The Apache Software Foundation Blog

Monday December 27, 2021

The Apache Weekly News Round-up: week ending 24 December 2021

Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 317 Apache Committers changed 9,133,089 lines of code over 3,258 commits. Top 5 contributors, in order, are: Gary Gregory, Harikrishna Patnala, Claus Ibsen, Duo Zhang, and Andi Huber.

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache NiFi 1.15.2 released
 - Apache HBase 3.0.0-alpha-2 released
 - Apache Parquet 1.11.2 and 1.12.2 released
   -- CVE-2021-41561: Potential DoS in case of malicious Parquet file

Build Management --
 - Apache Archiva 2.2.7 released

Content --
 - Apache JSPWiki 2.11.1 released
 - Apache Traffic Control 6.0.2 released
 - Apache Jackrabbit FileVault 3.5.8  released
 - Apache Tika 1.28 and 2.2.1 released

Databases --
 - Apache Geode 1.12.7, 1.13.6, and 1.14.2 released 

Data Management Platform --
 - Apache Ignite 2.11.1 released

IoT --
 - Apache PLC4X 0.9.1 released
   -- CVE-2021-43083: Buffer overflow in PLC4C via crafted server response 

Enterprise Processes Automation / ERP --
 - Apache OFBiz 18.12.04 released 

Libraries --
 - Apache Log4j 2.3.1, 2.12.3, and 2.17.0 released
   -- CVE-2021-45105: Log4j2 does not always protect from infinite recursion in lookup evaluation
 - Apache MXNet (Incubating) 1.9.0 released
 - Apache Daffodil 3.2.1 released

Mail --
  - Apache James 3.6.1 released 

Messaging -- 
 - Apache Qpid JMS 0.60.1, 0.61.0, 1.4.1, and 1.5.0 released
 - Apache Pulsar 2.9.1 released 

Search --
 - Apache Lucene 8.11.1 released
 - Apache Solr 8.11.1 released
   -- CVE-2021-44548: Apache Solr information disclosure vulnerability through DataImportHandler 

Servers --
 - Apache HTTP Server 2.4.52 released
   -- CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua
   -- CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations
 - Apache HttpComponents Core 5.1.3 GA released

Web Frameworks--
- Apache Struts 2.5.28.1 and 2.5.28.2 released 

Workflow --
 - Apache DolphinScheduler 2.0.1 released
 - Apache Airflow 2.2.3 released


Did You Know?

 - Did you know that ASF Security posted the status of more than three dozen Apache Projects in relation to the recent Apache Log4j vulnerability? https://blogs.apache.org/security/entry/cve-2021-44228 (please check individual projects not included in this list for updates)

 - Did you know that Apache Roller (which powers blogs.apache.org) new v6.1.0 contains upgrades for more than a dozen dependencies (including Log4j), along with many bug fixes and improvements to the code base? https://roller.apache.org/

 - Did you know that tax-deductible donations support the ASF's day-to-day operations that benefit 350+ Apache Projects and their communities? Donate online using ACH, credit card, PayPal, Apple Pay, Google Pay, and Microsoft Pay https://donate.apache.org/

Apache Community Notices

 - The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn

 - Follow the Apache Community on Facebook and Twitter

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos.


Stay updated about The ASF

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Monday December 20, 2021

The Apache Weekly News Round-up: week ending 17 December 2021

We're wrapping up another great week with the following activities from the Apache community:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 346 Apache Committers changed 1,957,663 lines of code over 3,699 commits. Top 5 contributors, in order, are: Sebastian Bazley, Claus Ibsen, Owen Nichols, Gary Gregory, and Daniel Gruno.  

