Author | Lightnews

Reposted by Gary

Apache Software Foundation (The ASF) @apache.org · Jul 8

Apache Lucene has issued the following releases:

✅ Lucene 9.12.2
✅ Lucene 10.2.2

To download, visit buff.ly/Gu4l9Bs

Lucene is a high-performance, full-featured text search engine library written entirely in #Java.

5 4

Reposted by Gary

Johannes Bechberger @mostlynerdless.de · Jul 7

RIP Java Applets. You made Java popular and helped it grow to what it is today.

JEP 504: Remove the Applet API has been proposed to target (openjdk.org/jeps/504), so there will be no more applets with the next JDK (JDK 26).

Thombstone with "RIP Applet" written on it.

21 35

Gary @garydgregory.bsky.social · Jun 16

Heads up CVE watchers! We just published CVE-2025-48976: Apache Commons FileUpload: DoS via part headers. Pick up version 1.6.0 or 2.0.0-M4 lists.apache.org/thread/fbs3w... #cve #apache #security

lists.apache.org

1

Gary @garydgregory.bsky.social · Jun 3

I just backed Arkand & Book of Magic for Free League's Dragonbane RPG on @Kickstarter www.kickstarter.com/projects/119...

Arkand & Book of Magic for Free League's Dragonbane RPG

A double feature for the award-winning Dragonbane RPG – explore the City of Waves and Flames and delve deep into the tomes of magic.

www.kickstarter.com

1

Gary @garydgregory.bsky.social · May 16

That more good will than I could muster virtualize.sh/blog/ground-...

Ground control to Major Trial

When a $130M aerospace company chooses to endlessly abuse free trials instead of typing git pull, you start to question gravity, or at least common sense.

virtualize.sh

Gary @garydgregory.bsky.social · May 16

Just wow virtualize.sh/blog/ground-...

Ground control to Major Trial

When a $130M aerospace company chooses to endlessly abuse free trials instead of typing git pull, you start to question gravity, or at least common sense.

virtualize.sh

Gary @garydgregory.bsky.social · May 14

A great (and long) visual and text essay on the 75-year anniversary of F1: www.bbc.co.uk/sport/extra/...

F1 at 75

A look back at 75 years of F1 history with Getty images.

www.bbc.co.uk

Gary @garydgregory.bsky.social · May 2

Want an easy way to do some real good in the world? Join me on Kiva and invest in Marya’s success in United States!

www.kiva.org/invitedby/ga...

Can you help Gary Gregory support Marya?

Kiva is a loan, not a donation. With Kiva you can lend as little as $25 and make a big change in someone's life.

www.kiva.org

Gary @garydgregory.bsky.social · Apr 23

Apache Commons Collections 4.5.0 is now available from the download CDN and Maven Central. Visit us at commons.apache.org/proper/commo...

Home – Apache Commons Collections

commons.apache.org

Gary @garydgregory.bsky.social · Apr 18

Here are the latest Apache Commons releases:
- JXPATH-1.4.0: 2025-04-18
- JEXL-3.5.0: 2025-04-16
- IO-2.19.0: 2025-04-12
- TEXT-1.13.1: 2025-04-10
Come see us: commons.apache.org

Apache Commons – Apache Commons

commons.apache.org

1

Gary @garydgregory.bsky.social · Apr 6

LWN has a nice write on how successfully use FOSS in government lwn.net/Articles/101...

Lessons from open source in the Mexican government [LWN.net]

lwn.net

1

Gary @garydgregory.bsky.social · Mar 24

Over at Apache Commons VFS, we published two CVEs:
- CVE-2025-27553: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT
- CVE-2025-30474: Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message

1

Gary @garydgregory.bsky.social · Mar 19

I am pleased to announce Apache Commons CSV 1.14.0.

Commons CSV reads and writes files in Comma Separated Value (CSV) format variations.

See commons.apache.org/proper/commo...

Home – Apache Commons CSV

commons.apache.org

2

Gary @garydgregory.bsky.social · Feb 14

The Apache Commons VFS Project team is pleased to announce the release of Apache Commons VFS Project 2.10.0.

Apache Commons VFS is a Virtual File System library for Java 8 or later.

commons.apache.org/proper/commo...

#theASF #ApacheCommons

Commons Virtual File System – Apache Commons VFS

commons.apache.org

Gary @garydgregory.bsky.social · Feb 14

The Apache Commons BeanUtils team is pleased to announce the release of Apache Commons BeanUtils 1.10.1.

This is our old-school Java Bean utility library available at commons.apache.org/proper/commo...

#theASF #ApacheCommons

Commons – Apache Commons BeanUtils

commons.apache.org

Gary @garydgregory.bsky.social · Feb 8

The Apache Commons team is pleased to announce Apache Commons Logging 1.3.5.

Commons Logging is a thin adapter allowing configurable bridging to other, well-known logging systems.

Historical list of changes: commons.apache.org/proper/commo...

Website: commons.apache.org/proper/commo...

Release Notes – Apache Commons Logging

commons.apache.org

1

Gary @garydgregory.bsky.social · Feb 4

Beware fellow FOSS maintainers: “Outlier. You are doing it wrong,” Potiuk wrote in a LinkedIn post that tagged Outlier. “Please stop all the people who you are tricking into creating AI-generated, completely nonsense issues in many open-source repositories.” from thenewstack.io/ai-is-spammi...

AI Is Spamming Open Source Repos With Fake Issues

A maintainer tracked down an AI company that said the spam was a mistake. But reports suggest the problem is more widespread and growing.

thenewstack.io

Gary @garydgregory.bsky.social · Jan 28

The Apache Commons Codec team announces the release of Apache Commons Codec 1.18.0.

Commons Codec contains encodes and decodes Base16, Base32, Base64, digest, and Hexadecimal. The codec package also maintains a collection of phonetic encoding utilities.

commons.apache.org/proper/commo...

Home – Apache Commons Codec

commons.apache.org

1 1

Gary @garydgregory.bsky.social · Jan 28

The Apache Commons Pool team announces the release of Apache Commons Pool 2.12.1.

Commons Pool provides an object-pooling API and several object-pool implementations, with robust instance
tracking and pool monitoring.

commons.apache.org/proper/commo...

Overview – Apache Commons Pool

commons.apache.org

Reposted by Gary

Jarek Potiuk @jarekpotiuk.fosstodon.org.ap.brid.gy · Jan 26

Outlier AI. You are doing it wrong.

Hiring people to post completely nonsenese or copy&pasted issues in reputable open-source repositories - and make maintainers train your AI on it ? not good.

There are 50 such issues in last few days in @airflow repo [1] and counting. More details in [2] […]

Original post on fosstodon.org

fosstodon.org

17 19

Gary @garydgregory.bsky.social · Jan 6

The Apache Commons team announces Commons Codec 1.17.2 for #Java

Codec contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. The codec package also maintains a collection of phonetic encoding utilities.

See commons.apache.org/proper/commo...

Codec – Home

commons.apache.org

1 5

Gary @garydgregory.bsky.social · Dec 13

The Apache Commons team is happy to announce Apache Commons 1.13.0.
- Changes: commons.apache.org/proper/commo...
- Site: commons.apache.org/proper/commo...
- Repo github.com/apache/commo...

Commons Text – Apache Commons Text Changes

commons.apache.org

4

Gary @garydgregory.bsky.social · Dec 11

Great read @sethmlarson.dev !

Seth Michael Larson @sethmlarson.dev · Dec 3

I've noticed a concerning trend of "slop security reports" being sent to open source projects. Here are thoughts about what platforms, reporters, and maintainers can do to fight back:

#oss #opensource #security #vulnerability #vuln #cve #slop #ai #llm

sethmlarson.dev/slop-securit...

New era of slop security reports for open source

I'm on the security report triage team for CPython, pip, urllib3, Requests, and a handful of other open source projects. I'm also in a trusted position such that I get "tagged in" to other open sou...

sethmlarson.dev

Gary @garydgregory.bsky.social · Dec 2

The Apache Commons DBCP team is pleased to announce the release of Apache Commons DBCP 2.13.0; Java8+

This is a minor release, including bug fixes and enhancements.

Changes: commons.apache.org/proper/commo...

Site: commons.apache.org/proper/commo...

Download: commons.apache.org/proper/commo...

DBCP – Apache Commons DBCP Release Notes

commons.apache.org

2 6