announce

Messages by Date

2026/04/03 [ANNOUNCE] Apache SkyWalking 10.4.0 released Sheng Wu
2026/04/03 [ANN] Apache Syncope 4.0.5 Francesco Chicchiriccò
2026/04/03 [ANN] Apache Syncope 4.1.0 Francesco Chicchiriccò
2026/04/03 [ANN] Apache Tomcat 9.0.117 available Rémy Maucherat
2026/04/03 [ANN] Apache Tomcat 10.1.54 Available Christopher Schultz
2026/04/03 [ANN] End Of Support for Tomcat Native 1.x Christopher Schultz
2026/04/02 [ANNOUNCE] Apache Traffic Server 10.1.2 Release Chris McFarlen
2026/04/02 [ANNOUNCE] Apache Pulsar Client C++ 4.1.0 released Yunze Xu
2026/04/01 [ANNOUNCE] Apache Accumulo Access 1.0.0-beta2 Christopher
2026/04/01 [ANNOUNCE] Apache ActiveMQ 5.19.4 has been released! Jean-Baptiste Onofré
2026/04/01 [ANN] Apache Ant 1.10.16 Released Stefan Bodewig
2026/04/01 [ANNOUNCE] Apache Pulsar 4.2.0 released Lari Hotari
2026/03/31 Apache Beam 2.72.0 Released! Vitalii Terentev
2026/03/31 [ANNOUNCE] Apache ActiveMQ 6.2.3 has been released! Jean-Baptiste Onofré
2026/03/30 CVE-2026-32794: Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange Jens Scheffler
2026/03/30 [ANNOUNCE] Release Apache SkyWalking Client JS version 1.1.0 xue fan
2026/03/29 [ANNOUNCE] Apache Groovy 5.0.5 Released Paul King
2026/03/29 [ANNOUNCE] Apache Groovy 4.0.31 Released Paul King
2026/03/28 [ANNOUNCE] Apache Airflow Providers prepared on 2026-03-24 are released Jens Scheffler
2026/03/28 [ANNOUNCE] Apache Log4j `2.25.4` released Piotr P. Karwasz
2026/03/27 [ANNOUNCE] Apache Camel 4.18.1 (LTS) Released Gregor Zurowski
2026/03/26 [ANNOUNCE] Apache Kyuubi v1.11.1 is available Cheng Pan
2026/03/26 [ANNOUNCEMENT] HttpComponents Core 5.5-alpha1 released Oleg Kalnichevski
2026/03/26 [ANNOUNCE] Apache SkyWalking MCP 0.1.0 Released xue fan
2026/03/25 [ANNOUNCE] Apache TsFile 2.2.1 released Haonan Hou
2026/03/25 [ANNOUNCE] Apache Storm 2.8.5 Released Rui Abreu
2026/03/24 [ANNOUNCE] Apache ActiveMQ 6.2.2 has been released! Jean-Baptiste Onofré
2026/03/24 [ANNOUNCE] Apache ActiveMQ 5.19.3 has been released! Jean-Baptiste Onofré
2026/03/24 [ANNOUNCE] Apache Tika 3.3.0 released Tim Allison
2026/03/23 [ANN] Apache Tomcat 10.1.53 Available Christopher Schultz
2026/03/22 [ANNOUNCE] Apache Airflow Helm Chart version 1.20.0 Released Jens Scheffler
2026/03/20 CVE-2026-32642: Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission Justin Bertram
2026/03/20 [ANNOUNCE] Apache Creadur RAT 0.18 P. Ottlinger
2026/03/20 [ANN] Apache Tomcat 9.0.116 available Rémy Maucherat
2026/03/20 [ANN] Apache Maven Daemon 1.0.5 released Tamás Cservenák
2026/03/20 [ANN] Apache Tomcat 11.0.20 Available Mark Thomas
2026/03/19 [ANNOUNCE] Apache Airflow CTl 0.1.3 from 0.1.3rc2 released Bugra Ozturk
2026/03/19 [ANNOUNCE] Apache Commons Net 3.13.0 Gary Gregory
2026/03/18 [ANNOUNCE] Apache Fory 0.16.0 released Shawn Yang
2026/03/17 [ANNOUNCE] Apache Kafka 4.1.2 Andrew Schofield
2026/03/17 Fwd: [ANNOUNCE] Apache Arrow Java 19.0.0 released Jean-Baptiste Onofré
2026/03/17 [ANNOUNCE] Apache Seatunnel 2.3.13 released lidongdai
2026/03/17 [ANNOUNCE] Apache Grails 7.0.9 James Daugherty
2026/03/16 CVE-2026-28563: Apache Airflow: DAG authorization bypass Rahul Vats
2026/03/16 CVE-2026-26929: Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata Rahul Vats
2026/03/16 CVE-2026-28779: Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications Rahul Vats
2026/03/16 CVE-2026-30911: Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization Rahul Vats
2026/03/16 [ANNOUNCE] Apache Pekko Connectors 1.3.0 released PJ Fanning
2026/03/16 [ANN] Apache Maven Daemon 1.0.4 released Tamás Cservenák
2026/03/15 [ANNOUNCE] Apache PDFBox 2.0.36 released Andreas Lehmkühler
2026/03/15 [ANNOUNCE] Apache Airflow 2.11.2 Released Jarek Potiuk
2026/03/13 [ANNOUNCE] Apache Airflow Providers prepared on 2026-03-09 are released Vincent Beck
2026/03/13 CVE-2025-54920: Apache Spark: Spark History Server Code Execution Vulnerability Holden Karau
2026/03/12 CVE-2025-60012: Apache Livy: Restrict file access György Gál
2026/03/12 CVE-2025-66249: Apache Livy: Unauthorized directory access György Gál
2026/03/12 [ANN] Apache Maven 3.9.14 released Tamás Cservenák
2026/03/11 [ANNOUNCE] Apache Airflow 3.1.8 Released Rahul Vats
2026/03/10 [ANNOUNCE] Apache Gluten 1.6.0 released Hongze Zhang
2026/03/10 [ANNOUNCE] Apache Pekko Management 1.2.1 released PJ Fanning
2026/03/10 [ANN] Apache Tomcat Native 2.0.14 released Mark Thomas
2026/03/10 [ANN] Apache Tomcat Native 1.3.7 released Mark Thomas
2026/03/10 CVE-2026-23907: Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code Tilman Hausherr
2026/03/09 [ANNOUNCE] Apache PDFBox 3.0.7 released Andreas Lehmkühler
2026/03/09 [ANN] Apache Sling 14 Released Stefan Seifert
2026/03/09 CVE-2026-25604: Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass Jarek Potiuk
2026/03/08 CVE-2026-24015: Apache IoTDB: Insecure Default Configuration Vulnerability Haonan Hou
2026/03/08 CVE-2026-24713: Apache IoTDB: JEXL Expression Injection Vulnerability Haonan Hou
2026/03/08 CVE-2025-64152: Apache IoTDB: Path Traversal Vulnerability Haonan Hou
2026/03/08 CVE-2025-55017: Apache IoTDB: Path Traversal Vulnerability Haonan Hou
2026/03/08 CVE-2025-69219: Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator Jarek Potiuk
2026/03/08 [ANNOUNCE] Apache Grails 7.0.8 James Fredley
2026/03/08 [ANNOUNCE] Apache Commons Logging 1.3.6 Gary Gregory
2026/03/07 [ANNOUNCE] Apache Storm 2.8.4 Released Rui Abreu
2026/03/07 [ANNOUNCE] Release Apache DolphinScheduler 3.4.1 wenjun
2026/03/06 CVE-2026-24308: Apache ZooKeeper: Sensitive information disclosure in client configuration handling Andor Molnar
2026/03/06 CVE-2026-24281: Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager Andor Molnar
2026/03/06 [ANNOUNCEMENT] HttpComponents Core 5.4.2 GA released Oleg Kalnichevski
2026/03/06 [ANN] Apache Maven 3.9.13 released Tamás Cservenák
2026/03/06 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 5.2.2 released David Jensen
2026/03/05 [ANNOUNCE] Apache Iceberg Go Release v0.5.0 Matt Topol
2026/03/05 [ANNOUNCE] Apache Accumulo ClassLoader Extras 1.0.0 Christopher
2026/03/05 [ANNOUNCE] Apache IoTDB 1.3.7 released Haonan Hou
2026/03/05 [ANNOUNCE] Apache IoTDB 2.0.7 released Haonan Hou
2026/03/04 [ANNOUNCE] Apache Airflow Providers prepared on 2026-03-03 are released Jarek Potiuk
2026/03/04 [ANNOUNCE] Apache Solr 10.0.0 released Anshum Gupta
2026/03/03 [ANNOUNCE] Apache Jackrabbit Oak 1.92.0 Julian Reschke
2026/03/03 CVE-2025-66168: Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated Christopher L. Shannon
2026/03/03 CVE-2026-27446: Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation Justin Bertram
2026/03/03 Apache Airflow Providers prepared on 2026-02-26 are released Jarek Potiuk
2026/03/02 CVE-2025-59059: Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator Velmurugan Periasamy
2026/03/02 CVE-2025-59060: Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient Velmurugan Periasamy
2026/03/02 [ANNOUNCE] Apache Artemis 2.52.0 Released Justin Bertram
2026/03/02 [ANNOUNCE] Apache Fluss 0.9.0-incubating released yuxia luo
2026/03/02 [ANNOUNCE] Apache Ranger 2.8.0 released Madhan Neethiraj
2026/03/01 [ANNOUNCE] Apache ShardingSphere 5.5.3 available Longtao Jiang
2026/02/28 [ANNOUNCE] Release Apache Kvrocks 2.15.0 hulk
2026/02/27 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 5.2.1 released David Jensen
2026/02/27 [ANNOUNCE] Apache NiFi NAR Maven Plugin 2.3.0 Released Pierre Villard
2026/02/26 [ANNOUNCE] Apache Arrow nanoarrow 0.8.0 Released Dewey Dunnington
2026/02/26 [ANNOUNCE] Apache Wayang 1.1.1 released Mads Sejer
2026/02/24 [ANNOUNCE] OpenNLP 3.0.0-M1 released Richard Zowalla
2026/02/24 [ANNOUNCE] Apache NetBeans 29 Released Eric Barboni
2026/02/24 CVE-2026-23984: Apache Superset: SQLLab Read-Only Bypass on PostgreSQL Daniel Gaspar
2026/02/24 CVE-2026-23983: Apache Superset: Sensitive Data Exposure via REST API (disabled by default) Daniel Gaspar
2026/02/24 CVE-2026-23982: Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass Daniel Gaspar
2026/02/24 CVE-2026-23980: Apache Superset: Improper Neutralization of Special Elements used in a SQL Command Daniel Gaspar
2026/02/24 CVE-2026-23969: Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering Daniel Gaspar
2026/02/23 CVE-2024-56373: Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information Jarek Potiuk
2026/02/23 CVE-2025-27555: Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli Jarek Potiuk
2026/02/23 [ANNOUNCE] Apache Pulsar Helm Chart version 4.5.0 Released Lari Hotari
2026/02/23 [ANN] Apache Syncope 4.1.0-M0 Francesco Chicchiriccò
2026/02/21 [ANNOUNCE] Apache Airflow 2.11.1 and Fab provider 1.5.4 Released Jarek Potiuk
2026/02/19 [ANNOUNCE] Apache Pulsar 4.1.3 released Lari Hotari
2026/02/19 [ANNOUNCE] Apache Pulsar 4.0.9 released Lari Hotari
2026/02/18 https://camel.apache.org/security/CVE-2026-23552.html: CVE-2026-23552: Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Andrea Cosentino
2026/02/18 https://camel.apache.org/security/CVE-2026-25747.html: CVE-2026-25747: Apache Camel: Deserialization of Untrusted Data in Camel LevelDB Andrea Cosentino
2026/02/17 [ANNOUNCE] Apache ActiveMQ 6.2.1 has been released! Jean-Baptiste Onofré
2026/02/17 [ANNOUNCE] Apache Airflow Helm Chart version 1.19.0 Released Jedidiah Cunningham
2026/02/17 [ANNOUNCE] Apache Camel 4.18.0 (LTS) Released Gregor Zurowski
2026/02/17 [SECURITY] CVE-2026-24733 Apache Tomcat - Security constraint bypass with HTTP/0.9 Mark Thomas
2026/02/17 [SECURITY] CVE-2026-24734 Apache Tomcat and Tomcat Native - OCSP revocation bypass Mark Thomas
2026/02/17 [SECURITY] CVE-2025-66614 Apache Tomcat - Client certificate verification bypass due to virtual host mapping Mark Thomas
2026/02/17 [ANNOUNCE] Apache Commons FileUpload 2.0.0-M5 Gary Gregory
2026/02/17 [ANNOUNCE] Apache Kafka 4.2.0 Christo Lolov
2026/02/17 [ANNOUNCE] Apache Arrow 23.0.1 released Raúl Cumplido
2026/02/17 CVE-2026-25087: Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering Antoine Pitrou
2026/02/16 CVE-2026-25903: Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates David Handermann
2026/02/16 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 5.2.0 released David Jensen
2026/02/16 [ANNOUNCE] Apache Pulsar 3.0.16 released Lari Hotari
2026/02/15 [ANNOUNCE] Apache Grails Spring Security 7.0.1 Mattias Reichel
2026/02/14 [ANNOUNCE] Apache Grails Quartz Plugin 4.0.1 James Daugherty
2026/02/14 [ANNOUNCE] Apache Grails Redis Plugin 5.0.1 James Daugherty
2026/02/14 [ANNOUNCE] Apache NiFi 2.8.0 Released Pierre Villard
2026/02/14 [ANNOUNCE] Apache ActiveMQ 5.19.2 has been released! Jean-Baptiste Onofré
2026/02/14 [ANNOUNCE] Apache Karaf runtime 4.4.10 has been released! Jean-Baptiste Onofré
2026/02/13 [ANNOUNCE] Apache Camel 4.14.5 (LTS) Released Gregor Zurowski
2026/02/13 [ANNOUNCEMENT] HttpComponents Core 5.4.1 GA released Oleg Kalnichevski
2026/02/13 [ANNOUNCE] Apache Artemis 2.51.0 Released Domenico Francesco Bruscino
2026/02/13 [ANNOUNCE] Apache Camel 4.10.9 (LTS) Released Gregor Zurowski
2026/02/13 [ANNOUNCE] Release Apache Hop 2.17.0 Bart Maertens
2026/02/12 CVE-2025-33042: Apache Avro Java SDK: Code injection on Java generated code Ryan Skraba
2026/02/11 [ANNOUNCE] Apache Fesod (Incubating) 2.0.1-incubating released Shuxin Pan
2026/02/11 [ANN] Tomcat 9.0.x End of Support and Tomcat 9 long term support plan Mark Thomas
2026/02/11 [ANN] End of support for Apache Tomcat Native 1.3.x Mark Thomas
2026/02/11 [ANN] Apache Tomcat Native 1.3.6 released Mark Thomas
2026/02/11 [ANN] Apache Tomcat Native 2.0.13 released Mark Thomas
2026/02/11 [ANN] Apache Struts IntelliJ IDEA plugin ver. 253.18970.1 Lukasz Lenart
2026/02/10 [ANNOUNCE] Apache Fory 0.15.0 released Shawn Yang
2026/02/09 [ANNOUNCE] Apache Druid 36.0.0 release Zoltan Haindrich
2026/02/09 CVE-2026-23906: Apache Druid: Authentication Bypass via LDAP Anonymous Bind Karan Kumar
2026/02/09 CVE-2026-24343: Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions Qingran Zhao
2026/02/09 CVE-2026-24098: Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors Ephraim Anierobi
2026/02/09 CVE-2026-22922: Apache Airflow: Airflow externalLogUrl Permission Bypass Ephraim Anierobi
2026/02/08 CVE-2026-23901: Apache Shiro: Brute force attack possible to determine valid user names Lenny Primak
2026/02/08 CVE-2026-23903: Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems Lenny Primak
2026/02/08 [ANNOUNCE] Apache ShardingSphere ElasticJob-3.0.5 available Longtao Jiang
2026/02/07 [ANNOUNCE] Apache Traffic Server 10.1.1 Release Chris McFarlen
2026/02/06 [ANNOUNCE] Apache Flink Agents 0.2.0 released Xuannan Su
2026/02/06 [ANNOUNCE] Apache APISIX 3.15.0 has been released Abhishek Choudhary
2026/02/05 [ANNOUNCE] Apache Daffodil 4.1.0 Released Steve Lawrence
