The Apache Software Foundation Blog

Tuesday May 04, 2021

Media Alert: Apache OpenOffice Recommends upgrade to v4.1.10 to mitigate legacy vulnerability

Wilmington, DE —4 May 2021— 


Who:
Apache OpenOffice, an Open Source office-document productivity suite comprising six productivity applications: Writer, Calc, Impress, Draw, Math, and Base. The OpenOffice suite is based around the OpenDocument Format (ODF), supports 41 languages, and ships for Windows, macOS, Linux 64-bit, and Linux 32-bit. Apache OpenOffice delivers up to 2.4 Million downloads each month.

What: A recently reported vulnerability states that all versions of OpenOffice through 4.1.9 can open non-http(s) hyperlinks, and could lead to untrusted code execution. 

The Apache OpenOffice Project has filed a Common Vulnerabilities and Exposures report with MITRE Corporation’s national vulnerability reporting system:

> CVE-2021-30245: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks
>
> Severity: moderate
>
>Credit: Fabian Bräunlein and Lukas Euler of Positive Security https://positive.security/blog/url-open-rce#open-libreoffice


The complete CVE report is available at https://www.openoffice.org/security/cves/CVE-2021-30245.html

How: Applications of the OpenOffice suite handle non-http(s) hyperlinks in an insecure way, allowing for 1-click code execution on Windows and Xubuntu systems via malicious executable files hosted on Internet-accessible file shares.

Why: The mitigation in Apache OpenOffice 4.1.10 assures that a security warning is displayed to give users the option of continuing to open the hyperlink. Best practice dictates to be careful when opening documents from unknown and unverified sources. 

When: The vulnerability predates OpenOffice entering the Apache Incubator. During the analysis of this issue, it was discovered that an incorrect bug fix was made by the StarOffice/OpenOffice.org developers preparing OpenOffice 2.0 in 2005, whilst under the auspices of Sun Microsystems. 


Where: Download Apache OpenOffice v4.1.10 at https://www.openoffice.org/download/

Apache OpenOffice Highlights

24 October 2020 — 300 million downloads of Apache OpenOffice
14 October 2020 — 20 year anniversary of OpenOffice
18 October 2016 — 200 million downloads of Apache OpenOffice
17 April 2014 — 100 million downloads of Apache OpenOffice
17 October 2012 — OpenOffice graduated as an Apache Top Level Project (TLP)
13 June 2011 — OpenOffice.org entered the Apache Incubator

[downloads are binary installation files]

For more information, visit https://openoffice.apache.org/ and https://twitter.com/ApacheOO

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 850+ individual Members and 200 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with more than 8,100 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cloudera, Comcast, Confluent, Didi Chuxing, Facebook, Google, Handshake, Huawei, IBM, Microsoft, Namebase, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "OpenOffice", "Apache OpenOffice", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Sunday April 11, 2021

The Apache Software Foundation Welcomes 40 New Members

The Apache Software Foundation (ASF) welcomes the following new Members who were elected during the annual ASF Members' Meeting on 9 and 11 March 2021:

Maxime Beauchemin, Bolke de Bruin, Wei-Chiu Chuang, Jiangjie (Becket), Pablo Estrada, Dave Grove, Madhawa Kasun Gunasekara, Nathan Hartman, Tilman Hausherr, Georg Henzler, Xiangdong Huang, Nikita Ivanov, Yu Li, Geoff Macartney, Denis A. Magda, Carl Marcum, Matteo Merli, Aaron Morton, Aizhamal Nurmamat kyzy, Enrico Olivelli, Jaikiran Pai, Juan Pan, Pranay Pandey, Arun Patidar, Jarek Potiuk, Rodric Rabbah, Katia Rojas, Maruan Sahyoun, Aditya Sharma, Atri Sharma, Ankit Singhal, Michael Adam Sokolov, Simon Steiner, Benoit Tellier, Josh Thompson, Abhishek Tiwari, Sven Vogel, William Guo Wei, Ming Wen, Andrew Wetmore, and Liang Zhang.

The ASF incorporated in 1999 with a core membership of 21 individuals who oversaw the progress of the Apache HTTP Server. This group grew with Committers —developers who contributed code, patches, documentation, and other contributions, and were subsequently granted access by the Membership:

  •  to "commit" or "write" directly to Apache code repositories as well as make non-code contributions;
  •  the right to vote on community-related decisions; and
  •  the ability to propose an active contributor for Committership.

Those Committers who demonstrate merit in the Foundation's growth, evolution, and progress are nominated for ASF Membership by existing Members.

This election brings the total number of ASF Members to 853 today. Individuals elected as ASF Members legally serve as the "shareholders" of the Foundation https://www.apache.org/foundation/governance/members.html

For more information on how the ASF works, visit http://www.apache.org/foundation/how-it-works.html 

Apache Is Open https://blogs.apache.org/foundation/entry/apache-is-open and 

Briefing: The Apache Way http://apache.org/theapacheway/

# # #

Thursday March 11, 2021

Announcing New ASF Board of Directors

At The Apache Software Foundation (ASF) Annual Members' Meeting held this week, the following individuals were elected to the ASF Board of Directors:

  • Bertrand Delacretaz (current Director)
  • Roy Fielding (current Director)
  • Sharan Foga (new Director)
  • Justin Mclean (current Director)
  • Craig Russell (current Director)
  • Sam Ruby (current Director)
  • Roman Shaposhnik (former Director)
  • Sander Striker (current Director)
  • Sheng Wu (new Director)


The ASF thanks Shane Curcuru, Patricia Shanahan, and Niclas Hedhman (who resigned from the Board prior to the Members’ Meeting) for their service, and welcomes our new and returning directors.

An overview of the ASF's governance, along with the complete list of ASF Board of Directors, Executive Officers, and Project/Committee Vice Presidents, can be found at http://apache.org/foundation/

For more information on the Foundation's operations and structure, see http://apache.org/foundation/how-it-works.html#structure

# # #

Tuesday February 23, 2021

The Apache® Software Foundation Sustains its Mission of Providing Software for the Public Good through Corporate Sponsorships and Charitable Giving

World's largest Open Source foundation provides more than $22B worth of community-led software at 100% no charge to users worldwide.

Wilmington, DE —23 February 2021— The Apache® Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today that Corporate Sponsorship and Charitable Giving has enabled the Foundation to sustain its mission of providing software for the public good.

The ASF is the world's largest Open Source foundation. Apache software projects are integral to nearly every end-user computing device, benefit billions of users worldwide, with Web requests received from every Internet-connected country on the planet. Valued conservatively at more than $22B, Apache Open Source software is available to the public-at-large at 100% no cost. No payment of any kind is ever required to use, contribute to, or otherwise participate in Apache projects. The ASF depends on tax-deductible Sponsorships and donations to offset its operations expenses that include infrastructure, marketing and publicity, accounting, and legal services.

"We are proud of our Sponsors, whose generous support helps our volunteer community continue to develop essential software that keeps the world running," said Daniel Ruggeri, ASF Vice President of Fundraising. "ASF Sponsorship allows us to make great strides towards developing and improving our projects, enriching our communities, educating and mentoring newcomers, and encouraging and facilitating participation by under-represented groups. Fiscal support today secures the groundwork to ensure future Apache benefits can be shared by all."

ASF Sponsors include:

Platinum —Amazon Web Services, Facebook, Google, Huawei, Microsoft, Namebase, Pineapple Fund, Tencent, and Verizon Media.

Gold —Anonymous, Baidu, Bloomberg, Cloudera, Confluent, IBM, Indeed, Reprise Software, Union Investment, and Workday.

Silver —Aetna, Alibaba Cloud Computing, Capital One, Comcast, Didi Chuxing, Red Hat, and Target.

Bronze —Bestecasinobonussen.nl, Bookmakers, Casino2k, Cerner, Curity, Gundry MD, GridGain, Host Advice, HotWax Systems, LeoVegas Indian Online Casino, Miro-Kredit AG, Mutuo Kredit AG, Online Holland Casino, ProPrivacy, PureVPN, RX-M, RenaissanceRe, SCAMS.info, SevenJackpots.com, Start a Blog by Ryan Robinson, Talend, The Best VPN, The Blog Starter, The Economic Secretariat, Top10VPN, and Twitter.

In addition to ASF Sponsors, Targeted Sponsors provide in-kind support for select Foundation operations and initiatives that benefit Apache Projects and their communities. They include:

Platinum —Amazon Web Services, CloudBees, DLA Piper, JetBrains, Leaseweb, Microsoft, OSU Open Source Labs, Sonatype, and Verizon Media.

