ApacheCon™ –the ASF's official global conference series, now in its 20th year.
 - CFP Now Open: Apache Roadshow Chicago 13-14 May 2019 http://apachecon.com/chiroadshow19/index.html
 - Save the Date: ApacheCon North America 2019 will take place 9-13 September in Las Vegas http://apachecon.com/

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield grand performance at 99.64% uptime. http://status.apache.org/

Apache Code Snapshot –this week, 469 Apache contributors changed 968,811 lines of code over 2,704 commits. Top 5 contributors, in order, are: Mark Robert Miller, Mark Thomas, Andrew Purtell, Andrea Cosentino, and Matteo Merli.

Apache Beam™ –an Open Source unified programming model to define and execute Big Data processing pipelines.
 - Apache Beam 2.9.0 released https://beam.apache.org/

Apache Calcite™ Avatica –a framework for building database drivers.
 - Apache Calcite Avatica 1.13.0 released https://calcite.apache.org/

Apache Geode™ –a Big Data management platform that provides a database-like consistency model, reliable transaction processing and a shared-nothing architecture to maintain very low latency performance with high concurrency processing.
 - Apache Geode 1.8.0 released http://geode.apache.org/

Apache Griffin™ –Open Source Big Data quality solution.
 - The Apache Software Foundation Announces Apache® Griffin™ as a Top-Level Project https://s.apache.org/n21m

Apache Gobblin (incubating) –a distributed data integration framework that simplifies common aspects of Big Data integration.
 - Apache Gobblin (incubating) 0.14.0 released https://gobblin.apache.org/

Apache Groovy™ –a multi-faceted programming language for the JVM.
 - Apache Groovy 2.4.16 released http://groovy.apache.org

Apache Hivemall (incubating) –a scalable machine learning library implemented as Hive UDFs/UDAFs/UDTFs. 
 - Apache Hivemall 0.5.2-incubating released http://hivemall.incubator.apache.org/

Apache Jackrabbit™ –a fully compliant implementation of the Content Repository for Java(TM) Technology API, version 2.0 (JCR 2.0) as specified in the Java Specification Request 283 (JSR 283).
 - Apache Jackrabbit 2.19.0 released http://jackrabbit.apache.org/

Apache Log4j™ Audit –a framework for performing audit logging using a predefined catalog of audit events.
 - Apache Log4j-Audit 1.0.1 released http://logging.apache.org/

Did You Know?

 - ASF Operations Summary: Q2 FY2019 https://s.apache.org/d2Fq

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

Wakefield, MA —12 December 2018— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® Griffin™ as a Top-Level Project (TLP).

Apache Griffin is a robust Open Source Big Data quality solution for distributed data systems at any scale. It provides a unified process to measure data quality from different perspectives, as well as building and validating trusted data assets in both streaming or batch contexts. Griffin originated at eBay and entered the Apache Incubator in December 2016.

"We are very proud of Griffin reaching this important milestone," said William Guo, Vice President of Apache Griffin. "By actively improving Big Data quality, Griffin helps build trusted data assets, therefore boosting your confidence in your business." 

Apache Griffin enables data scientists/analysts to handle data quality issues by:

• Defining –specifying data quality requirements such as accuracy, completeness, timeliness, profiling, etc.;
  
  
• Measuring –source data ingested into the Griffin computing cluster will apply data quality measurement based on user-defined requirements; and
  
  
• Applying Metrics –data quality reports as metrics will be exported to designated destination.
  
  

In addition, Griffin allows users to easily onboard new requirements into the platform and write comprehensive logic to further define their data quality. 

Apache Griffin is in use in high volume, high demand environments at 163.com/Netease, eBay, Expedia, Huawei, JD.com, Meituan, PayPal, Pingan Bank, PPDAI, VIP.com, and VMWare, among others.

"eBay contributed Griffin to the Apache Incubator in December 2016 to ensure its future development in a community-driven manner. It started with the idea on how eBay could address the data quality issue across multiple systems, especially in streaming context," said Vivian Tian, VP of eBay, GM - China Center of Excellence. "Griffin brings data quality solution to data ecosystem and ensure data applications have a solid quality foundation. We are extremely happy to see Griffin graduate as an Apache Top Level Project, and look forward to continued innovation and collaboration with the Apache community."

"We have been using Apache Griffin for about two years, monitoring 1000+ tables with data quality metrics, and are very happy to see it graduate to a Top-Level Project," said Chao Zhu, Senior Director at VIPshop Finance. "Apache Griffin and its data quality DSL can help us easily identify data quality issues instantly on our big data platform. In addition, Apache Griffin's architecture is highly extensible. We are looking forward to using it in real time data quality management system. We also look forward to contribute some of our minor enhancement to Griffin back to the community."

