Apache Security Team Blog
-
xz/liblzma/libarchive compromise
At this time we have no reason to believe Apache projects are directly impacted by this compromise, also known as CVE-2024-3094.
-
Credits for finding security vulnerabilities
This post describes when and how we give credit to people who report security issues.
-
ASF Security Report: 2023
This report explores the state of security across all of The Apache Software Foundation (ASF) projects for the calendar year 2023. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues.
-
Apache vulnerability severity rating system
We introduce a default severity rating system, based on the scales we've been using with some specific projects
-
ASF Security Report: 2022
This report explores the state of security across all of The Apache Software Foundation (ASF) projects for the calendar year 2022. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues.
-
CVE-2022-42889: interpolations that allow RCE disabled in Commons Text 1.10.0
Find out if you should worry about CVE-2022-42889, which was recently released by the Apache Commons Text team
-
Apache projects affected by log4j CVE-2021-44228
This entry is where we will collect links to statements provided by ASF projects on if they are affected by CVE-2021-44228, the security issue in Log4j2.