Apache Software Foundation - News, Features, and Slideshows - CSO | The Resource for Data Security Executives

News about Apache Software Foundation

Apache warns Struts 2.3 is using a library with a two year old critical flaw

Some versions of Struts 2 by default are using a file upload library with a two-year old remotely exploitable security flaw.

Liam Tung | 06 Nov | Read more
Emergency update for Apache Struts fixes incomplete patch for critical flaw

The Apache Software Foundation rushed last week to update the popular Apache Struts framework after a previous security patch for a high-risk vulnerability proved to be incomplete.

Lucian Constantin | 29 Apr | Read more
Denial-of-service vulnerability puts Apache Tomcat servers at risk

Security researchers published a proof-of-concept exploit for a recently disclosed vulnerability that allows attackers to launch denial-of-service attacks against websites hosted on Apache Tomcat servers.

Lucian Constantin | 12 Feb | Read more
Open-source software projects need to improve vulnerability handling practices, researchers say

Many open-source software developers need to improve the way in which they handle vulnerability reports, according to researchers from security firm Rapid7, who recently found and reported vulnerabilities in seven popular open-source software applications.

Lucian Constantin | 30 Oct | Read more
Apache Struts security update disables vulnerable feature

A new version of the Apache Struts development framework released Friday fixes two problems that had developers worried.

Lucian Constantin | 23 Sep | Read more

Americas