The Apache Software Foundation Blog

Friday April 16, 2021

The Apache News Round-up: week ending 16 April 2021

It's Friday already --the week has zipped by. Let's take a look at what the Apache community has been up to:

The Apache Software Foundation – the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives.
 - The Apache Software Foundation Welcomes 40 New Members https://s.apache.org/2021NewMembers

Sponsor Success at Apache – the blog series that focuses on the people and processes behind why the ASF "just works", featuring insights and experiences from the perspective of select ASF Sponsors
 - "The Fork" by Wei Zhou https://s.apache.org/snobd

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 April 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - Registration for both ApacheCons are open: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September) https://www.apachecon.com/
 - CFP open for both events --deadline: 3 May
 - Sponsorships available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.82%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 389 Apache Committers changed 3,665,237 lines of code over 3,513 commits. Top 5 contributors, in order, are: Andrea Cosentino, Stephen Mallette, Nick Vatamaniuc, Andi Huber, and Jarek Potiuk.   

Apache Project Announcements – the latest updates by category.

Apache Attic --provides process and solutions when an Apache project has reached its end of life. http://attic.apache.org/
 - Apache Tajo has retired https://s.apache.org/qbf3g
 - Apache PredictionIO has retired https://s.apache.org/jabyg
 - Apache Lens has retired https://s.apache.org/xy0hb
 - Apache Labs has retired https://s.apache.org/ljate
 - Apache DRAT has retired https://s.apache.org/23ky1
 - Apache Crunch has retired https://s.apache.org/so0w2
 - Apache Twill has retired https://s.apache.org/p4uzy
 - Apache Chukwa has retired https://s.apache.org/7t8qb
 - Apache Sentry has retired https://s.apache.org/0y5mr
 - Apache Metron has retired https://s.apache.org/578zx
 - Apache Eagle has retired https://s.apache.org/q0vv9
 - Apache Marmotta has retired https://s.apache.org/gvczw
 - Apache Open Climate Workbench has retired https://s.apache.org/16mgz

APIs --
 - Apache APISIX Ingress Controller 0.5.0 released https://apisix.apache.org/

Big Data --
 - Apache Parquet Format 2.9.0 released https://parquet.apache.org/

Content --
 - Apache Jackrabbit 2.21.6 and Oak 1.22.7 released http://jackrabbit.apache.org/
 - Apache OpenOffice CVE-2021-30245: Code execution via non-http(s) schemes in Hyperlinks https://s.apache.org/3te5p

Identity Management --
 - Apache Syncope 2.1.9 released https://syncope.apache.org/

Messaging --
 - Apache Qpid Proton 0.34.0 and JMS 0.58.0 released http://qpid.apache.org/

Observability --
 - Apache SkyWalking 8.5.0 released https://skywalking.apache.org/

Orchestration --
 - Apache Hop (incubating) 0.70 released https://hop.apache.org/

Search --
 - Apache Solr 8.8.2 released http://solr.apache.org/
 - Apache Solr CVE-2021-29943: Unprivileged users may be able to perform unauthorized read/write to collections https://s.apache.org/chwmb
   CVE-2021-29262: Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings
https://s.apache.org/lubsr
   and CVE-2021-27905: SSRF vulnerability with the Replication handler
https://s.apache.org/rz4eh

Servers --
 - Apache Tomcat Native 1.2.28 released https://tomcat.apache.org/

Did You Know?

- Did you know that ApacheTika's OpenNLP language detector supports 148 languages? http://tika.apache.org/

- Did you know that Ignite Summit will be held online 25 May? https://ignite.apache.org/ 

- Did you know that the Robinhood financial services app is powered by Apache Airflow, Hadoop YARN, Hive, Hudi, and Spark? https://projects.apache.org/projects.html?category#big-data

Apache Community Notices

- The Apache Month in Review: March 2021 https://s.apache.org/Mar2021 and video highlights https://youtu.be/wq2HXN4z9W0

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Monday April 12, 2021

Sponsor Success at Apache: The Fork

by Wei Zhou

I joined the Apache CloudStack community in 2012 and became a committer in 2013, eventually becoming a PMC (Project Management Committee) member in 2017. My journey to becoming a PMC was both physical and literal, and included several forks in the road. The forks presented themselves in all aspects of my journey – although the literal forks came later, mainly because my journey began in China.

In 2010 I was working at China Mobile, the world's largest mobile network operator, in Beijing as the manager of a cloud project based on OpenNebula (another Open Source project). A year later, my partner received her PhD in the Netherlands and began working in Belgium, so I started looking for new work opportunities in the area. 

In 2012 I visited Europe and had a few interviews, but it was difficult at the time as my English was quite poor.

I was committed to finding a good job and moving to Europe, which meant I needed to improve my English quickly. I studied the language, left China Mobile, and moved to Belgium permanently. It took me seven months to became fluent in English. I re-interviewed at the companies that had rejected me seven months prior and landed a position in Amsterdam at Leaseweb as a Cloud Innovation Engineer. At that time, we had two public cloud platforms based on Apache CloudStack. I was mainly working on the research of Apache CloudStack.

In the first two months I fixed some bugs we found in our productions. Thanks to the CloudStack community, I also received tons of help as I began contributing my changes to the mainstream. In 2013 was invited to be a committer, 3 months after my first submission. It was a huge surprise and a massive honor for me, and I began pushing my changes for new features and bug fixes much more quickly.

A year later, in 2014, Leaseweb released its first private cloud based on Apache CloudStack. It was very welcomed by many customers. As this was happening, we began finding issues with CloudStack as customers were requesting more features and functionalities. The same year, Apache CloudStack moved code repositories to GitHub.com and started using GitHub pull quests to review and merge commits. While all commits should be reviewed and approved by other commits before they are merged into the mainstream, we had already made many changes at Leaseweb and could not wait for next release. Because of this we created our own fork containing all our changes and bug fixes. 

We developed very quickly, and our process was much faster than the review/merge process of Apache CloudStack. The gap between our fork and the community was getting bigger and bigger. When we decided to upgrade from CloudStack 4.2.1 to CloudStack 4.7.1, we had to spend half of a year just to port all of our changes in our fork based on CloudStack 4.2.1 to new fork based on CloudStack 4.7.1. The same problem happened again when we tried to upgrade to CloudStack 4.14, and we had to spend around one year to port all of our changes. The lesson we learned from these two upgrades was that we needed to contribute more to the community and maintain a fork as small as possible. After realizing this, we contributed all of our features and bug fixes to the community by creating many GitHub PRs. Some PRs have now already been merged into mainstream, while others are still in review.

My colleague recently asked me, “If you could go back in time, would you still make the Leaseweb fork?” My answer is yes, I would do it again. A fork makes us more flexible, as we can offer more stable production and more functionalities to our customers. However, if I could go back in time, I would have spent much more time contributing our changes to the community. I’ve learned that the gap between the fork and the community should be less than 100 commits.

We learned so much from these two painstakingly long ports and have implemented the above advice. From now on, the Leaseweb fork only contains features we have developed in the past and bug fixes. For new features, we will always contribute to community and deploy to our production only if it is merged into the mainstream. By doing this, we will be able to upgrade to the next CloudStack release much easier, and will benefit more from the community (e.g., more bug fixes, more features by other contributors). When we contribute to the community, we also benefit from knowledge sharing and the contributions from others.

Wei Zhou has been an Apache committer since 2013 and a PMC member since 2017. He has a Masters in Computer Applied Technology from the University of Science and Technology of China, and a PHD in Computer Organization and Architecture from the Institute of Computing Technology, Chinese Academy of Sciences. Wei specializes in all things computers and has over 10 years of experience in software development. He is a Principal Cloud Engineer at Leaseweb.

= = =

"Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works". "Sponsor Success at Apache" features insights and experiences by select ASF Sponsors https://apache.org/foundation/thanks.html

For more Success at Apache posts, visit https://blogs.apache.org/foundation/category/SuccessAtApache

Sunday April 11, 2021

The Apache Software Foundation Welcomes 40 New Members

The Apache Software Foundation (ASF) welcomes the following new Members who were elected during the annual ASF Members' Meeting on 9 and 11 March 2021:

Maxime Beauchemin, Bolke de Bruin, Wei-Chiu Chuang, Jiangjie (Becket), Pablo Estrada, Dave Grove, Madhawa Kasun Gunasekara, Nathan Hartman, Tilman Hausherr, Georg Henzler, Xiangdong Huang, Nikita Ivanov, Yu Li, Geoff Macartney, Denis A. Magda, Carl Marcum, Matteo Merli, Aaron Morton, Aizhamal Nurmamat kyzy, Enrico Olivelli, Jaikiran Pai, Juan Pan, Pranay Pandey, Arun Patidar, Jarek Potiuk, Rodric Rabbah, Katia Rojas, Maruan Sahyoun, Aditya Sharma, Atri Sharma, Ankit Singhal, Michael Adam Sokolov, Simon Steiner, Benoit Tellier, Josh Thompson, Abhishek Tiwari, Sven Vogel, William Guo Wei, Ming Wen, Andrew Wetmore, and Liang Zhang.

The ASF incorporated in 1999 with a core membership of 21 individuals who oversaw the progress of the Apache HTTP Server. This group grew with Committers —developers who contributed code, patches, documentation, and other contributions, and were subsequently granted access by the Membership:

  •  to "commit" or "write" directly to Apache code repositories as well as make non-code contributions;
  •  the right to vote on community-related decisions; and
  •  the ability to propose an active contributor for Committership.

Those Committers who demonstrate merit in the Foundation's growth, evolution, and progress are nominated for ASF Membership by existing Members.

This election brings the total number of ASF Members to 853 today. Individuals elected as ASF Members legally serve as the "shareholders" of the Foundation https://www.apache.org/foundation/governance/members.html

For more information on how the ASF works, visit http://www.apache.org/foundation/how-it-works.html 

Apache Is Open https://blogs.apache.org/foundation/entry/apache-is-open and 

Briefing: The Apache Way http://apache.org/theapacheway/

# # #

Friday April 09, 2021

The Apache News Round-up: week ending 9 April 2021

Happy Friday! Let's take a look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 April 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - Two ApacheCons are taking place in 2021: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September) https://www.apachecon.com/
   -- Registration and CFPs open for both events (CFP deadline: 3 May)
   -- Sponsorships available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 385 Apache Committers changed 1,986,331 lines of code over 3,300 commits. Top 5 contributors, in order, are: Andrea Cosentino, Mark Thomas, Tellier Benoit, Duo Zhang, and Jarek Potiuk.  

Apache Project Announcements – the latest updates by category.

Apache Attic --provides process and solutions when an Apache project has reached its end of life. http://attic.apache.org/
 - Apache Apex has retired https://s.apache.org/6b6dw
 - Apache Aurora has retired https://s.apache.org/d7emy
 - Apache Forrest has retired https://s.apache.org/ay2la
 - Apache Hama has retired https://s.apache.org/jz12i
 - Apache Stanbol has retired https://s.apache.org/21yt9
 - Apache VXQuery has retired https://s.apache.org/8ahun

APIs --
 - Apache APISIX 2.5 released https://apisix.apache.org/

Application Servers/Middleware --
- Apache Karaf runtime 4.3.1 released https://karaf.apache.org/

Content --
 - Apache PDFBox 3.0.0-RC1 released https://pdfbox.apache.org/

Embedded OS --
 - Apache Mynewt 1.9.0 and Apache NimBLE 1.4.0 released https://mynewt.apache.org/

Libraries --
 - Apache CXF CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks https://s.apache.org/fk5ik

Servers --
 - Apache Tomcat 8.5.65, 9.0.45, and 10.0.5 released https://tomcat.apache.org/

Web Frameworks --
 - Apache Wicket 7.18.0 and 8.12.0 released https://wicket.apache.org/

Workflow --
 - The Apache Software Foundation Announces Apache® DolphinScheduler™ as a Top-Level Project https://s.apache.org/yavpt

Did You Know?

- Did you know that the following Apache projects are celebrating anniversaries this month? Three cheers to Apache CXF (13 years); Avro, HBase, Mahout, Nutch, Tika, and Traffic Server (11 years); Creadur and Jena (9 years); DeltaSpike (8 years); ORC and Parquet (6 years); AsterixDB and Johnzon (5 years); CarbonData and Fineract (4 years); NetBeans, PLC4X, and SkyWalking (2 years); and ShardingSphere (1 year). https://projects.apache.org/committees.html?date

- Did you know that Apache DolphinScheduler and Apache ShardingSphere are joining forces at an online global MeetUp on 15 May? Presentations and use cases on both projects will be made in English. https://www.meetup.com/dolphinscheduler-meetup-group/

- Did you know that Ignite Summit will be taking place 25 May? https://ignite-summit.org/ 

Apache Community Notices

- The Apache Month in Review: March 2021 https://s.apache.org/Mar2021 and video highlights https://youtu.be/wq2HXN4z9W0

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Friend and follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Thursday April 08, 2021

The Apache Software Foundation Announces Apache® DolphinScheduler™ as a Top-Level Project

Open Source distributed Big Data visual workflow scheduler system in use at thousands of organizations, including Budweiser, China Unicom, IDG Capital, IBM China, JD.com, Lenovo, New Oriental, Nokia China, Qihoo 360, SF Express, and Tencent, among others.


Wilmington, DE —8 April 2021— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® DolphinScheduler™ as a Top-Level Project (TLP).


Apache DolphinScheduler is a distributed, extensible visual Big Data workflow scheduler system. The project was first created at Analysys in December 2017, and entered the Apache Incubator in August 2019.


"We learned a lot about becoming a strong Open Source project during our time in the Apache Incubator," said Lidong Dai, Vice President of Apache DolphinScheduler. "Our incubation mentors helped guide us with developing our project and community the Apache Way. We are pleased to have graduated as an Apache Top-Level Project."


As a distributed and extensible data workflow scheduler platform with rich directed acyclic graph (DAG) visual interfaces, DolphinScheduler solves complex task dependencies and triggers in the data pipeline. Out-of-the-box, its easy-to-extend processing connects numerous systems to 100,000-level data task scheduling. Apache DolphinScheduler is:

  • Cloud Native —support multi-cloud/data center workflow  management, also supports Kubernetes, Docker deployment and custom task types, distributed scheduling, with overall scheduling capability increased linearly with the scale of the cluster

  • Highly Reliable —decentralized multi-master and multi-worker, high availability, supported by itself, overload processing

  • User-Friendly —all process definition operations are visualized, defines key information at a glance, one-click deployment

  • Supports Rich Scenarios —includes streaming, pause, recover operation, multi-tenant, and additional task types such as spark, hive, mr, shell, python, flink, sub_process, and more.

"Apache DolphinScheduler is designed for cloud-native," added Dai. "We are proud to have built a reliable and cloud friendly data workflow system while using next generation architecture and smart UI design."


Apache DolphinScheduler has more than 4,000 users in China, with Internet companies and banks forming a large percentage of users. Users include Budweiser, China Unicom, IDG Capital, IBM China, JD.com, Lenovo, New Oriental, Nokia China, Qihoo 360, SF Express, and Tencent, among others.


"Apache DolphinScheduler is an excellent data workflow open-source product," said Zhengjun Yin, Architect at China Unicom. "Its community is very friendly and gives us strong support. We save the cost of hundreds of human-months by using DolphinScheduler!"


"Apache DolphinScheduler is amazing," said Xide Gu, Architect at JD Logistics. "JD Logistics used Apache DolphinScheduler as  a stable and powerful platform to connect and control the data flow from various data sources in JDL, such as SAP Hana and Hadoop. It offers open API, easy plug-in and stable data flow development and scheduler environment. DolphinScheduler really helps JD Logistics data team accelerate development efficiency in many Agile BI projects!"

"I am honored to guide the DolphinScheduler community from day one of the incubating. In the past 1.5 years, it grows fast and healthy," said Sheng Wu, ASF Board Member and DolphinScheduler Incubator Champion. "They learned the Apache culture quickly, and have great executive capability. It is great to see the project graduating from the incubator with a diverse and active community. Being a top-level project is a new beginning for you, look forward to becoming a global and powerful project." "I am honored to witness the entire process of DolphinScheduler from open source to entry into the Apache incubator, and then to graduation to become an independent Apache top-level project," said Shi Shaofeng, Member of the Apache Kylin and Apache Incubator Project Management Committees. "During more than one year, the participants in the DolphinScheduler community have been adhering to the open-source spirit, constantly innovating and making progress. The developers and contributors join in the community constantly and make DolphinScheduler, a big data scheduling tool created by the Chinese, become more and more perfect, more and more users, and enter a virtuous cycle of development. It is expected that after graduation from the incubator, she will continue to move forward under the management of PMCs and create more value for society and the public through open-source software." "Congratulations to open source project DolphinScheduler for graduating from the Apache incubator and becoming ASF's top project," said Chen Liang, Vice President of Apache CarbonData. "DolphinScheduler has been developing the community in accordance with the Apache Way and has attracted many open-source developers to join. With the joint efforts of community members, the project has become more and more mature. Best wishes to the DolphinScheduler community!"


"We look forward to diversifying the Apache DolphinScheduler community with seed users from all over the world," added Dai. "Those interested in participating are welcome to reach out to us on our project mailing lists and other channels."


Catch Apache DolphinScheduler in action at its global MeetUp, held online in collaboration with the Apache ShardingSphere community, on 15 May 2021. Members of the DolphinScheduler and ShardingSphere Project Management Committees will share features and use cases on both projects in English. To register, visit https://www.meetup.com/dolphinscheduler-meetup-group/

Availability and Oversight

Apache DolphinScheduler software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache DolphinScheduler, visit https://DolphinScheduler.apache.org/ , https://twitter.com/DolphinSchedule , and https://asf-dolphinscheduler.slack.com/ .


About the Apache Incubator

The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. All code donations from external organizations and existing external projects enter the ASF through the Incubator to: 1) ensure all donations are in accordance with the ASF legal standards; and 2) develop new communities that adhere to our guiding principles. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. For more information, visit http://incubator.apache.org/ 


About The Apache Software Foundation (ASF)

Established in 1999, The Apache Software Foundation is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 200 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with nearly 8,100 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cloudera, Comcast, Confluent, Didi Chuxing, Facebook, Google, Handshake, Huawei, IBM, Microsoft, Namebase, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF  


© The Apache Software Foundation. "Apache", "DolphinScheduler", "Apache DolphinScheduler", "ShardingSphere", "Apache ShardingSphere", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Friday April 02, 2021

The Apache News Round-up: week ending 2 April 2021

Welcome, April --we're opening the month with another great week. Here's what the Apache community has been up to:

Apache Month-in-Review – a look back at our activities over the past month. 
- March 2021 https://s.apache.org/Mar2021 and video highlights https://youtu.be/wq2HXN4z9W0

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 April 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFPs open for ApacheCon@Home AND ApacheCon Asia https://www.apachecon.com/ 
 - Event Sponsorship available for both ApacheCon@Home and ApacheCon Asia https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.78%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 383 Apache Committers changed 2,210,334 lines of code over 3,572 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Andrea Cosentino, Daniel Gruno, Mark Thomas, and  Thomas Vandahl.       

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Druid 0.20.2 released https://druid.apache.org/
 - Apache Druid CVE-2021-26919: Authenticated users can execute arbitrary code from malicious MySQL database systems https://s.apache.org/xgi7a

Content --
 - Apache Tika 1.26 released https://tika.apache.org/
 - Apache Tika CVE-2021-28657: Infinite loop in MP3 parser https://s.apache.org/9vlh2

Database --
 - Apache ZooKeeper 3.7.0 released https://zookeeper.apache.org/
 - Apache Geode 1.13.2 released http://geode.apache.org/

Integration --
 - Apache Camel 3.9.0 released https://camel.apache.org/

Libraries --
 - Apache MXNet (Incubating) 1.8.0 released http://mxnet.incubator.apache.org

Observability --
 - Apache SkyWalking Python 0.6.0 and NodeJS 0.2.0 released https://skywalking.apache.org/

Web Frameworks --
 - Apache Wicket 9.3.0 released https://wicket.apache.org/


Did You Know?

- Did you know that this year's ApacheCon Platinum sponsorships are sold out? Great options and combo packages available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

- Did you know that Apache Druid will be holding their Ecosystems MeetUp on 6 April and DataEng MeetUp on 7 April? http://druid.apache.org/ 

- Did you know that the Apache CloudStack community will hold its virtual European User Group on 27 May? http://cloudstack.apache.org/

Apache Community Notices

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Friend and follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Thursday April 01, 2021

Apache Month in Review: March 2021

Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in March (video highlights available at https://s.apache.org/exppv):

New this month --

 - It's our anniversary! The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

 - Announcing New ASF Board of Directors https://s.apache.org/NewBoard2021

 - ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
   -- CFPs open for ApacheCon@Home AND ApacheCon Asia https://www.apachecon.com/ 
   -- Event Sponsorship available for both ApacheCon@Home and ApacheCon Asia https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

 - The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

 - The Apache Software Foundation Announces Apache® Daffodil™ as a Top-Level Project https://s.apache.org/18vob

 - Apache Month in Review: February 2021 https://s.apache.org/Feb2021 + Video highlights https://youtu.be/6TMuYglu2Cc


Important Dates --

  - Next Board Meeting: 21 April 2021. Board calendar and minutes http://apache.org/foundation/board/calendar.html


Infrastructure --

Our seven-member Infrastructure team on three continents oversees our highly-reliable, distributed network under the leadership of VP Infrastructure David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure supports 300+ Apache projects and their communities across ~200 individual machines, 1,400+ repositories, 5-6PB in traffic annually, ~75M downloads per month, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly checks to ensure services are available around the clock. The average uptime in March was 99.75%. http://www.apache.org/uptime/

Committer Activity --

In March, 783 Apache Committers changed 12,041,653 lines of code over 16,037 commits. The Committers with the top 5 highest contributions, in order, were: Andrea Cosentino, Jean-Baptiste Onofré, Mark Thomas, Claus Ibsen, and Gary Gregory.

Project Releases and Updates --

New releases from Apache APISIX (API); Avro (Big Data); Camel (Integration); CloudStack (Cloud Computing); Commons Lang and Numbers (Libraries); Daffodil (Libraries); Flink (Big Data); HttpComponents (Servers); Jackrabbit (Content); Karaf (Application Servers/Middleware); Log4j (Libraries); NetBeans (Integrated Development Environment); NiFi (Big Data); OFBiz (Enterprise Processes Automation / ERP); OpenMeetings (Web Conferencing); Parquet (Big Data); PDFBox (Content); Qpid JMS (Messaging); Skywalking (Application Performance Management); SpamAssassin (Mail); Teaclave (Incubating; Computing); Tomcat (Servers); Velocity (Library); XMLBeans (Library).

The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. We invite you to review the many projects currently in development in the Apache Incubator http://incubator.apache.org/ .

# # #

To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!

Friday March 26, 2021

The Apache News Round-up: week ending 26 March 2021

Farewell, March --we're wrapping up the month with another great week. Here are the latest updates on the Apache community's activities:

It's our anniversary! The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M
 - Next Board Meeting: 21 April 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFPs open for ApacheCon@Home AND ApacheCon Asia https://www.apachecon.com/ 
 - Event Sponsorship available for both ApacheCon@Home and ApacheCon Asia https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.85%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 380 Apache Committers changed 2,537,583 lines of code over 3,380 commits. Top 5 contributors, in order, are: Mark Thomas, Alexander Pucher, Tilman Hausherr, Claus Ibsen, and Andrea Cosentino.       

Apache Project Announcements – the latest updates by category.

Application Servers/Middleware --
 - Apache Karaf 4.2.11 released https://karaf.apache.org/

Big Data --
 - Apache Qpid JMS 0.57.0 released https://qpid.apache.org/
 - Apache Parquet 1.12.0 released https://parquet.apache.org/

Content --
 - Apache PDFBox 2.0.23 released https://pdfbox.apache.org/
 - Apache PDFBox CVE-2021-27807: A carefully crafted PDF file can trigger an infinite loop while loading the file https://s.apache.org/6qk90
   and CVE-2021-27906: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file https://s.apache.org/cz894

Enterprise Processes Automation / ERP --
 - Apache OFBiz 17.12.06 released https://ofbiz.apache.org/
 - Apache OFBiz CVE-2021-26295: RCE vulnerability due to Java serialization using RMI https://s.apache.org/styah

Mail --
 - Apache SpamAssassin 3.4.5 released http://spamassassin.apache.org/
 - Apache SpamAssassin CVE-2020-1946: Malicious rule configuration (.cf) files can be configured to run system commands https://s.apache.org/g5s6w


Did You Know?

- Did you know that you can help improve the Apache Flink community experience by completing their Community Survey before 30 March? https://s.apache.org/4xv8n

- Did you know that the Ignite Summit will take place online on 25 May? https://ignite.apache.org/

- Did you know that Apache Hop (incubating) will be presenting "The Road to Hop 1.0" at their Hot Hop Hangout session on 1 April? https://s.apache.org/ypt6f


Apache Community Notices

- The Apache Month in Review: February 2021 https://s.apache.org/Feb2021 + Video highlights https://youtu.be/6TMuYglu2Cc

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Friend and follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Wednesday March 24, 2021

The Apache® Software Foundation Celebrates 22 Years of Open Source Innovation "The Apache Way"

World's largest Open Source foundation provides $22B+ in community-led software 100% free of charge for the common good

Wilmington, DE —24 March 2021— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today its 22nd Anniversary.

Originally established by the 21-member Apache Group, who oversaw the then-3-year-old Apache HTTP Server, the ASF today is the world's largest, vendor-neutral, Open Source foundation, comprising 800+ individual Members, 8,100+ Committers, and 40,000+ code contributors located on every continent. Conservatively valued at more than $22B, Apache’s 350+ projects and 37 incubating podlings are all freely-available to the public-at-large, at 100% no cost, and with no licensing fees.

"Over the past 22 years the ASF has evolved to meet the growing needs of the greater community," said Sander Striker, Board Chair of The Apache Software Foundation. "The ASF enables people from all over the world to collaborate, develop, and shepherd the projects and communities that are helping individuals, sustaining businesses, and transforming industries."

Advancing its mission of providing software for the public good, the ASF's projects are integral to nearly every aspect of modern computing, benefitting billions worldwide. The "Apache Way" process of community-led, collaborative development has led to breakthrough innovations in Artificial Intelligence and Deep Learning, Big Data, Build Management, Cloud Computing, Content Delivery and Management, Edge Computing and IoT, Fintech, Identity Management, Integration, Libraries, Messaging, Mobile, Search, Security, Servers, and Web Frameworks, among other categories. Projects undergoing development in the Apache Incubator span AI, Big Data, blockchain, Cloud computing, cryptography, deep learning, email, IoT, machine learning, microservices, mobile, operating systems, testing, visualization, and more.

Nearly half a million people participate in ASF projects and initiatives, including ApacheCon, the ASF's official global conference series; Community Development, which oversees contributor onboarding and mentoring and programs such as Google Summer of Code; and Diversity & Inclusion, whose programs promote diversity, equity, and inclusion across the greater Apache community.

The ASF's influence is everywhere —countless ubiquitous and mission-critical applications across dozens of industries are powered by Apache projects; the Apache License 2.0 was the top-ranked Open Source license in 2020 (source: WhiteSource); the Apache Way is the backbone for open development and inner source environments; and new users, developers, and enthusiasts are onboarding to the greater Apache community every day (the ASF has been a Google Summer of Code mentoring organization for the past 16 years, since the program's inception). The ASF is the top-ranked Open Source not-for-profit organization with the most stars on GitHub (source: GitHub).

A just-released feature on the ASF in FOSSlife [1] states, "The Apache project has undeniably changed the world … Apache remains a crucial Web server, the most popular in the field. For building Open Source communities, the lessons learned by creating the project still resonate throughout the open source world. Every project is advised to respect the Apache value of 'community over code'."

ASF operations bolster Apache projects and their communities with infrastructure support, bandwidth, connectivity, servers, hardware, development environments, legal counsel, accounting services, trademark protection, marketing and publicity, educational events, and related administrative assistance. As a United States private 501(c)(3) not-for-profit charitable organization, the ASF's day-to-day operating expenses are offset through tax-deductible sponsorships, corporate contributions, and individual donations. Current ASF Sponsors are:

Platinum: Amazon Web Services, Facebook, Google, Huawei, Microsoft, Namebase, Pineapple Fund, Tencent, and Verizon Media.

Gold: Anonymous, Baidu, Bloomberg, Cloudera, Confluent, IBM, Indeed, Reprise Software, Union Investment, and Workday.

Silver: Aetna, Alibaba Cloud Computing, Capital One, Comcast, Didi Chuxing, Red Hat, and Target.

Bronze: Bestecasinobonussen.nl, Bookmakers, Casino2k, Cerner, Curity, GridGain, Gundry MD, Host Advice, HotWax Systems, Journal Review, LeoVegas Indian Online Casino, Miro-Kredit AG, Mutuo Kredit AG, Online Holland Casino, ProPrivacy, PureVPN, RX-M, RenaissanceRe, SCAMS.info, SevenJackpots.com, Start a Blog by Ryan Robinson, Talend, The Best VPN, The Blog Starter, The Economic Secretariat, Top10VPN, Twitter, and Writers Per Hour.

Targeted Platinum: Amazon Web Services, CloudBees, DLA Piper, Fastly, JetBrains, Leaseweb, Microsoft, OSU Open Source Labs, Sonatype, and Verizon Media.

Targeted Gold: Atlassian, Datadog, Docker, PhoenixNAP, and Quenda.

Targeted Silver: HotWax Systems, Manning Publications, and Rackspace.

Targeted Bronze: Bintray, Education Networks of America, Friend of Apache Cordova, Google, Hopsie, No-IP, PagerDuty, Peregrine Computer Consultants Corporation, Sonic.net, SURFnet, and Virtru.

"Baidu has always maintained close cooperation with Apache Software Foundation. In the past, we donated Apache ECharts, Apache Doris, Apache brpc, and Apache Teaclave. We are very grateful to Apache way for promoting the growth of these projects and enabling Baidu to make greater contributions to the open source world together with ASF."
—Zhenyu Hou, Corporate Vice President of Baidu Group

"Congratulations to the Apache Software Foundation on its twenty-second anniversary! If it were not for ASF's work to incubate and steward open source projects, the internet community would not be thriving to the same degree. Open source is enabling our digital prosperity, and the ASF plays a key, behind-the-scenes role in this. We share their vision for the availability of trustworthy open-source software and are proud to be a sponsor."
—Travis Spencer, CEO of Curity

"Congratulations to the 22nd anniversary of the Apache Software Foundation! Didi Chuxing is more than honored to join the Apache family as a corporate sponsor this year. At Didi, our developers utilize and contribute to many Apache projects such as Hadoop, Kylin, and Flink etc. Sharing the same “Community Over Code” principle, we hope to drive more innovations with Apache and we look forward to further collaborations!"
—Yunbo Wang, Director of Technical Community and Open Source at Didi Chuxing

"Facebook was originally built on a stack using the Apache HTTP Server, and it's one of the many reasons we've been sponsoring, advocating, utilizing, and contributing to the ASF for the past 10 years. We're proud to be a part of the ASF community and look forward to continued support of its mission to provide Open Source software for the public good."
—Joel Marcey, Open Source Developer Advocate and Ecosystem Lead at Facebook

"We are honored to be a part of and proud to support the ASF! The Apache community continues to be an incredibly valuable resource for HotWax. Contributing to and receiving from the ASF remains a central focal point for our business, and an important part of our team philosophy."
—Mike Bates, CEO of HotWax Systems

"It is an honor to support Apache, an organization responsible for such an astounding amount of Open Source projects that truly make up the fabric of the Internet. Here's to all that's been accomplished in the last 22 years – we can't wait to see what the future of open development brings."
—Robert van der Meulen, Global Product Strategy Lead at Leaseweb

"We're extending a big congratulations to the Apache Software Foundation on their 22nd anniversary! The ASF has been a key driver for the success of open source software models and community-led development for over two decades. Microsoft is honored to engage with and contribute to the Apache community across many facets of our business including Azure big data, Hadoop and Spark – and we look forward to continuing the collaboration."
—Stormy Peters, Director of Open Source Programs Office at Microsoft

"Congratulations to the Apache Software Foundation on its 22nd anniversary! Tencent has been a user and contributor to the projects at ASF. Many developers from Tencent have been actively involved with the ASF projects as Chair or PMC. We look forward to continuing our collaboration and creating more open-source innovations with 'The Apache Way'."
—Mark Shan, Chair of Tencent Open Source Alliance


[1] FOSSlife "How the Apache Project Boosted the Free and Open Source Software Movements" https://www.fosslife.org/how-apache-project-boosted-free-and-open-source-software-movements

Additional ASF Resources

 - "Trillions and Trillions Served" documentary on the ASF https://s.apache.org/Trillions-Feature

 - About The Apache Way http://apache.org/theapacheway/

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

 - Ways to support the ASF http://apache.org/foundation/contributing.html


About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation is the world's largest Open Source foundation, stewarding 227M+ lines of code and providing more than $22B+ worth of software to the public at 100% no cost. The ASF's all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with nearly 8,100 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Capital One, Cloudera, Comcast, Confluent, Didi Chuxing, Facebook, Google, Huawei, IBM, Indeed, Microsoft, Namebase, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "Apache HTTP Server", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Friday March 19, 2021

The Apache News Round-up: week ending 19 March 2021

And it's Friday! Let's take a look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021
 - Next Board Meeting: 21 April 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFPs open for ApacheCon@Home AND ApacheCon Asia: proposals now accepted for both events! Tracks include API/Microservices, Big Data, Cassandra, Community, Content Delivery & Management, Culture, Drill, Fineract/Fintech, Geospatial, Groovy, Incubator, Integration, IoT/IIoT, Karaf, Messaging, Middleware, Observability, Royale, RDF/Linked Data, Search, Social Data, Streaming, Tomcat, and more. https://www.apachecon.com/ 
 - Event Sponsorship available, including package deals for a global presence at both events! https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.38%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 400 Apache Committers changed 3,004,173 lines of code over 3,661 commits. Top 5 contributors, in order, are: Andrea Cosentino, Claus Ibsen, Daan Hoogland, Gary Gregory, and Mark Thomas.                           

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache NiFi 1.13.1 released http://nifi.apache.org/
 - Apache Avro 1.10.2 released https://avro.apache.org/

Libraries --
 - Apache Log4j 2.14.1 released http://logging.apache.org/
 - Apache XMLBeans 5.0.0 released  https://xmlbeans.apache.org/

Servers --
 - Apache HttpComponents Core 5.1 GA released https://hc.apache.org/

Web Conferencing --
 - Apache OpenMeetings CVE-2021-27576: Bandwidth can be overloaded with public web service https://s.apache.org/2pj12


Did You Know?

- Did you know that the ASF provides a comprehensive list of Export Control Classification Numbers (ECCNs) for more than 50 Apache projects subject to export controls? https://apache.org/licenses/exports/

- Did you know that the CFP for Airflow Summit (8-16 July 2021) is now open? https://airflowsummit.org/ 

- Did you know that the Apache Druid community will be holding "drop-in" MeetUps on 23 and 31 March? http://druid.apache.org/


Apache Community Notices

- The Apache Month in Review: February 2021 https://s.apache.org/Feb2021 + Video highlights https://youtu.be/6TMuYglu2Cc

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Friend and follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.


Monday March 15, 2021

The Apache Software Foundation Operations Summary: 1 November 2020 - 31 January 2021

FOUNDATION OPERATIONS SUMMARY

Third Quarter, Fiscal Year 2021 (November 2020 - January 2021)

"We’re proud to be a part of the ASF community and look forward to continued support of its mission to provide Open Source software for the public good."
—Joel Marcey, Open Source Developer Advocate and Ecosystem Lead at Facebook (ASF Platinum Sponsor)


> Conferences and Events http://apachecon.com/ 

We held no events during the reporting period.

We have begun discussion of dates and details for ApacheCon 2021, and expect to have an announcement by March 1st. This event will, once again, be an online-only event.

Please watch @apachecon (on Twitter) for that announcement.

> Community Development http://community.apache.org/ 

During December an Apache Roadshow China was held in conjunction with COSCon. The event was a great success and we are looking forward to participation at future events.

A key theme this quarter was communication and ensuring our community was being kept informed of what is happening. As a result, we have been experimenting with a new format for the Apache News Roundup have been trialling it with the community. A range of short videos have been created focussed on different but hopefully useful topics. Feedback from the community has been extremely positive.

We applied for and were accepted for an online booth at FOSDEM. Throughout January most of our efforts were focussed on preparing for our participation at FOSDEM. Even with the very short timeframe,  several of our volunteers worked quickly and efficiently to put together an online presence for us during the event.

A request has been received to try and establish an Apache Local Community (ALC) in Nigeria so we are currently looking for an ASF member or PMC members from any Apache project that live locally that can become the main point of contact. These are part of the minimum requirements for governance when establishing a new ALC group.

We are in the final stages of our Google Summer of Code (GSoC) application so have also been gathering ideas from our projects.

Our mailing list has seen a large increase in traffic this quarter. Some of the increase is related to GSoC proposal requests being received from our projects. Yet even with the break for the holidays, it was good to see our discussion activity grow.  


> Committers and Contributions http://apache.org/licenses/contributor-agreements.html 

Over the past quarter, 1,424 contributors committed 64,101 changes that amount to 35,706,852 lines of code across Apache projects. The top 5 contributors, in order, were: Andrea Cosentino (1,544 commits), Xiang Xiao (1,301 commits), Jean-Baptiste Onofré (971 commits), Kaxil Naik (907 commits), and Gary Gregory (878 commits).

All individuals who are granted write access to the Apache repositories must submit an Individual Contributor License Agreement (ICLA). Corporations that have assigned employees to work on Apache projects as part of an employment agreement may sign a Corporate CLA (CCLA) for contributing intellectual property via the corporation. Individuals or corporations donating a body of existing software or documentation to one of the Apache projects need to execute a formal Software Grant Agreement (SGA) with the ASF.

During Q3 FY2021, the ASF Secretary processed 198 ICLAs, 4 CCLAs, and 16 Software Grants. History of Apache committer growth can be seen at https://projects.apache.org/timelines.html


> Brand Management http://apache.org/foundation/marks/ 

Operations —the work of the Brand Management team falls broadly into one of four categories:

  • providing advice to projects
  • granting permission to use our marks
  • trademark transfers and registrations
  • addressing potential infringements of our marks

As with previous quarters we provided both Apache projects and external parties with advice on the correct use of Apache marks in a range of scenarios including branding of YouTube channels, Docker images Registrations, publishing, translations of project websites, tshirts, and stickers. The COVID-19 pandemic doesn't appear to reduced the number of project related events although all of the ones approves this quarter were, unsurprisingly, on-line events.

This quarter we worked with the KAFKA project and counsel to develop a KAFKA specific branding policy for KAFKA clients and connectors.

Another element of the advice we provide is naming advice for podlings. This quarter we provided advice to a project considering applying to join the Apache incubator and to three podlings.

Other advice provided this quarter included advice on using non-ASF logos on a project website and whether or not a project's mark was registered. We also rejected a mid-directed infringement claim for a non-ASF controlled website that just happened to be hosted on httpd.

Registrations

This quarter we started the process of updating the official ASF address associated with our registrations. There are costs associated with this process but we still anticipate brand expenditure for this year to remain within budget.

The APACHE IGNITE registration for China completed this quarter.

The registrations for APACHE and APACHE FLINK in China, BROOKLYN in the US continued to progress this quarter. 

We worked with counsel and the current registrants to progress the transfer of ownership of the APISIX marks in China and SERVICECOMB marks in the US and EU to the ASF.

Infringements

This quarter we saw an increase in people and organisations using derivations of the Apache License, version 2 without changing the primary branding of the license. While we do not object to the creation of such derivative licenses, we do want to ensure that they do not cause

confusion amongst end-users. Therefore, we monitor for such licenses and work with the authors to ensure that the licenses are clearly branded so that they will not be confused with the Apache License, version 2.

We have made some progress towards addressing infringing products sold in various online stores but have not yet resolved these issues.

It is usually members of our project communities who are first to identify potential infringements. This quarter we provided advice to a number of PMCs as to the best approach to take to address a potential infringement.

And finally…

The Brand Management team welcomes your comments and suggestions as well as any questions you might have. Please see https://www.apache.org/foundation/marks/contact for our contact details.

> Security http://apache.org/security/ 

We continued to work on handling incoming security issues, keeping projects reminded of their outstanding issues, allocation of CVE names, and other general oversight and advice.

For Q3 we tracked 138 new vulnerability reports across 47 projects. Those reports led to 36 published CVE vulnerabilities.  The previous Q3 for comparison was 95 reports leading to 41 CVE.

We published a security report for calendar year 2020: https://s.apache.org/SecurityReport2020

The CVE project released a new automation API and the ASF became the first organisation to get a live CVE name using it. Instead of the security team holding a pool of names requested in advance we now allocate them on demand, with the service taking care of emails to the PMC and other previously manual parts of the process.  We released an internal tool providing projects dealing with security issues a way to edit, validate, and submit their entries to Mitre.  We aim to have the CVE database updated within a day of an issue being published. We expect more automation available during 2021 allowing us to streamline the CVE process for projects even further.


> Privacy http://apache.org/foundation/policies/privacy.html 

A few questions were answered on the privacy list. Most of the requests were around our use of the mailing lists. It was recommended that any person, who has privacy concerns over mailing list data, is redirected to vp-privacy@ or to the privacy@ list directly (if the request is not sensitive itself).

A GIT repository was created for working on policies. Apart from that, privacy did not handle critical issues so far. In the next few weeks we will see working drafts for mailing list archives.


>  Infrastructure http://apache.org/dev/infrastructure.html

The Infrastructure has done well over the past quarter, maintaining cost controls and keeping our team home and healthy.

This past quarter has seen a large change in our back-office, with how we manage our US-based employees. While it took a lot of effort, it did not impact our team's operations. We are up and rolling smoothly, after these changes.

There was a scare in the security around some of our automated CI/CD systems, which we quickly handled. In the end, the initial concern did not pan out to any real problems. Yet we learned and expanded some of our Best Practices, and implemented a scanner to monitor for future security concerns in this area.

The team has started a monthly "Builds" conference call to bring the broader community together to talk "all things builds". This has enabled a sharing of ideas, helped us advance more of our CI/CD infrastructure, and highlighted the pain points that our communities are seeing.

Our background work has continued, as usual, in areas such as testing a CDN deployment, improved integration between the ASF and GitHub, investigating a move from our on-premise Atlassian products to their cloud-based services, and our mail system upgrade.


> Treasury and Financial Statement --map against https://s.apache.org/FY2019AnnualReport 

The Treasurer, Myrle Krantz, and the Assistant Treasurer, Trevor Grant have contributed to keeping The Foundation in excellent fiscal shape with all tax and compliance forms filed on time. Latest public filings can be found at http://www.apache.org/foundation/records/. We have advised that officers minimize expenses until there is more certainty in global economic outlooks. Officers have done an excellent job at cost control throughout the fiscal year, and we hope that in the coming fiscal year that the need for austerity will be reduced. We transitioned, this quarter, from accounting provided by Virtual to accounting provided by IgniteSpot. Benefits we have seen from this transition include:

  • better transparency into accounting and smoother budgeting processes by moving from QuickBooks Enterprise to QuickBooks Online,
  • better automation of our processes via the integration of QuickBooks Online with Bill.com and our banking solutions, and
  • reduced costs.

We are pleased with the enthusiastic support IgniteSpot has provided Fundraising with invoicing and reporting, and we hope to see this continue. The transition has forced us to examine our internal processes, and given us opportunities to improve them.

In the process of transitioning accountants, we have also transitioned PEO providers. We now employ ADP Total Source directly. In addition we have transitioned to a new physical mailing address and a new registered agent. We thank Greg Stein, David Nalley, and Ruth Suehle for the truly excellent collaboration which made a change of this extent possible. We thank Virtual for their many years of service. The Apache Software Foundation would not be where we are today without the tireless efforts of Virtual to modernize our accounting processes and make them sustainable. In all, the transition has been extremely smooth. Our books were imported without difficulties. Thanks to the work Myrle Krantz and Greg Stein performed earlier this year to introduce bill.com, there were no interruptions in our vendor payments. And thanks to heightened attention by Sally Khudairi, and Daniel Ruggeri and IgniteSpot, there were no interruptions to sponsor invoicing. The financial report has a few more details than past quarterly reports. We have adjusted reporting to include mention of restricted funds. ASF Treasury has gone above and beyond to support fundraising this quarter. In particular, to make possible a two year platinum sponsorship before the end of the sponsor’s fiscal year, Myrle Krantz, with support from Greg Stein, and direction from Sally Khudairi interfaced with a sponsor’s PO system and generated and submitted last minute estimates and invoices. This team worked through multiple iterations over the course of several hours on New Year’s Eve and New Year’s Day to get it right. This was possible, in part, because the ASF Treasury now has access to our own books via QuickBooks Online. We have added a bank account at TDBank to our mix of financial instruments. The majority of our cash remains in a CDARS account at Boston Private which provides FDIC insurance for the full amount.


Cash and Restricted Cash for Q3 FY 2021




Apache Software Foundation






Q3 FY 21





Checking/Savings Balances:





Boston Private CDARS Account

$ 3,031,266




Citizens Money Market

$ 152,007




Citizens Checking

$ 360,697




PayPal - ASF

$ 5,190




Stripe

$ 2,823




TD Bank Checking

$ 121,323



Total Checking/Savings

$ 3,673,306 








Restricted Funds:





Conditional Gift

$ 500,000




Project Restricted Funds

$ 32,979



Total Restricted Funds

$ 532,979








Unrestricted Cash/Checking

$ 3,140,327









Income and Expenses for Q3 FY 2021




Apache Software Foundation






Q3 FY 21



Income Summary:





Public Donations

$ 43,710




Sponsorship Program

$599,010




Programs Income

$ 0




Conference/Event Income

$ 1,000




Interest Income

$ 53



Total Income

$ 643,773 





Expense Summary





Infrastructure

$ 228,7920




Programs Expense

$ 0




Publicity

$7,456




Brand Management

$ 3,255




Conferences

$ 690




Travel Assistance Committee

$ -




Fundraising

$ 62,273




Privacy

$ -




Treasury Services

$ 20,207




General & Administrative

$ 9,207




Diversity and Inclusion

$ -



Total Expense

$ 331,881

Net Income

$ 311,892



> Diversity and Inclusion http://diversity.apache.org/

Diversity & Inclusion

Q3 of FY2021 focused on wrapping up the first research on the current status of D&I at the ASF, securing funds for one more year of Outreachy internships and planning for FY2022. Below is a breakdown of these accomplishments.

Wrapping the research on the current status of Diversity and Inclusion at the ASF
This project was composed of two initiatives: The ASF Community Survey and a User Experience Research for contributors of underrepresented groups. These two initiatives concluded in Q2 and we have a final draft https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=173087952 to be published in multiple channels, such as research publications and conferences like ApacheCon.

Continuing the internships for underrepresented groups through Outreachy.org
The third period of Outreachy internships is underway and we have six interns for six different Apache projects https://cwiki.apache.org/confluence/display/EDI/2020-11-25+Outreachy+Meeting+notes . We secured $52,000 in sponsorship from Google to continue with this program for one more year. The sponsorship will be processed in March 2021.  

FY2022 planning
The findings and recommendations from the research completed in FY2021 will be the platform  for taking action in FY2022. The D&I committee will have the following goals in FY2022: 

  • Act on the findings and recommendations from the research done in FY2021
  • Continue the Outreachy Internships
  • Re-application of the community survey to measure changes since the survey was last done in 2020. 

The ultimate objective is to scope and define a project that will help us take the current state of D&I at the ASF to better neights. We will partner with Bitergia again, this is the firm that conducted the research and ran the ASF community survey in 2020. One of the alternatives we’re strongly considering is the creation of a program that helps podlings in the incubator develop strong practices for inclusion, enabling the projects to be diverse from the moment they graduate from incubation. This is still one are of consideration, and we’ll have the final selection by the end of the quarter. 

 

> Fundraising http://apache.org/foundation/contributing.html

As was noted in prior quarterly reports, Fundraising continues to move along well operationally. In addition to performing regular renewals, we are further honing our processes by experimenting with automation and tooling to augment our work. In this quarter, we are pleased to note that all ApacheCon sponsorships have completed and closed in the early quarter. Additionally, we managed to continue business-as-usual during a very busy December as the foundation onboarded a new accounting provider and platform.

We continue maintaining cautious optimism as we weather the current pandemic with our Sponsors and are tremendously thankful for the continued sponsorship despite the hard times. While we regret that two Bronze sponsors chose not to renew their sponsorship this quarter, we are thrilled to welcome a new Platinum Sponsor, Gold Sponsor, Silver Sponsor, and Bronze Sponsor! This growth in sponsorships is a heart warming indication that the amazing work done here at The ASF is recognized and appreciated in the global community. To that point, we are pleased to see that this quarter saw a higher than typical number of individual donations to the foundation.

The joy we feel from the continued support of our individual and corporate sponsors simply cannot be overstated. In the tough times leading into and during the initial days of the pandemic, like many others, we just did not know what to expect. After all, the only income our all-volunteer-led foundation receives comes from sponsorships. The ASF is known to house projects that creates industries, evolves the technology landscape, improves the world we live in - and we do it in a way that is fair and equitable to all who participate regardless of background. This is all entirely possible because of the generosity of our sponsors… especially during difficult days.

With a truly humble and grateful heart: THANK YOU for continuing to support us during this storm.

The list of all Sponsors is available at http://apache.org/foundation/thanks . To become an ASF Sponsor, visit http://apache.org/foundation/sponsorship.html . To make a one-time or monthly recurring donation, please visit https://donate.apache.org/ .


= = =

Report prepared by Sally Khudairi, Vice President Marketing & Publicity, with contributions by Rich Bowen, Vice President Conferences; Mark Cox, Vice President Security; Griselda Cuevas, Vice President Diversity & Inclusion; David Nalley, Vice President Infrastructure; Sharan Foga, Vice President Community Development; Christian Grobmeier, Vice President Data Privacy; Myrle Krantz, Treasurer; Daniel Ruggeri, Vice President Fundraising; Greg Stein, Infrastructure Administrator; and Mark Thomas, Vice President Brand Management.

For more information, subscribe to the announce@apache.org mailing list http://apache.org/foundation/mailinglists.html#foundation-announce and visit http://www.apache.org/ , the ASF Blog at http://blogs.apache.org/ , the @TheASF on Twitter https://twitter.com/TheASF , and LinkedIn https://www.linkedin.com/company/the-apache-software-foundation .

(c) The Apache Software Foundation 2021.

# # #

Friday March 12, 2021

The Apache News Round-up: week ending 12 March 2021

Hello, Friday. Let's review the Apache community's activities from over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Announcing New ASF Board of Directors https://s.apache.org/NewBoard2021
 - Next Board Meeting: 17 March 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFP open for ApacheCon@Home 2021: proposals now accepted for 20 tracks that include API/Microservices, Big Data, Cassandra, Content Delivery & Management, Community, Drill, Fineract/Fintech, Geospatial, Groovy, Incubator, Integration, IoT, Karaf, Observability, Royale, RDF/Linked Data, Search, Social Data, Tomcat, and more. https://www.apachecon.com/acah2021/cfp.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 389 Apache Committers changed 3,798,169 lines of code over 3,471 commits. Top 5 contributors, in order, are: Andrea Cosentino, Daan Hoogland, Gary Gregory, Claus Ibsen, and Tilman Hausherr.                    

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX 2.4 released https://apisix.apache.org/

Big Data --
 - Apache Flink 1.12.2 released https://flink.apache.org/

Content --
 -  Apache Jackrabbit 2.14.9 released http://jackrabbit.apache.org/

IDE --
 - Apache NetBeans 12.3 released http://netbeans.apache.org/

Integration --
 - Apache Camel 3.7.3 released https://camel.apache.org/

Libraries --
 - Apache Commons Lang 3.12 released https://commons.apache.org/proper/commons-lang/
 - Apache Velocity Engine 2.3 and Tools 3.1 released https://velocity.apache.org/
 - Apache Velocity CVE-2020-13936: Velocity Sandbox Bypass https://s.apache.org/qmlqf
   and CVE-2020-13959: Tools XSS Vulnerability https://s.apache.org/iaoq5

Servers --
 - Apache Tomcat 8.5.64, 9.0.44, and 10.0.4 released https://tomcat.apache.org/

Web Conferencing --
 - Apache OpenMeetings 6.0.0 released https://openmeetings.apache.org/


Did You Know?

- Did you know that the ASF has been chosen to be a Google Summer of Code mentoring organization for the 16th consecutive year? https://community.apache.org/gsoc.html 

- Did you know that Facebook and Uber build streaming SQL applications for unified processing using Apache Flink and Pulsar? Learn more at https://www.meetup.com/Bay-Area-Apache-Flink-Meetup/events/276579450/

- Did you know that the Airflow Summit is accepting submissions through 12 April? https://airflowsummit.org/


Apache Community Notices

- The Apache Month in Review: February 2021 https://s.apache.org/Feb2021 + Video highlights https://youtu.be/6TMuYglu2Cc

- The Apache Software Foundation Operations Summary: Q2 FY2021 (August - October 2020) https://s.apache.org/Q2FY2021

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Friend and follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.


Thursday March 11, 2021

Announcing New ASF Board of Directors

At The Apache Software Foundation (ASF) Annual Members' Meeting held this week, the following individuals were elected to the ASF Board of Directors:

  • Bertrand Delacretaz (current Director)
  • Roy Fielding (current Director)
  • Sharan Foga (new Director)
  • Justin Mclean (current Director)
  • Craig Russell (current Director)
  • Sam Ruby (current Director)
  • Roman Shaposhnik (former Director)
  • Sander Striker (current Director)
  • Sheng Wu (new Director)


The ASF thanks Shane Curcuru, Patricia Shanahan, and Niclas Hedhman (who resigned from the Board prior to the Members’ Meeting) for their service, and welcomes our new and returning directors.

An overview of the ASF's governance, along with the complete list of ASF Board of Directors, Executive Officers, and Project/Committee Vice Presidents, can be found at http://apache.org/foundation/

For more information on the Foundation's operations and structure, see http://apache.org/foundation/how-it-works.html#structure

# # #

Friday March 05, 2021

The Apache News Round-up: week ending 5 March 2021

Welcome, March! We've had a great week within the Apache community. Here's what happened:

The Apache Month in Review – highlights of what we've accomplished over the past month. 
- February 2021 https://s.apache.org/Feb2021 + Video highlights https://youtu.be/6TMuYglu2Cc

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws. 
 - Next Board Meeting: 17 March 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

Apache Diversity & Inclusion – initiatives that promote diversity, equity, and inclusion across the greater Apache community.
 - FINAL CALL for Apache project proposals and mentors: Outreachy Open Source internship program May-Aug 2021 https://s.apache.org/s7tz2

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 392 Apache Committers changed 1,224,925 lines of code over 3,879 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Andrea Cosentino, Gary Gregory, Andi Huber, and Daan Hoogland.              

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache NiFi MiNiFi C++ 0.9.0 released https://nifi.apache.org/minifi

Cloud Computing --
 - Apache CloudStack 4.14.1.0 LTS released https://cloudstack.apache.org/

Confidential Computing --
 - Apache Teaclave (incubating) 0.2.0 released https://teaclave.apache.org/

Libraries --
 - The Apache Software Foundation Announces Apache® Daffodil™ as a Top-Level Project https://s.apache.org/18vob

Observability --
 - Apache SkyWalking Nginx LUA 0.4.0 released https://skywalking.apache.org/

Servers --
 - Apache Tomcat CVE-2021-25122: h2c request mix-up https://s.apache.org/29cq9
   and CVE-2021-25329: RCE via session persistence https://s.apache.org/9itds


Did You Know?

- Did you that the following Apache projects are celebrating anniversaries this month? Many happy returns to Apache mod_perl (21 years); Maven (18 years); Struts (17 years); Jackrabbit (15 years); Felix (14 years); Archiva (13 years); UIMA (11 years); Accumulo and Sqoop (9 years); Bloodhound, CloudStack, and cTAKES (8 years); Allura and Olingo (7 years); and FreeMarker (3 years) https://projects.apache.org/committees.html?date

- Did you know that the Apache Local Community - Beijing has celebrated its one-year anniversary with numerous impressive achievments? https://s.apache.org/gm9kv

- Did you know that your support helps offset the ASF's day-to-day operating costs? https://s.apache.org/8foo2


Apache Community Notices

- The Apache Software Foundation Operations Summary: Q2 FY2021 (August - October 2020) https://s.apache.org/Q2FY2021

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I https://s.apache.org/InsideInfra-ChrisL and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Friend and follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.


Thursday March 04, 2021

The Apache Software Foundation Announces Apache® Daffodil™ as a Top-Level Project

Open Source universal data interchange implementation of the Data Format Description Language (DFDL) standard in use at DARPA, GE Research, Naval Postgraduate School, Owl Cyber Defense, Perspecta Labs, and Raytheon BBN Technologies, among others.

Wilmington, DE —4 March 2021— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® Daffodil™ as a Top-Level Project (TLP).

Apache Daffodil is an Open Source implementation of the Data Format Description Language 1.0 specification (DFDL; the Open Grid Forum open standard framework for describing the attributes of any data format [1]) to enable universal data interchange. The project was first created at the University of Illinois National Center for Supercomputing Applications (NCSA) in 2009, and entered the Apache Incubator in August 2017.

"We're extremely excited that Apache Daffodil has achieved this important milestone in its development. The Daffodil DFDL implementation is a game changer in complex text and binary data interfaces and creates massive opportunities for organizations to easily implement highly sophisticated processes like data decomposition, inspection, and reassembly," said Michael Beckerle, Vice President of Apache Daffodil. "Instead of spending a lot of time worrying about how to deal with so many kinds of data that you need to take in, from day one you can convert all sorts of data into XML, or JSON, or your preferred data structure, and convert back if you need to write data out in its original format."

Apache Daffodil is particularly useful in large-scale organizations, such as governments and large corporations, where massive amounts of complex and legacy data must be exchanged and made accessible every day. Daffodil is also particularly useful in cybersecurity, where data must be inspected for correctness and sanitized.

Apache Daffodil is in use at major global organizations that include DARPA, GE Research, Naval Postgraduate School, Owl Cyber Defense, Perspecta Labs, and Raytheon BBN Technologies, among others.

"We are using Daffodil to translate DFDL schema specifications into code for our Monitoring & INspection Device (MIND) as part of our work on DARPA’s Guaranteed Architecture for Physical Security (GAPS) program," said said Bill Smith, Principal Engineer at GE Research. "One of our engineers has joined the Apache Daffodil Project Management Committee and is building out the new DFDL-to-C backend on a dedicated Daffodil development branch. We are now translating DFDL schemas provided by other DARPA GAPS performers to C code suitable for the small resource-constrained controllers in our MIND device. When complete, Daffodil's DFDL-to-C backend will give us the ability to annotate DFDL schemas with security policies and rapidly reconfigure our MIND device for different mission security profiles."

"Apache Daffodil is an important asset to our cross domain solutions technology stack, allowing Owl to support our customers by extending our filtering capabilities to new data types faster and with less risk," said Ken Walker, CTO at Owl Cyber Defense. "It's directly in line with our company priorities, as supporters of the Open Source community, and highly beneficial to our product lines to have this high-quality Open Source implementation of DFDL to support challenging, sometimes proprietary data formats, such as Link16, VMF, USMTF, OSIsoft PI System, and JANAP-128, without the need to develop additional software. DFDL enables our Raise-the-Bar compliant cross domain solutions to support new data types without additional rounds of lengthy lab-based testing and recertification."

"The DFDL open spec and the Apache Daffodil implementation have helped us tremendously in parsing and transforming fixed-format data in a variety of different R&D projects at BBN," said Michael Atighetchi, Lead Scientist at Raytheon BBN Technologies. "Sharing parsers through a vendor-neutral XML representation is a game changer that enables a significant speedup in developing, maturing, and transitioning advanced capabilities to help war fighters."

"Our research on applying Data Format Description Language (DFDL) is exploring how to unlock and archive a plethora of diverse data streams from unmanned systems," said Don Brutzman, Naval Postgraduate School. "Both the DFDL standard and the Apache Daffodil open-source implementation provide a big benefit for these potential capabilities. Continuing work at Naval Postgraduate School (NPS) Consortium for Robotics and Unmanned Systems Education and Research (CRUSER) hopes to make telemetry from field experimentation and simulation repeatably tractable for Big Data analytics."

"Graduation to a TLP recognizes that the Apache Daffodil project follows the rigorous software development practices that have made so many of ASF projects trusted and successful," added Beckerle. "With the increasing interest in Big Data, interoperability, and protection from malicious data, we welcome new contributors to help us further grow the Apache Daffodil community."

[1] Data Format Description Language (DFDL) v1.0 Specification https://www.ogf.org/documents/GFD.240.pdf

Availability and Oversight
Apache Daffodil software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Daffodil, visit https://daffodil.apache.org/ and https://twitter.com/ApacheDaffodil 

About the Apache Incubator
The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. All code donations from external organizations and existing external projects enter the ASF through the Incubator to: 1) ensure all donations are in accordance with the ASF legal standards; and 2) develop new communities that adhere to our guiding principles. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. For more information, visit http://incubator.apache.org/

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 200 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with nearly 8,100 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cloudera, Comcast, Confluent, Didi Chuxing, Facebook, Google, Handshake, Huawei, IBM, Microsoft, Namebase, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF 

© The Apache Software Foundation. "Apache", "Daffodil", "Apache Daffodil", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation