Audit

We’re excited to announce that the Eclipse Foundation has successfully conducted a security audit for Eclipse Mosquitto, marking our fourth project audit this year. To enhance security, all Mosquitto users are urged to upgrade to the latest available version. All issues identified by the audit have been fixed in the source code.

An Eclipse IoT project, Eclipse Mosquitto provides a lightweight server implementation of the MQTT protocol that is suitable for all situations, from powerful servers to embedded and low power machines. Highly portable and compatible with numerous platforms, Mosquitto is a popular choice for embedded products.

We’re proud to share that the Eclipse Foundation has completed the security audit for Eclipse Jetty, one of the world’s most widely deployed web server and servlet containers. All users are encouraged to upgrade to versions containing changes addressing all conclusions of the audit: Eclipse Jetty 12.0.0, 11.0.16, 10.0.16, and 9.4.53.

Today, the Eclipse Foundation released the results of our security audit for Eclipse JKube, a collection of tools for building Java applications that can be deployed to a cloud environment. Findings from the audit have been addressed in the 1.13 release leading to a new feature.

Over the past year, the Eclipse Foundation has made securing the open source software supply chain a priority. By growing our security team and laying the groundwork for the Cyber Risk Initiative, we’ve made strides to improve the security posture of our open source projects.

Today, we’re taking another step forward with the completion of the security audit for Equinox p2, the provisioning component of the Eclipse IDE.