"Apache Griffin is one of the best data quality solutions which my team has been used so far. It has been an exciting journey seeing the Griffin community evolve rapidly. And many people iteratively adopting it and contributing to newer capabilities," said Austin Sun, Senior Engineering Manager, Enterprise Service Platform at PayPal. "In PayPal risk domain, we benefit a lot from Apache Griffin to provide high quality data to make precise decision and protect our customer. In addition to PayPal risk, I knew there are several other corporates also leverages core capability from Griffin as their data quality solution. It’s my great honor to witness Griffin grows to a top level project. Way to go, Griffin."

"Apache Griffin project is yet another showcase how community over code can work for projects coming out from internal usages of companies into the open source," said Henry Saputra, ASF member and Incubator Mentor for Apache Griffin. "I am proud to be the part of the projects and mentors for the project when it was being contributed from eBay, in addition to several other projects already donated to ASF such as Apache Kylin and Eagle. The team has worked tremendously hard to adapt the Apache Way, and also shown great respect for the open source community in all the processes for design, development, and release processes.As a Top-Level Project I believe the PMC will help lead the project to much more success in the future."

"Graduation is not the end, it is the beginning of another journey. We hope to take Apache Griffin to the next level with a wider set of features and users," added Guo. "We welcome anyone to join our efforts by helping with product design, documentation, code, technical discussions or promoting Apache Griffin in The Apache Way."

Apache Griffin software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Griffin, visit http://griffin.apache.org/ and https://twitter.com/apachegriffin

About The Apache Software Foundation (ASF)
Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server --the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 730 individual Members and 6,800 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Anonymous, ARM, Baidu, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Hortonworks, Huawei, IBM, Indeed, Inspur, LeaseWeb, Microsoft, Oath, ODPi, Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, Tencent, and Union Investment. For more information, visit http://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "Griffin", "Apache Griffin", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

ApacheCon™ –the ASF's official global conference series, now in its 20th year.
 - SAVE THE DATE: ApacheCon North America 2019 will take place 9-13 September in Las Vegas http://apachecon.com/

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield impressive performance at 99.53% uptime. http://status.apache.org/

Apache Code Snapshot –this week, 470 Apache contributors changed 835,412 lines of code over 3,025 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Andrea Cosentino, Andrzej Kaczmarek, Jan Piotrowski, and Tilman Hausherr.

Apache Bahir™ –provides extensions to multiple distributed analytic platforms, such as Apache Spark, to extend their reach with diverse streaming connectors and SQL data sources.
 - Apache Bahir 2.3.2 released http://bahir.apache.org

Apache BookKeeper™ –a scalable, fault-tolerant, and low-latency storage service optimized for real-time workloads.
 - Apache BookKeeper 4.8.1 released https://bookkeeper.apache.org

Apache CouchDB™ –Open Source NoSQL document database using HTTP, JSON, and MapReduce.
 - Apache CouchDB 2.3.0 released https://couchdb.apache.org/

Apache Crail (incubating) –a high-performance distributed data store designed for fast sharing of ephemeral data in distributed data processing workloads.
 - Apache Crail 1.1-incubating released https://crail.incubator.apache.org/

Apache HBase™ –Open Source, distributed, versioned, non-relational database.
 - Apache HBase 2.0.3 released https://hbase.apache.org/

Apache Impala™ –a high-performance distributed SQL engine.
 -  Apache Impala 3.1.0 released https://impala.apache.org/

Apache Ignite™ –a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale.
 - Apache Ignite 2.7.0 Vulnerable Dependecies Updates http://mail-archives.apache.org/mod_mbox/www-announce/201812.mbox/%3CCALUCNEsCwE0fC2XCHi996%3DOdUCZZLK8WzF2KOdaLPYkZzWE_8A%40mail.gmail.com%3E

Apache Jackrabbit™ –a fully compliant implementation of the Content Repository for Java(TM) Technology API, version 2.0 (JCR 2.0) as specified in the Java Specification Request 283 (JSR 283).
 - Apache Jackrabbit 2.18.0 and Jackrabbit Oak 1.9.12 released http://jackrabbit.apache.org/

Apache Kylin™ –an Open Source Distributed Analytics Engine designed to provide SQL interface and multi-dimensional analysis (OLAP) on Apache Hadoop, supporting extremely large datasets.
 - Apache Kylin 2.5.2 released https://kylin.apache.org/

Apache PDFBox™ –an Open Source Java tool for working with PDF documents.
 - Apache PDFBox 2.0.13 released http://pdfbox.apache.org/

Apache PLC4X (incubating) –a set of libraries for communicating with industrial programmable logic controllers (PLCs) using a variety of protocols but with a shared API.
 - Apache PLC4X 0.2.0 released http://plc4x.apache.org

Apache POI™ –Java library for reading and writing Microsoft Office file formats, such as Excel, PowerPoint, Word, Visio, Publisher and Outlook.
 - Apache POI 4.0.1 released https://poi.apache.org/

