The Apache News Round-up: week ending 7 May 2021

Welcome, May --we're opening the month with another great week. Here's what the Apache community has been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 May 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events held in 2021 are: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September).
 - Registration is open for both ApacheCons https://www.apachecon.com/
 - Sponsorships available https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.95%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 339 Apache Committers changed 1,251,406 lines of code over 2,937 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Tilman Hausherr, Andrea Cosentino, Claus Ibsen, and Sylwester Lachiewicz.         

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Flink 1.13.0 released https://flink.apache.org/

Content --
 - Media Alert: Apache OpenOffice Recommends upgrade to v4.1.10 to mitigate legacy vulnerability https://s.apache.org/4gj2y
 - Apache OpenOffice 4.1.10 released https://www.openoffice.org/
 - Apache UIMA Java SDK 3.2.0 released https://uima.apache.org/
 - Apache Jackrabbit 2.12 retired http://jackrabbit.apache.org/

Integration --
 - Apache Camel 3.7.4 released https://camel.apache.org/

Servers --
 - Apache HttpComponents Core 5.1.1 GA released https://hc.apache.org/

Workflow --
 - Apache Airflow CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL https://s.apache.org/f5bfx

Did You Know?

- Did you know that the following Apache projects are celebrating anniversaries this week? Many happy returns to Geronimo (17 years); Tomcat (16 years); OpenJPA, POI, TomEE, and Turbine (14 years); Libcloud (10 years); Giraph and ManifoldCF (9 years); Phoenix (7 years); Whimsy (6 years); Bahir, TinkerPop, and Zeppelin (5 years); SystemDS (4 years); Dubbo (2 years); Hudi and Iceberg (1 year). https://projects.apache.org/committees.html?date

- Did you know that eBay uses Apache Flink to power Big Data streaming for its recommendation engine in real-time? https://flink.apache.org/

- Did you know that Norwegian business management solutions provider Visma powers its Enterprise Suite to serve more than 1 Million customers and 12,500+ employees using Apache Wicket? http://wicket.apache.org/

Apache Community Notices

- The Apache Month in Review: April 2021 https://s.apache.org/Apr2021 and video highlights https://youtu.be/EOA1L1PjCYg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 07:37AM May 07, 2021 by Swapnil M Mane in Newsletter  |   | 

Media Alert: Apache OpenOffice Recommends upgrade to v4.1.10 to mitigate legacy vulnerability

Wilmington, DE —4 May 2021— 

Who: Apache OpenOffice, an Open Source office-document productivity suite comprising six productivity applications: Writer, Calc, Impress, Draw, Math, and Base. The OpenOffice suite is based around the OpenDocument Format (ODF), supports 41 languages, and ships for Windows, macOS, Linux 64-bit, and Linux 32-bit. Apache OpenOffice delivers up to 2.4 Million downloads each month.

What: A recently reported vulnerability states that all versions of OpenOffice through 4.1.9 can open non-http(s) hyperlinks, and could lead to untrusted code execution. 

The Apache OpenOffice Project has filed a Common Vulnerabilities and Exposures report with MITRE Corporation’s national vulnerability reporting system:

> CVE-2021-30245: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks
>
> Severity: moderate
>
>Credit: Fabian Bräunlein and Lukas Euler of Positive Security https://positive.security/blog/url-open-rce#open-libreoffice

The complete CVE report is available at https://www.openoffice.org/security/cves/CVE-2021-30245.html

How: Applications of the OpenOffice suite handle non-http(s) hyperlinks in an insecure way, allowing for 1-click code execution on Windows and Xubuntu systems via malicious executable files hosted on Internet-accessible file shares.

Why: The mitigation in Apache OpenOffice 4.1.10 assures that a security warning is displayed to give users the option of continuing to open the hyperlink. Best practice dictates to be careful when opening documents from unknown and unverified sources. 

When: The vulnerability predates OpenOffice entering the Apache Incubator. During the analysis of this issue, it was discovered that an incorrect bug fix was made by the StarOffice/OpenOffice.org developers preparing OpenOffice 2.0 in 2005, whilst under the auspices of Sun Microsystems. 

Where: Download Apache OpenOffice v4.1.10 at https://www.openoffice.org/download/

Apache OpenOffice Highlights

24 October 2020 — 300 million downloads of Apache OpenOffice
14 October 2020 — 20 year anniversary of OpenOffice
18 October 2016 — 200 million downloads of Apache OpenOffice
17 April 2014 — 100 million downloads of Apache OpenOffice
17 October 2012 — OpenOffice graduated as an Apache Top Level Project (TLP)
13 June 2011 — OpenOffice.org entered the Apache Incubator

[downloads are binary installation files]

For more information, visit https://openoffice.apache.org/ and https://twitter.com/ApacheOO

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 850+ individual Members and 200 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with more than 8,100 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cloudera, Comcast, Confluent, Didi Chuxing, Facebook, Google, Handshake, Huawei, IBM, Microsoft, Namebase, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "OpenOffice", "Apache OpenOffice", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Posted at 12:59PM May 04, 2021 by Sally Khudairi in General  |   | 

Apache Month in Review: April 2021

Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in April (video highlights available at https://youtu.be/EOA1L1PjCYg ):

New this month --

 - The Apache Software Foundation Welcomes 40 New Members https://s.apache.org/2021NewMembers

 - ApacheCon™ (the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998) will be held twice in 2021: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September). Registration and sponsorship opportunities at https://www.apachecon.com/ --CFP closes 3 May!

