Apache Security Team Blog
Apache vulnerability severity rating system
We introduce a default severity rating system, based on the scales we've been using with some specific projects
ASF Security Report: 2022
This report explores the state of security across all of The Apache Software Foundation (ASF) projects for the calendar year 2022. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues.
CVE-2022-42889: interpolations that allow RCE disabled in Commons Text 1.10.0
Find out if you should worry about CVE-2022-42889, which was recently released by the Apache Commons Text team
Apache projects affected by log4j CVE-2021-44228
This entry is where we will collect links to statements provided by ASF projects on if they are affected by CVE-2021-44228, the security issue in Log4j2.