Apache disclosed a critical vulnerability, CVE-2026-23918, in its HTTP Server's mod_http2 module, affecting version 2.4.66. This flaw allows denial-of-service and potential remote code execution. Org...anizations are urged to upgrade to version 2.4.67 immediately. The vulnerability impacts default configurations, especially on Debian-based systems and Docker images, posing significant risks to web infrastructure.
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
The Apache Software Foundation has released updates for Apache HTTP Server to fix a critical vulnerability, CVE-2026-23918, which could lead to denial-of-service (DoS) and remote code execution (RCE).... This flaw, found in the HTTP/2 protocol handling, affects version 2.4.66 and is fixed in 2.4.67. Users are urged to update for security.
Apache HTTP Server RCE Vulnerability: Critical Patch for CVE-2026-23918 ...
Apache Software Foundation has released a critical patch for a remote code execution vulnerability, CVE-2026-23918, in the Apache HTTP Server. This update addresses a significant security flaw, enhan...cing the server's resilience against potential exploits.
Over 6,400 Apache ActiveMQ servers are vulnerable to a high-severity code injection flaw (CVE-2026-34197), actively exploited in the wild. The vulnerability, discovered by Horizon3, allows authentica...ted attackers to execute arbitrary code. Apache has patched the flaw in ActiveMQ Classic versions 6.2.3 and 5.19.4. CISA has mandated federal agencies to secure their systems by April 30.
6, 000+ Apache ActiveMQ Instances Vulnerable to CVE-2026-34197 Exposed ...
Over 6,000 Apache ActiveMQ instances are vulnerable to a critical security flaw, CVE-2026-34197, which allows remote code execution. The flaw, due to improper input validation, is actively exploited ...and listed in CISA's Known Exploited Vulnerabilities catalog. Organizations are urged to upgrade ActiveMQ, restrict internet access, and use monitoring services to mitigate risks.
Recent Apache ActiveMQ Vulnerability Exploited in the Wild
A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, has been actively exploited. The flaw, related to the Jolokia API, allows authenticated code execution and can be combined with an older vu...lnerability for remote execution. It has been patched in versions 5.19.5 and 6.2.3. CISA has urged federal agencies to patch by April 30.
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
Apache ActiveMQ has a critical security flaw, CVE-2026-34197, actively exploited and added to CISA's Known Exploited Vulnerabilities catalog. This vulnerability allows code injection via the Jolokia ...API, affecting versions before 5.19.4 and 6.2.3. Users should upgrade to these versions to mitigate risks. The flaw highlights the urgency of patching vulnerabilities to prevent exploitation.
Apache Tomcat's Security Fix Opened the Door to Unauthenticated RCE
A security fix in Apache Tomcat inadvertently created a vulnerability (CVE-2026-34486) allowing unauthenticated remote code execution. The issue arose from a code refactor that disabled cluster encry...ption. Affected versions include Tomcat 11.0.20, 10.1.53, and 9.0.116. Users should upgrade to the latest versions released on April 4, 2026, or restrict network access to mitigate risks.
Apache Software Foundation Launches $10 Million Responsible AI Initiative
The Apache Software Foundation (ASF) has launched a $10 million Responsible AI Initiative to enhance open-source technologies for AI systems. The initiative, supported by $1.75 million in initial fun...ding, aims to ensure transparency and security in AI development. ASF will focus on providing AI models for developers, accelerating AI development, and promoting responsible AI practices at its events.
Apache Spins Anthropic's $1.5M Into 'Responsible AI' Initiative
Apache Software Foundation has launched the Responsible AI Initiative, funded by a $1.5 million donation from Anthropic and $250,000 from Alpha-Omega. This initiative aims to enhance Apache's open so...urce technologies critical to AI systems, focusing on security, transparency, and governance. It includes access to AI models, project ecosystem support, and community engagement, with a broader funding goal of $10 million over three years.
The Apache Software Foundation Launches $10M Responsible AI Initiative with Initial $1.75M Donation
The Apache Software Foundation has launched a $10 million Responsible AI Initiative, starting with a $1.75 million donation. This initiative aims to enhance open source AI technologies by providing a...ccess to AI models and tools, supporting AI-focused projects, and fostering community engagement. It emphasizes responsible AI use, security, and transparency, aligning with ASF's community-driven approach.
The Apache Software Foundation Launches $10M Responsible AI Initiative ...
The Apache Software Foundation has launched a $10 million Responsible AI Initiative, starting with a $1.75 million donation from Anthropic and Alpha-Omega. This initiative aims to enhance open-source... technologies crucial for AI systems, focusing on security, transparency, and community governance. It supports ASF projects with AI models, tooling, and community engagement to ensure AI infrastructure is open and secure.
Apache Foundation Launches $10M Responsible AI Initiative
The Apache Software Foundation (ASF) has launched a $10 million Responsible AI Initiative to enhance open source technologies critical to AI systems. This initiative, backed by donations from Anthrop...ic and Alpha-Omega, aims to provide ASF projects with AI models, ecosystem support, and community engagement opportunities, ensuring secure and transparent AI infrastructure.
Dremio Deepens Apache Iceberg Leadership with V3 Support, New Community ...
Dremio has strengthened its leadership in the Apache Iceberg ecosystem by supporting the V3 specification in Dremio Cloud and appointing engineer JB Onofre to the Apache Software Foundation board. Th...e V3 spec enhances data type diversity, schema evolution, and performance for large-scale environments. Dremio's integration includes features like deletion vectors for faster CDC and improved schema evolution, reinforcing its commitment to open-source collaboration.
Google has released Gemma 4 under the Apache 2.0 license, reinforcing its commitment to open-source software. This move expands the "Gemmaverse" and aligns with Google's 20-year dedication to open-so...urce initiatives.
Apache Kafka 4.2 introduces queue-like consumption semantics, enabling point-to-point messaging. This update, known as KIP-932, allows for message-level acknowledgment and cooperative consumption, en...hancing Kafka's scalability and utility in event-driven architectures. The new features aim to unify messaging protocols, reducing infrastructure complexity and costs, while maintaining Kafka's durability and throughput.
Apache HugeGraph Achieves Top-Level Project Status
Apache HugeGraph has been elevated to a Top-Level Project within the Apache Software Foundation, signifying its graduation. This full-stack platform integrates graph database, computing, and AI capab...ilities, supporting billions of vertices and queries with Gremlin and Cypher. It also integrates with Flink, Spark, and SeaTunnel, and features LLM-based GraphRAG and 20 built-in graph ML algorithms for AI-driven applications.
Apache Elevates Open Source Projects Gluten And Polaris To Top-Level ...
Apache Software Foundation has elevated two open source projects, Apache Gluten and Apache Polaris, to Top-Level Project status. Apache Gluten enhances SQL and DataFrame workloads in Apache Spark, wh...ile Apache Polaris improves interoperability across data engines using Apache Iceberg's REST API. This graduation signifies project maturity and strengthens big-data performance and interoperability.
The Apache Software Foundation Graduates Two Open Source Projects from Incubator
The Apache Software Foundation has elevated Apache Gluten and Apache Polaris to Top-Level Project status. Apache Gluten enhances Apache Spark's performance by offloading tasks to native engines, whil...e Apache Polaris offers a catalog for Apache Iceberg, enabling multi-engine interoperability. This graduation signifies the maturity and technological advancement of both projects.
Threat Actors Exploit Apache ActiveMQ Server Vulnerability to Gain RDP ...
A critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604, has been exploited by threat actors to deploy LockBit ransomware across an enterprise network. The flaw allowed remote code ...execution, leading to system encryption via Remote Desktop Protocol. Organizations are urged to patch Apache ActiveMQ immediately to prevent further breaches.
A critical vulnerability (CVE-2020-17530) in Apache Struts, affecting versions 2.0.0 to 2.5.25, allows remote code execution through OGNL injection. Qualys Web Application Scanning can detect this fl...aw, which requires upgrading to Apache Struts 2.5.26 or later for remediation. The vulnerability arises from forced OGNL evaluation, leading to double evaluation of user inputs.
Apache Polaris Graduates to Top-Level Apache Project
Apache Polaris, co-created by Dremio, has graduated to a top-level Apache Project, signifying its maturity and broad adoption as a standard metadata catalog for Apache Iceberg. This open-source proje...ct enhances multi-engine interoperability and offers a vendor-neutral alternative to proprietary solutions like AWS Glue. Dremio continues to contribute actively, integrating Polaris into its cloud platform with enterprise-grade features.
A vulnerability in Apache NiFi allows unauthorized access, posing a security risk. This flaw could let attackers bypass authorization controls, potentially compromising data integrity and confidentia...lity.
The Apache Software Foundation Announces New Top-Level Project
The Apache Software Foundation announced that Apache HugeGraph has graduated to a Top-Level Project. HugeGraph is a full-stack platform integrating graph database, computing, and AI capabilities, sup...porting massive data storage and real-time querying. It integrates with Apache Flink, Apache Spark, and Apache SeaTunnel, and aims to enhance AI model accuracy and explainability.
Critical Apache Commons Text Vulnerability Enables Remote Code ...
A critical remote code execution vulnerability (CVE-2025-46295) in Apache Commons Text, affecting versions before 1.10.0, allows attackers to exploit unsafe interpolation features. The issue has been... resolved in version 1.14.0. Users are urged to update to mitigate risks, especially in Java-based services.
Announcing Apache Airflow 3.0 support in Amazon Managed Workflows for ...
Amazon Managed Workflows for Apache Airflow now supports Apache Airflow 3.0, enhancing workflow orchestration with a redesigned interface, event-driven scheduling, and a new Task SDK. This update imp...roves security, usability, and efficiency, supporting Python 3.12 and offering advanced features like scheduler-managed backfill.
Anthropic Just Wrote Apache a $1.5M Check. Here's Why That Number Is ...
Anthropic donated $1.5 million to the Apache Software Foundation (ASF), nearly covering its annual infrastructure budget. This donation seeds the ASF's $10 million Responsible AI Initiative, aimed at... enhancing AI model access, improving ASF project infrastructure, and fostering community engagement. The initiative highlights the critical role ASF projects play in AI systems and calls for more contributions from AI companies.
Anthropic Just Handed Apache $1.5M to Secure the Open Source Stack AI ...
Anthropic has donated $1.5 million to the Apache Software Foundation to bolster security and infrastructure for critical open source projects like Kafka, Spark, and Cassandra. This funding aims to su...pport the resilience and independence of systems essential for AI and broader software ecosystems. ASF President Ruth Suehle highlights the importance of sustained investment in community-governed infrastructure.