Apache Qpid™ –the latest release of the newer JMS client supporting the Advanced Message Queuing Protocol 1.0 (AMQP 1.0, ISO/IEC 19464), based around the Apache Qpid Proton protocol engine and implementing the AMQP JMS Mapping as it evolves at OASIS.
 - Apache Qpid JMS 0.39.0 released http://qpid.apache.org/

Apache ServiceComb™ –a microservice framework that provides a set of tools and components to make Cloud application development and deployment easier.
 - Apache ServiceComb Service-Center 1.1.0, ServiceComb Saga 0.2.1, and Java-Chassis 1.1.0 released http://servicecomb.apache.org/

Apache Tomcat™ Native Library –provides portable API for features not found in contemporary JDKs.
 - Apache Tomcat Native 1.2.19 released http://tomcat.apache.org/

Apache UIMA™ –supports the community working on the analysis of unstructured information with a unifying Java and C++ framework, tooling, and analysis components, guided by the OASIS UIMA (Unstructured Information Management Architecture) standard.
 - Apache UIMA Java SDKs and versions 2.10.3 and 3.0.1 released http://uima.apache.org

Apache Wicket™ –Open Source Java component oriented Web application framework that powers thousands of applications and sites for governments, stores, universities, cities, banks, email providers, and more.
 - Apache Wicket 7.11.0 released http://wicket.apache.org/

Did You Know?

 - ASF Operations Summary: Q2 FY2019 https://s.apache.org/d2Fq

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

= = =

ApacheCon™ –the ASF's official global conference series, now in its 20th year.
 - SAVE THE DATE: ApacheCon North America 2019 will take place 9-13 September in Las Vegas http://apachecon.com/
 - POSTPONED: Apache Roadshow DC/Open Source Job Fair. Watch this space for new dates.

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield symmetrical performance at 98.89% uptime. http://status.apache.org/

Apache Code Snapshot –this week, 498 Apache contributors changed 941,670 lines of code over 2,745 commits. Top 5 contributors, in order, are: Till Rohrmann, Jan Piotrowski, Tellier Benoit, Chun-Hung Hsiao, and Andrzej Kaczmarek.

Apache Bigtop™ –packaging and interoperability testing of the Apache Hadoop ecosystem.
 - Apache Bigtop 1.3.0 released https://bigtop.apache.org/

Apache Flink™ –an Open Source stream processing framework for distributed, high-performing, always-available, and accurate Big Data streaming applications.
 - Apache Flink 1.7.0 released https://flink.apache.org/

Apache Jackrabbit™ –a fully compliant implementation of the Content Repository for Java(TM) Technology API, version 2.0 (JCR 2.0) as specified in the Java Specification Request 283 (JSR 283).
 - Apache Jackrabbit 2.17.7 released http://jackrabbit.apache.org/

Apache Qpid™ Proton –a messaging library for the Advanced Message Queuing Protocol 1.0 (AMQP 1.0, ISO/IEC 19464).
 - Apache Qpid Proton-J 0.31.0 released http://qpid.apache.org

Apache Traffic Server™ –a fast, scalable and extensible HTTP/1.1 compliant caching proxy server.
 - Apache Traffic Server v7.1.5 and v8.0.1 released https://trafficserver.apache.org/

Did You Know?

 - ASF Operations Summary: Q1 FY2019 https://s.apache.org/qiKn

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

"There have been no signs Apache will stop growing."
—Nick Ismail, InformationAge

Giving Tuesday is here, kicking off our end-of-year Individual Giving and Corporate Gifts campaigns.

It's one of our favorite times of the year, as giving back feels so good. Here's how you can help:

Individual Donations.

• Giving to Apache is easy! Click https://donate.apache.org/ to make a one-time or monthly recurring donation using a debit/credit card, ACH electronic transfer, or PayPal. You'll also receive a receipt for your tax-deductible contribution via email.
  
  
• Purchasing Programs. Those of you who shop from Amazon can start your retail journey at https://smile.amazon.com/ so a portion of your purchase will be donated to the ASF. Now that's smart shopping!
  
  
• Additional Options. If you'd rather mail us a check or send a Bitcoin donation or explore other contribution options, please visit http://apache.org/foundation/contributing.html
  
  

Corporate Gifts.

Employers of all sizes can feel good as well! This includes companies such as:

• Bloomberg, whose employee volunteer and giving program provides numerous service opportunities year-round for a wide variety of philanthropic activities. Employees who have earned 25 or 50 hours of volunteer time can request that a donation of $2,500 or $5,000 be made to their select charity with whom has an established relationship Bloomberg Philanthropies. This is the second year that the ASF is among the candidate organizations that employees can donate their hours to as part of their "Dollars For Your Hours" program.
  
