The Apache Storm community is pleased to announce the release of Apache Storm version 2.8.7.
Apache Storm is a distributed, fault-tolerant, and high-performance realtime computation system that provides strong guarantees on the processing of data. You can read more about Apache Storm on the project website: https://storm.apache.org/ Downloads of source and binary distributions are listed in our download section: https://storm.apache.org/downloads.html You can read more about this release in the following blog post: https://storm.apache.org/2026/04/25/storm287-released.html Note: This release fixes two CVEs: - CVE-2026-40557 - Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter - CVE-2026-41081 - Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment Distribution artifacts are available in Maven Central at the following coordinates: groupId: org.apache.storm artifactId: storm-{component} version: 2.8.7 The full list of changes is available here [1]. Please let us know [2] if you encounter any problems. Regards, The Apache Storm Team [1] https://dist.apache.org/repos/dist/release/storm/apache-storm-2.8.7/RELEASE_NOTES.html [2] https://github.com/apache/storm/issues
