The Apache Software Foundation Blog
The Apache News Round-up: week ending 14 July 2017
We've had a booming week! Here's what the Apache community has been up to:
Support Apache –your contributions through the ASF Sponsorship program and individual donations help sustain 300+ freely-available Open Source projects. Every dollar counts. http://apache.org/foundation/contributing.html
ASF Board –management and oversight of the business and affairs of the corporation in accordance with the Foundation's bylaws.
- Next Board Meeting: 19 July 2017. Board calendar and minutes http://apache.org/foundation/board/calendar.html
- ASF Annual Report for 2017 Fiscal Year https://s.apache.org/IDn5
ASF Infrastructure –our distributed team on four continents keeps the ASF's infrastructure running around the clock.
- 7M+ weekly checks yield great performance at 97.03% uptime http://status.apache.org/
Apache Jackrabbit™ –a fully conforming implementation of the Content Repository for Java Technology API (JCR).
- Apache Jackrabbit 2.14.2 released https://jackrabbit.apache.org/
Apache HAWQ (incubating) –an advanced enterprise SQL-on-Hadoop analytic engine.
- Apache HAWQ 184.108.40.206-incubating released http://hawq.apache.org
Apache HTTP Server™ –the world's most popular Web server.
- Apache HTTP Server 2.2.34 and 2.4.27 2.2.34 released http://httpd.apache.org/
- CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2 http://mail-archives.apache.org/mod_mbox/www-announce/201707.mbox/%3CCACsi2528RzhCmN78sbpUYNYhLvsMkJmaB1hGV%2BzxaU64fjBL2g%40mail.gmail.com%3E
- CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest http://mail-archives.apache.org/mod_mbox/www-announce/201707.mbox/%3CCACsi252%3DWGN3zy9qsErsuvy5p-%2BL9p%2BDMUoZkFvyg4zH25N%2BkA%40mail.gmail.com%3E
Apache Impala (Incubating) –a high-performance C++ and Java SQL query engine for data stored in Apache Hadoop-based clusters.
- CVE-2017-5652 Apache Impala (incubating) Information Disclosure http://mail-archives.apache.org/mod_mbox/www-announce/201707.mbox/%3CCA%2BLM4Mt5Nk_qJom7YhKaZrLQArqWWY%3DofUDK7h%2BMM7mmOVhp_w%40mail.gmail.com%3E
- CVE-2017-5640 Apache Impala (incubating) Information Disclosure http://mail-archives.apache.org/mod_mbox/www-announce/201707.mbox/%3CCA%2BLM4Mur2%2Bmdv_YukGG0s5OWrj6xdZyLZbPRaB0g6Mm_WH%2BN9g%40mail.gmail.com%3E
Apache Lucene™ Solr –an Open Source enterprise search server based on the Lucene Java search library.
- CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr http://mail-archives.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAOOKt53EgrybaD%2BiSn-nBbvFdse-szhg%3DhMoDZuvUvyMme-Z%3Dg%40mail.gmail.com%3E
Apache ODE™ –a WS-BPEL 1.1/2.0 compliant Web services orchestration engine.
- Apache ODE 1.3.7 released http://ode.apache.org/
Apache Olingo™ –a Java library that enables developers to implement OData producers and OData consumers.
- Apache Olingo 2.0.9 released http://olingo.apache.org/
Apache OpenMeetings™ –provides video conferencing, instant messaging, white board, collaborative document editing and other groupware tools.
- Apache OpenMeetings 3.3.0 released http://openmeetings.apache.org
Apache OpenNLP™ –a machine learning based toolkit for the processing of natural language text.
- Apache OpenNLP 1.8.1 released http://opennlp.apache.org/
Apache OpenWebBeans™ –a CDI container (Contexts and Dependency Injection for Java) and targets the CDI-1.2 specification (JavaEE 7).
- Apache OpenWebBeans-1.7.4 released http://openwebbeans.apache.org
Apache Phoenix™ –enables SQL-based OLTP and operational analytics for Apache Hadoop.
- Apache Phoenix 4.11 released http://phoenix.apache.org/
Apache Struts™ –a comprehensive and modular tooling stack for creating Web-based Java applications.
- Apache Struts 2: possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series http://mail-archives.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAMopvkPHCrVRX7TuyyzdHp2wv6Pc8-f4%3DsqmSxPiE04md7SMug%40mail.gmail.com%3E
- Apache Struts 2.5.12 GA with Security Fixes released http://struts.apache.org/
Apache Subversion™ –an Open Source, centralized version control system.
- Apache Subversion 1.8.18 released http://subversion.apache.org/
Apache Tika™ –a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries.
- Apache Tika 1.16 released http://tika.apache.org/
Apache Wicket™ –an Open Source Java component oriented Web application framework.
- Apache Wicket 7.8.0 released http://wicket.apache.org/
Apache Yetus™ –a collection of libraries and tools that enable contribution and release processes for software projects. - Apache Yetus 0.5.0 released https://yetus.apache.org/
Did You Know?
- Did you know that if your employer has a matching gift program, your contribution to the ASF can be generously increased and will help even more to support its mission? http://apache.org/foundation/contributing.html
- Did you know that the Apache Incubator site had a redesign/facelift? http://incubator.apache.org/
- Did you know that the value to users from Apache OpenOffice's 200+M downloads (over the past year) exceeds $25M per day? https://openoffice.apache.org/
Apache Community Notices:
- "Success at Apache" focuses on the processes behind why the ASF "just works". 1) Project Independence https://s.apache.org/CE0V 2) All Carrot and No Stick https://s.apache.org/ykoG 3) Asynchronous Decision Making https://s.apache.org/PMvk 4) Rule of the Makers https://s.apache.org/yFgQ 5) JFDI --the unconditional love of contributors https://s.apache.org/4pjM 6) Meritocracy and Me https://s.apache.org/tQQh 7) Learning to Build a Stronger Community https://s.apache.org/x9Be- Presentations from ApacheCon https://s.apache.org/Hli7 and Apache: Big Data https://s.apache.org/tefE are available; as well as videos https://s.apache.org/AE3m and audio recordings https://feathercast.apache.org/
- Check out the Apache Community Development blog https://blogs.apache.org/comdev/
- Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity
- Apache ActiveMQ Call For Logo https://blogs.apache.org/activemq/entry/apache-activemq-call-for-logo
- The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html
- The CloudStack European User Group will be held 17 August in London https://www.eventbrite.co.uk/e/cloudstack-european-user-group-tickets-35565783215
- Catch the Apache Ignite and Spark communities at the In-Memory Computing Summit 24-25 October in San Francisco https://imcsummit.org/
- ASF Annual Report https://s.apache.org/FY2017AnnualReport
- Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/
- Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby
# # #
Posted at 11:23AM Jul 14, 2017 by Sally in General | |