 - New Sponsor Success at Apache post (the blog series that focuses on the people and processes behind why the ASF "just works", featuring insights and experiences from the perspective of select ASF Sponsors): "The Fork" by Wei Zhou https://s.apache.org/snobd

 - The Apache Software Foundation Announces Apache® DolphinScheduler™ as a Top-Level Project https://s.apache.org/yavpt

 - The Apache Attic provides process and solutions when an Apache project has reached its end of life. 19 Apache projects --Apex, Aurora, Chukwa, Crunch, DRAT, Eagle, Forrest, Hama, Labs, Lens, Marmotta, Metron, Open Climate Workbench, PredictionIO, Sentry, Stanbol, Tajo, Twill, and VXQuery-- have retired in April http://attic.apache.org/

 - Apache Month in Review: March 2021 https://s.apache.org/Mar2021 + Video highlights https://youtu.be/wq2HXN4z9W0

Important Dates --

 - CFP closes for ApacheCon Asia and ApacheCon@Home: 3 May 2021 https://www.apachecon.com/ 

 - Next Board Meeting: 19 May 2021. Board calendar and minutes http://apache.org/foundation/board/calendar.html

Infrastructure --

In April, 738 Apache Committers changed 8,108,869 lines of code over 13,898 commits. The Committers with the top 5 highest contributions, in order, were: Andrea Cosentino, Mark Thomas, Shad Storhaug, Sebastian Rühl, and Stephen Mallette.  

Project Releases and Updates --

New releases from Apache Ant (Build Management); APISIX (API); Camel (Integration); Druid (Big Data); Flagon (Incubating; Libraries); Geode (Database); Groovy (Programming Languages); Hop (Incubating; Orchestration); Jackrabbit (Content); James (Mail); Kafka (Big Data); Karaf (Application Servers/Middleware); Maven (Build Management); MyFaces (Web Frameworks); MyNewt (Embedded OS); MXNet (Incubating; Libraries); OFBiz (Enterprise Processes Automation / ERP); OpenOffice (Content); Parquet (Big Data); PDFBox (Content); Qpid Proton (Messaging); Skywalking (Application Performance Management); Solr (Search); SpamAssassin (Mail); Syncope (Identity Management); Tika (Big Data); Tomcat (Servers); Traffic Server (Servers); Wicket (Web Frameworks); ZooKeeper (Databases).

The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. We invite you to review the many projects currently in development in the Apache Incubator, including recent additions in the advertising, Big Data, geospatial, machine learning, messaging, natural language understanding, orchestration, and scheduling categories http://incubator.apache.org/ .

# # #

To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!

Posted at 01:43PM May 01, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache News Round-up: week ending 30 April 2021

So long, April --the Apache community has had a productive last week of the month. Let's review what happened:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 May 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events held in 2021 are: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September).
 - Registration for both ApacheCons is open https://www.apachecon.com/
 - CFP CLOSING for both events: your last chance to submit your proposal by 3 May
 - Sponsorships available https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.98%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 377 Apache Committers changed 902,863 lines of code over 3,113 commits. Top 5 contributors, in order, are: Shad Storhaug, Daan Hoogland, Andrea Cosentino, Dan Haywood, and Duo Zhang.   

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Druid 0.21.0 released https://druid.apache.org/

Build Management --
 - Apache Maven CVE-2021-26291: Block repositories using http by default https://s.apache.org/9f9ta

Enterprise Processes Automation / ERP --
 - Apache OFBiz 17.12.07 released https://ofbiz.apache.org/
 - Apache OFBiz CVE-2021-29200: RCE vulnerability due to Java serialization using RMI https://s.apache.org/rsj6t
   and CVE-2021-30128: Unsafe deserialization in OFBiz https://s.apache.org/asi93

Mail --
 - Apache James MIME4J 0.8.4 released https://james.apache.org/

Web Frameworks --
 - Apache MyFaces Core 2.3.9 released http://myfaces.apache.org/

Did You Know?

- Did you know that one of the world's largest retailers with tens of thousands of stores uses Apache Pinot (incubating) as their unified analytics platform for mission-critical applications across billions of transactions in real time? http://pinot.apache.org/

- Did you know that the Apache CloudStack community will be holding the European CloudStack User Group online on 27 May? http://cloudstack.apache.org/

- Did you know that the Apache Flink community will be holding the Flink Summer Camp online 17-21 May? https://flink.apache.org/

Apache Community Notices

- The Apache Month in Review: March 2021 https://s.apache.org/Mar2021 and video highlights https://youtu.be/wq2HXN4z9W0

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 06:58AM Apr 30, 2021 by Sally Khudairi in Newsletter  |   | 

The Apache News Round-up: week ending 23 April 2021

Welcome, Friday --let's review the Apache community's activities over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 May 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - Registration for both ApacheCons is open: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September) https://www.apachecon.com/
 - CFP DEADLINE approaching for both events --get your proposals in by 3 May
 - Sponsorships available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.98%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 369 Apache Committers changed 1,176,324 lines of code over 3,156 commits. Top 5 contributors, in order, are: Andrea Cosentino, Mark Thomas, Sebastian Rühl, Otavio Rodolfo Piske, and Martin Hesse.     

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Kafka  2.6.2 and 2.8.0 released https://kafka.apache.org/

Build Management --
 - Apache Ant 1.10.10 released https://ant.apache.org/

Database --
 - Apache Geode 1.12.2 released http://geode.apache.org/

Libraries --
 - Apache Flagon UserALE.js 2.1.1 (Incubating) released https://flagon.incubator.apache.org/

Mail --
 - Apache SpamAssassin 3.4.6 released http://spamassassin.apache.org/

Programming Languages --
 - Apache Groovy 4.0.0-alpha-3 released https://groovy.apache.org/

Servers --
 - Apache Traffic Server 9.0.1 released https://trafficserver.apache.org/

Did You Know?

- Did you know that the Apache Cassandra community will be holding the Cassandra World Party online on 28 April? https://cassandra.apache.org/ 

- Did you know that you can help Apache Sedona (incubating; formerly GeoSpark) improve their software by submitting your feedback on your experience with the project? https://s.apache.org/ounj3   

- Did you know that the Apache SkyWalking community will be holding SkyWalkingDay conference 2021 in Shenzhen on 12 June? https://skywalking.apache.org/

Apache Community Notices

- The Apache Month in Review: March 2021 https://s.apache.org/Mar2021 and video highlights https://youtu.be/wq2HXN4z9W0

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 08:30AM Apr 23, 2021 by Sally Khudairi in Newsletter  |   | 

The Apache News Round-up: week ending 16 April 2021

It's Friday already --the week has zipped by. Let's take a look at what the Apache community has been up to:

The Apache Software Foundation – the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives.
 - The Apache Software Foundation Welcomes 40 New Members https://s.apache.org/2021NewMembers

Sponsor Success at Apache – the blog series that focuses on the people and processes behind why the ASF "just works", featuring insights and experiences from the perspective of select ASF Sponsors
 - "The Fork" by Wei Zhou https://s.apache.org/snobd

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 April 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - Registration for both ApacheCons are open: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September) https://www.apachecon.com/
 - CFP open for both events --deadline: 3 May
 - Sponsorships available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.82%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 389 Apache Committers changed 3,665,237 lines of code over 3,513 commits. Top 5 contributors, in order, are: Andrea Cosentino, Stephen Mallette, Nick Vatamaniuc, Andi Huber, and Jarek Potiuk.   

Apache Project Announcements – the latest updates by category.

Apache Attic --provides process and solutions when an Apache project has reached its end of life. http://attic.apache.org/
 - Apache Tajo has retired https://s.apache.org/qbf3g
 - Apache PredictionIO has retired https://s.apache.org/jabyg
 - Apache Lens has retired https://s.apache.org/xy0hb
 - Apache Labs has retired https://s.apache.org/ljate
 - Apache DRAT has retired https://s.apache.org/23ky1
 - Apache Crunch has retired https://s.apache.org/so0w2
 - Apache Twill has retired https://s.apache.org/p4uzy
 - Apache Chukwa has retired https://s.apache.org/7t8qb
 - Apache Sentry has retired https://s.apache.org/0y5mr
 - Apache Metron has retired https://s.apache.org/578zx
 - Apache Eagle has retired https://s.apache.org/q0vv9
 - Apache Marmotta has retired https://s.apache.org/gvczw
 - Apache Open Climate Workbench has retired https://s.apache.org/16mgz

APIs --
 - Apache APISIX Ingress Controller 0.5.0 released https://apisix.apache.org/

Big Data --
 - Apache Parquet Format 2.9.0 released https://parquet.apache.org/

Content --
 - Apache Jackrabbit 2.21.6 and Oak 1.22.7 released http://jackrabbit.apache.org/
 - Apache OpenOffice CVE-2021-30245: Code execution via non-http(s) schemes in Hyperlinks https://s.apache.org/3te5p

Identity Management --
 - Apache Syncope 2.1.9 released https://syncope.apache.org/

Messaging --
 - Apache Qpid Proton 0.34.0 and JMS 0.58.0 released http://qpid.apache.org/

Observability --
 - Apache SkyWalking 8.5.0 released https://skywalking.apache.org/

Orchestration --
 - Apache Hop (incubating) 0.70 released https://hop.apache.org/

Search --
 - Apache Solr 8.8.2 released http://solr.apache.org/
 - Apache Solr CVE-2021-29943: Unprivileged users may be able to perform unauthorized read/write to collections https://s.apache.org/chwmb
   CVE-2021-29262: Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings https://s.apache.org/lubsr
   and CVE-2021-27905: SSRF vulnerability with the Replication handler https://s.apache.org/rz4eh

Servers --
 - Apache Tomcat Native 1.2.28 released https://tomcat.apache.org/

Did You Know?

- Did you know that ApacheTika's OpenNLP language detector supports 148 languages? http://tika.apache.org/

- Did you know that Ignite Summit will be held online 25 May? https://ignite.apache.org/ 

- Did you know that the Robinhood financial services app is powered by Apache Airflow, Hadoop YARN, Hive, Hudi, and Spark? https://projects.apache.org/projects.html?category#big-data

Apache Community Notices

- The Apache Month in Review: March 2021 https://s.apache.org/Mar2021 and video highlights https://youtu.be/wq2HXN4z9W0

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 05:42AM Apr 16, 2021 by Swapnil M Mane in Projects  |   | 

Sponsor Success at Apache: The Fork

by Wei Zhou

I joined the Apache CloudStack community in 2012 and became a committer in 2013, eventually becoming a PMC (Project Management Committee) member in 2017. My journey to becoming a PMC was both physical and literal, and included several forks in the road. The forks presented themselves in all aspects of my journey – although the literal forks came later, mainly because my journey began in China.

In 2010 I was working at China Mobile, the world's largest mobile network operator, in Beijing as the manager of a cloud project based on OpenNebula (another Open Source project). A year later, my partner received her PhD in the Netherlands and began working in Belgium, so I started looking for new work opportunities in the area. 

In 2012 I visited Europe and had a few interviews, but it was difficult at the time as my English was quite poor.

I was committed to finding a good job and moving to Europe, which meant I needed to improve my English quickly. I studied the language, left China Mobile, and moved to Belgium permanently. It took me seven months to became fluent in English. I re-interviewed at the companies that had rejected me seven months prior and landed a position in Amsterdam at Leaseweb as a Cloud Innovation Engineer. At that time, we had two public cloud platforms based on Apache CloudStack. I was mainly working on the research of Apache CloudStack.

In the first two months I fixed some bugs we found in our productions. Thanks to the CloudStack community, I also received tons of help as I began contributing my changes to the mainstream. In 2013 was invited to be a committer, 3 months after my first submission. It was a huge surprise and a massive honor for me, and I began pushing my changes for new features and bug fixes much more quickly.

A year later, in 2014, Leaseweb released its first private cloud based on Apache CloudStack. It was very welcomed by many customers. As this was happening, we began finding issues with CloudStack as customers were requesting more features and functionalities. The same year, Apache CloudStack moved code repositories to GitHub.com and started using GitHub pull quests to review and merge commits. While all commits should be reviewed and approved by other commits before they are merged into the mainstream, we had already made many changes at Leaseweb and could not wait for next release. Because of this we created our own fork containing all our changes and bug fixes. 

We developed very quickly, and our process was much faster than the review/merge process of Apache CloudStack. The gap between our fork and the community was getting bigger and bigger. When we decided to upgrade from CloudStack 4.2.1 to CloudStack 4.7.1, we had to spend half of a year just to port all of our changes in our fork based on CloudStack 4.2.1 to new fork based on CloudStack 4.7.1. The same problem happened again when we tried to upgrade to CloudStack 4.14, and we had to spend around one year to port all of our changes. The lesson we learned from these two upgrades was that we needed to contribute more to the community and maintain a fork as small as possible. After realizing this, we contributed all of our features and bug fixes to the community by creating many GitHub PRs. Some PRs have now already been merged into mainstream, while others are still in review.

My colleague recently asked me, “If you could go back in time, would you still make the Leaseweb fork?” My answer is yes, I would do it again. A fork makes us more flexible, as we can offer more stable production and more functionalities to our customers. However, if I could go back in time, I would have spent much more time contributing our changes to the community. I’ve learned that the gap between the fork and the community should be less than 100 commits.

We learned so much from these two painstakingly long ports and have implemented the above advice. From now on, the Leaseweb fork only contains features we have developed in the past and bug fixes. For new features, we will always contribute to community and deploy to our production only if it is merged into the mainstream. By doing this, we will be able to upgrade to the next CloudStack release much easier, and will benefit more from the community (e.g., more bug fixes, more features by other contributors). When we contribute to the community, we also benefit from knowledge sharing and the contributions from others.

Wei Zhou has been an Apache committer since 2013 and a PMC member since 2017. He has a Masters in Computer Applied Technology from the University of Science and Technology of China, and a PHD in Computer Organization and Architecture from the Institute of Computing Technology, Chinese Academy of Sciences. Wei specializes in all things computers and has over 10 years of experience in software development. He is a Principal Cloud Engineer at Leaseweb.

= = =

"Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works". "Sponsor Success at Apache" features insights and experiences by select ASF Sponsors https://apache.org/foundation/thanks.html

For more Success at Apache posts, visit https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 04:12PM Apr 12, 2021 by Sally Khudairi in SuccessAtApache  |   | 

The Apache Software Foundation Welcomes 40 New Members

The Apache Software Foundation (ASF) welcomes the following new Members who were elected during the annual ASF Members' Meeting on 9 and 11 March 2021:

Maxime Beauchemin, Bolke de Bruin, Wei-Chiu Chuang, Jiangjie (Becket), Pablo Estrada, Dave Grove, Madhawa Kasun Gunasekara, Nathan Hartman, Tilman Hausherr, Georg Henzler, Xiangdong Huang, Nikita Ivanov, Yu Li, Geoff Macartney, Denis A. Magda, Carl Marcum, Matteo Merli, Aaron Morton, Aizhamal Nurmamat kyzy, Enrico Olivelli, Jaikiran Pai, Juan Pan, Pranay Pandey, Arun Patidar, Jarek Potiuk, Rodric Rabbah, Katia Rojas, Maruan Sahyoun, Aditya Sharma, Atri Sharma, Ankit Singhal, Michael Adam Sokolov, Simon Steiner, Benoit Tellier, Josh Thompson, Abhishek Tiwari, Sven Vogel, William Guo Wei, Ming Wen, Andrew Wetmore, and Liang Zhang.

The ASF incorporated in 1999 with a core membership of 21 individuals who oversaw the progress of the Apache HTTP Server. This group grew with Committers —developers who contributed code, patches, documentation, and other contributions, and were subsequently granted access by the Membership:

•  to "commit" or "write" directly to Apache code repositories as well as make non-code contributions;
•  the right to vote on community-related decisions; and
•  the ability to propose an active contributor for Committership.

Those Committers who demonstrate merit in the Foundation's growth, evolution, and progress are nominated for ASF Membership by existing Members.

This election brings the total number of ASF Members to 853 today. Individuals elected as ASF Members legally serve as the "shareholders" of the Foundation https://www.apache.org/foundation/governance/members.html

For more information on how the ASF works, visit http://www.apache.org/foundation/how-it-works.html 

Apache Is Open https://blogs.apache.org/foundation/entry/apache-is-open and 

Briefing: The Apache Way http://apache.org/theapacheway/

# # #

Posted at 09:45PM Apr 11, 2021 by Sally Khudairi in General  |   | 

The Apache News Round-up: week ending 9 April 2021

Happy Friday! Let's take a look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 April 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - Two ApacheCons are taking place in 2021: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September) https://www.apachecon.com/
   -- Registration and CFPs open for both events (CFP deadline: 3 May)
   -- Sponsorships available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 385 Apache Committers changed 1,986,331 lines of code over 3,300 commits. Top 5 contributors, in order, are: Andrea Cosentino, Mark Thomas, Tellier Benoit, Duo Zhang, and Jarek Potiuk.  

Apache Project Announcements – the latest updates by category.

Apache Attic --provides process and solutions when an Apache project has reached its end of life. http://attic.apache.org/
 - Apache Apex has retired https://s.apache.org/6b6dw
 - Apache Aurora has retired https://s.apache.org/d7emy
 - Apache Forrest has retired https://s.apache.org/ay2la
 - Apache Hama has retired https://s.apache.org/jz12i
 - Apache Stanbol has retired https://s.apache.org/21yt9
 - Apache VXQuery has retired https://s.apache.org/8ahun

APIs --
 - Apache APISIX 2.5 released https://apisix.apache.org/

Application Servers/Middleware --
- Apache Karaf runtime 4.3.1 released https://karaf.apache.org/

Content --
 - Apache PDFBox 3.0.0-RC1 released https://pdfbox.apache.org/

Embedded OS --
 - Apache Mynewt 1.9.0 and Apache NimBLE 1.4.0 released https://mynewt.apache.org/

Libraries --
 - Apache CXF CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks https://s.apache.org/fk5ik

Servers --
 - Apache Tomcat 8.5.65, 9.0.45, and 10.0.5 released https://tomcat.apache.org/

Web Frameworks --
 - Apache Wicket 7.18.0 and 8.12.0 released https://wicket.apache.org/

Workflow --
 - The Apache Software Foundation Announces Apache® DolphinScheduler™ as a Top-Level Project https://s.apache.org/yavpt

Did You Know?

