The Apache Software Foundation Blog
The Apache Weekly News Round-up: week ending 24 December 2021
Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:
ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.- Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html
ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
-
7M+ weekly checks yield uptime at 99.99%. Performance checks across 50
different service components spread over more than 250 machines in data
centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.
Apache Code Snapshot – Over the past week, 317 Apache Committers changed 9,133,089 lines of code over 3,258 commits. Top 5 contributors, in order, are: Gary Gregory, Harikrishna Patnala, Claus Ibsen, Duo Zhang, and Andi Huber.
Apache Project Announcements – the latest updates by category.
Big Data --- Apache NiFi 1.15.2 released
- Apache HBase 3.0.0-alpha-2 released
- Apache Parquet 1.11.2 and 1.12.2 released
-- CVE-2021-41561: Potential DoS in case of malicious Parquet file
Build Management --
- Apache Archiva 2.2.7 released
Content --
- Apache JSPWiki 2.11.1 released
- Apache Traffic Control 6.0.2 released
- Apache Jackrabbit FileVault 3.5.8 released
- Apache Tika 1.28 and 2.2.1 released
Databases --
- Apache Geode 1.12.7, 1.13.6, and 1.14.2 released
Data Management Platform --
- Apache Ignite 2.11.1 released
IoT --
- Apache PLC4X 0.9.1 released
-- CVE-2021-43083: Buffer overflow in PLC4C via crafted server response
Enterprise Processes Automation / ERP --
- Apache OFBiz 18.12.04 released
- Apache Log4j 2.3.1, 2.12.3, and 2.17.0 released
-- CVE-2021-45105: Log4j2 does not always protect from infinite recursion in lookup evaluation
- Apache MXNet (Incubating) 1.9.0 released
- Apache Daffodil 3.2.1 released
Mail --
- Apache James 3.6.1 released
Messaging --
- Apache Qpid JMS 0.60.1, 0.61.0, 1.4.1, and 1.5.0 released
- Apache Pulsar 2.9.1 released
- Apache Lucene 8.11.1 released
- Apache Solr 8.11.1 released
-- CVE-2021-44548: Apache Solr information disclosure vulnerability through DataImportHandler
Servers --
- Apache HTTP Server 2.4.52 released
-- CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua
-- CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations
- Apache HttpComponents Core 5.1.3 GA released
Web Frameworks--
- Apache Struts 2.5.28.1 and 2.5.28.2 released
Workflow --
- Apache DolphinScheduler 2.0.1 released
- Apache Airflow 2.2.3 released
Did You Know?
- Did you know that ASF Security posted the status of more than three dozen Apache Projects in relation to the recent Apache Log4j vulnerability? https://blogs.apache.org/security/entry/cve-2021-44228 (please check individual projects not included in this list for updates)
- Did you know that Apache Roller (which powers blogs.apache.org) new v6.1.0 contains upgrades for more than a dozen dependencies (including Log4j), along with many bug fixes and improvements to the code base? https://roller.apache.org/
- Did you know that tax-deductible donations support the ASF's day-to-day
operations that benefit 350+ Apache Projects and their communities?
Donate online using ACH, credit card, PayPal, Apple Pay, Google Pay, and
Microsoft Pay https://donate.apache.org/
Apache Community Notices
- The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ
- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min]
- ASF Annual Report: FY2021 -- Press release and Report (PDF)
- The Apache Way to Sustainable Open Source Success
- Foundation Reports and Statements
- Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.
- "Success at Apache" focuses on the people and processes behind why the ASF "just works."
- Inside Infra: the new interview series with members of the ASF infrastructure team --meet
Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
Drew Foulks https://s.apache.org/InsideInfra-Drew
Greg Stein Part I https://s.apache.org/InsideInfra-Greg
...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
Chris Lambertus Part I https://s.apache.org/InsideInfra-ChrisL and Part II https://s.apache.org/InsideInfra-ChrisL2
- Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn.