  
• Microsoft, who works through volunteer matching platform Benevity to allow their developers to contribute to Open Source projects and communities that they are passionate about. The program donates $25 per volunteer hour, which enables Microsoft developers to contribute back to the ASF while logging hours towards for matching. The Apache Software Foundation has benefited from this and their "Tech Talent for Good" program for several years.
  
  

Some organizations contribute to the ASF in the form of a cash donation --whether it's a one-time gift or recurring monthly made at https://donate.apache.org/ , or a matching gifts program, where the company matches the financial donation of an employee to the ASF. We have received contributions that reflected dollar-for-dollar matches, sometimes multiple times the contribution made by employees.

Corporate Sponsorship is also a great way to support the ASF on an annual basis. Those wishing to quickly become a Sponsor using a credit card, ACH transfer, or PayPal may easily do so at https://donate.apache.org/ ; otherwise we invite interested parties to review our Sponsorship program at http://apache.org/foundation/sponsorship.html or contact us at fundraising(at)apache(dot)org.

We thank you in advance for your generous consideration. Through your support, the ASF is able to continue to develop, incubate, and steward 350+ Open Source projects and their communities and keep Apache for everyone. For more information on the ASF's operations and how we put your donated dollars at work, please see our Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport .

# # # 

ApacheCon™ –the ASF's official global conference series, now in its 20th year.
 - SAVE THE DATE: ApacheCon North America 2019 will take place 9-13 September in Las Vegas http://apachecon.com/
 - POSTPONED: Apache Roadshow DC/Open Source Job Fair. Watch this space for new dates.

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield great performance at 98.60% uptime. http://status.apache.org/

Apache Code Snapshot –this week, 442 Apache contributors changed 954,582 lines of code over 2,498 commits. Top 5 contributors, in order, are: Ravindra Pesala, Tilman Hausherr, Tellier Benoit, Xiaoyu Yao, and Mark Thomas.

Apache Jackrabbit™ –a fully compliant implementation of the Content Repository for Java(TM) Technology API, version 2.0 (JCR 2.0) as specified in the Java Specification Request 283 (JSR 283).
 - Apache Jackrabbit Oak 1.6.15 released http://jackrabbit.apache.org/

Apache Kafka™ –a distributed, fault tolerant, publish-subscribe messaging.
- Apache Kafka 2.1.0 released https://kafka.apache.org/

Apache OpenOffice™ –leading Open Source office-document productivity suite providing six applications (Writer, Calc, Impress, Draw, Math, Base) based around the OpenDocument Format (ODF).
 - Apache OpenOffice 4.1.6 released https://www.openoffice.org/

Apache Qpid™ –AMQP enterprise messaging implementation.
 - Apache Qpid JMS 0.38.0 released http://qpid.apache.org/

Apache Tomcat™ –an Open Source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies.
 - Apache Tomcat 7.0.92 released http://tomcat.apache.org/

Apache Wicket™ –an Open Source Java component oriented Web application framework.
 - Apache Wicket 8.2.0 released http://wicket.apache.org

Did You Know?

 - ASF Operations Summary: Q1 FY2019 https://s.apache.org/qiKn

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

ApacheCon™ –the ASF's official global conference series, now in its 20th year.
 - POSTPONED: Apache Roadshow DC/Open Source Job Fair. Watch this space for new dates.

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield fine performance at 98.32% uptime. http://status.apache.org/

Apache Code Snapshot –this week, 479 Apache contributors changed 1,108,998 lines of code over 2,745 commits. Top 5 contributors, in order, are: Alex Harui, Yonatan Gottesman, Tilman Hausherr, Zoran Regvart, and Mark Thomas.

Apache Bahir™ –provides extensions to multiple distributed analytic platforms, extending their reach with a diversity of streaming connectors and SQL data sources.
 - Apache Bahir 2.1.3 and 2.2.2 released https://bahir.apache.org/

Apache Directory™ Fortress –a computer security access management facility written in Java.
 - Apache Fortress 2.0.3 released https://directory.apache.org/

Apache Groovy™ –a multi-faceted language for the Java platform.
 - Apache Groovy 2.5.4 released https://groovy.apache.org/

Apache Hive™ –Big Data warehouse software that facilitates querying and managing large datasets residing in distributed storage.
 - [SECURITY] CVE-2018-1314: Hive explain query not being authorized http://mail-archives.apache.org/mod_mbox/www-announce/201811.mbox/%3CCABDpyChoSC%2BO_whkL_7Zh4ZMiXf7qmWpKoa-hep0dS6MTnJYJA%40mail.gmail.com%3E
 - [SECURITY] CVE-2018-11777: Blocking local resource access in HiveServer2 http://mail-archives.apache.org/mod_mbox/www-announce/201811.mbox/%3CCABDpyCjx%2BGpPvEW1mreZPnqCmqBYmAVk3s5NUx4ZGnQKcj7aGg%40mail.gmail.com%3E

