|« Cisco Security Agent 6.0.2 Released||IMPORTANT: No New ClamAV Signatures for CSA Versions Earlier than 126.96.36.199 »|
On 04/05/2010, Apache's issue tracker for projects was compromised via an XSS attack. The attackers used a simple URL redirect service appended to a new issue to grab administrator session credentials and ultimately download hashed copies of JIRA, Bugzilla, and Confluence passwords.
While the Apache blog gives compromise details and timelines, current status, and new mitigation steps, it bears repeating that any user of Apache hosted JIRA, Bugzilla, or Confluence should change their password immediately.
I also highly recommend the following related read: Improving Web Security: Six Ways the Apache.org JIRA Attack Could Have Been Prevented by Better Code