- Did you know that the following Apache projects are celebrating anniversaries this month? Three cheers to Apache CXF (13 years); Avro, HBase, Mahout, Nutch, Tika, and Traffic Server (11 years); Creadur and Jena (9 years); DeltaSpike (8 years); ORC and Parquet (6 years); AsterixDB and Johnzon (5 years); CarbonData and Fineract (4 years); NetBeans, PLC4X, and SkyWalking (2 years); and ShardingSphere (1 year). https://projects.apache.org/committees.html?date

- Did you know that Apache DolphinScheduler and Apache ShardingSphere are joining forces at an online global MeetUp on 15 May? Presentations and use cases on both projects will be made in English. https://www.meetup.com/dolphinscheduler-meetup-group/

- Did you know that Ignite Summit will be taking place 25 May? https://ignite-summit.org/ 

Apache Community Notices

- The Apache Month in Review: March 2021 https://s.apache.org/Mar2021 and video highlights https://youtu.be/wq2HXN4z9W0

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 06:33AM Apr 09, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache Software Foundation Announces Apache® DolphinScheduler™ as a Top-Level Project

Open Source distributed Big Data visual workflow scheduler system in use at thousands of organizations, including Budweiser, China Unicom, IDG Capital, IBM China, JD.com, Lenovo, New Oriental, Nokia China, Qihoo 360, SF Express, and Tencent, among others.

Wilmington, DE —8 April 2021— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® DolphinScheduler™ as a Top-Level Project (TLP).

Apache DolphinScheduler is a distributed, extensible visual Big Data workflow scheduler system. The project was first created at Analysys in December 2017, and entered the Apache Incubator in August 2019.

"We learned a lot about becoming a strong Open Source project during our time in the Apache Incubator," said Lidong Dai, Vice President of Apache DolphinScheduler. "Our incubation mentors helped guide us with developing our project and community the Apache Way. We are pleased to have graduated as an Apache Top-Level Project."

As a distributed and extensible data workflow scheduler platform with rich directed acyclic graph (DAG) visual interfaces, DolphinScheduler solves complex task dependencies and triggers in the data pipeline. Out-of-the-box, its easy-to-extend processing connects numerous systems to 100,000-level data task scheduling. Apache DolphinScheduler is:

• Cloud Native —support multi-cloud/data center workflow  management, also supports Kubernetes, Docker deployment and custom task types, distributed scheduling, with overall scheduling capability increased linearly with the scale of the cluster

• Highly Reliable —decentralized multi-master and multi-worker, high availability, supported by itself, overload processing

• User-Friendly —all process definition operations are visualized, defines key information at a glance, one-click deployment

• Supports Rich Scenarios —includes streaming, pause, recover operation, multi-tenant, and additional task types such as spark, hive, mr, shell, python, flink, sub_process, and more.

"Apache DolphinScheduler is designed for cloud-native," added Dai. "We are proud to have built a reliable and cloud friendly data workflow system while using next generation architecture and smart UI design."

Apache DolphinScheduler has more than 4,000 users in China, with Internet companies and banks forming a large percentage of users. Users include Budweiser, China Unicom, IDG Capital, IBM China, JD.com, Lenovo, New Oriental, Nokia China, Qihoo 360, SF Express, and Tencent, among others.

"Apache DolphinScheduler is an excellent data workflow open-source product," said Zhengjun Yin, Architect at China Unicom. "Its community is very friendly and gives us strong support. We save the cost of hundreds of human-months by using DolphinScheduler!"

"Apache DolphinScheduler is amazing," said Xide Gu, Architect at JD Logistics. "JD Logistics used Apache DolphinScheduler as  a stable and powerful platform to connect and control the data flow from various data sources in JDL, such as SAP Hana and Hadoop. It offers open API, easy plug-in and stable data flow development and scheduler environment. DolphinScheduler really helps JD Logistics data team accelerate development efficiency in many Agile BI projects!"

"I am honored to guide the DolphinScheduler community from day one of the incubating. In the past 1.5 years, it grows fast and healthy," said Sheng Wu, ASF Board Member and DolphinScheduler Incubator Champion. "They learned the Apache culture quickly, and have great executive capability. It is great to see the project graduating from the incubator with a diverse and active community. Being a top-level project is a new beginning for you, look forward to becoming a global and powerful project." "I am honored to witness the entire process of DolphinScheduler from open source to entry into the Apache incubator, and then to graduation to become an independent Apache top-level project," said Shi Shaofeng, Member of the Apache Kylin and Apache Incubator Project Management Committees. "During more than one year, the participants in the DolphinScheduler community have been adhering to the open-source spirit, constantly innovating and making progress. The developers and contributors join in the community constantly and make DolphinScheduler, a big data scheduling tool created by the Chinese, become more and more perfect, more and more users, and enter a virtuous cycle of development. It is expected that after graduation from the incubator, she will continue to move forward under the management of PMCs and create more value for society and the public through open-source software." "Congratulations to open source project DolphinScheduler for graduating from the Apache incubator and becoming ASF's top project," said Chen Liang, Vice President of Apache CarbonData. "DolphinScheduler has been developing the community in accordance with the Apache Way and has attracted many open-source developers to join. With the joint efforts of community members, the project has become more and more mature. Best wishes to the DolphinScheduler community!"

"We look forward to diversifying the Apache DolphinScheduler community with seed users from all over the world," added Dai. "Those interested in participating are welcome to reach out to us on our project mailing lists and other channels."

Catch Apache DolphinScheduler in action at its global MeetUp, held online in collaboration with the Apache ShardingSphere community, on 15 May 2021. Members of the DolphinScheduler and ShardingSphere Project Management Committees will share features and use cases on both projects in English. To register, visit https://www.meetup.com/dolphinscheduler-meetup-group/

Availability and Oversight

Apache DolphinScheduler software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache DolphinScheduler, visit https://DolphinScheduler.apache.org/ , https://twitter.com/DolphinSchedule , and https://asf-dolphinscheduler.slack.com/ .

About the Apache Incubator

The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. All code donations from external organizations and existing external projects enter the ASF through the Incubator to: 1) ensure all donations are in accordance with the ASF legal standards; and 2) develop new communities that adhere to our guiding principles. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. For more information, visit http://incubator.apache.org/ 

About The Apache Software Foundation (ASF)

Established in 1999, The Apache Software Foundation is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 200 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with nearly 8,100 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cloudera, Comcast, Confluent, Didi Chuxing, Facebook, Google, Handshake, Huawei, IBM, Microsoft, Namebase, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF  

© The Apache Software Foundation. "Apache", "DolphinScheduler", "Apache DolphinScheduler", "ShardingSphere", "Apache ShardingSphere", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Posted at 04:00PM Apr 08, 2021 by Sally Khudairi in Newsletter  |   | 

The Apache News Round-up: week ending 2 April 2021

Welcome, April --we're opening the month with another great week. Here's what the Apache community has been up to:

Apache Month-in-Review – a look back at our activities over the past month. 
- March 2021 https://s.apache.org/Mar2021 and video highlights https://youtu.be/wq2HXN4z9W0

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 April 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFPs open for ApacheCon@Home AND ApacheCon Asia https://www.apachecon.com/ 
 - Event Sponsorship available for both ApacheCon@Home and ApacheCon Asia https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.78%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 383 Apache Committers changed 2,210,334 lines of code over 3,572 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Andrea Cosentino, Daniel Gruno, Mark Thomas, and  Thomas Vandahl.       

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Druid 0.20.2 released https://druid.apache.org/
 - Apache Druid CVE-2021-26919: Authenticated users can execute arbitrary code from malicious MySQL database systems https://s.apache.org/xgi7a

Content --
 - Apache Tika 1.26 released https://tika.apache.org/
 - Apache Tika CVE-2021-28657: Infinite loop in MP3 parser https://s.apache.org/9vlh2

Database --
 - Apache ZooKeeper 3.7.0 released https://zookeeper.apache.org/
 - Apache Geode 1.13.2 released http://geode.apache.org/

Integration --
 - Apache Camel 3.9.0 released https://camel.apache.org/

Libraries --
 - Apache MXNet (Incubating) 1.8.0 released http://mxnet.incubator.apache.org

Observability --
 - Apache SkyWalking Python 0.6.0 and NodeJS 0.2.0 released https://skywalking.apache.org/

Web Frameworks --
 - Apache Wicket 9.3.0 released https://wicket.apache.org/

Did You Know?

- Did you know that this year's ApacheCon Platinum sponsorships are sold out? Great options and combo packages available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

- Did you know that Apache Druid will be holding their Ecosystems MeetUp on 6 April and DataEng MeetUp on 7 April? http://druid.apache.org/ 

- Did you know that the Apache CloudStack community will hold its virtual European User Group on 27 May? http://cloudstack.apache.org/

Apache Community Notices

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 11:33AM Apr 02, 2021 by Swapnil M Mane in Newsletter  |   | 

Apache Month in Review: March 2021

Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in March (video highlights available at https://s.apache.org/exppv):

New this month --

 - It's our anniversary! The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

 - Announcing New ASF Board of Directors https://s.apache.org/NewBoard2021

 - ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
   -- CFPs open for ApacheCon@Home AND ApacheCon Asia https://www.apachecon.com/ 
   -- Event Sponsorship available for both ApacheCon@Home and ApacheCon Asia https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

 - The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

 - The Apache Software Foundation Announces Apache® Daffodil™ as a Top-Level Project https://s.apache.org/18vob

 - Apache Month in Review: February 2021 https://s.apache.org/Feb2021 + Video highlights https://youtu.be/6TMuYglu2Cc

Important Dates --

  - Next Board Meeting: 21 April 2021. Board calendar and minutes http://apache.org/foundation/board/calendar.html

Infrastructure --

In March, 783 Apache Committers changed 12,041,653 lines of code over 16,037 commits. The Committers with the top 5 highest contributions, in order, were: Andrea Cosentino, Jean-Baptiste Onofré, Mark Thomas, Claus Ibsen, and Gary Gregory.

Project Releases and Updates --

New releases from Apache APISIX (API); Avro (Big Data); Camel (Integration); CloudStack (Cloud Computing); Commons Lang and Numbers (Libraries); Daffodil (Libraries); Flink (Big Data); HttpComponents (Servers); Jackrabbit (Content); Karaf (Application Servers/Middleware); Log4j (Libraries); NetBeans (Integrated Development Environment); NiFi (Big Data); OFBiz (Enterprise Processes Automation / ERP); OpenMeetings (Web Conferencing); Parquet (Big Data); PDFBox (Content); Qpid JMS (Messaging); Skywalking (Application Performance Management); SpamAssassin (Mail); Teaclave (Incubating; Computing); Tomcat (Servers); Velocity (Library); XMLBeans (Library).

The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. We invite you to review the many projects currently in development in the Apache Incubator http://incubator.apache.org/ .

# # #

To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!

Posted at 12:45PM Apr 01, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache News Round-up: week ending 26 March 2021

Farewell, March --we're wrapping up the month with another great week. Here are the latest updates on the Apache community's activities:

It's our anniversary! The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M
 - Next Board Meeting: 21 April 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFPs open for ApacheCon@Home AND ApacheCon Asia https://www.apachecon.com/ 
 - Event Sponsorship available for both ApacheCon@Home and ApacheCon Asia https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.85%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 380 Apache Committers changed 2,537,583 lines of code over 3,380 commits. Top 5 contributors, in order, are: Mark Thomas, Alexander Pucher, Tilman Hausherr, Claus Ibsen, and Andrea Cosentino.       

Apache Project Announcements – the latest updates by category.