- Follow the Apache Community on Facebook and Twitter.
Stay updated about The ASF
For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.
Posted at 02:38PM Dec 27, 2021
by Swapnil M Mane in Newsletter |
|
The Apache Weekly News Round-up: week ending 17 December 2021
We're wrapping up another great week with the following activities from the Apache community:
ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.- Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html
ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
-
7M+ weekly checks yield uptime at 99.99%. Performance checks across 50
different service components spread over more than 250 machines in data
centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.
Apache Code Snapshot – Over the past week, 346 Apache Committers changed 1,957,663 lines of code over 3,699 commits. Top 5 contributors, in order, are: Sebastian Bazley, Claus Ibsen, Owen Nichols, Gary Gregory, and Daniel Gruno.
Apache Project Announcements – the latest updates by category.
Big Data --- Apache Druid 0.22.1 released
- Apache Calcite Avatica 1.20.0 released
- Apache NiFi 1.15.1 released
- Apache Flink 1.14.2, 1.13.5, 1.12.7, and 1.11.6 released
Build Management --
- Apache Archiva 2.2.6 released
Content --
- Apache Jackrabbit 2.21.9 released
- Apache Tika 2.2.0 released
- Apache PDFBox 2.0.25 released
Databases --
- Apache Geode 1.12.6, 1.13.5, and 1.14.1 released
Enterprise Processes Automation / ERP --
- Apache OFBiz 18.12.03 released
Identity Management --
- Apache Fortress 2.0.7 released
Integration --
- Apache Camel 3.14.0 released
Libraries --
- Apache Log4j 2.12.2 and 2.16.0 released
-- CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
-- CVE-2021-45046: Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
- Apache Solr 8.11.1 released
Servers --
- Apache HttpComponents HttpAsyncClient 4.1.5 GA released
Testing --
- Apache JMeter 5.4.2 released
Web Frameworks --
- Apache Struts 2.5.28 released
Did You Know?
- Did you know that the Apache Logging Services Project Management Committee (PMC) worked around the clock to release v.2.15.0 and v2.16.0 to address the critical Log4j RCE vulnerability? https://logging.apache.org/log4j/2.x/
- Did you know that many Apache Projects and their communities have provided patches, fixes, or guidelines for their users to mitigate the recent Apache Log4j Zero Day vulnerability? Check the list of Apache Projects affected by the Log4j CVE https://blogs.apache.org/security/entry/cve-2021-44228 , and read our published statement and FAQs at https://blogs.apache.org/foundation/entry/apache-log4j-cves for more information.
- Did you know that the Apache Local Chapter/Beijing recently celebrated
its 2-year anniversary, joining Indore (2.5 years), Warsaw and Budapest
(1.5 years), Lagos (4 months), and Shenzhen (launching this week!)?
- Did you know that individuals and organizations can support the ASF
through one-time and recurring tax-deductible donations online using
ACH, credit card, and PayPal, as well as Apple Pay, Google Pay, and
Microsoft Pay (using your mobile device)? https://donate.apache.org/
Apache Community Notices
- The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ
- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min]
- ASF Annual Report: FY2021 -- Press release and Report (PDF)
- The Apache Way to Sustainable Open Source Success
- Foundation Reports and Statements
- Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.
- "Success at Apache" focuses on the people and processes behind why the ASF "just works."
- Inside Infra: the new interview series with members of the ASF infrastructure team --meet
Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
Drew Foulks https://s.apache.org/InsideInfra-Drew
Greg Stein Part I https://s.apache.org/InsideInfra-Greg
...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
Chris Lambertus Part I https://s.apache.org/InsideInfra-ChrisL and Part II https://s.apache.org/InsideInfra-ChrisL2
- Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn.
- Follow the Apache Community on Facebook and Twitter.
Stay updated about The ASF
For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.
Posted at 02:14PM Dec 20, 2021
by Swapnil M Mane in Newsletter |
|
The Apache Weekly News Round-up: week ending 10 December 2021
Hello, everyone --let's review the Apache community's activities from over the past week:
ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.- Next Board Meeting: 15 December 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html
ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
-
7M+ weekly checks yield uptime at 99.80%. Performance checks across 50
different service components spread over more than 250 machines in data
centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.
Apache Code Snapshot – Over the past week, 286 Apache Committers changed 2,227,208 lines of code over 2,986 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Mark Thomas, Sylwester Lachiewicz, Andi Huber, and Claus Ibsen.
Apache Project Announcements – the latest updates by category.
Apache Attic --provides process and solutions when an Apache project has reached its end of life.
- Apache Joshua is now retired
Big Data --
- Apache Kyuubi (incubating) 1.4.0-incubating released
IDE --
- Apache NetBeans 12.6 released
Libraries --
- Apache Daffodil 3.2.0 released
- Apache Log4j 2.15.0 released
-- CVE-2021-44228: JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
Observability --
- Apache SkyWalking 8.9.0, Satellite 0.4.0, and Kubernetes 4.2.0 released
Programming Languages --
- Apache Groovy 4.0.0-rc-1 released
Search --
- Apache Lucene 9.0.0 released
Servers --
- Apache Tomcat 10.1.0-M8 (alpha), 10.0.14, and 9.0.56 released
- Apache HttpComponents Core 4.4.15 released
Did You Know?
- Did you know that Banco Central Do Brasil uses Apache Wicket for its Central Bank's Circulation Management System?
- Did you know that the Apache Pinot Annual Recap and Roadmap MeetUp has been rescheduled to 13 December?
- Did you know that individuals and organizations can support the ASF through one-time and repeat donations (weekly/monthly/quarterly/annually) online using ACH, credit card, and PayPal, as well as Apple Pay, Google Pay, and Microsoft Pay (using your mobile device)? https://donate.apache.org/
Apache Community Notices
- The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ
- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min]
- ASF Annual Report: FY2021 -- Press release and Report (PDF)
- The Apache Way to Sustainable Open Source Success
- Foundation Reports and Statements
- Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.
- "Success at Apache" focuses on the people and processes behind why the ASF "just works."
- Inside Infra: the new interview series with members of the ASF infrastructure team --meet
Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
Drew Foulks https://s.apache.org/InsideInfra-Drew
Greg Stein Part I https://s.apache.org/InsideInfra-Greg
...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
Chris Lambertus Part I https://s.apache.org/InsideInfra-ChrisL and Part II https://s.apache.org/InsideInfra-ChrisL2
- Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn.
- Follow the Apache Community on Facebook and Twitter.
Stay updated about The ASF
For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.
Posted at 09:43PM Dec 13, 2021
by Swapnil M Mane in Newsletter |
|
The Apache Weekly News Round-up: week ending 3 December 2021
Welcome, December --we're opening the month with another great week. Here's what the Apache community has been up to:
Apache Month in Review – a round-up of our Round-ups and other newsworthy bits over the past month.
- November Month in Review
- Next Board Meeting: 15 December 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html
ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
-
7M+ weekly checks yield uptime at 99.74%. Performance checks across 50
different service components spread over more than 250 machines in data
centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.
Apache Code Snapshot – Over the past week, 286 Apache Committers changed 9,525,136 lines of code over 4,725 commits. Top 5 contributors, in order, are: Krist Wongsuphasawat, Jesse Yang, Yongjie Zhao, Gary Gregory, and Ville Brofeldt.
Apache Project Announcements – the latest updates by category.
APIs --
- Apache APISIX 2.11.0 released
- Apache Wicket 9.7.0 released
Did You Know?
- Did you know that the following Apache Projects are celebrating anniversaries this month? Congratulations to Apache Ant (19 years); HttpComponents (14 years); Attic, Buildr, CouchDB, and Qpid (13 years); Community Development (12 years); OODT and ZooKeeper (11 years); Kafka and Syncope (9 years); Ambari (8 years); BookKeeper and Drill (7 years); Brooklyn, Groovy, Kylin, and REEF (6 years); Geode (5 years); Guacamole and Impala (4 years); Griffin (3 years); Petri (2 years); Superset and TVM (1 year)!
- Did you know that Apache Hudi enables streaming of hundreds of terabytes of data into data lakes each day?
- Did you know that individual and corporate donations help the all-volunteer ASF continue to steward 350+ Apache Projects and their communities, and provide more than $22B worth of Apache software to the public good at 100% no charge? https://donate.apache.org/
Apache Community Notices
- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min]
- ASF Annual Report: FY2021 -- Press release and Report (PDF)
- The Apache Way to Sustainable Open Source Success
- Foundation Reports and Statements
- Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.
- "Success at Apache" focuses on the people and processes behind why the ASF "just works."
- Inside Infra: the new interview series with members of the ASF infrastructure team --meet
Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
Drew Foulks https://s.apache.org/InsideInfra-Drew
Greg Stein Part I https://s.apache.org/InsideInfra-Greg
...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
Chris Lambertus Part I https://s.apache.org/InsideInfra-ChrisL and Part II https://s.apache.org/InsideInfra-ChrisL2
- Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn.
- Follow the Apache Community on Facebook and Twitter.
Stay updated about The ASF
For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.
Posted at 02:50PM Dec 06, 2021
by Swapnil M Mane in Newsletter |
|
Apache Month in Review: November 2021
Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in November [video highlights available] :
New This Month --
- Sponsor Success at Apache - the blog series that focuses on the people and processes behind why the ASF "just works", featuring insights and experiences from the perspective of select ASF Sponsors. The latest entry is "Exploration and Practice of the Apache Way in Tencent" by Mark Shan.
- Apache Month in Review: October 2021
Important Dates --
- Next Board Meeting: 15 December 2021. Board calendar and minutes
- Apache TVM TVMCon - 15-17 December 2021
Infrastructure --
Committer Activity --
In November, 628 Apache Committers changed 39,505,956 lines of code over 18,511 commits. The Committers with the top 5 highest contributions, in order, were: Krist Wongsuphasawat, Jesse Yang, Ville Brofeldt, Yongjie Zhao, and Mark Thomas.
Project Releases and Updates --
New releases from Apache Airflow (Big Data); APISIX (API); Arrow (Big Data); Avro (Big Data); Beam (Big Data); Camel (Integration); CloudStack (Cloud Computing); Commons CLI (Libraries); DolphinScheduler (Workflow); Groovy (Programming Languages); HttpComponents (Servers); IoTDB (IoT); Jackrabbit (Content); JSPWiki (Content); Kafka (Big Data); Lucene (Search); MINA (Network Client/Server); NiFi (Big Data); OFBiz (Enterprise Processes Automation / ERP); Ozone (Big Data); POI (Content); Qpid (Messaging); ShardingSphere (Big Data); Skywalking (Application Performance Management); Solr (Search); Struts (Web Frameworks); Superset (Big Data); Tomcat (Servers); Traffic Control (Servers); Traffic Server (Servers); Wicket (Web Frameworks).
Apache Project Anniversaries in November: Apache Ant (19 years); HttpComponents (14 years); Attic, Buildr, CouchDB, and Qpid (13 years); Community Development ("ComDev", 12 years); OODT and ZooKeeper (11 years); Kafka and Syncope (9 years); Ambari (8 years); BookKeeper, Drill, and MetaModel (7 years); Brooklyn, Groovy, Kylin, and REEF (6 years); Geode (5 years); Guacamole, Impala, and Mnemonic (4 years); Griffin (3 years); Petri (2 years); and Superset and TVM (1 year). Many happy returns!
The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. More than three dozen projects are currently undergoing development in the Apache Incubator.
# # #
To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!
Posted at 04:54PM Dec 01, 2021
by Swapnil M Mane in Newsletter |
|