apache
Safeguard articles tagged "apache" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Hardening PHP-FPM and Apache Container Images
PHP containers ship with defaults built for compatibility, not security. Opcache settings, disabled functions, and process ownership close the gaps.
Linux Foundation versus Apache Software Foundation: how governance shapes supply-chain risk
Both foundations host critical software, but they organize it very differently. The Linux Foundation's project-by-project incubation model and the ASF's uniform graduation process produce different risk profiles for the consumers downstream.
Open Source Foundation Governance Models
The Linux Foundation, Apache Software Foundation, CNCF, and Eclipse each codify different theories of how open source projects should be governed. The differences matter more than most adopters realize.
Apache Web Server Hardening Guide for Production Environments
Apache httpd still serves millions of websites. Its default configuration exposes information, accepts weak TLS, and enables features you probably do not need.
Apache ActiveMQ CVE-2023-46604: Ransomware Groups Exploit Critical RCE
A critical remote code execution flaw in Apache ActiveMQ was rapidly weaponized by ransomware operators, with exploitation beginning before many organizations could patch.
Apache HTTP Server CVE-2021-41773: A Path Traversal Bug That Should Have Been Caught in Code Review
CVE-2021-41773 allowed path traversal and RCE on Apache HTTP Server 2.4.49. The fix was incomplete, leading to CVE-2021-42013 days later. A lesson in patching under pressure.