Application Servers/Middleware --
 - Apache Karaf 4.2.11 released https://karaf.apache.org/

Big Data --
 - Apache Qpid JMS 0.57.0 released https://qpid.apache.org/
 - Apache Parquet 1.12.0 released https://parquet.apache.org/

Content --
 - Apache PDFBox 2.0.23 released https://pdfbox.apache.org/
 - Apache PDFBox CVE-2021-27807: A carefully crafted PDF file can trigger an infinite loop while loading the file https://s.apache.org/6qk90
   and CVE-2021-27906: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file https://s.apache.org/cz894

Enterprise Processes Automation / ERP --
 - Apache OFBiz 17.12.06 released https://ofbiz.apache.org/
 - Apache OFBiz CVE-2021-26295: RCE vulnerability due to Java serialization using RMI https://s.apache.org/styah

Mail --
 - Apache SpamAssassin 3.4.5 released http://spamassassin.apache.org/
 - Apache SpamAssassin CVE-2020-1946: Malicious rule configuration (.cf) files can be configured to run system commands https://s.apache.org/g5s6w

Did You Know?

- Did you know that you can help improve the Apache Flink community experience by completing their Community Survey before 30 March? https://s.apache.org/4xv8n

- Did you know that the Ignite Summit will take place online on 25 May? https://ignite.apache.org/

- Did you know that Apache Hop (incubating) will be presenting "The Road to Hop 1.0" at their Hot Hop Hangout session on 1 April? https://s.apache.org/ypt6f

Apache Community Notices

- The Apache Month in Review: February 2021 https://s.apache.org/Feb2021 + Video highlights https://youtu.be/6TMuYglu2Cc

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 08:07AM Mar 26, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache® Software Foundation Celebrates 22 Years of Open Source Innovation "The Apache Way"

World's largest Open Source foundation provides $22B+ in community-led software 100% free of charge for the common good

Wilmington, DE —24 March 2021— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today its 22nd Anniversary.

Originally established by the 21-member Apache Group, who oversaw the then-3-year-old Apache HTTP Server, the ASF today is the world's largest, vendor-neutral, Open Source foundation, comprising 800+ individual Members, 8,100+ Committers, and 40,000+ code contributors located on every continent. Conservatively valued at more than $22B, Apache’s 350+ projects and 37 incubating podlings are all freely-available to the public-at-large, at 100% no cost, and with no licensing fees.

"Over the past 22 years the ASF has evolved to meet the growing needs of the greater community," said Sander Striker, Board Chair of The Apache Software Foundation. "The ASF enables people from all over the world to collaborate, develop, and shepherd the projects and communities that are helping individuals, sustaining businesses, and transforming industries."

Advancing its mission of providing software for the public good, the ASF's projects are integral to nearly every aspect of modern computing, benefitting billions worldwide. The "Apache Way" process of community-led, collaborative development has led to breakthrough innovations in Artificial Intelligence and Deep Learning, Big Data, Build Management, Cloud Computing, Content Delivery and Management, Edge Computing and IoT, Fintech, Identity Management, Integration, Libraries, Messaging, Mobile, Search, Security, Servers, and Web Frameworks, among other categories. Projects undergoing development in the Apache Incubator span AI, Big Data, blockchain, Cloud computing, cryptography, deep learning, email, IoT, machine learning, microservices, mobile, operating systems, testing, visualization, and more.

Nearly half a million people participate in ASF projects and initiatives, including ApacheCon, the ASF's official global conference series; Community Development, which oversees contributor onboarding and mentoring and programs such as Google Summer of Code; and Diversity & Inclusion, whose programs promote diversity, equity, and inclusion across the greater Apache community.

The ASF's influence is everywhere —countless ubiquitous and mission-critical applications across dozens of industries are powered by Apache projects; the Apache License 2.0 was the top-ranked Open Source license in 2020 (source: WhiteSource); the Apache Way is the backbone for open development and inner source environments; and new users, developers, and enthusiasts are onboarding to the greater Apache community every day (the ASF has been a Google Summer of Code mentoring organization for the past 16 years, since the program's inception). The ASF is the top-ranked Open Source not-for-profit organization with the most stars on GitHub (source: GitHub).

A just-released feature on the ASF in FOSSlife [1] states, "The Apache project has undeniably changed the world … Apache remains a crucial Web server, the most popular in the field. For building Open Source communities, the lessons learned by creating the project still resonate throughout the open source world. Every project is advised to respect the Apache value of 'community over code'."

ASF operations bolster Apache projects and their communities with infrastructure support, bandwidth, connectivity, servers, hardware, development environments, legal counsel, accounting services, trademark protection, marketing and publicity, educational events, and related administrative assistance. As a United States private 501(c)(3) not-for-profit charitable organization, the ASF's day-to-day operating expenses are offset through tax-deductible sponsorships, corporate contributions, and individual donations. Current ASF Sponsors are:

Platinum: Amazon Web Services, Facebook, Google, Huawei, Microsoft, Namebase, Pineapple Fund, Tencent, and Verizon Media.

Gold: Anonymous, Baidu, Bloomberg, Cloudera, Confluent, IBM, Indeed, Reprise Software, Union Investment, and Workday.

Silver: Aetna, Alibaba Cloud Computing, Capital One, Comcast, Didi Chuxing, Red Hat, and Target.

Bronze: Bestecasinobonussen.nl, Bookmakers, Casino2k, Cerner, Curity, GridGain, Gundry MD, Host Advice, HotWax Systems, Journal Review, LeoVegas Indian Online Casino, Miro-Kredit AG, Mutuo Kredit AG, Online Holland Casino, ProPrivacy, PureVPN, RX-M, RenaissanceRe, SCAMS.info, SevenJackpots.com, Start a Blog by Ryan Robinson, Talend, The Best VPN, The Blog Starter, The Economic Secretariat, Top10VPN, Twitter, and Writers Per Hour.

Targeted Platinum: Amazon Web Services, CloudBees, DLA Piper, Fastly, JetBrains, Leaseweb, Microsoft, OSU Open Source Labs, Sonatype, and Verizon Media.

Targeted Gold: Atlassian, Datadog, Docker, PhoenixNAP, and Quenda.

Targeted Silver: HotWax Systems, Manning Publications, and Rackspace.