Gold —Atlassian, Datadog, Docker, PhoenixNAP, and Quenda.

Silver —HotWax Systems, Manning Publications, and Rackspace.

Bronze —Bintray, Education Networks of America, Friend of Apache Cordova, Hopsie, Google, No-IP, PagerDuty, Peregrine Computer Consultants Corporation, Sonic.net, SURFnet, and Virtru.

"We deeply appreciate the ongoing support over the course of this unprecedentedly challenging year," said Sally Khudairi, ASF Vice President of Sponsor Relations. "Widespread awareness of the value of The Apache Software Foundation has led organizations and individuals to reach deep and help ensure our day-to-day operations continue without interruption. We are grateful and humbled by the support."

Corporate Contributions
In addition to Sponsorship, a variety of Corporate Giving programs benefit the ASF. They include:

Annual Corporate Giving —organizations such as Bloomberg, IBM, Microsoft, PayPal, Vanguard, and many others offer tax benefits and provide their employees the ability to boost their support of a diverse set of nonprofit organizations that include the ASF.

Matching Gifts and Volunteer Grants —donations to the ASF can be doubled or tripled through a corporate matching gift program. Employers such as American Express, AOL, Bloomberg, IBM, and Microsoft match contributions and volunteer hours made by their employees.

Charitable Gifts and Payroll Giving —as an official charity in Benevity https://www.benevity.com/ , the Blackbaud Giving Fund https://blackbaudgivingfund.org/ , and other philanthropic giving distributors, the ASF benefits from numerous corporate giving initiatives, such as the Microsoft Tech Talent for Good volunteer program and Charles Schwab Charitable, among others.

Individual Donations
Individuals and organizations wishing to support Apache with one-time and recurring tax-deductible donations using a credit or debit card, PayPal, ACH electronic bank transfer, or Apple/Google/Microsoft Pay on their mobile device are invited to do so at https://donate.apache.org/ . Supporting Apache through an online purchase from Amazon, using cryptocurrency, mailing in a check, and other methods are also possible.

For more information, including ways to support the ASF, visit http://apache.org/foundation/contributing.html

Learn about the ASF's commitment to providing software for the public good in "Apache Everywhere" https://s.apache.org/ApacheEverywhere

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $22B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with nearly 8,100 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cloudera, Comcast, Confluent, Didi Chuxing, Facebook, Google, Handshake, Huawei, IBM, Microsoft, Namebase, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF .


© The Apache Software Foundation. "Apache", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Tuesday February 16, 2021

The Apache Software Foundation Announces Apache® Gobblin™ as a Top-Level Project

Open Source distributed Big Data integration framework in use at Apple, CERN, Comcast, Intel, LinkedIn, Nerdwallet, PayPal, Prezi, Roku, Sandia National Labs, Swisscom, Verizon, and more.

Wilmington, DE —16 February 2021— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® Gobblin™ as a Top-Level Project (TLP).

Apache Gobblin is a distributed Big Data integration framework used in both streaming and batch data ecosystems. The project originated at LinkedIn in 2014, was open-sourced in 2015, and entered the Apache Incubator in February 2017.

"We are excited that Gobblin has completed the incubation process and is now an Apache Top-Level Project," said Abhishek Tiwari, Vice President of Apache Gobblin and software engineering manager at LinkedIn. "Since entering the Apache Incubator, we have completed four releases and grown our community the Apache Way to more than 75 contributors from around the world."

Apache Gobblin is used to integrate hundreds of terabytes and thousands of datasets per day by simplifying the ingestion, replication, organization, and lifecycle management processes across numerous execution environments, data velocities, scale, connectors, and more.

"Originally creating this project, seeing it come to life and solve mission-critical problems at many companies has been a very gratifying experience for me and the entire Gobblin team," said Shirshanka Das, Founder and CTO at Acryl Data, and member of the Apache Gobblin Project Management Committee.

As a highly scalable data management solution for structured and byte-oriented data in heterogeneous data ecosystems, Apache Gobblin makes the arduous task of creating and maintaining a modern data lake easy. It supports the three main capabilities required by every data team: 

  • Ingestion and export of data from a variety of sources and sinks into and out of the data lake while supporting simple transformations. 
  • Data Organization within the lake (e.g. compaction, partitioning, deduplication).
  • Lifecycle and Compliance Management of data within the lake (e.g. data retention, fine-grain data deletions) driven by metadata.

"Apache Gobblin supports deployment models all the way from a single-process standalone application to thousands of containers running in cloud-native environments, ensuring that your data plane can scale with your company’s growth," added Das.

Apache Gobblin is in use at Apple, CERN, Comcast, Intel, LinkedIn, Nerdwallet, PayPal, Prezi, Roku, Sandia National Laboratories, Swisscom, and Verizon, among many others.

"We chose Apache Gobblin as our primary data ingestion tool at Prezi because it proved to scale, and it is a swiss army knife of data ingestion," said Tamas Nemeth, Tech Lead and Manager at Prezi. "Today, we ingest, deduplicate, and compact more than 1200 Apache Kafka topics with its help, and this number is still growing. We are looking forward to continuing to contribute to the project and helping the community enable other companies to use Apache Gobblin."

"Apache Gobblin has been at the center stage of the data management story at LinkedIn. We leverage it for various use-cases ranging from ingestion, replication, compaction, retention, and more," said Kapil Surlaker, Vice President of Engineering at LinkedIn. "It is battle-tested and serves us well at exabyte scale. We firmly believe in the data wrangling capabilities that Gobblin has to offer, and we will continue to contribute heavily and collaborate with the Apache Gobblin community. We are happy to see that Gobblin has established itself as an industry standard and is now an Apache Top-Level Project."

"Open community and meritocracy are the key drivers for Apache Gobblin's success," added Tiwari. "We invite everyone interested in the data management space to join us and help shape the future of Gobblin."

Catch Apache Gobblin in action in the upcoming hackathon planned for late Q1 2021. Details will be posted on the Apache Gobblin mailing lists and Twitter feed listed below.

Availability and Oversight
Apache Gobblin software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Gobblin, visit https://gobblin.apache.org/ and https://twitter.com/ApacheGobblin 

About the Apache Incubator
The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. All code donations from external organizations and existing external projects enter the ASF through the Incubator to: 1) ensure all donations are in accordance with the ASF legal standards; and 2) develop new communities that adhere to our guiding principles. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. For more information, visit http://incubator.apache.org/ 

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with nearly 8,000 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cloudera, Comcast, Didi Chuxing, Facebook, Google, Handshake, Huawei, IBM, Microsoft, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF 

© The Apache Software Foundation. "Apache", "Gobblin", "Apache Gobblin", "Hadoop", "Apache Hadoop", "MapReduce", "Apache MapReduce", "Mesos", "Apache Mesos", "YARN", "Apache YARN", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Wednesday February 03, 2021

The Apache Software Foundation Announces Apache® DataSketches™ as a Top-Level Project

Open Source high-performance Big Data streaming algorithm library in use at Nielsen Identity, Permutive, Splice Machine, and Verizon Media, among others.

Wilmington, DE —3 February 2021— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® DataSketches™ as a Top-Level Project (TLP).

Apache DataSketches is a highly performant Big Data analysis library for scalable approximate algorithms. The project originated at Yahoo in 2012, was open-sourced in 2015, and entered the Apache Incubator in March 2019.

"We are excited to be part of the ASF," said Lee Rhodes, Vice President of Apache DataSketches. "We have learned a great deal from the incubation process and look forward to working with new users of our library that want to take advantage of sketching technology."

Apache DataSketches’s library of specialized streaming algorithms —known as sketches— comprise small data structures that process data at massive scale. Sketches are ideal for queries that cannot afford the time or huge compute resources needed to generate exact results. Where approximate results are acceptable, sketches are the only viable alternative for interactive queries with real-time analysis. Apache DataSketches is:

  • Fast —produces approximate results at orders of magnitude faster than traditional methods -- user configurable size vs accuracy tradeoff;
  • Efficient —sketch algorithms process data in a single pass for both real-time and batch;
  • Mergeable —allows for parallelization;
  • Optimized for large-scale computing environments that process Big Data —such as Apache Hadoop, Apache Spark, Apache Druid, Apache Hive, Apache Pig, PostgreSQL;
  • Binary compatible across multiple languages and platforms —available in Java, C++, and Python;
  • Expanded Analysis —including count distinct with set operations, quantiles, most frequent items (heavy hitters), matrix computations, and more; and
  • Mathematically defined and proven error properties —provides a priori and a posteriori error estimation and upper and lower bounds with statistically derived confidence intervals.

Apache DataSketches is used in large-scale computing environments such as Nielsen Identity, Permutive, Splice Machine, and Verizon Media, among others, as well as Apache Druid and Apache Pinot (incubating).

"The Apache DataSketches project takes powerful algorithms for data summarization and analysis, and makes them available to everyone," said Professor Graham Cormode of the University of Warwick. "While these methods are tremendously useful in practice, their descriptions were previously only in highly technical scientific papers. This project has made robust, dependable and well-documented implementations available to all. Already the library has been used for a wide range of applications, including service quality, monitoring, ad analytics and the sciences."

"Using Apache DataSketches has enabled Apache Druid users to perform common tasks such as quantiles and unique counting in a highly performant and efficient manner," said Gian Merlino, Vice President of Apache Druid. "We have worked closely together over the years to make the power of DataSketches accessible to Apache Druid users, helping us provide real-time analytics at scale."

"Sketches are fundamental to calculating many of our key company metrics," said Tom Miller, Director of Software Development Engineering at Verizon Media. "It allows us to greatly simplify our data processing and reduce storage costs by allowing us to calculate non-additive metrics across user specified dimension combinations at report time instead of having to either retain raw data or pre-calculate for each set of dimensions."

"Combining Apache Druid and DataSketches allows us to provide our customers real-time insights into their target audiences and advertising campaigns," said Yakir Buskilla, Senior Vice President of Research and Development and General Manager Israel at Nielsen Identity. "The ability to evaluate set expressions make the Theta Sketch especially powerful for multi-set cardinality estimation as well as funnel analysis."

“Apache DataSketches has provided us with a solid theoretical foundation upon which we are able to store and process data at scale - in a simple, fast and cost-efficient manner," said David Cromberge, Senior Software Engineer at Permutive. "It has been a pleasure to engage with their creators and community who have been helpful at every step of the way.”

"We use DataSketches's Theta-Sketches for distinct-count aggregations that are used to solve large multi-set cardinality approximation," said Mayank Shrivastava, Committer and member of the Apache Pinot (incubating) Podling Project Management Committee. "The ability to evaluate set expressions make the Theta Sketch especially powerful for multi-set cardinality estimation as well as funnel analysis."

"We welcome those interested in streaming algorithms to visit us, learn about this exciting technology, and contribute to Apache DataSketches to make our project even better," added Rhodes.

Availability and Oversight
Apache DataSketches software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache DataSketches, visit https://datasketches.apache.org .

About the Apache Incubator
The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. All code donations from external organizations and existing external projects enter the ASF through the Incubator to: 1) ensure all donations are in accordance with the ASF legal standards; and 2) develop new communities that adhere to our guiding principles. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. For more information, visit http://incubator.apache.org/ .

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with nearly 8,000 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cloudera, Comcast, Didi Chuxing, Facebook, Google, Handshake, Huawei, IBM, Microsoft, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF .

© The Apache Software Foundation. "Apache", "DataSketches", "Apache DataSketches", "Druid", "Apache Druid", "Hadoop", "Apache Hadoop", "Hive", "Apache Hive", "Pig", "Apache Pig", "Pinot (incubating)", "Apache Pinot (incubating)", "Spark", "Apache Spark", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Tuesday January 26, 2021

The Apache Software Foundation Announces Apache® ECharts™ as a Top-Level Project

Adaptable, interactive, responsive Open Source charting and data visualization software in use at Alibaba, Amazon, Baidu, GitLab, Intel, and Tencent, among others.


Wilmington, DE —26 January 2021— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® ECharts™ as a Top-Level Project (TLP).

Apache ECharts is an intuitive, interactive, and powerful charting and visualization library ideally suited for commercial-grade presentations. The project originated in 2013 at Baidu and entered the Apache Incubator in January 2018.

"Our decision to incubate ECharts at The Apache Software Foundation was a wise one," said Ovilia Zhang, Vice President of Apache ECharts. "Through the Apache Way, our community is healthier and more diverse, which has improved ECharts to become a more attractive, competitive choice for visualization professionals and enthusiasts."

Written in JavaScript and based on the ZRender rendering engine supporting both Canvas and SVG, Apache ECharts provides an array of dynamic, highly-customizable chart types that include line, column, scatter, pie, radar, candlestick, gauge, funnel, heatmap, and more. Features include:

  • Customized and amalgamated chart styles with more than 20 chart types

  • Multi-dimensional data analysis and coding

  • Interactive components available out-of-the-box

  • Cross-device responsiveness

  • Optimized dynamic scaling

  • Server side rendering

  • Immediate UI response on millions of streaming data through progressive rendering

  • Extensions for:

    • 3-D visualization and other rich special effects

    • Python, R, Julia, and other languages

    • Platforms that include Wechat App and Baidu Smart Program


Examples of ECharts' many data visualization options are available at https://echarts.apache.org/examples/ 

The project has recently released ECharts 5, which provides rendering ability for tens of millions of data points, and supports accessibility requirements in compliance with W3C’s Web Accessibility Initiative Accessible Rich Internet Applications Suite (WAI-ARIA) standards.


Building on EChart’s core features, ECharts 5 makes it even easier for developers to tell the story behind the data through 15 new features and improvements in story-telling and data expression, optimized visualization and responsive design, interaction and performance enhancement, developer experience, internationalization, and more.


Apache ECharts is in use at Alibaba, Amazon, Baidu, GitLab, Intel, and Tencent, among others, as well as solutions such as Apache Superset data visualization software. The project continues to grow in popularity, with more than 44,000 stars on GitHub and 25,000 weekly downloads on npm to date. 


"The world we live in today is powered by software and data," said Erica Brescia, COO of GitHub. "With Apache ECharts, developers around the world have access to a powerful, free and open source library for data visualization. It is great to see the project flourishing on GitHub. Congrats to the Apache ECharts on their graduation to a top level project at the Apache Software Foundation."


"Apache ECharts helps visualization experts and data analysts easily create a wide variety of visualizations that are very helpful for us to analyze and explore the story behind the data," said visualization academia pioneer Professor Wei Chen of Zhejiang University.


"We are glad to witness ECharts’ pleasant process in the Apache Incubator," said Ming Zu, Senior Manager at Baidu. "Our community grew with individuals from many countries and organizations, who contributed to bug fixing, issue resolving, and new feature implementation."


"When the Apache Superset community looked into visualization libraries to rebuild the core visualization plugins, ECharts stood out as the absolute best fit," said Maxime Beauchemin, original creator of both Apache Airflow and Superset, and serves as Vice President of Apache Superset. "It has an unparalleled variety of visualizations, a rich and composable visual grammar, an intuitive and well designed API, a flexible and performant rendering engine, a very lean tree of dependencies, and the important set of guarantees that the ASF provides when committing long term to using an Open Source project."


"It was a pleasure guiding the ECharts community through the Apache Incubator," said Dave Fisher, ASF Member and Apache ECharts Incubating Mentor. "They have embraced the Apache Way of community-led development, encouraging those interested in helping improve ECharts to contribute and become part of its growing community.”


"This is an exciting time for the ECharts community," added Zhang. "We are enjoying continued growth, and invite those interested in contributing to the project to join us on our developer and user lists."


See the range of options available with ECharts in "Apache ECharts in 5 minutes", a new video created by members of the Apache ECharts community (in Mandarin Chinese with English subtitles) https://youtu.be/nKKK0orjSq8 


Availability and Oversight

Apache ECharts software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache ECharts, visit http://echarts.apache.org and https://twitter.com/ApacheECharts


About the Apache Incubator

The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. All code donations from external organizations and existing external projects enter the ASF through the Incubator to: 1) ensure all donations are in accordance with the ASF legal standards; and 2) develop new communities that adhere to our guiding principles. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. For more information, visit http://incubator.apache.org/ 


About The Apache Software Foundation (ASF)

Established in 1999, The Apache Software Foundation (ASF) is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with nearly 8,000 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cloudera, Comcast, Didi Chuxing, Facebook, Google, Handshake, Huawei, IBM, Microsoft, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF 


© The Apache Software Foundation. "Apache", "ECharts", "Apache ECharts", "Airflow", "Apache Airflow", "Superset", "Apache Superset", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.


# # #

Monday January 25, 2021

Apache Software Foundation Security Report: 2020

Synopsis: This report explores the state of security across all Apache Software Foundation projects for the calendar year 2020. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues.


Released: January 2021


Author: Mark Cox, Vice President Security, Apache Software Foundation

Background

The security committee of the Apache Software Foundation (ASF) oversees and coordinates the handling of vulnerabilities across all of the 340+ Apache projects.  Established in 2002 and composed of all volunteers, we have a consistent process for how issues are handled, and this process includes how our projects must disclose security issues.


Anyone finding security issues in any Apache project can report them to security@apache.org where they are recorded and passed on to the relevant dedicated security teams or private project management committees (PMC) to handle.  The security committee monitors all the issues reported across all the addresses and keeps track of the issues throughout the vulnerability lifecycle.


The security committee is responsible for ensuring that issues are dealt with properly and will actively remind projects of their outstanding issues and responsibilities.  As a board committee, we have the ability to take action including blocking their future releases or, worst case, archiving a project if such projects are unresponsive to handling their security issues.  This, along with the Apache Software License, are key parts of the ASF’s general oversight function around official releases, allowing the ASF to protect individual developers and giving users confidence to deploy and rely on ASF software.


The oversight into all security reports, along with tools we have developed, gives us the ability to easily create metrics on the issues.  Our last report covered the metrics for 2019.

Statistics for 2020

In 2020 our security email addresses received in total 18,000 emails. After spam filtering and thread grouping this was 946 (2019: 620) non-spam threads.  Unfortunately many security reports do look like spam and so the security team are careful to review all messages to ensure real reports are not missed for too long.

Diagram 1: Breakdown of ASF security email threads for calendar year 2020


Diagram 1 gives the breakdown of those 946 threads.  257 threads (27%) were people confused by the Apache License.  As many projects use the Apache License, not just those under the ASF umbrella, people can get confused when they see the Apache License and they don't understand what it is.  This is most common for example on mobile phones where the licenses are displayed in the settings menu, usually due to the inclusion of software by Google released under the Apache License.  We no longer reply to these emails. This is nearly double the number we saw in 2019.


The next 220 of the 946 (23%) are email threads with people asking non-security (usually support-type) questions.


The next 93 of those reports were researchers reporting issues in an Apache web site.  These are almost always false negatives; where a researcher reports us having directory listings enabled, source code visible, or the lack of various domain headers.  These reports are generally the unfiltered output of some publicly available scanning tool, and often where the reporter asks us for some sort of monetary reward (bounty) for their report.


That left 376 (2019: 320) reports of new vulnerabilities in 2020, which spanned across 101 of the top level projects.  These 376 reports are a mix of both external reporters and internal; for example where a project has found an issue themselves and followed the ASF process to assign it a CVE name and address it we’d still count it here.  We don’t keep metrics that would give the breakdown of internal vs external reports.


The next step is that the appropriate project triages the report to see if it's really an issue or not.  Invalid reports and reports of things that are not actually vulnerabilities get rejected back to the reporter.  Of the remaining issues that are accepted they are assigned appropriate CVE names and eventually fixes are released.


As of January 1st 2021, 35 of those 376 reports were still under triage (i.e. the project had not yet determined if the report is accepted or rejected).  


The remaining closed 341 (2019: 301) reports led to us assigning 151 (2019: 122) CVE names.  Some vulnerability reports may include multiple issues, some reports are across multiple projects, and some reports are duplicates where the same issue is found by different reporters, so there isn't an exact one-to-one mapping of accepted reports to CVE names.  The Apache Security committee handles CVE name allocation and is a Mitre Candidate Naming Authority (CNA), so all requests for CVE names in any ASF project are routed through us, even if the reporter is unaware and contacts Mitre directly or goes public with an issue before contacting us.

Noteworthy events

During 2020 there were a few events worth discussion; either because they were severe and high risk, they had readily available exploits, or otherwise due to media attention. These included:

  • February: An issue in Tomcat CVE-2020-1938 gained press interest when it was given branding and a name (“Ghostcat”) and was disclosed by a third-party coordination centre before Tomcat released an advisory (although after the issue was fixed in new releases of Tomcat). Although serious if exploited, it only affected Tomcat installations which exposed an unprotected AJP Connector to untrusted networks (which is already not a good thing to do even without this issue). That limits the number of affected installations.  Various proof-of-concept exploits are public for this issue, including a Metasploit exploit.

  • July: Versions of Apache Guacamole 1.1.0 and earlier were vulnerable to issues in RDP, CVE-2020-9497 and CVE-2020-9498.  If a user connects to a malicious or compromised RDP server it could lead to memory disclosure and possible remote code execution. 

  • August: A vulnerability in Apache Struts (CVE-2019-0230) could lead to arbitrary code execution. In order to exploit the vulnerability, an attacker would need to inject malicious Object-Graph Navigation Language (OGNL) expressions into an attribute that is used within an OGNL expression. Although Struts has mitigations to address potential injected expressions, versions before 2.5.22 left an attack vector open which was fixed in updates for this issue.  A metasploit exploit exists for this issue.

  • November: Previously each ASF project was responsible for writing up their own CVE entries and submitting them to Mitre. This leads to many delays in the CVE database being updated with Apache issues as entries are often rejected as the legacy format causes issues. We released an internal tool providing projects dealing with security issues a way to edit, validate, and submit their entries to Mitre.  We aim to have the CVE database updated within a day of an issue being published.

  • December: The CVE project released a new automation API and the ASF became the first organisation to get a live CVE name using it. Instead of the security team holding a pool of names requested in advance we now allocate them on demand, with the service taking care of emails to the PMC and other previously manual parts of the process. We expect more automation available during 2021 allowing us to streamline the CVE process for projects even further.

Timescales

Our security teams and project management teams are all volunteers and so we do not give any formal SLA on handling of issues.  However we can break down our aims and goals for each part of the process:


Triage: Our aim is to handle incoming mails to the security@apache.org alias within three working days.  We do not measure or report on this because we assess the severity of each incoming issue and apply the limited resources we have appropriately.  The alias is staffed by a very small number of volunteers taken from the different project PMCs.  After the security team forward a report to a PMC they will reply to the reporter.  Therefore if you have reported an issue to us and not received any response after a week please send us a followup email.  Sometimes reporters send reports attaching large PDF files or even movies of exploitation that don’t make it to us, so please ensure any follow ups are a simple plain text email.


Investigation: Once a report is sent to the private list of the projects management committee, the process of triage and investigation varies in time depending on the project, availability of resources, and number of issues to be assessed.  As we send reports to this private list it does not reach every project committer, so there is a much smaller limited set of people in each project able to investigate and respond.  As a general guideline we try to ensure projects have triaged issues within 90 days of the report.  The ASF security team chase any untriaged issues over 90 days old.


Fix: Once a security issue is triaged and accepted, the timeline for the fixing of issues depends on the schedules of the projects themselves.  Issues of lower severity are most often held to future pre-planned releases.  


Announcement: Our process allows projects up to a few days between a fix release being pushed and the announcement of the vulnerability, to let mirrors catch up.  All vulnerabilities are announced via the announce@apache.org list.  We now aim to have them appear in the public Mitre list within a day of the announcement.

Conclusion

Apache Software Foundation projects are highly diverse and independent.  They have different languages, communities, management, and security models.  However one of the things every project has in common is a consistent process for how reported security issues are handled. The ASF Security Committee works closely with the project teams, communities, and reporters to ensure that issues get handled quickly and correctly.  This responsible oversight is a principle of The Apache Way and helps ensure Apache software is stable and can be trusted.


This report gave metrics for calendar year 2020 showing from the 18,000 emails received we triaged over 370 vulnerability reports relating to ASF projects, leading to fixing 151 (CVE) issues. The number of non-spam threads dealt with was up 53% from 2019 with the number of actual vulnerability reports up 13% and assigned CVE up 24%.


If you have vulnerability information you would like to share with or comments on this report please contact us.


# # #

Thursday January 21, 2021

The Apache Software Foundation Announces Apache® Superset™ as a Top-Level Project

Open Source enterprise-grade Big Data visualization and business intelligence Web application in use at Airbnb, American Express, Dropbox, Lyft, Netflix, Nielsen, Rakuten Viki, Twitter, and Udemy, among others.

Wilmington, DE —21 January 2021— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® Superset™ as a Top-Level Project (TLP).

Apache Superset is a modern, Open Source data exploration and visualization platform that  enables users to easily and quickly build and explore dashboards using its simple no-code visualization builder and state-of-the-art SQL editor. The project originated at Airbnb in 2015 and entered into the Apache Incubator program in May 2017.

"It's been amazing to be an active part of growing a welcoming, diverse and engaged community over the past five years while following the ASF principles around inclusion, openness and collaboration," said Maxime Beauchemin, Vice President of Apache Superset. "At the scale and level of diversity that the Superset project has achieved, it's critical to have a solid governance model in place like the one prescribed by the ASF."

Apache Superset v1.0
Superset helps streamline the analytics process by providing an intuitive interface to rapidly explore and visualize datasets, create interactive dashboards, and model real-time business intelligence insights at scale. The platform integrates with most SQL speaking data sources, including modern cloud-native databases, data warehouses, and engines at petabyte scale. 

The Project also celebrates a major milestone with the release of Apache Superset 1.0. Features include: 

  • Rich library of visualizations with support for integrating custom visualizations
  • Thin caching layer to optimize performance of charts and dashboards 
  • Code-free visualization builder
  • State-of-the-art SQL editor and metadata workflow
  • Extensible enterprise authentication and security model 
  • Easy-to-use, lightweight semantic layer
  • Notification alerts and scheduled reports


"Apache Superset 1.0 is a solid, mature, self-standing solution that fully solves business intelligence and data visualization needs for modern data teams," added Beauchemin. "Superset not only covers the table stakes, but also offers guarantees, features and a fresh approach that existing BI solutions can't match."

Apache Superset is in use at Airbnb, American Express, Dropbox, Lyft, Netflix, Nielsen, Rakuten Viki, Twitter, and Udemy, among others. A list of known users is available at https://github.com/apache/superset/blob/master/INTHEWILD.md .

"Apache Superset helps Airbnb democratize data insights and make data-informed decisions," said Jeff Feng, Product Lead at Airbnb and member of the Apache Superset Project Management Committee. "Superset uniquely connects SQL analysis with data exploration for thousands of our employees each week. It also serves as a flexible and reliable platform for visualizing metrics, helping executives and knowledge workers see and understand data."

"We had an amazing journey with Superset at Dropbox," said Chloe Wang, Senior Product Manager, Data Insights Platform at Dropbox. "Superset got introduced in 2019 and soon became the most widely adopted query engine within the analytical organization. As a result, our analysts are able to make timely and high confidence product decisions."

"Before Superset, we were paying for a patchwork of proprietary tools and we kept running into limitations when it came to customizing charts and dashboards," said Amit Miran, Software Team Lead for Media Application Framework group at Nielsen. "Once the Superset project supported adding of custom visualizations, that was the turning point for us at Nielsen to start adopting Superset in large projects. We’re very excited about native dashboard filters and future support for cross filtering, which will make our viz plugins even more powerful. The excitement for the project drove me to become involved in my first open source project."

"Apache Superset is an amazing project that enables engineers to easily execute data analysis," said Grace Guo, member of the Apache Superset Project Management Committee. "I have been a Superset user and a Superset builder for a few years. I run queries in SQL Lab, visualize data using one of the many supported chart types, and build dashboards, specifically focusing on performance and product adoption metrics. As an engineer, I appreciate the ability to contribute to the product. If I see some area to improve, or need a feature which doesn’t exist, I am happy to create a PR to fix it for myself and benefit other users."

"Apache Superset’s strength lies in its community," added Beauchemin. "We invite those interested in data visualization to join our mailing lists and help shape future versions of Superset."

Learn more about the latest in v1.0 at the Apache Superset community global MeetUp on 28 January. Registration is open to all and free of charge https://s.apache.org/3cm4f 


Availability and Oversight
Apache Superset software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Superset, visit https://superset.apache.org/


About the Apache Incubator
The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. All code donations from external organizations and existing external projects enter the ASF through the Incubator to: 1) ensure all donations are in accordance with the ASF legal standards; and 2) develop new communities that adhere to our guiding principles. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. For more information, visit http://incubator.apache.org/

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with nearly 8,000 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cloudera, Comcast, Didi Chuxing, Facebook, Google, Handshake, Huawei, IBM, Microsoft, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF


© The Apache Software Foundation. "Apache", "Superset", "Apache Superset", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Tuesday January 19, 2021

The Apache CloudStack Project Releases Apache® CloudStack® v4.15

Mature Open Source Enterprise Cloud platform powers billions of dollars in transactions for the world's largest Cloud providers, Fortune 5 multinationals, educational institutions, and more.

Wilmington, DE —19 January 2021— The Apache CloudStack Project announced today v4.15 of Apache® CloudStack®, the mature, turnkey Open Source enterprise Cloud orchestration platform.

Apache CloudStack is the proven, highly scalable IaaS platform of choice to rapidly and easily create private, public, and hybrid Cloud environments: it "just works".

Apache CloudStack powers mission-critical clouds for the world’s largest users and service providers, including Alcatel-Lucent, Apple, Autodesk, Bell Canada, BT, China Telecom, Dell, Disney, Fujitsu, Huawei, INRIA, Juniper Networks, Korea Telecom, Leaseweb, Melbourne University, Nokia, NTT, Orange, SAP, Schuberg Philis, Taiwan Mobile, Tata, TrendMicro, Verizon, WebMD, and countless others.

"We are pleased to announce our latest release, making CloudStack even easier to deploy full-featured public and private clouds," said Sven Vogel, Vice President of Apache CloudStack. "Apache CloudStack continues to grow from strength to strength, with upgraded software and powerful deployments, backed by a robust community."

Apache CloudStack v4.15
Apache CloudStack includes the entire "stack" of features in an IaaS cloud: compute orchestration, Network-as-a-Service, user and account management, full and open native API, resource accounting, and a first-class user interface. The new 4.15 release ships with more than 200 new features, improvements, and bug fixes that include:

  • A new, modern user interface at general availability
  • vSphere advanced storage capabilities to support VMware storage policies, vSAN, VMFS6, vVols and datastore clusters
  • VMware "deploy-as-is" templates with OVF properties support for deploying virtual appliances in CloudStack clouds
  • Secondary storage management tools
  • Roles based users in projects
  • Dynamic roles enhancements for more granular RBAC
  • Support for CentOS 8, Ubuntu 20.04, XCP-ng 8.1, and MySQL 8
  • noVNC console for performance improvements to VM console access
  • Redfish support for out of band management
  • Unmanaging guest VMs
  • PVLAN support for L2 networks
  • Boot into hardware setup (VMware)
  • Configure root disk via service offering

The full list of new features is available in the project release notes at https://docs.cloudstack.apache.org/en/4.15.0.0/releasenotes/about.html

"At NTT/Itelligence we were eagerly anticipating this latest version of Apache CloudStack as many of the features in the release are of importance to our Itelligence cloud solution," said Andre Walter, VP, Head of GMS Cloud Infrastructure Services at Itelligence Global Managed Services GmbH. "We are particularly excited about the vSphere advanced capabilities and full OVF properties support. It is important for us to see the Open Source community bringing more and more features that allow us to enhance our global cloud operations capabilities."

"Apache CloudStack continues to bring innovative features for public cloud providers like us,"  said Wido den Hollander, CTO of PCExtreme. "With the 4.15 release, we are very interested in the Redfish implementation for Out of Band Management which helps bring the next generation of server management to our data centres. The fact that the CloudStack community is driven by users of the software as opposed to vendors with competing interests means that time and time again we see these exciting features delivered In Apache CloudStack."

"Apache CloudStack continues to cement itself as the logical choice for reliable, open source IaaS orchestration," said Giles Sirett, CEO of ShapeBlue. "It is proven, hugely scalable and, most importantly, easy to deploy and operate. The 4.15 release brings many features that will allow both public and private cloud operators to further innovate on their service offerings. I’d like to thank everybody in the Apache CloudStack community for this latest release."

The Apache CloudStack community invites those interested to join its mailing lists and global events, including CloudStack Collaboration Conference and numerous regional user groups. To get started and for ways to contribute, visit http://cloudstack.apache.org/contribute.html

Availability and Oversight
Apache CloudStack software is released under the Apache License v2.0 and is overseen by a volunteer, self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases.

Apache CloudStack Resources

About Apache CloudStack
An Apache Software Foundation Top-Level Project since 2013, Apache CloudStack powers countless mission-critical elastic Cloud computing services and solutions for Fortune 5 multinational corporations, Gartner Magic Quadrant leaders, and, as reported by Forrester, "sits beneath hundreds of service provider clouds". Visit https://cloudstack.apache.org/ and https://twitter.com/CloudStack for more information.

© The Apache Software Foundation. "Apache", "CloudStack", "Apache CloudStack", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Thursday December 24, 2020

Support Apache.


When we founded the ASF 21 years ago, we made a commitment to ensure Apache software is freely available to everyone worldwide at 100% no cost


Today the ASF provides more than $21B worth of software developed by an all-volunteer community. Your tax-deductible contribution has an immediate impact by helping us continue to steward, develop, and incubate Apache projects and their communities. 


There are many ways to help the ASF:

Just one week remains to make an end-of-year tax-deductible contribution in 2020.

Thank you in advance for your generous support!

Tuesday December 22, 2020

The Apache Software Foundation Operations Summary: 1 August - 31 October 2020

FOUNDATION OPERATIONS SUMMARY

Second Quarter, Fiscal Year 2021 (August - October 2020)

"The Apache Way ensures all participants have equal representation and footing, and developers are valued based on their contributions' merits. Bloomberg developers first got involved as Open Source community collaborators and contributors seven years ago, and we've been involved with –and a sponsor of– the ASF almost this entire time, as it’s the home of dozens of projects that are incredibly important to us."
—Kevin Fleming, Head of Open Source Community Engagement and Member of the CTO Office at Bloomberg (ASF Gold Sponsor)


> President's Report

This has been a largely quiet quarter for The Apache Software Foundation. By quiet, I mean that the operations side of the ASF has just been working with little drama, despite the fact that we're in the midst of a global pandemic. Whether it's been Apachecon@Home, the publication of research from Diversity and Inclusion, the day-to-day operations of Fundraising, Marketing, and Infrastructure continue unabated.

In some ways, I guess that is boring. There were no disasters that we had to deal with. While I was getting ready for my Apachecon@Home keynote, I was thinking about the impact of the pandemic on the ASF and the world. If you look at the statistics you'd be hard pressed to find much in terms of impact of the pandemic. In many ways, our distributed, asynchronous, consensus-based method of getting things done has set us up for success.

Maybe 'boring' is the definition of success for the ASF. A 'boring' status where our project communities deliver innovative Open Source software unabated.

> Conferences and Events http://apachecon.com/ 

During this time we held ApacheCon @Home 2020, September 28th through October 1st. This was our first virtual conference, and the largest conference we have yet held in our 22 years of running ApacheCon.

We have provided some statistics in our post-event report, at https://blogs.apache.org/conferences/entry/apachecon-home-2020-was-a

Some highlights include:

  • 5743 registrations
  • 66.7% of speakers were first time speakers
  • 82.9% of attendees were at their first ApacheCon ever
  • 306 sessions (all now on YouTube at https://www.youtube.com/theapachefoundation )
  • 26 tracks of content
  • Sessions in German, Hindi and Mandarin, in addition to English
  • Attendees, and speakers, from 6 continents

ApacheCon was made possible by our sponsors. Platinum sponsors were Instaclustr, Red Hat, DataStax, VMWare, Apple, Amazon, IBM, and Imply. Gold sponsors were OpenLogic, Cerner, and RX-M. Bronze sponsors were Codethink, US Postgresql Association, and Muse.dev. A huge thank you to them!

In the coming months we hope to have some smaller, project/topic focused events, but planning for these is still in the early stages, and we have no specific plans yet.

We are also cautiously looking at plans for 2021: We assume, at this point, based on the employee travel policies of major tech companies, that we will be holding ApacheCon 2021 online also. We hope to have details in early 2021.

The Pulsar Summit Asia will be held November 28th and 29th, also online. Details are available at https://pulsar-summit.org/  

> Community Development http://community.apache.org/ 

The main focus of this quarter was preparing for and participating in ApacheCon@Home. Our Community track ran over 3 days and 2 time zones and began with a presentation in Hindi. This was very significant for us as it was the first time that we have presented community content at ApacheCon in a language other than English. Being accessible in other languages is helping reach other potential contributors. Our track attracted a good audience and many of the sessions achieved a good interaction and participation via questions from the audience. 

During the event we showed the recently released ASF documentary video "Trillions and Trillions Served" at our online booth. We need to continue to investigate new ways for managing an online booth as it was difficult to understand when and how we could interact with the community at the same time being focussed on our own track.

Our Apache Local Communities (ALC) were strongly represented at ApacheCon@Home and the Indore Chapter held a range of meetings focussed on promoting the Apache Way.

All the videos from all the community sessions are now available on the ASF Youtube channel.

We have started preparing for GSoC 2021 and will once again be applying to become a mentoring organisation. In parallel we have sent out communications to all ASF project to begin gathering ideas for potential GSoC projects.

We are continuing to look for events where we can participate such as our Apache Roadshow China and FOSS Backstage.

Our mailing list has seen a significant decrease in traffic compared with the previous quarter. Even with the decrease we did get a lot of community involvement and activity during ApacheCon@Home which is not reflected in the mailing list statistics.


> Committers and Contributions http://apache.org/licenses/contributor-agreements.html 

Over the past quarter, 1,540 contributors committed 61,208 changes that amount to 28,336,795 lines of code across Apache projects. The top 5 contributors, in order, were: Andrea Cosentino (1,813 commits), Mark Miller (926 commits), Claus Ibsen (790 commits), Mark Thomas (771 commits), and Jean-Baptiste Onofré (742 commits).

All individuals who are granted write access to the Apache repositories must submit an Individual Contributor License Agreement (ICLA). Corporations that have assigned employees to work on Apache projects as part of an employment agreement may sign a Corporate CLA (CCLA) for contributing intellectual property via the corporation. Individuals or corporations donating a body of existing software or documentation to one of the Apache projects need to execute a formal Software Grant Agreement (SGA) with the ASF.

During Q2 FY2021, the ASF Secretary processed 151 ICLAs, 9 CCLAs, and 5 Software Grants. History of Apache committer growth can be seen at https://projects.apache.org/timelines.html


> Brand Management http://apache.org/foundation/marks/ 

Operations —the work of the Brand Management team falls broadly into one of three categories:

  • trademark transfers and registrations
  • granting permission to use our marks
  • addressing potential infringements of our marks

The volume of work this quarter is about half of what it was last quarter. This may be an impact of Covid-19 (fewer events), part of the natural fluctuation in activity or a combination of the two.

This quarter has seen the usual collection of requests to use Apache marks for user groups, events, merchandise and publications with nearly all requests being granted, subject to our Trademark Usage Policy.

Registrations —This quarter was also a relatively quiet one for registrations. We made progress on a number of our pending registrations, particularly in China, but we did not complete any registrations this quarter.

Infringements —Potential infringements are brought to our attention from both internal and external sources. The majority of infringements we see are accidental and our project communities are able to resolve these quickly and informally with occasional input from the Brand Management team. A small number of issues take longer to resolve. We made progress on some of these this quarter and hope that that progress will continue next quarter.

We have continued to address the infringements reported to us relating to products using our marks being sold through various online stores. We hope to resolve a number of these in the coming quarter.

And finally…

The Brand Management team welcomes your comments and suggestions as well as any questions you might have. Please see https://www.apache.org/foundation/marks/contact for our contact details.

> Security http://apache.org/security/ 

We continued to work on handling incoming security issues, keeping projects reminded of their outstanding issues, allocation of CVE names, and other general oversight and advice.

For Q2 we tracked 124 new vulnerability reports across 48 projects. (Q2 last year for comparison was 116 reports). Those reports led to 23 published CVE vulnerabilities.


> Privacy http://apache.org/foundation/policies/privacy.html 

This quarter ends without any complaints from users, committers or other parties.

The VP Privacy can be reached in private with the new email alias vp-privacy@apache.org.

A check of our privacy policy showed that we have several issues with our main site which needs to be addressed (not exhaustive):

  • We need to add Youtube, Google Fonts etc to the privacy statement
  • We need to update the policy to give the correct contact for complaints (no longer dev@)
  • We need to check if we actually need AdSense code 

Also, we should make sure to apply cookie laws.

The reason for the check is the open issue around status.apache.org since we need to cover that site with our privacy policy as well.

In another finding, Apache Whimsy shows all kinds of email addresses (i.e. personal ones) to all committers. This should be an option, so committers can decide if they want their email address shown and also the possibility to remove email addresses. Same issue is with the postal address shown. This issue has not yet been addressed and needs to be communicated to the Apache Whimsy team.

We have open discussion how ICLA (and similar documents) should be stored.

> Treasury and Financial Statement --map against https://s.apache.org/FY2019AnnualReport 

The Foundation is in excellent fiscal shape with all tax and compliance forms filed on time. Latest public filings can be found at http://www.apache.org/foundation/records/ . I have advised that officers minimize expenses until there is more certainty in global economic outlooks.  Officers have done so by delaying new investments.  This quarter we conducted ApacheCon@Home which operated with a profit via our generous sponsors.

We made a technical adjustment to our accounting to recognize the income of $892,882 from the very generous Pineapple fund donation as a public donation. The donation was originally made at the beginning of 2018. Removing this one-time donation from consideration, our losses this quarter were $141,848.

The majority of our cash remains in a CDARS account at Boston Private which provides FDIC insurance for the full amount. See below for income and expenses:


Income and Expenses for Q2 FY 2021




Apache Software Foundation






Q2 FY 21





Income Summary:





Public Donations

$ 916,373




Sponsorship Program

$ 168,000




Programs Income

$ 11,000




Conference/Event Income

$ 50,647




Interest Income

$ 1,896



Total Income

$ 1,147,916 





Expense Summary





Infrastructure

$ 228,670




Programs Expense

$ 0




Publicity

$ 15,439




Brand Management

$ 38,509




Conferences

$ 5,956




Travel Assistance Committee

$ -




Fundraising

$ 97,235




Privacy

$ -




Treasury Services

$ 4,331




General & Administrative

$ 6,742




Diversity and Inclusion

$ -



Total Expense

$ 396,882

Net Income

$ 751,034


> Diversity and Inclusion http://diversity.apache.org/

Important milestones were accomplished for two of the major projects driven by the Diversity and Inclusion committee as follows: 

Project 1: Research on the current status of Diversity and Inclusion at the ASF

This project was composed of two initiatives: The ASF Community Survey and a User Experience Research for contributors of underrepresented groups. These two initiatives concluded in Q2 and we are now working on a final report, expected to be published and shared with the ASF membership in Q3. 

For the ASF Community Survey, we recorded a read out, which you can watch in our official YouTube channel https://s.apache.org/pnkzw , and read the slides shared in the D&I wiki https://cwiki.apache.org/confluence/display/EDI/**+Files+and+Resources .

In the User Experience research, we conducted 19 one-on-one interviews, which provided insightful information on how we can help our community to ease the challenges experienced by contributors in our Apache community, especially those coming from under-represented backgrounds. You can find early results on these interviews in our public mailing list https://s.apache.org/ibs4z

In Q3, the work will be focused on publishing the official reports, which will include recommendations for our projects and the community in general, to enable the participation of folks from diverse backgrounds. 

Project 2: Internships for underrepresented groups (Outreachy)

The second round of internships for the Outreachy program concluded in August. We had four participants, which brought the total number of interns to 5 in our first year of participation. 

The third period of internships starts this December, we’ll have six interns for six different Apache projects, you can see the full list of interns and projects in the Outreachy working group notes https://s.apache.org/8ahu8 .

This program has provided opportunities to learn about the experience of new contributors to the participation project, and we look forward to analyzing them in the same context as the scientific data gathered with the survey and user experience interviews. 


> Fundraising http://apache.org/foundation/contributing.html

This past quarter has been fairly quiet for the Fundraising team aside from the wonderful success of ApacheCon@Home. We are ecstatic to report that eight Sponsors joined the ApacheCon family this year for the event. Feel free to check out our YouTube channel for recordings of all the talks.

Despite the pandemic and challenges it brings, we continue to see strong support from the community. Individual donations have been particularly strong this quarter (see https://whimsy.apache.org/board/minutes/Fundraising.html  for month by month playlist). We have also had a few Sponsors either increase or decrease their support level this quarter and are pleased to welcome two new Bronze sponsors to the Apache family.

As always, we are immensely thankful to our sponsors, who make it possible for our communities to build world-changing software -- 

PLATINUM: Amazon Web Services, Comcast, Facebook, Google, LeaseWeb, Pineapple Fund, Verizon Media, Tencent

GOLD: Anonymous, ARM, Bloomberg, Cloudera, Handshake, Huawei, IBM, Indeed, Union Investment, Workday

SILVER: Aetna, Alibaba Cloud Computing, Baidu, Budget Direct, Capital One, Cerner, Inspur, Red Hat, Target

BRONZE: Airport Rentals, The Blog Starter, Bookmakers, Cash Store, Bestecasinobonussen.nl, CarGurus, Casino2k, The Economic Secretariat, Emerio, Footprints Recruiting, Gundry MD, HostChecka.com, Host Advice, HostingAdvice.com, Journal Review, LeoVegas Indian Online Casino, Mutuo Kredit AG, Online Holland Casino, ProPrivacy, PureVPN, RX-M, SCAMS.info, Site Builder Report, Start a Blog by Ryan Robinson, Talend, The Best VPN, Top10VPN, Twitter, Web Hosting Secret Revealed, Xplenty

TARGETED PLATINUM: CloudBees, DLA Piper, JetBrains, Microsoft, OSU Open Source Labs, Sonatype, Verizon Media

TARGETED GOLD: Atlassian, The CrytpoFund, Datadog, PhoenixNAP, Quenda

TARGETED SILVER: Amazon Web Services, HotWax Systems, Rackspace

TARGETED BRONZE: Bintray, Education Networks of America, Google, Hopsie, No-IP, PagerDuty, Peregrine Computer Consultants Corporation, Sonic.net, SURFnet, Virtru

To sponsor The Apache Software Foundation, visit http://apache.org/foundation/sponsorship.html . To make a one-time or monthly recurring donation, please visit https://donate.apache.org/ .

= = =

Report prepared by Sally Khudairi, Vice President Marketing & Publicity, with contributions by David Nalley, President; Rich Bowen, Vice President Conferences; Mark Cox, Vice President Security; Sharan Foga, Vice President Community Development; Christian Grobmeier, Vice President Data Privacy; Myrle Krantz, Treasurer; Griselda Cuevas, Vice President Diversity & Inclusion, Vice President Fundraising; and Mark Thomas, Vice President Brand Management.

For more information, subscribe to the announce@apache.org mailing list http://apache.org/foundation/mailinglists.html#foundation-announce and visit http://www.apache.org/ , the ASF Blog at http://blogs.apache.org/ , the @TheASF on Twitter https://twitter.com/TheASF , and LinkedIn https://www.linkedin.com/company/the-apache-software-foundation .

(c) The Apache Software Foundation 2020.

# # #

Tuesday December 01, 2020

Apache Month in Review: November 2020

Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in November:

New this month --

 - ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
   -- ApacheCon@Home 2020 was a huge success https://blogs.apache.org/conferences/entry/apachecon-home-2020-was-a
   -- Videos of all sessions, including Plenaries and Keynotes, are available https://www.youtube.com/c/TheApacheFoundation/

 - Apache Software Foundation Operations Summary: Q1 FY2021 (May - July 2020) https://s.apache.org/2mefr

 - The Apache Software Foundation Announces Apache® TVM™ as a Top-Level Project https://s.apache.org/59g4a 

 - "Inside Infra" – the interview series featuring members of the ASF Infrastructure team
   -- Meet Gavin McDonald --Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
   -- Meet Andrew Wetmore --Part I https://s.apache.org/InsideInfra-Andrew 

 - Apache Month in Review: October 2020 https://s.apache.org/Oct2020


Important Dates --

  - Next Board Meeting: 16 December 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html


Infrastructure --

Our seven-member Infrastructure team on three continents oversees our highly-reliable, distributed network under the leadership of VP Infrastructure David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure supports 300+ Apache projects and their communities across ~200 individual machines, 1,400+ repositories, 5-6PB in traffic annually, ~75M downloads per month, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly checks to ensure services are available around the clock. The average uptime in November was 99.91%. http://www.apache.org/uptime/

Committer Activity --

In November, 762 Apache Committers changed 11,586,940 lines of code over 14,829 commits. The Committers with the top 5 highest contributions, in order, were: Jarek Potiuk, Jean-Baptiste Onofré, Gary Gregory, Andrea Cosentino, and Kaxil Naik.      

Project Releases and Updates --

New releases from Apache APISIX (API); BookKeeper (Big Data); Commons VFS (Libraries); CXF(Libraries); HBase (Big Data); Jackrabbit (Content); Log4j (Libraries); Lucene (Search); Oak (Content); Qpid Proton (Messaging); ShardingSphere (Big Data); Shiro (Security Framework); Skywalking (Application Performance Management); Tomcat (Servers); Unomi (Data Management Platform); Wicket (Web Frameworks);

The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. We invite you to review the many projects currently in development in the Apache Incubator http://incubator.apache.org/ . New releases from incubating podlings include: Apache Daffodil (Incubating; Libraries); NLPCraft (Incubating; Natural Language Processing); Tuweni (Incubating; Blockchain);

# # #

To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!

Monday November 30, 2020

The Apache Software Foundation Announces Apache® TVM™ as a Top-Level Project

Open Source End-to-End Deep Learning Hardware Compiler Stack in use at Alibaba Cloud, AMD, ARM, AWS, Facebook, Huawei, Intel, Microsoft, NVIDIA, and Xilinx, among others.

Wilmington, DE —30 November 2020— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® TVM™ as a Top-Level Project (TLP).

The ASF's first  full stack software and hardware co-optimization project, Apache TVM is an end-to-end open deep learning compiler stack for CPUs, GPUs, and specialized accelerators. TVM enables machine learning developers to optimize and run computations efficiently on any hardware backend. The project originated in 2017 as a research project at Washington University and entered the Apache Incubator in March 2019.

"It is amazing to see how the Apache TVM community members come together and collaborate under The Apache Way," said Tianqi Chen, Vice President of Apache TVM. "Together, we are building a solution that allows machine learning engineers to optimize and run computations efficiently on any hardware backend."

Apache TVM’s extensible full-stack framework enables deep learning applications to efficiently deploy across an array of hardware modules, platforms, and systems, including mobile phones, wearables, specialized chips, and embedded devices. Features include:

  • High Performance: compilation and minimal runtimes commonly unlock ML workloads on existing hardware.

  • Runs Everywhere: automatically generates and optimizes tensor operators on backends, CPUs, GPUs, browsers, microcontrollers, FPGAs, ASICs, and more.

  • Flexible: deep learning compilation models in Keras, Apache MXNet (incubating), PyTorch, Tensorflow, CoreML, and DarkNet, among other libraries. Supports block sparsity, quantization, random forests/classical ML, memory planning, MISRA-C compatibility, Python prototyping, and more.

  • Easy to Use: easily build out production stacks using C++, Rust, Java, or Python. Deploy deep learning workloads across diverse hardware devices.


Apache TVM is in use at dozens of organizations and institutions that include Alibaba Cloud, AMD, ARM, AWS, Carnegie Mellon University, Cornell University, Edge Cortix, Facebook, Huawei, Intel, ITRI, Microsoft, NVIDIA, Oasis Labs, OctoML, Qualcomm, University of California/Berkeley, UCLA, University of Washington, Xilinx, and more.

"ML compilers and runtimes thrive on diversity of models supported and HW targets, which is a perfect way to show the power of Open Source communities," said Luis Ceze, CEO of OctoML and Professor at the University of Washington. "It has been fantastic to see Apache TVM's fast adoption among hardware vendors and ML end-users, being well on its way to becoming a de-facto industry standard."

"Apache TVM brings unique value to deep learning researchers and developers. It closes the gap between model development and the demand to efficiently deploy it on various hardware targets," said Yizhi Liu, Senior Software Development Engineer at AWS and member of the Apache TVM Project Management Committee. "I'm thrilled to see Apache TVM now becomes the Top-Level Project and looking forward to further collaboration with the community."

"Congratulations to the Apache TVM community for graduating to be one of the Top Level Projects of The Apache Software Foundation," said Henry Saputra, ASF Member and Apache TVM Incubating Mentor. "The Apache TVM ecosystem has a healthy mix of representation and contribution from the industries and academia that provides a good balance of innovations and production readiness for wider and faster adoption. As one of the mentors of the podling, I am grateful and glad to be part of the journey."

"The key to Apache TVM's success is its open community," added Chen. "We welcome everyone interested in the field to join us and shape the future of ML compilation together under The Apache Way."

Catch Apache TVM in action at the annual TVM Conference being held 2-4 December 2020. The online event is free of charge to participate: for more information and to register, visit https://tvmconf.org/  

Availability and Oversight
Apache TVM software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache TVM, visit http://tvm.apache.org/ and https://twitter.com/ApacheTVM 

About the Apache Incubator
The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. All code donations from external organizations and existing external projects enter the ASF through the Incubator to: 1) ensure all donations are in accordance with the ASF legal standards; and 2) develop new communities that adhere to our guiding principles. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. For more information, visit http://incubator.apache.org/ 

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation (ASF) is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with nearly 8,000 Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Huawei, IBM, Inspur, Pineapple Fund, Red Hat, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF 

© The Apache Software Foundation. "Apache", "TVM", "Apache TVM", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Wednesday October 14, 2020

The Apache Software Foundation Celebrates 20 Years of OpenOffice®

Leading Open Source office application and personal productivity suite under development as a community-led Apache® Project for the past 8 years

Wakefield, MA —14 October 2020— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the twenty-year anniversary of OpenOffice®, the last eight of which as an Apache® Top-Level Project.

"It’s inspiring to see so many dedicated people from around the world volunteer their time to mentor, contribute code, test issues, moderate mailing lists, help on forums, translations, marketing and more to keep making this great product better and available for millions of users," said Carl Marcum, Vice President of Apache OpenOffice. "OpenOffice is more than just software. It’s a great community that I’m glad to be a part of."

With more than 300 million downloads, Apache OpenOffice is used by countless individuals, organizations, and institutions around the world who are seeking a reliable, robust, and freely-available Open Source office document productivity suite. Apache OpenOffice features the following applications for Windows, macOS and Linux:

  • "Writer" word processor;
  • "Calc" spreadsheet tool;
  • "Impress" presentation editor;
  • "Draw" vector graphics editor; 
  • "Math" mathematical formula editor; and 
  • "Base" database management program. 

Apache OpenOffice supports more than 120 languages, 41 of which are officially maintained and released by the Project. Apache OpenOffice is the productivity suite of choice for governments seeking to meet mandates for using ISO/IEC standard Open Document Format (ODF) files.

Originally created as "StarOffice" in 1985 by StarDivision, who was acquired by Sun Microsystems in 1999. The project was open-sourced under the name "OpenOffice.org", and continued development after Oracle Corporation acquired Sun Microsystems in 2010. OpenOffice entered the Apache Incubator in 2011 and graduated as an Apache Top-level Project in October 2012.

"At Apache OpenOffice we are very excited about 20 years of OpenOffice," said Marcus Lange, ASF Member and Apache OpenOffice Committer since the project first arrived at the ASF. "Countless users, developers and friends have made it possible that we can today celebrate this incredible anniversary. Their commitment makes me believe that we will see many more years of this great Open Source productivity suite."

"The need and, in fact, the demand, for a permissively licensed Open Source office suite, available to the masses and not just the privileged few fortunate enough to have the latest hardware and software, has never been greater within the last two decades," said Jim Jagielski, ASF co-Founder and Apache OpenOffice incubating mentor. "Apache OpenOffice exists to provide essential functionality, with as few licensing restrictions as possible, to the world at large. It is truly a noble mission, and I am honored to be a small part of it."

"As a long-term user, I joined the project in 2016 to give something back," said Matthias Seidel, Committer and member of the Apache OpenOffice Project Management Committee. "After a steep learning curve, I am proud to be part of the community that provides this great software for the public good and benefits millions worldwide."

Apache OpenOffice is available as a free download to all users at 100% no cost, charge, or fees of any kind. OpenOffice source code is readily available for anyone who wishes to enhance the applications. The Project welcomes contributions back to the project, its code, and its community. Those interested in participating with Apache OpenOffice can find out more at https://openoffice.apache.org/get-involved.html .

Availability and Oversight
As with all Apache projects, OpenOffice software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For project data, documentation, and more information on Apache OpenOffice, visit https://openoffice.apache.org/ and https://twitter.com/ApacheOO .

12 releases have been made under the auspices of the ASF. The project strongly recommends that users download OpenOffice only from the official site https://www.openoffice.org/download/ to ensure that they receive the original software in the correct and most recent version.

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation (ASF) is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with 7,900+ Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Huawei, IBM, Inspur, Pineapple Fund, Red Hat, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF  

© The Apache Software Foundation. "Apache", "OpenOffice", "OpenOffice.org", "Apache OpenOffice", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation