <re...@apache.org> on 2024/03/14 22:33:06 UTC, 0 replies.
- [ANNOUNCE] Apache SDAP (incubating) 1.2.0 Released - posted by Stepheny Perez <sk...@apache.org> on 2024/03/15 22:47:54 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Client C++ 3.5.0 released - posted by Yunze Xu <xy...@apache.org> on 2024/03/16 12:32:02 UTC, 0 replies.
- [ANNOUNCE] Apache Pekko (Incubating) Sbt Paradox 1.0.1 available - posted by Matthew de Detrich <md...@apache.org> on 2024/03/17 09:02:29 UTC, 0 replies.
- [ANN] Apache ActiveMQ 6.1.0 has been released! - posted by Jean-Baptiste Onofré <jb...@apache.org> on 2024/03/17 10:36:56 UTC, 0 replies.
- [ANNOUNCE] Release Apache SkyWalking Client JS version 0.11.0 - posted by xue fan <qi...@apache.org> on 2024/03/18 05:39:10 UTC, 0 replies.
- CVE-2024-24683: Apache Hop Engine: ID isn't escaped when generating HTML - posted by Hans Van Akelyen <ha...@apache.org> on 2024/03/18 20:02:00 UTC, 0 replies.
- [ANNOUNCE] Apache Wicket 9.17.0 released - posted by Andrea Del Bene <ad...@apache.org> on 2024/03/18 21:44:26 UTC, 0 replies.
- [ANNOUNCE] Apache Kyuubi released 1.9.0 - posted by Binjie Yang <bi...@apache.org> on 2024/03/19 03:15:55 UTC, 0 replies.
- CVE-2024-27439: Apache Wicket: Possible bypass of CSRF protection - posted by Emond Papegaaij <pa...@apache.org> on 2024/03/19 10:47:38 UTC, 0 replies.
- [ANNOUNCE] Release Apache Hop 2.8.0 - posted by Bart Maertens <ba...@apache.org> on 2024/03/20 07:34:32 UTC, 0 replies.
- [ANN] Apache Tomcat 11.0.0-M18 (alpha) available - posted by Mark Thomas <ma...@apache.org> on 2024/03/20 08:06:36 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow 15.0.2 released - posted by Raúl Cumplido <ra...@apache.org> on 2024/03/20 14:42:57 UTC, 0 replies.
- [ANNOUNCE] Apache Commons Configuration 2.10.1 - posted by Gary Gregory <gg...@apache.org> on 2024/03/20 21:50:07 UTC, 0 replies.
- CVE-2024-29133: Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree - posted by "Gary D. Gregory" <gg...@apache.org> on 2024/03/20 21:53:35 UTC, 0 replies.
- CVE-2024-29131: Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() - posted by "Gary D. Gregory" <gg...@apache.org> on 2024/03/20 21:53:38 UTC, 0 replies.
- CVE-2024-27438: Apache Doris: Downloading arbitrary remote jar files resulting in remote command execution - posted by Mingyu Chen <mo...@apache.org> on 2024/03/21 08:45:07 UTC, 0 replies.
- CVE-2024-26307: Apache Doris: Possible race condition - posted by Mingyu Chen <mo...@apache.org> on 2024/03/21 08:48:20 UTC, 0 replies.
- [ANNOUNCE] Apache Pulsar Helm Chart version 3.3.1 Released - posted by Lari Hotari <lh...@apache.org> on 2024/03/21 09:38:47 UTC, 0 replies.
- [ANNOUNCE] Apache Shiro 2.0.0 release - posted by fpapon <fp...@apache.org> on 2024/03/22 20:41:34 UTC, 0 replies.
- [ANNOUNCE] Apache SystemDS 3.2.0 - posted by Janardhan <ja...@apache.org> on 2024/03/23 12:08:52 UTC, 0 replies.
- [ANNOUNCEMENT] Apache SkyWalking Cloud on Kubernetes 0.9.0 Released - posted by Ye Cao <da...@apache.org> on 2024/03/24 15:18:24 UTC, 0 replies.
- [ANNOUNCE] Apache PDFBox 2.0.31 released - posted by Andreas Lehmkühler <le...@apache.org> on 2024/03/24 20:56:18 UTC, 0 replies.
- [ANNOUNCE] Apache Flink Kubernetes Operator 1.8.0 released - posted by Maximilian Michels <mx...@apache.org> on 2024/03/25 10:35:31 UTC, 0 replies.
- [ANNOUNCE] Apache Pinot 1.1.0 released - posted by Vivek Iyer Vaidyanathan Iyer <vv...@apache.org> on 2024/03/25 17:00:08 UTC, 0 replies.
- [ANNOUNCE] Apache Airflow Helm Chart version 1.13.1 Released - posted by Jedidiah Cunningham <je...@apache.org> on 2024/03/25 20:16:09 UTC, 0 replies.
- [ANN] Apache Tomcat 8.5.100 Available - posted by Christopher Schultz <sc...@apache.org> on 2024/03/25 22:08:28 UTC, 0 replies.
- [ANN] Apache Tomcat 10.1.20 Available - posted by Christopher Schultz <sc...@apache.org> on 2024/03/25 22:23:27 UTC, 0 replies.
- [ANNOUNCE] Apache Geronimo BatchEE 1.0.4 - posted by fpapon <fp...@apache.org> on 2024/03/26 07:24:57 UTC, 0 replies.
- [ANNOUNCE] Apache Geronimo Arthur 1.0.8 release - posted by fpapon <fp...@apache.org> on 2024/03/26 07:25:44 UTC, 0 replies.
- CVE-2024-29735: Apache Airflow: Potentially harmful permission changing by log task handler - posted by Jarek Potiuk <po...@apache.org> on 2024/03/26 14:33:16 UTC, 0 replies.
- [ANNOUNCE] Apache CloudStack CloudMonkey v6.4.0 - posted by Rohit Yadav <ro...@apache.org> on 2024/03/28 04:55:52 UTC, 0 replies.
- [ANNOUNCE] Apache Jackrabbit 2.21.26-beta released - posted by Julian Reschke <re...@apache.org> on 2024/03/28 11:24:40 UTC, 0 replies.
- [ANNOUNCE] Apache Camel 4.5.0 Released - posted by Gregor Zurowski <gz...@apache.org> on 2024/03/28 11:43:13 UTC, 0 replies.
- [ANNOUNCE] Apache Qpid protonj2 1.0.0-M20 released - posted by Timothy Bish <ta...@apache.org> on 2024/03/28 19:49:33 UTC, 0 replies.
- [ANNOUNCE] Apache Jena 5.0.0 released - posted by Andy Seaborne <an...@apache.org> on 2024/03/29 13:08:44 UTC, 0 replies.
- [ANNOUNCE] Apache SpamAssassin 4.0.1 available - posted by Sidney Markowitz <si...@apache.org> on 2024/03/29 14:25:59 UTC, 0 replies.
- CVE-2024-23537: Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role. - posted by Arnout Engelen <en...@apache.org> on 2024/03/29 14:29:17 UTC, 0 replies.
- CVE-2024-23538: Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries. - posted by Arnout Engelen <en...@apache.org> on 2024/03/29 14:32:46 UTC, 0 replies.
- CVE-2024-23539: Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries. - posted by Arnout Engelen <en...@apache.org> on 2024/03/29 14:34:53 UTC, 0 replies.
- [ANNOUNCEMENT] Apache SkyWalking Rover 0.6.0 Released - posted by han liu <li...@apache.org> on 2024/03/31 11:09:14 UTC, 0 replies.
- [ANNOUNCE] Apache Arrow ADBC 0.11.0 released - posted by David Li <li...@apache.org> on 2024/03/31 16:01:44 UTC, 0 replies.