Apache Jackrabbit™ –a fully compliant implementation of the Content Repository for Java(TM) Technology API, version 2.0 (JCR 2.0) as specified in the Java Specification Request 283 (JSR 283).
 - Apache Jackrabbit Oak 1.9.11 released http://jackrabbit.apache.org/

Apache James™ –provides a complete, stable, secure and extendable Mail Servers running on the JVM.
 - Apache James 3.2.0 released https://james.apache.org/

Apache Juneau™ –universal serialization and REST API library.
 - Apache Juneau 7.2.2 released http://juneau.apache.org/

Apache Kafka™ –a distributed, fault tolerant, publish-subscribe messaging.
- Apache Kafka 2.0.1 released https://kafka.apache.org/

Apache Libcloud™ –a Python library that abstracts away the differences among multiple cloud provider APIs.
 - Apache Libcloud 2.4.0 released https://libcloud.apache.org/

Apache OpenWebBeans™ –a CDI container (Contexts and Dependency Injection for Java) and targets the CDI-2.0 specification (JavaEE 8).
 - Apache OpenWebBeans-2.0.8 CDI container released https://openwebbeans.apache.org/

Apache Phoenix™ –enables OLTP and SQL-based operational analytics for Apache Hadoop.
 - Apache Phoenix 4.14.1 released http://phoenix.apache.org/

Apache Qpid™ –AMQP enterprise messaging implementation.
 - [SECURITY] [CVE-2018-17187] Apache Qpid Proton-J transport TLS wrapper hostname verification mode not implemented http://mail-archives.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAFitrpQSV73Vz7rJYfLJK7gvEymZSCR5ooWUeU8j4jzRydk-eg%40mail.gmail.com%3E

Apache Struts™ –popular Open Source framework for creating Java Web applications.
 - Apache Struts 2.3.x End-Of-Life (EOL) Announcement https://struts.apache.org/announce#a20181114

Apache Toree (incubating) –a kernel for the Jupyter Notebook platform providing interactive and remote access to Apache Spark.
 - Apache Toree 0.3.0-incubating released https://toree.incubator.apache.org/

Did You Know?

 - ASF Operations Summary: Q1 FY2019 https://s.apache.org/qiKn

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

ApacheCon™ –the ASF's official global conference series, now in its 20th year.
 - REGISTER for Apache Roadshow DC and free Open Source Job Fair http://www.apachecon.com/usroadshow18/

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield cracking performance at 98.68% uptime. http://status.apache.org/

Apache Code Snapshot –this week, 514 Apache contributors changed 1,106,696 lines of code over 3,154 commits. Top 5 contributors, in order, are: Gary Gregory, Julian Reschke, Andrea Cosentino, Qian Zhang, and Ash Berlin-Taylor.

Apache Hive™ –Big Data warehouse software that facilitates querying and managing large datasets residing in distributed storage.
 - Apache Hive 2.3.4 released https://hive.apache.org/
 - [SECURITY] CVE-2018-1314: Hive explain query not being authorized http://mail-archives.apache.org/mod_mbox/www-announce/201811.mbox/%3CCABDpyChoSC%2BO_whkL_7Zh4ZMiXf7qmWpKoa-hep0dS6MTnJYJA%40mail.gmail.com%3E
 - [SECURITY] CVE-2018-11777: Blocking local resource access in HiveServer2 http://mail-archives.apache.org/mod_mbox/www-announce/201811.mbox/%3CCABDpyCjx%2BGpPvEW1mreZPnqCmqBYmAVk3s5NUx4ZGnQKcj7aGg%40mail.gmail.com%3E

Apache Jackrabbit™ –a fully compliant implementation of the Content Repository for Java(TM) Technology API, version 2.0 (JCR 2.0) as specified in the Java Specification Request 283 (JSR 283).
 - Apache Jackrabbit 2.12.10 and Jackrabbit Oak 1.9.10 released http://jackrabbit.apache.org/

Apache Kylin™ –an Open Source Distributed Analytics Engine designed to provide SQL interface and multi-dimensional analysis (OLAP) on Apache Hadoop, supporting extremely large datasets.
 - Apache Kylin 2.5.1 released https://kylin.apache.org/

Apache Struts™ –an elegant, extensible framework for creating enterprise-ready Java Web applications.
 - [SECURITY] Immediately upgrade commons-fileupload to version 1.3.1 when running Struts 2.3.36 http://mail-archives.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMgZiJ%2BZkT1HmkQt94q7-bzNWnZm0Td9vq589vz5YM%3DMw%40mail.gmail.com%3E
 - [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior http://mail-archives.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E

Apache Syncope™ –an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology.
 - Apache Syncope 2.0.11 and 2.1.2 released http://syncope.apache.org/
 - [SECURITY] CVE-2018-17184 Apache Syncope http://mail-archives.apache.org/mod_mbox/www-announce/201811.mbox/%3Ccf9fdd28-aba5-f586-01c0-d37beb50008a%40apache.org%3E
 - [SECURITY] CVE-2018-17186 Apache Syncope http://mail-archives.apache.org/mod_mbox/www-announce/201811.mbox/%3Cb1bdfd0b-2151-cafd-d5c9-425de23311f4%40apache.org%3E

Apache Tomcat™ –an Open Source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies.
 - Apache Tomcat 8.5.35 and 9.0.13 released http://tomcat.apache.org/

Did You Know?

 - ASF Operations Summary: Q1 FY2019 https://s.apache.org/qiKn

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

Within The Apache Software Foundation, many of us have different roles. I am a committer on the Apache httpd project, and also a PMC member on that project. I am the Vice President, Conferences. I am a board member. And I’m a member of the Foundation. I'm also an employee of Red Hat, and may, at times, be perceived to be speaking for my employer.

I am a father, husband, brother, son, employee, and so on. How I interact with my daughter is very different from how I interact with my manager. I use different language, wield different authority, and expect different results.

Ten years ago at ApacheCon in Oakland, Bertrand Delacretaz gave a talk about hats. We all laughed a lot. But he was making a serious point. At the Apache Software Foundation –indeed, in life– we all wear many different hats.

However, whereas it's pretty clear, in real life, whether I’m addressing my daughter or my manager, on Apache mailing lists it's seldom, if ever, clear which hat I'm wearing in any given situation.

I like to operate on the following principle when communicating in the Apache community: Wear the smallest hat possible for the situation, but assume that everyone is seeing the biggest hat possible.

So, what does that mean?

In the list above of my Apache hats (Committer, PMC Member, Foundation Member, V.P. Conferences, Director), there are various levels of authority. As a project committer, I can make code changes, but as a PMC member, I can reject other people’s changes. As a Foundation Member, I can express an opinion, but as a Director, I can state the official position of the Foundation.

The difficulty comes when, on a mailing list, I say something, intending it to be my personal opinion (i.e., Foundation Member hat) and someone reads it as the official position of the Foundation (i.e., Foundation Director hat).

Thus, in any given situation, I have an obligation to wield the smallest stick I possibly can, appropriate to the situation. Also, to clearly communicate how I am speaking, if there’s any chance of confusion, by saying things like "speaking as a member, and expressing my private opinion …", or "It is the opinion of the Board of Directors that …"  And, since there’s always a chance of confusion, due to many factors, it’s worthwhile to make this clarification almost every time, if you’re in a position where you do, in fact, wear multiple hats.

By wearing the smallest hat possible –i.e., speaking with the voice with the least authority– you allow other people to be free to express their own dissenting opinions without feeling that they have already been overruled. This is in line with our culture of providing a level playing field, where all voices are equal, and all opinions are weighed the same.

Rich Bowen has been doing open source-y stuff since about 1995, and has been a member of the Apache Software Foundation since 2002. He currently serves on the ASF Board of Directors. By day, he's the CentOS Community Manager, working for Red Hat.

= = =

"Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works" https://blogs.apache.org/foundation/category/SuccessAtApache

The Apache community opens November with the following activities:

ApacheCon™ –the ASF's official global conference series, now in its 20th year.
 - REGISTER for Apache Roadshow DC and free Open Source Job Fair http://www.apachecon.com/usroadshow18/

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield pop performance at 99.01% uptime. http://status.apache.org/

Apache Code Snapshot –this week, 555 Apache contributors changed 1,456,173 lines of code over 3,898 commits. Top 5 contributors, in order, are: Brahma Reddy Battula, Jean-Baptiste Onofré, Tellier Benoit, Ashutosh Mestry, and Gary Gregory.

Apache Allura™ –an Open Source implementation of a software forge, a Web site that manages source code repositories, bug reports, discussions, wiki pages, blogs, and more for any number of individual projects.
 - Apache Allura 1.10.0 released https://allura.apache.org/

Apache BVal™ –an implementation of the Java Bean Validation specification 2.0.
 - Apache BVal 2.0.0 released http://bval.apache.org/

Apache Commons™ Configuration –Open Source software library that provides a generic configuration interface which enables an application to read configuration data from a variety of sources.
 - Apache Commons Configuration 2.4 released http://commons.apache.org/

Apache Flink™ –an Open Source stream processing framework for distributed, high-performing, always-available, and accurate data streaming applications.
 - Apache Flink 1.5.5 and 1.6.2 released https://flink.apache.org/

Apache HBase™ –an Open Source, distributed, versioned, non-relational database.
 - Apache HBase 2.1.1 released https://hbase.apache.org/

Apache HttpComponents™ Client –a library for client-side HTTP communication built on HttpCore.
 - Apache HttpComponents Client 5.0 beta2 released http://hc.apache.org/

Apache Juneau™ –a toolkit for marshalling POJOs to a wide variety of content types using a common framework, and for creating sophisticated self-documenting REST interfaces and microservices using very little code. 
 - Apache Juneau 7.2.1 released http://juneau.apache.org/

Apache Kudu™ –an Open Source storage engine for structured data that supports low-latency random access together with efficient analytical access patterns.
 - Apache Kudu 1.8.0 released https://kudu.apache.org/

Apache NiFi™ –an easy to use, powerful, and reliable system to process and distribute data.
 - Apache NiFi 1.8.0 released https://nifi.apache.org/

Apache Qpid™ –a cross-platform messaging solution that implements the Advanced Message Queuing Protocol (AMQP).
 - Apache Qpid C++ 1.39.0 released https://qpid.apache.org

Apache Subversion^® –popular Open Source version control system used by millions across an array of applications worldwide.
 - The Apache Software Foundation Announces Apache^® Subversion^® v1.11.0 https://s.apache.org/N3fL
 - Apache Subversion 1.11.0 released https://subversion.apache.org/

Apache Tomcat™ –an Open Source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies.
 - [SECURITY] CVE-2018-11759 Apache Tomcat JK (mod_jk) Connector path traversal http://mail-archives.apache.org/mod_mbox/www-announce/201810.mbox/%3C16a616e5-5245-f26a-a5a4-2752b2826703%40apache.org%3E

Apache XMLBeans™ –now sub-project of Apache POI, XMLBeans is a tool that allows access to the full power of XML in a Java friendly way. 
 - Apache XMLBeans 3.0.2 released https://xmlbeans.apache.org/

Did You Know?

 - ASF Operations Summary: Q1 FY2019 https://s.apache.org/qiKn

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 - Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Apache in 2017 - By The Digits https://s.apache.org/h8do

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

# # #

Let's close out the week with the following activities from the Apache community:

ApacheCon™ –the ASF's official global conference series, now in its 20th year.
 - REGISTER TODAY for Apache Roadshow DC and Open Source Job Fair (job fair free to attend!) http://www.apachecon.com/usroadshow18/

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield sunshine-y performance at 98.87% uptime. http://status.apache.org/

Apache Code Snapshot –this week, 479 Apache contributors changed 1,107,294 lines of code over 2,938 commits. Top 5 contributors, in order, are: Cassandra Targett, Ash Berlin-Taylor, Guillaume Nodet, Oleg Kalnichevski, and Tilman Hausherr.

Apache HttpComponents™ Core –HTTP/1.1 and HTTP/2 transport components that can be used to build custom client and server side HTTP services with a minimal footprint.
 - HttpComponents Core 5.0 beta5 released http://hc.apache.org/

Apache HTTP Server –the world's most popular server software.
 - The Apache Software Foundation Announces Apache® HTTP Server v2.4.37 https://s.apache.org/1o7h

Apache Impala™ –a high-performance distributed SQL engine.
 - CVE-2018-11785 and CVE-2018-11792 addition of two security fixes to Apache Impala 3.0.1 release http://mail-archives.apache.org/mod_mbox/www-announce/201810.mbox/%3CCAC-pSX0osuFEzJg4aveHLAqBb_TUPSL9d-jr1%2B983gdAPYngiQ%40mail.gmail.com%3E

Apache ServiceComb™ –Open Source microservices framework.
 - The Apache Software Foundation Announces Apache® ServiceComb™ as a Top-Level Project https://s.apache.org/Wv9i

Apache Tomcat™ Native –provides portable API for features not found in contemporary JDKs.
 - Apache Apache Tomcat Native 1.2.18 released https://tomcat.apache.org/

Did You Know?

 - ASF Operations Summary: Q1 FY2019 https://s.apache.org/qiKn

 - ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 - The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 - Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Apache in 2017 - By The Digits https://s.apache.org/h8do

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

# # #

Wakefield, MA —24 October 2018— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache^® ServiceComb™ as a Top-Level Project (TLP).

Apache ServiceComb is an Open Source microservices software framework that enables developers to easily build and manage microservices-based applications efficiently and conveniently. The project was originally developed at Huawei and was donated to the Apache Incubator in November 2017.

"We are very proud that ServiceComb has arrived at this important milestone," said Willem Jiang, Vice President of Apache ServiceComb. “ServiceComb has evolved from a microservices software development kit to a full microservices solution in less than a year. While incubating in Apache, the number of ServiceComb users grew rapidly, and new developers are constantly coming in. It is amazing to grow at such a high rate."

As a one-stop microservices solution, Apache ServiceComb contains 3 sub-projects:

1. Java-Chassis - an out-of-the-box Java microservices SDK that includes four parts: service contract, programming model, running model and communication model, with a complete set of microservices governance abilities such as load balancing, fallback, rate limiting, and call stack tracing. Microservices governance and business logic are isolated.
   
   
2. Service-Center - a high-performance, highly available, stateless Golang implementation of the Service Discovery and Registration Center based on Etcd, which provides real-time service instance registration, real-time service instance notification, and inter-service testing based on contract.
   
   
3. Saga - provides an eventual consistency solution for distributed transactions which could be a pain point of microservices.

Apache ServiceComb's highlights include:

• Asynchronous kernel - both synchronous and asynchronous programming models based on VertX effectively ensures high performance and low latency, both in traditional enterprise applications or in emerging businesses such as e-commerce, Internet, and IoT, to avoid avalanche effect when reaching peak loads.
  
  
• Out-of-the-box experience - developers using the scaffolding website start.servicecomb.io, can launch microservices-based projects with integrated service registration, discovery, communication and microservices governance capabilities, and centralized configuration by default.
  
  
• Open API - automatic code generation and isolating logic code from governance streamlines the DevOps pipeline, enabling different teams to efficiently and independently develop and manage code, test, and document using bidirectional contract files and OpenAPI.

Apache ServiceComb is in use at dozens of organizations, including CeeWa Intelligent Technology, Huawei Cloud, iSoftStone, itcast, MedSci Medicine, Pactera, PICC, and Tongji University, among others.

"In 2015, Huawei Cloud launched microservices-related services, and this is the original code base of ServiceComb," said Liao Zhenqin, General Manager of Huawei Cloud PaaS Product Department. "Apache ServiceComb is the core of Huawei Cloud microservices engine CSE. It is the defacto standard at Huawei, and is widely used on many major products, including Huawei Consumer Cloud, Huawei Cloud Core, Huawei EI, among others. We are very happy to see ServiceComb's rapid progress at in the Apache Incubator, and encourage more engineers to continue to accept and contribute to Open Source by becoming a part of the Apache Software Foundation volunteer community."

Huawei Consumer Cloud depends on Apache ServiceComb's high performance, low latency, and asynchronous technology to implement a 1,500+ node scale microservices that supports 400 million online mobile phone users. Using ServiceComb, the queries-per-second more than doubled, while reducing latency by 45%.

"We use Apache ServiceComb to build our 'intelligent brain' for drone control. ServiceComb is an out-of-the-box microservices solution, which provides the microservices governance abilities without any coding," said Zhou Sujian,  Chief Architect of CeeWa Intelligent Technology. "Compared with using or implementing a traditional RPC framework, a lot of development resources are saved. With ServiceComb, both the team development and the node deployment efficiency are doubled, which are very exciting. We are also very happy to see ServiceCombs work on integrating Open Source distributed tracing systems such as Apache Zipkin, Apache SkyWalking and Prometheus, which greatly improved our cross-node chain tracing ability, and the team's efficiency to locate and solve problems."

"As microservices architecture is not a single-point technical issue, we need to response the rapid change of technology, organization, and processes flow," said Bao Yongwei, Vice President of Product Engineering Center at iSoftstone Smart City Technology. "Apache ServiceComb Java-Chassis does a good job, its core is implemented entirely on service contract which is based on OpenAPI that can help us automatically generate service skeleton code. This allows our teams to smoothly integrate our Smart City business system into microservices. We are very happy to see that our employees actively participate in the ServiceComb project and learned the Apache Way of open development with the Apache community. Apache ServiceComb is a star project, we strongly believe that participating in the ServiceComb community will help improve our software engineers' abilities."

"Apache ServiceComb has a solid community and a comprehensive technology background. The project's commitment to making it easier for enterprises to embrace microservices and cloud computing is impressive," said Yu Yang, Dean of itcast Institute. "Itcast selected ServiceComb as a microservices technology teaching material for education and training based on its good concepts on microservices design, excellent technical practice and perfect community documentation."

"Graduating as an Apache Top-Level Project demonstrates that all contributors have a place with Apache ServiceComb, whether they were part of the project before it arrived at the Apache Incubator or joined the community during the incubation process," added Jiang. "It is a pleasure to collaborate with volunteers in this open, equal, and diverse environment. We welcome new ServiceComb contributors to help with code development,  evangelizing on innovations in microservices, promoting community development 'the Apache Way', and other ways of participating."

Apache ServiceComb software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache ServiceComb, visit http://servicecomb.apache.org/ and https://twitter.com/ServiceComb

Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server --the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 730 individual Members and 6,800 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Anonymous, ARM, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Hortonworks, Huawei, IBM, Indeed, Inspur, LeaseWeb, Microsoft, Oath, ODPi, Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, and Union Investment. For more information, visit https://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "ServiceComb", "Apache ServiceComb", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #