A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized extension uploads. It did not affect existing extensions or admin functions.
The issue was reported on May 4, 2025, fully fixed by June 24, and followed by a complete audit. No evidence of compromise was found, but 81 extensions were proactively deactivated as a precaution.
We would like to thank the researchers for reporting the issue, reviewing the proposed fixes, and supporting the resolution process, as well as the members of the Eclipse Open VSX team who were involved.
Our annual report highlights the key achievements of the past year, including significant project and industry collaboration milestones, membership growth, and notable community engagement initiatives.
The new Jakarta EE release modernises testing, boosts developer productivity, improves performance, and expands Java platform support.
This initiative is hosted by the Eclipse Foundation under the Eclipse S-CORE project, fostering an open and interoperable ecosystem for the entire automotive industry.
What Jakarta EE content do you want to see more of? Take our content preferences survey to incluence what we create next: tutorials, live sessions, blogs, documentation, and more.
Leading automakers and technology partners unite behind open source automotive middleware as first release approaches
As enterprises seek vendor-neutral Java options, the Adoptium Working Group unveils the latest Temurin release, an ROI tool, and a funding model to support the future of open source Java.
After the first series of training focused on general concepts, the Eclipse Foundation Security team is offering a new set of training, this time focused on vulnerability management and related subjects like dependencies and Software Bills of Materials.
In late March 2025, a security researcher in our community reported a security concern about a publicly accessible API endpoint containing user information on accounts.eclipse.org. After reviewing the issue, we determined this API endpoint was unnecessary and have since disabled it.
We looked through our access logs for the past few months and confirmed that the only requests were from the security researcher and the Eclipse Foundation staff who verified the report.
The report uncovers challenges related to open source support and Big Data management: Organizations using EOL software were almost three times more likely to have failed a compliance audit last year and 47% of organisations that handle Big Data expressed low confidence in the administration of those technologies.
The first-ever European OpenHarmony Technical Forum wrapped up in Rotterdam on March 30, 2025, bringing together industry leaders, developers, and academics to talk about the future of open source operating systems. The event, themed "OpenHarmony Technology Innovation and Ecosystem Practice," showcased exciting advancements in the field—and Oniro played a key role in the conversation.
The Eclipse Foundation is paving the way for a thriving, data-driven economy. In our new positioning paper, Building a Future of Digital Sovereignty and Innovation at the Eclipse Foundation, we dive into the different ways we are making this vision a reality.
Survey findings show how organisations address performance, integration, and management demands in open source SDV development through strategic investment and foundation governance.
We’re thrilled to announce the final release of Jakarta NoSQL 1.0, a brand-new specification designed to bring standardization, productivity, and portability to NoSQL integration in the Java ecosystem.
This release marks a significant step in the Jakarta EE platform by introducing the first-ever NoSQL specification. Whether you’re working with document, key-value, column, or graph databases, Jakarta NoSQL is built to streamline your development experience.
The Cyber Resilience SIG reached a critical milestone by defining a scope of work for 2025. The Cyber Resilience Practices Spec project has also launched, with project proposal and feedback open for review and contribution.
Theia AI delivers an open framework for building advanced AI capabilities to custom tools and IDEs, while the AI-powered Theia IDE provides flexible, AI-driven features with full developer control and no vendor lock-in.
Located in Hall 4, booth #4-554, our booth will showcase a wide array of open source embedded projects, including the latest advancements from Eclipse ThreadX, the OpenHW Foundation, Eclipse Development Tools and IDEs, and cutting-edge solutions from the SDV Working Group.
The Eclipse Foundation would like to thank everyone who participated in this year’s election process and is pleased to announce the results of the 2025 Eclipse Foundation Contributing Member and Committer Member elections for representatives to the Foundation’s Board.
Through this collaboration, the Sovereign Tech Fund—a program of the Sovereign Tech Agency—will invest in the development, improvement, and maintenance of open digital base technologies worldwide, driving significant security enhancements across Eclipse Foundation projects.