Apache has released critical security patches for HTTP Server and MINA software, addressing over a dozen vulnerabilities including flaws that could allow remote code execution. The HTTP Server update fixes 11 vulnerabilities including double-free bugs in HTTP/2 handling and heap buffer overflows, while MINA patches address two critical issues related to incomplete fixes for insecure deserialization flaws. Apache is urging organizations to upgrade immediately and explicitly configure allowed classes in the ObjectSerializationDecoder to prevent exploitation.