At this time we have no reason to believe Apache projects are directly impacted by this compromise, also known as CVE-2024-3094.| security.apache.org
This report explores the state of security across all of The Apache Software Foundation (ASF) projects for the calendar year 2023. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues.| security.apache.org
Find out if you should worry about CVE-2022-42889, which was recently released by the Apache Commons Text team| security.apache.org