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Druid 0.22.1 released
 - Apache Calcite Avatica 1.20.0 released
 - Apache NiFi 1.15.1 released
 - Apache Flink 1.14.2, 1.13.5, 1.12.7, and 1.11.6 released 

Build Management --
 - Apache Archiva 2.2.6 released

Content --
 - Apache Jackrabbit 2.21.9  released
 - Apache Tika 2.2.0 released
 - Apache PDFBox 2.0.25 released 

Databases --
 - Apache Geode 1.12.6, 1.13.5, and 1.14.1 released 

Enterprise Processes Automation / ERP --
 - Apache OFBiz 18.12.03 released

Identity Management --
 - Apache Fortress 2.0.7 released 

Integration --
 - Apache Camel 3.14.0 released

Libraries --
 - Apache Log4j 2.12.2 and 2.16.0 released
   -- CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
   -- CVE-2021-45046: Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

Search --
 - Apache Solr 8.11.1 released 

Servers --
 - Apache HttpComponents HttpAsyncClient 4.1.5 GA released 

Testing --
 - Apache JMeter 5.4.2 released 

Web Frameworks --
 - Apache Struts 2.5.28 released


Did You Know?

 - Did you know that the Apache Logging Services Project Management Committee (PMC) worked around the clock to release v.2.15.0 and v2.16.0 to address the critical Log4j RCE vulnerability? https://logging.apache.org/log4j/2.x/

 - Did you know that many Apache Projects and their communities have provided patches, fixes, or guidelines for their users to mitigate the recent Apache Log4j Zero Day vulnerability? Check the list of Apache Projects affected by the Log4j CVE https://blogs.apache.org/security/entry/cve-2021-44228 , and read our published statement and FAQs at https://blogs.apache.org/foundation/entry/apache-log4j-cves for more information.

 - Did you know that the Apache Local Chapter/Beijing recently celebrated its 2-year anniversary, joining Indore (2.5 years), Warsaw and Budapest (1.5 years), Lagos (4 months), and Shenzhen (launching this week!)? 

- Did you know that individuals and organizations can support the ASF through one-time and recurring tax-deductible donations online using ACH, credit card, and PayPal, as well as Apple Pay, Google Pay, and Microsoft Pay (using your mobile device)? https://donate.apache.org/

Apache Community Notices

 - The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn

 - Follow the Apache Community on Facebook and Twitter

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos.


Stay updated about The ASF

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Monday December 13, 2021

The Apache Weekly News Round-up: week ending 10 December 2021

Hello, everyone --let's review the Apache community's activities from over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 December 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.80%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 286 Apache Committers changed 2,227,208 lines of code over 2,986 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Mark Thomas, Sylwester Lachiewicz, Andi Huber, and Claus Ibsen.

Apache Project Announcements – the latest updates by category.

Apache Attic --provides process and solutions when an Apache project has reached its end of life.
 - Apache Joshua is now retired

Big Data --
 - Apache Kyuubi (incubating) 1.4.0-incubating released

IDE --
 - Apache NetBeans 12.6 released

Libraries --
 - Apache Daffodil 3.2.0 released
 - Apache Log4j 2.15.0 released
   -- CVE-2021-44228: JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Observability --
- Apache SkyWalking 8.9.0, Satellite 0.4.0, and Kubernetes 4.2.0 released

Programming Languages --
 - Apache Groovy 4.0.0-rc-1 released

Search --
 - Apache Lucene 9.0.0 released

Servers --
 - Apache Tomcat 10.1.0-M8 (alpha), 10.0.14, and 9.0.56 released
 - Apache HttpComponents Core 4.4.15 released


Did You Know?

 - Did you know that Banco Central Do Brasil uses Apache Wicket for its Central Bank's Circulation Management System?

 - Did you know that the Apache Pinot Annual Recap and Roadmap MeetUp has been rescheduled to 13 December?

 - Did you know that individuals and organizations can support the ASF through one-time and repeat donations (weekly/monthly/quarterly/annually) online using ACH, credit card, and PayPal, as well as Apple Pay, Google Pay, and Microsoft Pay (using your mobile device)? https://donate.apache.org/

Apache Community Notices

 - The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn

 - Follow the Apache Community on Facebook and Twitter

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos.


Stay updated about The ASF

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Monday December 06, 2021

The Apache Weekly News Round-up: week ending 3 December 2021

Welcome, December --we're opening the month with another great week. Here's what the Apache community has been up to:

Apache Month in Review – a round-up of our Round-ups and other newsworthy bits over the past month.
 - November Month in Review

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 December 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.74%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 286 Apache Committers changed 9,525,136 lines of code over 4,725 commits. Top 5 contributors, in order, are: Krist Wongsuphasawat, Jesse Yang, Yongjie Zhao, Gary Gregory, and Ville Brofeldt.

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX 2.11.0 released

Web Frameworks -
 - Apache Wicket 9.7.0 released


Did You Know?

 - Did you know that the following Apache Projects are celebrating anniversaries this month? Congratulations to Apache Ant (19 years); HttpComponents (14 years); Attic, Buildr, CouchDB, and Qpid (13 years); Community Development (12 years); OODT and ZooKeeper (11 years); Kafka and Syncope (9 years); Ambari (8 years); BookKeeper and Drill (7 years); Brooklyn, Groovy, Kylin, and REEF (6 years); Geode (5 years); Guacamole and Impala (4 years); Griffin (3 years); Petri (2 years); Superset and TVM (1 year)!

 - Did you know that Apache Hudi enables streaming of hundreds of terabytes of data into data lakes each day?

 - Did you know that individual and corporate donations help the all-volunteer ASF continue to steward 350+ Apache Projects and their communities, and provide more than $22B worth of Apache software to the public good at 100% no charge? https://donate.apache.org/

Apache Community Notices

- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn

 - Follow the Apache Community on Facebook and Twitter

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos.


Stay updated about The ASF

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Wednesday December 01, 2021

Apache Month in Review: November 2021

Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in November  [video highlights available] :

New This Month --

- Sponsor Success at Apache - the blog series that focuses on the people and processes behind why the ASF "just works", featuring insights and experiences from the perspective of select ASF Sponsors. The latest entry is "Exploration and Practice of the Apache Way in Tencent" by Mark Shan.

- Apache Month in Review: October 2021


Important Dates --

- Next Board Meeting: 15 December 2021. Board calendar and minutes

- Apache TVM TVMCon - 15-17 December 2021


Infrastructure --

Our seven-member Infrastructure team on three continents oversees our highly-reliable, distributed network under the leadership of VP Infrastructure David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure supports 300+ Apache projects and their communities across ~200 individual machines, 1,400+ repositories, 5-6PB in traffic annually, ~75M downloads per month, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly checks to ensure services are available around the clock. The average uptime in November was 100.00%. http://www.apache.org/uptime/


Committer Activity --

In November, 628 Apache Committers changed 39,505,956 lines of code over 18,511 commits. The Committers with the top 5 highest contributions, in order, were: Krist Wongsuphasawat, Jesse Yang, Ville Brofeldt, Yongjie Zhao, and Mark Thomas. 


Project Releases and Updates --

New releases from Apache Airflow (Big Data); APISIX (API); Arrow (Big Data); Avro (Big Data); Beam (Big Data); Camel (Integration); CloudStack (Cloud Computing); Commons CLI (Libraries); DolphinScheduler (Workflow); Groovy (Programming Languages); HttpComponents (Servers); IoTDB (IoT); Jackrabbit (Content); JSPWiki (Content); Kafka (Big Data); Lucene (Search); MINA (Network Client/Server); NiFi (Big Data); OFBiz (Enterprise Processes Automation / ERP); Ozone (Big Data); POI (Content); Qpid (Messaging); ShardingSphere (Big Data); Skywalking (Application Performance Management); Solr (Search); Struts (Web Frameworks); Superset (Big Data); Tomcat (Servers); Traffic Control (Servers); Traffic Server (Servers); Wicket (Web Frameworks).


Apache Project Anniversaries in November: Apache Ant (19 years); HttpComponents (14 years); Attic, Buildr, CouchDB, and Qpid (13 years); Community Development ("ComDev", 12 years); OODT and ZooKeeper (11 years); Kafka and Syncope (9 years); Ambari (8 years); BookKeeper, Drill, and MetaModel (7 years); Brooklyn, Groovy, Kylin, and REEF (6 years); Geode (5 years); Guacamole, Impala, and Mnemonic (4 years); Griffin (3 years); Petri (2 years); and Superset and TVM (1 year). Many happy returns!

The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. More than three dozen projects are currently undergoing development in the Apache Incubator.

# # #

To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!


Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation