The Apache Software Foundation Blog

Sunday March 01, 2020

Apache Month in Review: February 2020

Welcome to the second monthly overview of events from the Apache community, brought to you by the just-released Apache Roller, v.6.0 (Roller is our blogging software that we use every day). Here's a summary of what happened in February:

New this month --

 - Happy 25th Anniversary, Apache HTTP Server! http://httpd.apache.org/

 - Happy 20th Anniversary, Apache Subversion! https://s.apache.org/ApacheSVN20

 - "Success at Apache: Literally" by Chris Thistlethwaite https://s.apache.org/xjcrj

 - Apache Month in Review: January 2020 https://blogs.apache.org/foundation/date/20200205


Important Dates --

 - Next Board Meeting: 18 March 2020. http://apache.org/foundation/board/calendar.html

 - Apache Roadshow/DC 25 March --Registration Open; Sponsorships available-- topics include Apache Projects and CARE Initiatives, Cybersecurity, and Start‑Ups. Held in partnership with George Mason University https://www.apachecon.com/usroadshowdc20/

 - Apache Roadshow/Chicago 18-19 May --CFP Open; Sponsorships available-- https://www.apachecon.com/chiroadshow20

 - Apache Roadhshow/Seattle 10-12 June --Sponsorships available https://www.apachecon.com/searoadshow20

 - ApacheCon North America/New Orleans 28 September-2 October --CFP Open; Sponsorships available-- tracks include Big Data, Cloud, Community, Content Delivery, FinTech, Geospatial, Graphing, IoT, Observability, Search, Servers, and more. https://www.apachecon.com/


Infrastructure --

Our seven-member Infrastructure team on three continents oversees our highly-reliable, distributed network under the leadership of VP Infrastructure David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure supports 300+ Apache projects and their communities across ~200 individual machines, 1,400+ repositories, more than half a petabyte of software source releases, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly checks to ensure services are available around the clock. The average uptime in February was 99.91%.


Committer Activity --

In February, 773 Apache Committers changed 4,756,280 lines of code over 12,812 commits. The Committers with the top 5 highest contributions, in order, were: Andrea Cosentino, Paul J. Davis, Claus Ibsen, Duo Zhang, and Mark Thomas.


Project Releases and Updates --

New releases from Apache Arrow (Big Data); Avro (Big Data); Beam (Big Data); Commons (Libraries); DeltaSpike (Libraries); Flink (Big Data); Groovy (Programming Languages); Guacamole (Network-Client); HBase (Big Data); HttpComponents (Servers); Jackrabbit (Content); Kylin (Big Data); NiFi (Big Data); OFBiz (ERP); PDFBox (Content); POI (Content); Qpid (Messaging); Tomcat (Servers); Velocity (Libraries).

The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. Releases from incubating podlings include APISIX (Cloud-native microservices API gateway) and Milagro (Cryptography) ...also, welcome NLPCraft (Java API for NLU apps) as the latest podling undergoing development in the Apache Incubator http://incubator.apache.org/

# # #

To see our Weekly News Round-ups, visit https://blogs.apache.org/foundation/ and click on the calendar in the upper-right side (we publish every Friday). For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter.

Friday February 28, 2020

The Apache News Round-up: week ending 28 February 2020

Farewell, February --we're wrapping up the month with another great week. Here are the latest updates on the Apache community's activities:

Happy 20th Anniversary Apache Subversion! Huzzah to the community-led version control software and source code management tool https://s.apache.org/ApacheSVN20

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 18 March 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 1) Apache Roadshow/DC --25 March in CHANTILLY, VA. Registration open; Sponsorship opportunities available. Topics include Apache Projects & CARE Initiatives (with George Mason University Center for Assurance Research & Engineering); Cybersecurity; and Open Source Software in Start-Ups. https://www.apachecon.com/usroadshowdc20/
 2) Apache Roadshow/Chicago --18-19 May in CHICAGO, IL. CFP open. Sponsorship opportunities available. https://www.apachecon.com/chiroadshow20/
 3) Apache Roadshow/Seattle --10-12 June in REDMOND, WA. Sponsorship opportunities available. Topics include Data and Analytics, ML and AI, Java, Cloud, Containers, Servers, and Web Frameworks. https://www.apachecon.com/searoadshow20
 4) ApacheCon North America --28 September - 2 October in NEW ORLEANS, LA. CFP open; Registration open; Sponsorship opportunities available. Topics include Big Data Integration, Community, IoT, Search, Geospatial, Graphing, Integration, Servers, and more. Apache Project content includes Camel, Cassandra, Cloudstack, Fineract, Flagon, Gobblin, Groovy, HTTP Server, Ignite, Karaf, Observability, Solr/Lucene, Tomcat, and Traffic Server/Traffic Control, among others. https://www.apachecon.com/acna2020/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.96%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 908 Apache contributors changed 12,988,552 lines of code over 3,974 commits. Top 5 contributors, in order, are: Paul Davis, Nick Vatamaniuc, Carlos Rovira, Andrea Cosentino, and Nicola Ferraro. 

Apache Project Announcements – the latest updates by category.

API --
 - Apache APISIX 1.1 and Dashboard 1.0 (Incubating) released https://apisix.apache.org/

Big Data --
 - Apache NiFi 1.11.2 and 1.11.3 released https://nifi.apache.org/
 - Apache Kylin 2.6.5 and 3.0.1 released https://kylin.apache.org/

Content --
 - Apache PDFBox 2.0.19 released
https://pdfbox.apache.org/

Servers --
 - Apache HttpComponents Client 5.0 GA released https://hc.apache.org/
 - Apache Tomcat 10.0.0-M1 released https://tomcat.apache.org/


Did You Know?

 - Did you know that new podlings undergoing development in the Apache Incubator include NLPCraft (natural language processing resource scheduler), NuttX (real-time embedded operating system), and YuniKorn (standalone Big Data resource scheduler)?http://incubator.apache.org/projects/#current

 - Did you know that Target uses Apache Druid for their enterprise-scale dashboarding/analytics platform? http://druid.apache.org/

 - Did you know that Apache Open Office has a new English dictionaries extension release? http://openoffice.apache.org/


Apache Community Notices:

 - Apache Month In Review: January 2020 – overview of events that have taken place within the Apache community https://s.apache.org/1bbb1

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - Pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Thursday February 27, 2020

The Apache Software Foundation Announces 20th Anniversary of Apache® Subversion®

Community-led Version Control Software and Source Code Management Tool Available on Most Integration Servers, Integrated Development Environments, Issue Tracking Systems, and more. 

Wakefield, MA —27 February 2020— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the 20th Anniversary of Apache® Subversion®, the popular centralized software version control system.

Apache Subversion ("SVN") allows users to commit code, manage changes, and recover previous versions of all sorts of data across files and directories. Subversion is ideal for distributed teams who need to easily audit and act on modification logs and versioning history across projects. Subversion originated at CollabNet in 2000 as an effort to create an Open Source version-control system similar to the then-standard CVS (Concurrent Versions System) but with additional features and functionality. Subversion was submitted to the Apache Incubator In November 2009, and became an Apache Top-Level Project in February 2010.

"We are very proud of Subversion's long history, and remain committed to our mission statement," said Stefan Sperling, Vice President of Apache Subversion. "Subversion has moved well beyond its initial goal of creating a compelling replacement for CVS. In 2010 our mission statement was updated to ‘Enterprise-class centralized version control for the masses’.”

Over its 20-year history, Subversion has grown to become the most popular version control system on the market, and remains the leading centralized versioning and revision control software today. Millions of users worldwide depend on the collaboration-friendly system to easily access all files and historical data simultaneously without code conflicts or corruption. Subversion accommodates a wide variety of integrated development environments (IDEs), and is well-suited for large projects. 

Apache Subversion has been broadly adopted for mission-critical code distribution and collaboration workflow by Adobe Dreamweaver, Eclipse, Google, Halliburton, Microsoft Visual Studio, Python, Ruby, Skype, SourceForge, and WordPress, among many organizations and development communities. The ASF uses Apache Subversion in its own infrastructure, housing millions of lines of code in more than 1.8 Million commits across 300 Apache Top-Level Projects and sub-projects.

"One of the best decisions of my life was emailing up Karl (Fogel) to see if he was interested in moving the Open Source community beyond CVS," said Brian Behlendorf, co-founder of CollabNet and co-founder of The Apache Software Foundation. "Essential to Subversion's success was the core team of Karl, Ben (Collins-Sussman), and Mike (Pilato) working publicly, spending the difficult time on design docs and helping newbies up the learning curve, with the goal of building as a community what three people (even the best) alone could not do. 20 years later I'm not surprised to see it continuing to innovate, to add features, to fix bugs, and to push the envelope forward. Git still needs competition :) But it's also the best example, and essential example, for why community matters more than code. It's the Subversion community that made it successful, that made the code continuously better, that left no CVS user behind, and that did so with the technical precision and super-human decency all other projects should aspire to."

"Twenty years later, Subversion is no longer the upstart -- it is mature software, and still going strong," said Karl Fogel, original founding developer of Subversion, and Partner at Open Tech Strategies. "Subversion continues to be widely used, especially in enterprise settings, because of its reliability, the simplicity of its conceptual model, its ability to handle large files, and features like path-based access control and optional file-locking. In situations where Subversion's centralized model is the right tool for the job, it really shines: we use it for our entire internal corporate tree, for example, because the path-based authorization is crucial. To get some other viewpoints on where Subversion has come over 20 years, I took a walk through the main project's support forums and the forums of TortoiseSVN, the popular open source SVN client application for Windows. I was delighted by what I saw: a diversity of uses and users, fast and helpful responses, and a focus on practical needs. Starting two decades ago, Subversion helped bring version control beyond developers to a wider audience, and it continues to do that today."

"Today we've got a plethora of fast, reliable, and efficient version control systems, but twenty years ago we had exactly zero: CVS was the only widely used version control system and it still failed in unpredictable ways (including bitrot that was undetectable until you tried to check out old code)," said Brian Fitzpatrick, one of Subversion’s earlier developers. "Even though most people use Git today in the Open Source world, Subversion was the catalyst that allowed folks to move from CVS to Git and so many other modern day version control systems. While the core team wrote a great deal of Subversion's code, we also spent a great deal of time communicating outside of our office in Chicago in an effort to build a larger Subversion community--an effort that eventually paid off more than tenfold."

"When we gathered in my basement in early 2000, thinking about what paths Subversion should follow, none of us imagined what would be accomplished over the next twenty years," said Greg Stein, an early developer of Subversion, and former Vice President of Apache Subversion. "We focused on improving the experience of CVS users and administrators. We overshot our own expectations within just a few years, creating a system that millions have found worthy. From our humble beginnings, I couldn't be more proud of what the community has accomplished."

"Technology is at its best when it brings people together," said Matt Mullenweg, Founder and Lead Developer at the WordPress Foundation. "SVN has brought countless people together over the years and I wish it much continued success."

"Reliable and powerful version management is essential for our product development. Today, more than 100 of our employees regularly use Apache Subversion with several million lines of source code in our Subversion repository," said Roland Wagner, Head of Product Marketing at CODESYS Group. "Our success with Subversion convinced us to become the first company to develop a connected product for the area of industrial automation with the launch of CODESYS SVN. Many of the over 100,000 CODESYS users worldwide work with CODESYS SVN whichsignificantly simplifies the development of their industrial IEC 61131-3 application software, when realizing automation projects for factories and plants, mobile machines, buildings and energy systems. We thank and congratulate the Subversion community on its 20th anniversary!"

"After 20 years, Apache Subversion continues to deliver on our goal with a stable and portable version control system that powers software projects of all sizes being developed on any of the popular operating system platforms," added Sperling. "Apache Subversion repositories store valuable mission-critical assets of companies and organizations across the globe. Subversion remains an essential source code management tool for developers at every level --we welcome their participation on our lists and community."

Availability and Oversight
Apache Subversion software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Subversion, visit http://subversion.apache.org/

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation is the world’s largest Open Source foundation, stewarding 200M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 765 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with 7,200 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 has become an industry standard within the Open Source world, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Anonymous, ARM, Baidu, Bloomberg, Budget Direct, Capital One, CarGurus, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Huawei, IBM, Indeed, Inspur, Leaseweb, Microsoft, ODPi, Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, Tencent, Union Investment, Workday, and Verizon Media. For more information, visit http://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "Subversion", "Apache Subversion", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Friday February 21, 2020

The Apache News Round-up: week ending 21 February 2020

It's Friday already! We're wrapping up another great week with the following activities:

Happy 25th Anniversary Apache HTTP Server! Raise a glass to the project and community that started it all. Hats off for its longevity as the world's most popular Web server for a quarter century. Many happy returns http://httpd.apache.org/

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 18 March 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 1) Apache Roadshow/DC --25 March in CHANTILLY, VA. Registration open; Sponsorship opportunities available. Topics include Apache Projects & CARE Initiatives (with George Mason University Center for Assurance Research & Engineering); Cybersecurity; and Open Source Software in Start-Ups. https://www.apachecon.com/usroadshowdc20/
 2) Apache Roadshow/Chicago --18-19 May in CHICAGO, IL. CFP open. Sponsorship opportunities available. https://www.apachecon.com/chiroadshow20/
 3) Apache Roadshow/Seattle --10-12 June in REDMOND, WA. Sponsorship opportunities available. Topics include Data and Analytics, ML and AI, Java, Cloud, Containers, Servers, and Web Frameworks. https://www.apachecon.com/searoadshow20
 4) ApacheCon North America --28 September - 2 October in NEW ORLEANS, LA. CFP open; Registration open; Sponsorship opportunities available. Topics include Big Data Integration, Community, IoT, Search, Geospatial, Graphing, Integration, Servers, and more. Apache Project content includes Camel, Cassandra, Cloudstack, Fineract, Flagon, Gobblin, Groovy, HTTP Server, Ignite, Karaf, Observability, Solr/Lucene, Tomcat, and Traffic Server/Traffic Control, among others. https://www.apachecon.com/acna2020/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.93%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 810 Apache contributors changed 4,791,832 lines of code over 3,495 commits. Top 5 contributors, in order, are: Andrea Cosentino, Claus Ibsen, Andi Huber, Bharath Vissapragadam, and Carlos Rovira.  

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Avro 1.9.2 released https://avro.apache.org/
 - Apache HBase 2.1.9 released https://hbase.apache.org/

Content --
 - Apache Jackrabbit 2.21.0 and Oak 1.4.26 released https://jackrabbit.apache.org/
 - Apache POI 4.1.2 released https://poi.apache.org/

Messaging --
 - Apache Qpid Broker-J 7.1.8 released https://qpid.apache.org/

Programming Languages --
 - Apache Groovy 3.0.1 released https://groovy.apache.org/

Servers --
 - Apache Tomcat 7.0.100 released https://tomcat.apache.org/
 - Apache HttpComponents Core 5.0 GA released https://hc.apache.org/


Did You Know?

 - Did you know that newcomers to Apache are encouraged to get started and learn about The Apache Way with the friendly folks at ASF's Community Development (ComDev) project? http://community.apache.org/

 - Did you know that Boston Children's Hospital uses Apache cTAKES to link phenotypic and genomic data for the Precision Link Biobank? http://ctakes.apache.org/

 - Did you know that Netflix uses Apache Druid to optimize streaming in real time? http://druid.apache.org/

Apache Community Notices:

 - Apache Month In Review: January 2020 – overview of events that have taken place within the Apache community https://s.apache.org/1bbb1

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - Pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday February 14, 2020

The Apache News Round-up: week ending 14 February 2020

Happy Friday (and Valentine's Day for those who celebrate) --let's review what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 February 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 1) Registration open; Sponsorship opportunities available: Apache Roadshow/DC --25 March in CHANTILLY, VA. Topics include Apache Projects & CARE Initiatives (with  George Mason University Center for Assurance Research & Engineering); Cybersecurity; and Open Source Software in Start-Ups. https://www.apachecon.com/usroadshowdc20/
 2) CFP open. Sponsorship opportunities available: Apache Roadshow/Chicago --18-19 May in CHICAGO, IL. https://www.apachecon.com/chiroadshow20/
 3) Sponsorship opportunities available. Apache Roadshow/Seattle --10-12 June in REDMOND, WA. Topics include Data and Analytics, ML and AI, Java, Cloud, Containers, Servers, and Web Frameworks. https://www.apachecon.com/searoadshow20
 4) CFP open; Registration open; Sponsorship opportunities available: ApacheCon North America --28 September - 2 October in NEW ORLEANS, LA. Topics include Big Data Integration, Community, IoT, Search, Geospatial, Graphing, Integration, Servers, and more. Apache Project content includes Camel, Cassandra, Cloudstack, Fineract, Flagon, Gobblin, Groovy, HTTP Server, Ignite, Karaf, Observability, Solr/Lucene, Tomcat, and Traffic Server/Traffic Control, among others. https://www.apachecon.com/acna2020/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.85%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 943 Apache contributors changed 3,276,658 lines of code over 3,818 commits. Top 5 contributors, in order, are: Andrea Tarocchi, Andrea Cosentino, Claus Ibsen, Lukasz Lenart, and Duo Zhang.

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Arrow 0.16.0 released https://arrow.apache.org/

Content --
 - Apache Jackrabbit Oak 1.22.1 released https://jackrabbit.apache.org/

Cryptography
 - Apache Milagro (Incubating) Crypto-C V2.0.1 released https://milagro.apache.org/

Libraries --
 - Apache Commons Compress 1.20 released https://commons.apache.org/compress/
 - Apache Commons CSV 1.8 released https://commons.apache.org/proper/commons-csv/

Programming Languages --
 - Apache Groovy 3.0.0 released https://groovy.apache.org/

Servers --
 - Apache Tomcat 8.5.51 and 9.0.31 released http://tomcat.apache.org/


Did You Know?

 - Did you know that Apache Impala now supports Apache Hudi (incubating), Hive, and ORC? http://impala.apache.org/

 - Did you know that the Apache NetBeans C/C++ donation by Oracle is nearing completion? Review and final stage countdown is on https://lists.apache.org/thread.html/rc62f519d5a203d1624cbc5116e0db399fed8ce7560bc7594a93e6fd8%40%3Cdev.netbeans.apache.org%3E

 - Did you know that you can access your favorite Apache project logos at http://apache.org/logos/ ?

Apache Community Notices:

 - Apache Month In Review: January 2020 – overview of events that have taken place within the Apache community https://s.apache.org/1bbb1

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday February 07, 2020

The Apache News Round-up: week ending 7 February 2020

Welcome, February! We're wrapping up another great week with the following activities:

ASF Security Report 2019 – the state of security across all Apache projects with key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues https://s.apache.org/tbyxg

Success at Apache – the monthly blog series that focuses on the people and processes behind why the ASF "just works".
 - "Success at Apache: Literally" by Chris Thistlethwaite https://s.apache.org/xjcrj

Apache Month In Review: January 2020 – a new monthly overview of events that have taken place within the Apache community https://s.apache.org/1bbb1

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 February 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFP Open: ApacheCon North America - 28 September - 2 October - tracks include Big Data, Cloud, Community, Content Delivery, FinTech, Geospatial, Graphing, IoT, Observability, Search, Servers, and more. https://www.apachecon.com/
 - Registration Open: Apache Roadshow/DC - 25 March - topics include Apache projects in CARE initiatives, cybersecurity, start-ups, and more. https://www.apachecon.com/usroadshowdc20/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.89%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 879 Apache contributors changed 2,008,768 lines of code over 3,559 commits. Top 5 contributors, in order, are: Andrea Cosentino, Claus Ibsen, Jean-Baptiste Onofré, Mark Thomas, and Tilman Hausherr.    

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Flink 1.9.2 released https://flink.apache.org/
 - Apache Beam 2.19.0 released https://beam.apache.org/
 - Apache NiFi 1.11.1 released https://nifi.apache.org/

Content --
 - Apache Jackrabbit Oak 1.6.20 and 1.8.20 released https://jackrabbit.apache.org/

Enterprise Processes Automation / ERP --
 - Apache OFBiz 16.11.07 released https://ofbiz.apache.org

Libraries --
 - Apache Velocity Engine 2.2 released https://velocity.apache.org/
 - Apache DeltaSpike 1.9.3 released https://deltaspike.apache.org/

Network Client --
 - Apache Guacamole 1.1.0 released https://guacamole.apache.org/

Did You Know?

 - Did you know that the following Apache projects are celebrating their anniversaries this month? Many happy returns to Apache HTTP Server (25 years!); Gump and Portals (16 years); Directory, MyFaces, and Xerces (15 years); Tapestry (14 years); Roller (13 years); Cassandra and Subversion (10 years); Chemistry (9 years); BVal and OpenNLP (8 years); Clerezza and Crunch (7 years); Knox, Open Climate Workbench, and Spark (6 years); DataFu (2 years); and Unomi (1 year). https://projects.apache.org/committees.html?date

 - Did you know that, over past year, the ASF processed 759 Individual Contributor License Agreements, 34 Corporate Contributor License Agreements, and 40 Software Grants? https://s.apache.org/Apache2019Digits

 - Did you know that Apache Airflow is having its first MeetUp in Bangalore? http://airflow.apache.org/

Apache Community Notices:

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Wednesday February 05, 2020

Apache Month in Review: January 2020

We're pleased to introduce a new monthly overview of events that have taken place within the Apache community. Below is the wrap-up of our activities in January:

New this month --

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - Apache Software Foundation 2019 Security Report https://s.apache.org/tbyxg

 - Launch of 2020 ASF Community Survey https://s.apache.org/pzol5

 - Update on "Trillions and Trillions Served", the documentary on the ASF https://s.apache.org/ASF-Trillions


Important Dates --

 - Registration open: Apache Roadshow/DC 25 March --tracks include Apache Projects and CARE Initiatives, Cybersecurity, and Start‑Ups. https://www.apachecon.com/usroadshowdc20/

 - Now open: CFP for ApacheCon North America --tracks include Big Data, Cloud, Community, Content Delivery, FinTech, Geospatial, Graphing, IoT, Observability, Search, Servers, and more. https://www.apachecon.com/

 - Next Board Meeting: 19 February 2020. http://apache.org/foundation/board/calendar.html


Infrastructure --

The ASF's distributed, seven-member Infrastructure team oversees our highly-reliable, distributed network under the leadership of VP Infrastructure David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure supports 300+ Apache projects and their communities across ~200 individual machines, 1,400+ repositories, more than half a petabyte of software source releases, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly checks to ensure services are available around the clock. The average uptime in January was 99.94%.


Committer Activity --

In January, 898 Apache Committers changed 4,835,906 lines of code over 14,064 commits. The Committers with the top 5 highest contributions, in order, were: Dan Haywood, Andrea Cosentino, Jean-Baptiste Onofré, Claus Ibsen, and Andi Huber.

Project Releases and Updates --

New releases from Apache Beam (Big Data), Commons Codec (Libraries), Commons VFS (Libraries), Crail (incubating; Libraries), Daffodil (incubating; Libraries), Drill (Big Data), Druid (Big Data), Geode (Big Data), Groovy (Programming Languages), HttpComponents (4 releases; Servers), IoTDB (incubating; IoT); Jackrabbit (5 releases; Content), Juneau (Libraries), Libcloud (2 releases; Cloud Computing), Lucene/Solr (2 releases; Search), NiFi (Big Data), OpenNLP (Machine Learning), OpenWebBeans (Libraries), Parquet (Big Data), Pulsar (Messaging), Qpid (Messaging), SpamAssassin (Mail), and Wicket (2 releases; Web Frameworks).

The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. YuniKorn (Resource Scheduler) is the latest podling undergoing development in the Apache Incubator http://incubator.apache.org/

The Apache Attic provides process and solutions to make it clear when an Apache project has reached its end of life. Apache ODE (Orchestration) has retired to the Attic https://attic.apache.org/

# # #

Monday February 03, 2020

Success at Apache: Literally

by Chris Thistlethwaite

I became part of the Apache community as a member of the ASF Infrastructure team in 2016, and was elected an ASF Member in 2019.

Browsing through the other "Success at Apache" posts made me reflect on the word "success". Years ago, I was asked in a job interview, "How do you define success?". After a pause, I asked back, "In what?", which threw the interviewer off a bit. That's just too broad of a question for me to define one answer: success in a career, success as a human, success as a team member, success at a software release, the list goes on and on. 

Every day there's a giant list of possible successes and failures, and that’s even before you get to work ...so keep that in mind as you continue reading.

In August of 2016 I came across a blog post that would change my life forever. 

At the time, I was looking for a new job that was taking longer than I expected. Taking a long shot, I sent off a very sparse email replying to the post. Two days later David Nalley (VP Infrastructure) replied, introducing me to Daniel Gruno who'd be doing the first round of interviewing. Fast forward a few months, and, spoiler alert: I got the job.

My first day "in the office" was in Seville, Spain, on November 14th during ApacheCon EU. Let me jump back a bit: most of the "Success at Apache" posts talk about the extensive background the authors have, both in the Open Source community and the ASF. While I use httpd, LAMP, etc. all the time, I never really found out how the "sausage was made". Apache has well-made products and the philosophy of how they were built intrigued me. My career until that point has mostly been inside Microsoft shops, usually with me suggesting FOSS solutions in meetings and only getting to use them in small-ish batches. A few MySQL boxes here, a few other Linux machines there, but not "full stack" kinda stuff: I ran it where I could but I was very happy with Microsoft products. "Best tool for the job", right? 

Anyway, back to Spain. I don't travel as much as I should, my Spanish is terrible (or enough to get me into a bar fight), and I'm traveling to a country I've never been to.

Friday November 11th was the last day at my previous job. Saturday afternoon, I left my wife and kid to jump on a plane for Seville, Sunday-ish I landed, and on Monday I started work in another country, at a job that was 98% Linux-based (Windows Jenkins build nodes), with people whom I’ve never seen before because no one used video chat during the interviews --at a conference held by the foundation I now work for. 

You may ask yourself, "How did I get here?", as I sure did: queue "Once in a Lifetime" by the Talking Heads...

My time at the ASF has been very interesting to say the least. With such a huge range of users of Apache software, some days I'm helping a large global company trying to get a product out the door, other days I'm troubleshooting a broken commit for someone working in their basement between dinner and baths for the kids. That's what makes this place special: those contributions help the community and help the common good of the project. The unique perspective I have is from within Infra. We don't just support the ASF, we support all projects in one way or another. One project might just be getting started with automated builds in Jenkins while another has been using CI/CD for years. That's a true strength of the ASF: disparate parts come together as a whole in a way that wouldn't work otherwise. Some days my job has nothing to do with technology, it's just getting the right people together on an email to figure out how to solve a problem, leveraging the different parts.

As mentioned earlier, "success" is a moving target, and at Apache, it's no different. Though in my case, any success at my job means I'm helping the ASF become successful, which in turn helps the projects and communities it supports. Behind every commit is a person, just working towards their own success.

I'm glad that I took the chance to respond to the job opening. Every job, company, and environment have a fair share of unpredictably and diversity. At the ASF, those traits are celebrated, leveraged, leaned on, and held up by the great people I get to work with and the community that I'm proud to be a part of.


Chris Thistlethwaite has been fixing problems and herding cats since before he can remember. He likes digging through log files to find solutions to complex problems and then turning his findings into pretty charts and graphs. After working at Avenue A | Razorfish, Sharebuilder, and some small startups, he brought his unique perspective on DevOps/Systems Engineering to the ASF Infrastructure team, where he specializes in monitoring systems. In his spare time, he enjoys homelabbing and spending time with his family.

= = =

"Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works" https://blogs.apache.org/foundation/category/SuccessAtApache

Friday January 31, 2020

Apache Software Foundation Security Report: 2019

Synopsis: This report explores the state of security across all Apache Software Foundation projects for the calendar year 2019. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues.

Released: 31 January 2020

Author: Mark Cox, Vice President Security, The Apache Software Foundation

Background
The security committee of The Apache Software Foundation (ASF) oversee and co-ordinate the handling of vulnerabilities across all of the 300+ Apache projects.  Established in 2002 and comprising of all volunteers, we have a consistent process for how issues are handled, and this process includes how our projects must disclose security issues.

Anyone finding security issues in any Apache project can report them to security@apache.org where they are recorded and passed on to the relevant dedicated security teams or project management committees (PMC) to handle.  The security committee see all the issues reported across all the addresses and keep track of the issues throughout the vulnerability lifecycle.  

The security committee is responsible for ensuring that issues are dealt with properly and will actively remind projects of their outstanding issues and responsibilities.  As a board committee, we have the ability to take action including blocking their future releases or, worst case, archiving a project if such projects are unresponsive to handling their security issues.  This, along with the Apache Software License, are key parts of the ASF’s general oversight function around official releases, allowing the ASF to protect individual developers and giving users confidence to deploy and rely on ASF software.  

The oversight into all security reports, along with tools we have developed, gives us the ability to easily create statistics on the issues. 

Statistics for 2019
In 2019 our security addresses received in total over 18,000 emails. After spam filtering and thread grouping this comes to 620 non-spam threads.  Unfortunately many security reports do look like spam and so the security team are careful to review all messages to ensure real reports are not missed for long.



Diagram 1: Breakdown of ASF security email threads for calendar year 2019*

Diagram 1 gives the breakdown of those 620 threads.  138 threads (22%) were people confused by the Apache License.  As many projects use the Apache License, not just those under the ASF umbrella, users can get confused when they see the Apache License and they don't understand what it is.  This is most common for example on mobile phones where the licenses are displayed in the settings menu, usually due to the inclusion of software by Google released under the Apache License.

The next 162 of the 620 (26%) are email threads that are not spam but are also not reports of new vulnerabilities.  These are generally people asking support-type questions or how old vulnerabilities were dealt with.

That left 320 reports of new vulnerabilities in 2019, which spanned across 84 of the top level projects.  These 320 reports are a mix of both external reporters and internal; for example where a project has found an issue themselves and followed the ASF process to assign it a CVE name and address it.  Note that we don’t track the reporter affiliation, and ASF reporters often use non-ASF email addresses for reporting, so we can’t give a break down of internal vs external reports .

The next step is that the appropriate project triages the report to see if it's really an issue or not.  At this stage invalid reports, or things that are not actually vulnerabilities at all, get rejected back to the reporter.  Of the remaining issues that are accepted they are are assigned appropriate CVE names and eventually fixes are released.

As of January 1st 2020, 19 of those 320 reports were still under triage (i.e. the project had not yet determined if the report is accepted or rejected).  The process of triage and investigation varies in time depending on the project, availability of resources, and number of issues to be assessed.  As a general guideline we try to ensure projects have triaged issues within 90 days of the report.  The timeline for the fixing of issues depends on the schedules of the projects themselves and issues of lower severity are most often held to future pre-planned releases.  

The remaining closed 301 reports led to us assigning 122 CVE names.  Some vulnerability reports may include multiple issues, some reports are across multiple projects, and some reports are duplicates where the same issue is found by different reporters, so there isn't an exact one-to-one mapping of accepted reports to CVE names.  The Apache Security committee handle CVE name allocation and are a Mitre Candidate Naming Authority (CNA), so all requests for CVE names in any ASF project are routed through us, even if the reporter is unaware and contacts Mitre directly or goes public with an issue before contacting us. 

Noteworthy events
During 2019 there were a few events worth discussion; either because they were severe and high risk, they had readily available exploits, or otherwise due to media attention.   These included:

  • January 2019: Securonix published a report outlining an increase of attacks of Apache Hadoop instances that have not been configured with authentication.  Public exploits and a Metasploit module exist to perform remote code execution on unprotected Hadoop YARN systems.

  • April 2019: A flaw in Apache HTTP Server 2.4 (CVE-2019-0211).  A user who has access to write scripts on a web server could elevate those privileges to root.  A public exploit is available for this issue.

  • April 2019: A flaw in older versions of Apache Axis that parsed a file retrieved insecurely from an expired domain, allowing remote code execution (CVE-2019-0227).

  • June 2019: Jonathan Leitschuh contacted us after finding a number of Java build dependencies were being downloaded over insecure paths (i.e. HTTP rather than HTTPS).  We did not classify these as security vulnerabilities in themselves as exploiting them would require MITM attacks at build time.  We worked with ASF projects including those identified by the reporter to ensure that we use secure URLs.  Now, in 2020, a number of repositories are requiring secure URLs.

  • August 2019: The Black Duck Synopsys team reviewed older Struts releases and advisories and found some discrepancies in the reported affected versions.   The Struts team worked through their findings and issued corrections where needed.  This can be important if users are running older versions that they don't think are affected by an issue based on the advisories, but they actually are.  However, those same users are likely vulnerable to the other issues that have since been fixed and so we'd always recommend users upgrade to the latest version of Struts to ensure they have a version that contains fixes for all the published security issues.

  • August 2019: Netflix found a number of denial of service vulnerabilities affecting various HTTP/2 implementations. ASF projects containing HTTP/2 implementations were investigated and analysed the issues reported. Both Apache HTTP Server and Apache TrafficServer released updates to address denial of service issues that affected them.  Apache Tomcat also made performance improvements to HTTP/2 handling but the issues were not classed as denial of service.

  • September 2019: A RiskSense report highlighted vulnerabilities known to be used by Ransomware which included four in ASF projects.  The four vulnerabilities were all fixed in earlier years and all had updates and mitigations available before any ransomware took advantage of them.  Users should always ensure they pay attention to security updates in any ASF projects they use and prioritise updating for any remote or critical vulnerabilities. The four vulnerabilities were:

     -- CVE-2016-3088 in Apache ActiveMQ.  Targeted by XBash, this issue was trivial to exploit.  It was fixed in Active MQ 5.14.0 and mitigation was also available.

     -- CVE-2017-12615 in Apache Tomcat.  It is surprising to see this issue on the list as it affects a non-default and quite unlikely flaw.  However, it's an issue that is probed by Lucky (a variant of "Satan"), so if there is a server configured in this way it will get exposed. This issue only affected Windows platforms on non-default config, it was fixed in Tomcat 7.0.81, and mitigation is also available.  Note that Lucky will also do brute force attacks targeting weak passwords on  accessible Tomcat Web Admin consoles.

     -- CVE-2017-5638 in Apache Struts.  This issue is known to be exploited in the wild, however the first exploitation was discovered after the advisory and fix was published.  Used by Lucky (a variant of Satan).  It was fixed in Struts 2.3.32 and 2.5.10.1, and a mitigation is also available.

     -- CVE-2018-11776 in Apache Struts.  This issue is also used by Lucky.  It was fixed in Struts 2.3.35, 2.5.17, a possible mitigation is available but upgrading is advised.

  • Dec 2019: A flaw in Apache Olingo allowing XML External Entity (XXE) attacks (CVE-2019-17554).  This issue could be used, for example, to retrieve arbitrary files from a server.  A public exploit example exists for this issue.

  • A number of flaws in Apache Solr through the year that could allow remote code execution.  Public exploits exist for some of the issues as well as a Metasploit module.

  • The European Commission EU-FOSSA 2 project sponsored bug bounty programs for users finding security issues in both Apache Kafka and Apache Tomcat.  No issues were fixed in Apache Kafka.  Two issues were fixed in Apache Tomcat: CVE-2019-0232 (Important severity, affecting Windows platforms, public exploits including a Metasploit module are available) and CVE-2019-0221 (Low severity).   As well as running the bug bounties, EU-FOSSA 2 also sponsored a successful hackathon in June 2019.
Conclusion

Apache Software Foundation projects are highly diverse and independent.  They have different languages, communities, management, and security models.  However one of the things every project has in common is a consistent process for how reported security issues are handled.

The ASF Security Committee work closely with the project teams, communities, and reporters to ensure that issues get handled quickly and correctly.  This responsible oversight is a principle of The Apache Way and helps ensure Apache software is stable and can be trusted.

This report gave metrics for calendar year 2019 showing from the 18,000 emails received we triaged over 300 vulnerability reports leading to fixing just over 100 (CVE) issues.  If you have vulnerability information you would like to share with or comments on this report please contact us.

# # #

graphic created by http://sankeymatic.com/build/ using code :

Threads [138] License Confusion

Threads [162] Support Questions

Threads [320] Vulnerability Reports

Vulnerability Reports [19] Under Triage

Vulnerability Reports [301] Closed

Closed [122] CVE

1000x600

colour B source

The Apache News Round-up: week ending 31 January 2020

Farewell, January --we're wrapping up the month with another great week. Here are the latest updates on the Apache community's activities:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 February 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFPs OPEN: Apache Roadshow/DC and ApacheCon North America https://www.apachecon.com/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 746 Apache contributors changed 1,854,769 lines of code over 3,280 commits. Top 5 contributors, in order, are: Dan Haywood, Andrea Cosentino, Claus Ibsen, Jean-Baptiste Onofré and Jarek Potiuk.     

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Druid 0.17.0 released http://druid.apache.org/
 - Apache Beam 2.18.0 released http://beam.apache.org/
 - Apache NiFi 1.11.0 released http://nifi.apache.org/

Cloud Computing --
 - Apache Libcloud 3.0.0-rc1 released https://libcloud.apache.org/

Content --
 - Apache Jackrabbit Oak 1.10.8 and 1.24.0 released http://jackrabbit.apache.org/

Libraries --
 - Apache OpenWebBeans-2.0.14 released http://openwebbeans.apache.org/

Mail --
 - Apache SpamAssassin 3.4.4 released http://spamassassin.apache.org/

Servers --
 - Apache HttpComponents Client 5.0 beta7 (GA candidate) released https://hc.apache.org/

Did You Know?

 - Did you know that Apache Flink supports schema migration on its state so that application changes can be made without having to start from square one? https://flink.apache.org/

 - Did you know that tracks for ApacheCon North America include Big Data integration/Gobblin (incubating), Apache Camel/Integration, Cassandra, CloudStack, Community, Content Delivery, Fineract, Flagon (incubating), Geospatial, Graph, Groovy, HTTP Server/Web, Ignite, Internet of Things, Karaf, Observability, Solr/Lucene/Search, and Tomcat? https://s.apache.org/cfp2020

 - Did you know that Amazon, DataStax, IBM, Microsoft, Neo4j, and many others use Apache Tinkerpop? http://tinkerpop.apache.org/providers.html

Apache Community Notices:

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday January 24, 2020

The Apache News Round-up: week ending 24 January 2020

Happy Friday! We're wrapping up another great week with the following activities:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 February 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998
 - CFPs OPEN: Apache Roadshow/DC and ApacheCon North America https://www.apachecon.com/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.96%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 860 Apache contributors changed 3,062,286 lines of code over 3,401 commits. Top 5 contributors, in order, are: Dan Haywood, Andi Huber, Jarek Potiuk, Andrea Cosentino, and Kaxil Naik.

Apache Incubator – the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation.
 - Welcome APISIX, NuttX, StreamPipes, and TubeMQ as new podlings undergoing development http://incubator.apache.org/

Apache Project Announcements – the latest updates by category.

Content --
 - Apache Jackrabbit Oak 1.4.25 and 1.8.19 released http://jackrabbit.apache.org/

Libraries --
 - Apache Juneau 8.1.3 released http://juneau.apache.org/

Messaging --
 - Apache Pulsar 2.5.0 released http://pulsar.apache.org/

Servers --
 - Apache HttpComponents Client 4.5.11 GA released https://hc.apache.org/

Did You Know?

 - Did you know that ASF Conferences has 6 events planned this year: Apache Roadshows in Washington DC, Chicago, and Seattle, plus Europe and China, as well as ApacheCon in New Orleans? https://www.apachecon.com/

 - Did you know that in 2019 the Top 5 Apache Project repositories by commits, in order, were: Camel, HBase, Flink, Beam, and Hadoop? https://s.apache.org/Apache2019Digits

 - Did you know that the German virtual coaching app Dranbleiben is powered by Apache Wicket? https://wicket.apache.org/

Apache Community Notices:

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday January 17, 2020

The Apache News Round-up: week ending 17 January 2020

Greetings everyone --it's time to review the Apache community's activities from the past week:

Watch the first teaser for "Trillions and Trillions Served", the documentary on The Apache Software Foundation, which resumed filming during ApacheCon 2019 https://s.apache.org/ASF-Trillions

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 February 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998
 - CFP OPEN: Apache Roadshow/DC https://www.apachecon.com/usroadshowdc20/index.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.83%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 903 Apache contributors changed 2,766,467 lines of code over 3,961 commits. Top 5 contributors, in order, are: Dan Haywood, Andrea Cosentino, Mark Thomas, Andi Huber, and Daniel Sun.   

Apache Project Announcements – the latest updates by category.

Attic --
 - Apache ODE retired https://attic.apache.org/

Big Data --
 - Apache Parquet Format 2.8.0 released https://parquet.apache.org/

Content --
 - Apache Jackrabbit Jackrabbit Oak 1.22.0 released http://jackrabbit.apache.org/

IoT --
 - Apache IoTDB (Incubating) 0.9.1 released http://iotdb.apache.org/

Libraries --
 - Apache Daffodil (Incubating) 2.5.0 https://daffodil.apache.org/
 - Apache Crail (Incubating) 1.2 released https://crail.apache.org/

Messaging --
 - Apache Qpid Broker-J 7.1.7 released https://qpid.apache.org/

Programming Languages --
 - Apache Groovy 3.0.0-rc-3 released https://groovy.apache.org/

Search --
 - Apache Lucene 8.4.1 released http://lucene.apache.org/

Servers --
 - Apache HttpComponents Core 4.4.13 released https://hc.apache.org/

Web Framework --
 - Apache Wicket 9.0.0-M4 released https://wicket.apache.org/

Did You Know?

 - Did you know that new podlings undergoing development in the Apache Incubator include projects in microservices, embedded operating systems, IoT data streams, messaging queues, transactional frameworks, and batch implementations? http://incubator.apache.org/

 - Did you know that, in 2019, more than 75% of contributors were new to Apache? https://s.apache.org/Apache2019Digits

 - Did you know that 2019's Top 5 Apache Project repositories by size (Lines of Code) were: NetBeans (8,354,466); OpenOffice (7,828,646); Flex (whiteboard: 5,233,277); Mynewt (core: 4,108.323); Flex (SDK: 3,933,522)? https://s.apache.org/Apache2019Digits

Apache Community Notices:

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday January 10, 2020

The Apache News Round-up: week ending 10 January 2020

Happy Friday, everyone --let's review what the Apache community has been up to over the past week:

Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 January 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998
 - CFP OPEN: Apache Roadshow/DC https://www.apachecon.com/usroadshowdc20/index.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.98%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 886 Apache contributors changed 1,134,112 lines of code over 3,651 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Michał Narajowski, Dan Haywood, Andrea Cosentino, and Andi Huber.           

Apache Project Announcements – the latest updates by category.

Content --
 - Apache Jackrabbit 2.20.0 released https://jackrabbit.apache.org/

Libraries --
 - Apache Commons Codec 1.14 released https://commons.apache.org/proper/commons-codec/

Machine Learning --
 - Apache OpenNLP 1.9.2 released https://opennlp.apache.org/

Servers --
 - Apache HttpComponents Core 5.0 beta11 (GA candidate) released https://hc.apache.org

Web Frameworks --
 - Apache Wicket 7.16.0 and 8.7.0 released https://wicket.apache.org/


Did You Know?

 - Did you know that 200M+ lines of Apache code are stewarded by the ASF's all-volunteer community, comprising 765 individual Members, 206 Apache Project Management Committees (PMCs), and more than 7,200 Committers? https://s.apache.org/Apache2019Digits

 - Did you know that the following Apache projects are celebrating anniversaries this month? Apache Cocoon, James, and Web Services (17 years); Lucene (15 years); ActiveMQ (13 years); Hadoop (12 years); River (9 years); Empire-db and Gora (7 years); OpenMeetings (7 years); Samza (5 years); Arrow (4 years); Ranger (3 years). Many happy returns! https://projects.apache.org/committees.html?date

 - Did you know that new entries in the Apache Incubator include projects in IIoT data analytics; real-time embedded operating systems; and distributed messaging queues? http://incubator.apache.org/


Apache Community Notices:

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday January 03, 2020

The Apache News Round-up: week ending 3 January 2020

Welcome, 2020! We hope that you have had a festive holiday season and are excited to kick off the new year. Here's what happened over the past week:

Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 January 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

Apache Diversity & Inclusion – newly-formed committee supports initiatives that promote diversity, equity, and inclusion across the greater Apache community.
 - FINAL CALL: respond to the 2020 ASF Community Survey before 4 January https://s.apache.org/pzol5

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998
 - CFP OPEN: Apache Roadshow/DC https://www.apachecon.com/usroadshowdc20/index.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.94%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 506 Apache contributors changed 647,823 lines of code over 2,002 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Gary Gregory, Dan Haywood, Carlos Rovira, and Andrew Wetmore.    

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Geode 1.11.0 released https://geode.apache.org/
 - Apache Drill 1.17.0 released https://drill.apache.org/

Cloud Computing --
 - Apache Libcloud 2.8.0 released https://libcloud.apache.org/

Libraries --
 - Apache Commons VFS 2.5.0 released http://commons.apache.org/proper/commons-vfs/

Search --
 - Apache Lucene 8.4.0 and Solr 8.4.0 released http://lucene.apache.org/


Did You Know?

 - Did you know that the European Commission created its new API Gateway infrastructure using Apache Camel? https://camel.apache.org/

 - Did you know that NBC Universal uses Apache Tinkerpop's Gremlin to write complicated traversals? http://tinkerpop.apache.org/

 - Did you know that blogs.apache.org is powered by Apache Roller? Version 6 just released! http://roller.apache.org/


Apache Community Notices:

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Wednesday January 01, 2020

Apache in 2019 - By The Digits

What an accomplished year for The Apache Software Foundation: 2019 heralded 20 years of Open Source leadership "The Apache Way". Our rallying cry of "Community Over Code" informs everything we do, with billions worldwide benefiting from more than $20B worth of community-led software, provided 100% free-of-charge. Highlights include:

Apache Projects —https://projects.apache.org/

  • Total number of projects + sub-projects - 339
  • Top-Level Projects - 206
  • Podlings in the Apache Incubator - 46
  • ASF Committees (non-Projects) - 11
  • Other groups, including operations/support - 60


Community/People —http://home.apache.org/

  • Apache Committers - 7,203 (7,038 active)
  • ASF Members (individuals) - 765
  • New Members elected - 40


Apache Projects/Code —https://projects.apache.org/statistics.html

3,081 Apache Committers changed 59,309,787 lines of code over 171,689 commits, with an all-time high of 12,250 individuals contributing to Apache projects this year.


Profile of Apache Committers in 2019



More than 75% of contributors in 2019 were new to Apache


Top 5 Committers
  1. Andrea Cosentino (3,841 commits; 588,217 lines changed)
  2. Tilman Hausherr (2,791 commits; 64,805 lines changed)
  3. Claus Ibsen (2,562 commits; 628,919 lines changed)
  4. Jean-Baptiste Onofré (2,498 commits; 81,563 lines changed)
  5. Mark Thomas (2,452 commits; 331,234 lines changed)

Top 5 Apache Project Repositories by Commits
  1. Camel
  2. HBase
  3. Flink
  4. Beam
  5. Hadoop

Top 5 Apache Project Repositories by Size (Lines of Code)
  1. NetBeans (8,354,466)
  2. OpenOffice (7,828,646)
  3. Flex (whiteboard: 5,233,277)
  4. Mynewt (core: 4,108.323)
  5. Flex (SDK: 3,933,522)

Mailing Lists —https://lists.apache.org/
  • Total number of mailing lists 1,399
  • 19,385 authors sent 2,116,421 emails on 1,034,478 topics

Top 5 most active Apache user@ mailing lists
  1. Flink
  2. Lucene-Solr
  3. Ignite
  4. Kafka
  5. Tomcat

Top 5 most active Apache dev@ mailing lists
  1. Beam
  2. Flink
  3. Tomcat
  4. Royale
  5. NetBeans

Contributor License Agreements and Software Grants —https://www.apache.org/licenses/

We welcomed an average of 187 new code contributors and 1,670 new people filing issues each month during 2019. Individuals who are granted write access to the Apache repositories must submit an Individual Contributor License Agreement (ICLA). Corporations that have assigned employees to work on Apache projects as part of an employment agreement may sign a Corporate CLA (CCLA) for contributing intellectual property via the corporation. Individuals or corporations donating a body of existing software or documentation to one of the Apache projects need to execute a formal Software Grant Agreement (SGA) with the ASF. 
  • ICLAs - 759
  • CCLAs - 34
  • Grants - 40

Sponsorship and Individual Support —http://apache.org/foundation/contributing.html

The generous support of hundreds of individual donors and Sponsors helps offset the ASF's day-to-day operating expenses that include Infrastructure, Accounting, Legal, Fundraising, Marketing & Publicity, and other services.

ASF Sponsors provide financial backing for the ASF's operations.

  • Platinum: Amazon Web Services, Cloudera, Comcast, Facebook, Google, Leaseweb, Microsoft, Pineapple Fund, Tencent, and Verizon Media.
  • Gold: Anonymous, ARM, Bloomberg, Handshake, Huawei, IBM, Indeed, Union Investment, and Workday.
  • Silver: Aetna, Alibaba Cloud Computing, Baidu, Budget Direct, Capital One, CarGurus, Cerner, Inspur, ODPi, Private Internet Access, Red Hat, and Target.
  • Bronze: Airport Rentals, Bestecasinobonussen.nl, The Blog Starter, Bookmakers, Cash Store, Casino2k, Cloudsoft, The Economic Secretariat, Emerio, Footprints Recruiting, Gundry MD, HostChecka.com, HostingAdvice.com, Journal Review, LeoVegas Indian Online Casino, Host Advice, Mutuo Kredit AG, Online Holland Casino, ProPrivacy, PureVPN, RX-M, SCAMS.info, Site Builder Report, Start a Blog by Ryan Robinson, Talend, The Best VPN, Top10VPN, Twitter, and Web Hosting Secret Revealed.

ASF Targeted Sponsors provide the Foundation with non-financial contributions for specific activities or programs.

  • Targeted Platinum: CloudBees, DLA Piper, JetBrains, Microsoft, OSU Open Source Labs, Sonatype, and Verizon Media.
  • Targeted Gold: Atlassian, The CrytpoFund, Datadog, PhoenixNAP, and Quenda.
  • Targeted Silver: Amazon Web Services, HotWax Systems, and Rackspace.
  • Targeted Bronze: Bintray, Education Networks of America, Google, Hopsie, No-IP, PagerDuty, Peregrine Computer Consultants Corporation, Sonic.net, SURFnet, and Virtru.


Collectively, our Members, Committers, contributors, users, supporters, and sponsors further our mission of providing Open Source software for the public good. Learn more about The Apache Software Foundation's activities in the FY2019 Annual Report https://s.apache.org/FY2019AnnualReport

Help keep Apache software accessible to everyone: to sponsor or make a contribution* to the ASF, please visit http://apache.org/foundation/contributing.html

Here's to a brilliant 2020!

* The ASF is a US 501(c)(3) not-for-profit charitable organization, whose tax identification number is 47-0825376. The ASF is recognized by Charity Navigator and cited with the Gold Seal of Transparency by GuideStar.

# # #

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation