Eclipse Open VSX Registry Security Advisory
Wednesday 2 July 2025 - 12:07
A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized extension uploads. It did not affect existing extensions or admin functions.
The issue was reported on May 4, 2025, fully fixed by June 24, and followed by a complete audit. No evidence of compromise was found, but 81 extensions were proactively deactivated as a precaution.
Vulnerability in Eclipse Open VSX marketplace extension publication process
Friday 27 June 2025 - 14:05
We would like to thank the researchers for reporting the issue, reviewing the proposed fixes, and supporting the resolution process, as well as the members of the Eclipse Open VSX team who were involved.
The Eclipse Foundation’s Jakarta EE Working Group Announces Jakarta EE 11 Release
Thursday 26 June 2025 - 05:45
The new Jakarta EE release modernises testing, boosts developer productivity, improves performance, and expands Java platform support.