A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized extension uploads. It did not affect existing extensions or admin functions.
The issue was reported on May 4, 2025, fully fixed by June 24, and followed by a complete audit. No evidence of compromise was found, but 81 extensions were proactively deactivated as a precaution.
We would like to thank the researchers for reporting the issue, reviewing the proposed fixes, and supporting the resolution process, as well as the members of the Eclipse Open VSX team who were involved.
Our annual report highlights the key achievements of the past year, including significant project and industry collaboration milestones, membership growth, and notable community engagement initiatives.
The new Jakarta EE release modernises testing, boosts developer productivity, improves performance, and expands Java platform support.
This initiative is hosted by the Eclipse Foundation under the Eclipse S-CORE project, fostering an open and interoperable ecosystem for the entire automotive industry.
Leading automakers and technology partners unite behind open source automotive middleware as first release approaches
As enterprises seek vendor-neutral Java options, the Adoptium Working Group unveils the latest Temurin release, an ROI tool, and a funding model to support the future of open source Java.
After the first series of training focused on general concepts, the Eclipse Foundation Security team is offering a new set of training, this time focused on vulnerability management and related subjects like dependencies and Software Bills of Materials.
In late March 2025, a security researcher in our community reported a security concern about a publicly accessible API endpoint containing user information on accounts.eclipse.org. After reviewing the issue, we determined this API endpoint was unnecessary and have since disabled it.
We looked through our access logs for the past few months and confirmed that the only requests were from the security researcher and the Eclipse Foundation staff who verified the report.
The report uncovers challenges related to open source support and Big Data management: Organizations using EOL software were almost three times more likely to have failed a compliance audit last year and 47% of organisations that handle Big Data expressed low confidence in the administration of those technologies.
The Eclipse Foundation is paving the way for a thriving, data-driven economy. In our new positioning paper, Building a Future of Digital Sovereignty and Innovation at the Eclipse Foundation, we dive into the different ways we are making this vision a reality.
Survey findings show how organisations address performance, integration, and management demands in open source SDV development through strategic investment and foundation governance.
The Cyber Resilience SIG reached a critical milestone by defining a scope of work for 2025. The Cyber Resilience Practices Spec project has also launched, with project proposal and feedback open for review and contribution.
Theia AI delivers an open framework for building advanced AI capabilities to custom tools and IDEs, while the AI-powered Theia IDE provides flexible, AI-driven features with full developer control and no vendor lock-in.
Located in Hall 4, booth #4-554, our booth will showcase a wide array of open source embedded projects, including the latest advancements from Eclipse ThreadX, the OpenHW Foundation, Eclipse Development Tools and IDEs, and cutting-edge solutions from the SDV Working Group.
The Eclipse Foundation would like to thank everyone who participated in this year’s election process and is pleased to announce the results of the 2025 Eclipse Foundation Contributing Member and Committer Member elections for representatives to the Foundation’s Board.
Through this collaboration, the Sovereign Tech Fund—a program of the Sovereign Tech Agency—will invest in the development, improvement, and maintenance of open digital base technologies worldwide, driving significant security enhancements across Eclipse Foundation projects.
As the Head of Security at the Eclipse Foundation, I want to clarify the situation, explain DLL side-loading, and reaffirm our commitment to security and collaboration with the community. My goal is to provide a clear understanding of both the technical aspects of this misuse and our approach to maintaining a secure ecosystem.
Discover the most popular Java runtimes, trends in API usage, and much more in our blog post covering the results of the 2024 Cloud Native Java Survey.
The Eclipse Foundation announced the creation of the Eclipse Open Collaboration Tools (OCT) project. This project falls under the purview of the Eclipse Cloud DevTools Working Group, marking an exciting step forward in advancing cloud-based development tools.