2026/02/04 [ANNOUNCE] Apache YuniKorn v1.8.0 released Wilfred Spiegelenburg
2026/02/04 [ANNOUNCE] Apache Airflow 3.1.7 Released Ephraim Anierobi
2026/02/04 [ANN] Apache Syncope 3.0.16 Francesco Chicchiriccò
2026/02/04 [ANNOUNCE] Apache TomEE 10.1.4 Markus Jung
2026/02/04 [ANN] Apache Syncope 4.0.4 Francesco Chicchiriccò
2026/02/04 [ANNOUNCE] Apache Teaclave™ TrustZone SDK 0.8.0 Released Zehui Chen
2026/02/04 [ANNOUNCE] Apache StormCrawler 3.5.1 released Richard Zowalla
2026/02/04 [ANNOUNCE] Apache SIS 1.6 Release Martin Desruisseaux
2026/02/04 CVE-2026-24735: Apache Answer: Revision API Improper Access Control leads to Information Disclosure Enxin Xie
2026/02/03 [ANNOUNCE] Apache Airflow Providers prepared on 2026-01-27 are released Vincent Beck
2026/02/02 [ANNOUNCE] Apache Pulsar C# Client DotPulsar 5.1.2 released David Jensen
2026/02/02 CVE-2026-23795: Apache Syncope: Console XXE on Keymaster parameters Francesco Chicchiriccò
2026/02/02 CVE-2026-23794: Apache Syncope: Reflected XSS on Enduser Login Francesco Chicchiriccò
2026/02/01 [ANNOUNCE] Apache Grails 7.0.7 James Fredley
2026/02/01 [ANNOUNCE] Apache SIS 1.6 Release Martin Desruisseaux
2026/01/30 [ANN] Apache Tomcat 11.0.18 Available Mark Thomas
2026/01/29 [ANNOUNCE] Apache Pulsar Client C++ 4.0.1 released Yunze Xu
2026/01/27 [ANN] Apache Tomcat 10.1.52 Available Christopher Schultz
2026/01/27 [ANNOUNCE] Apache MINA SSHD 2.17.1 released Thomas Wolf
2026/01/27 [ANNOUNCE] Apache Arrow 23.0.0 released Raúl Cumplido
2026/01/27 [ANNOUNCE] Apache Groovy 5.0.4 Released Paul King
2026/01/26 [ANNOUNCE] Apache Grails 7.0.6 James Daugherty
2026/01/26 [ANNOUNCE] Apache bRPC 1.16.0 released Xiaofeng
2026/01/26 CVE-2016-15057: Apache Continuum: Command injection leading to RCE Arnout Engelen
2026/01/23 https://karaf.apache.org/security/cve-2026-24656.txt: CVE-2026-24656: Apache Karaf: Decanter log-socket collector has deserialization vulnerability Jean-Baptiste Onofré
2026/01/23 [ANNOUNCE] Apache NiFi API 2.6.0 Released Pierre Villard
2026/01/23 [ANNOUNCE] Apache Artemis 2.50.0 Released Justin Bertram
2026/01/23 CVE-2025-27821: HDFS native client: Out of bounds write in URI parser of native HDFS client Chris Nauroth
2026/01/23 [ANNOUNCE] Apache Qpid JMS 2.10.0 released Robbie Gemmell
2026/01/23 [ANNOUNCE] Apache Qpid JMS 1.16.0 released Robbie Gemmell
2026/01/23 [ANN] Apache Tomcat 9.0.115 available Rémy Maucherat
2026/01/22 [ANNOUNCE] Apache Commons BCEL Version 6.12.0 Gary Gregory
2026/01/21 [ANNOUNCE] Apache MINA SSHD 2.17.0 released Thomas Wolf
2026/01/21 [ANNOUNCE] Apache Airflow Providers prepared on 2026-01-17 are released Jens Scheffler
2026/01/21 [ANNOUNCE] Apache Groovy 4.0.30 Released Paul King
2026/01/20 CVE-2026-22444: Apache Solr: Insufficient file-access checking in standalone core-creation requests Jason Gerlowski
2026/01/20 CVE-2026-22022: Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin Jason Gerlowski
2026/01/20 [ANNOUNCE] Apache OFBiz 24.09.05 released Nicolas Malin
2026/01/20 [ANNOUNCE] Apache IoTDB 2.0.6 released Haonan Hou
2026/01/17 [ANNOUNCE] Apache Airflow Providers prepared on 2026-01-13 are released Jens Scheffler

Earlier messages