Targeted Bronze: Bintray, Education Networks of America, Friend of Apache Cordova, Google, Hopsie, No-IP, PagerDuty, Peregrine Computer Consultants Corporation, Sonic.net, SURFnet, and Virtru.

"Baidu has always maintained close cooperation with Apache Software Foundation. In the past, we donated Apache ECharts, Apache Doris, Apache brpc, and Apache Teaclave. We are very grateful to Apache way for promoting the growth of these projects and enabling Baidu to make greater contributions to the open source world together with ASF."
—Zhenyu Hou, Corporate Vice President of Baidu Group

"Congratulations to the Apache Software Foundation on its twenty-second anniversary! If it were not for ASF's work to incubate and steward open source projects, the internet community would not be thriving to the same degree. Open source is enabling our digital prosperity, and the ASF plays a key, behind-the-scenes role in this. We share their vision for the availability of trustworthy open-source software and are proud to be a sponsor."
—Travis Spencer, CEO of Curity

"Congratulations to the 22nd anniversary of the Apache Software Foundation! Didi Chuxing is more than honored to join the Apache family as a corporate sponsor this year. At Didi, our developers utilize and contribute to many Apache projects such as Hadoop, Kylin, and Flink etc. Sharing the same “Community Over Code” principle, we hope to drive more innovations with Apache and we look forward to further collaborations!"
—Yunbo Wang, Director of Technical Community and Open Source at Didi Chuxing

"Facebook was originally built on a stack using the Apache HTTP Server, and it's one of the many reasons we've been sponsoring, advocating, utilizing, and contributing to the ASF for the past 10 years. We're proud to be a part of the ASF community and look forward to continued support of its mission to provide Open Source software for the public good."
—Joel Marcey, Open Source Developer Advocate and Ecosystem Lead at Facebook

"We are honored to be a part of and proud to support the ASF! The Apache community continues to be an incredibly valuable resource for HotWax. Contributing to and receiving from the ASF remains a central focal point for our business, and an important part of our team philosophy."
—Mike Bates, CEO of HotWax Systems

"It is an honor to support Apache, an organization responsible for such an astounding amount of Open Source projects that truly make up the fabric of the Internet. Here's to all that's been accomplished in the last 22 years – we can't wait to see what the future of open development brings."
—Robert van der Meulen, Global Product Strategy Lead at Leaseweb

"We're extending a big congratulations to the Apache Software Foundation on their 22nd anniversary! The ASF has been a key driver for the success of open source software models and community-led development for over two decades. Microsoft is honored to engage with and contribute to the Apache community across many facets of our business including Azure big data, Hadoop and Spark – and we look forward to continuing the collaboration."
—Stormy Peters, Director of Open Source Programs Office at Microsoft

"Congratulations to the Apache Software Foundation on its 22nd anniversary! Tencent has been a user and contributor to the projects at ASF. Many developers from Tencent have been actively involved with the ASF projects as Chair or PMC. We look forward to continuing our collaboration and creating more open-source innovations with 'The Apache Way'."
—Mark Shan, Chair of Tencent Open Source Alliance

[1] FOSSlife "How the Apache Project Boosted the Free and Open Source Software Movements" https://www.fosslife.org/how-apache-project-boosted-free-and-open-source-software-movements

Additional ASF Resources

 - "Trillions and Trillions Served" documentary on the ASF https://s.apache.org/Trillions-Feature

 - About The Apache Way http://apache.org/theapacheway/

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

 - Ways to support the ASF http://apache.org/foundation/contributing.html

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation is the world's largest Open Source foundation, stewarding 227M+ lines of code and providing more than $22B+ worth of software to the public at 100% no cost. The ASF's all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with nearly 8,100 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Capital One, Cloudera, Comcast, Confluent, Didi Chuxing, Facebook, Google, Huawei, IBM, Indeed, Microsoft, Namebase, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "Apache HTTP Server", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Posted at 01:04PM Mar 24, 2021 by Sally Khudairi in Milestones  |   | 

The Apache News Round-up: week ending 19 March 2021

And it's Friday! Let's take a look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021
 - Next Board Meeting: 21 April 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFPs open for ApacheCon@Home AND ApacheCon Asia: proposals now accepted for both events! Tracks include API/Microservices, Big Data, Cassandra, Community, Content Delivery & Management, Culture, Drill, Fineract/Fintech, Geospatial, Groovy, Incubator, Integration, IoT/IIoT, Karaf, Messaging, Middleware, Observability, Royale, RDF/Linked Data, Search, Social Data, Streaming, Tomcat, and more. https://www.apachecon.com/ 
 - Event Sponsorship available, including package deals for a global presence at both events! https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.38%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 400 Apache Committers changed 3,004,173 lines of code over 3,661 commits. Top 5 contributors, in order, are: Andrea Cosentino, Claus Ibsen, Daan Hoogland, Gary Gregory, and Mark Thomas.                           

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache NiFi 1.13.1 released http://nifi.apache.org/
 - Apache Avro 1.10.2 released https://avro.apache.org/

Libraries --
 - Apache Log4j 2.14.1 released http://logging.apache.org/
 - Apache XMLBeans 5.0.0 released  https://xmlbeans.apache.org/

Servers --
 - Apache HttpComponents Core 5.1 GA released https://hc.apache.org/

Web Conferencing --
 - Apache OpenMeetings CVE-2021-27576: Bandwidth can be overloaded with public web service https://s.apache.org/2pj12

Did You Know?

- Did you know that the ASF provides a comprehensive list of Export Control Classification Numbers (ECCNs) for more than 50 Apache projects subject to export controls? https://apache.org/licenses/exports/

- Did you know that the CFP for Airflow Summit (8-16 July 2021) is now open? https://airflowsummit.org/ 

- Did you know that the Apache Druid community will be holding "drop-in" MeetUps on 23 and 31 March? http://druid.apache.org/

Apache Community Notices

- The Apache Month in Review: February 2021 https://s.apache.org/Feb2021 + Video highlights https://youtu.be/6TMuYglu2Cc

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 08:55AM Mar 19, 2021 by Swapnil M Mane in Newsletter  |   |