The Apache Software Foundation Blog

Friday April 27, 2018

The Apache News Round-up: week ending 27 April 2018

Farewell, April. Let's review what the Apache community has accomplished this past week:

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 May. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ –the ASF's official global conference series.
 - Join us at Apache Roadshow Europe/Berlin 11-14 June/Berlin --register for FOSS Backstage and you're in! https://foss-backstage.de/
 - Registration open for ApacheCon North America 24-27 September/Montreal (schedule coming soon) http://apachecon.com/
 - Final call for Travel Assistance applications for ApacheCon/Montreal --ends 1 May https://www.apache.org/travel/
 - Save the date: Apache Roadshow and Open Source Job Fair 8 October/Fairfax, VA

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield "triple nines" performance at 99.95% uptime. http://status.apache.org/

ASF Operations Factoid –this week, 514 Apache contributors changed 856,181 lines of code over 2,887 commits. Top 5 contributors, in order, are: Stephen Mallette, Matthieu Baechler, Duo Zhang, Alexey Goncharuk, and Bao Liu.

Apache Accumulo™ –a sorted, distributed key/value store that provides robust, scalable data storage and retrieval.
 - Apache Accumulo 1.9.0 released https://accumulo.apache.org/

Apache Jackrabbit™ Oak – a scalable, high-performance hierarchical content repository designed for use as the foundation of modern world-class Web sites and other demanding content applications.
 - Apache Jackrabbit Oak 1.9.0 released http://jackrabbit.apache.org/

Apache Open Climate Workbench™ –a comprehensive suite of algorithms, libraries, and interfaces designed to standardize and streamline the process of interacting with large quantities of observational data and conducting regional climate model evaluations.
 - Apache Open Climate Workbench 1.3.0 released http://climate.apache.org/

Apache PDFBox™ –an Open Source Java tool for working with PDF documents.
 - Apache PDFBox 1.8.14 released http://pdfbox.apache.org/

Apache Qpid™ Proton –a messaging library for the Advanced Message Queuing Protocol 1.0 (AMQP 1.0, ISO/IEC 19464, http://www.amqp.org).
 - Apache Qpid Proton-J 0.27.0 released http://qpid.apache.org/

Apache Tika™ –a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries.
 - Apache Tika 1.18 released http://tika.apache.org/
 - [CVE-2018-1338] DoS (Infinite Loop) Vulnerability in Apache Tika's BPGParser http://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3CCAC1dCwW1WG339h%3DfqMzjG4p0VdeoOe3q5qKM%3DQ7KUQPuLzS1RA%40mail.gmail.com%3E
 - [CVE-2018-1339] DoS (Infinite Loop) Vulnerability in Apache Tika's ChmParser http://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3CCAC1dCwVvwLpJMi%2B-YYx%3Du_9YxZnMpd729Hy%3DB%2BBADXaCEpWceQ%40mail.gmail.com%3E
 - [CVE-2018-1335] Command Injection Vulnerability in Apache Tika's tika-server module http://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3CCAC1dCwVhrPRyFJMS5BbY02%2B495CUODrAzndqZkvKacJnXUSm%2Bw%40mail.gmail.com%3E

Apache UIMA™ –a component architecture and framework for the analysis of unstructured content like text, video and audio data.
 - CVE-2017-15691: Apache UIMA XML external entity expansion (XXE) attack exposure http://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3Cfac969e1-6a15-186a-d49c-338c58a0b37e%40apache.org%3E


Did You Know?

 - Did you know that Audi has adopted Apache Kafka as the data streaming backbone for all Audi vehicles? http://kafka.apache.org/

 - Did you know that the Brazilian Air Force's Air Navigation Management Center is powered by Apache Wicket? http://wicket.apache.org/

 - Did you know that over the past 12 months 3,255 Apache Committers changed 71,186,324 lines of code over 225,500 commits? https://blogs.apache.org/foundation/entry/the-apache-software-foundation-celebrates

Apache Community Notices:

 - The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 - Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 - A look at the "Apache at 19" promo at https://youtu.be/Fqk_rlKiVIs

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Apache in 2017 - By The Digits https://s.apache.org/h8do

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - "Success at Apache" focuses on the processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html

 - Open Expo Europe - 6-7 June 2018 in Madrid https://openexpoeurope.com/

 - Meet members of the Apache community at Open Expo Madrid 6-7 June 2018 http://www.openexpo.es/en/

 - We're teaming up the Apache Roadshow Europe with Berlin Buzzwords - 10-12 June 2018 (Apache Lounge dates: 11-12 June) https://berlinbuzzwords.de/

 - The 2018 Apache EU Roadshow will be held during FOSS Backstage in Berlin 13-14 June 2018 https://foss-backstage.de/

 - Apache Big Data project communities will be participating at DataWorks Summit 17-21 June 2018 in San Jose https://dataworkssummit.com/

 - ApacheCon North America will be held 24-27 September in Montreal http://apachecon.com/

 - Save the Date: Apache Roadshow DC and Open Source/Government/Cyber/Job Fair - 8 October 2018 in Fairfax, VA http://apachecon.com/

 - ASF Quarterly Report: Operations Summary: November 2017 - January 2018 https://s.apache.org/UtBD

 - ASF Annual Report is available at https://s.apache.org/FY2017AnnualReport

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

Friday April 20, 2018

The Apache News Round-up: week ending 20 April 2018

Happy Friday! Activities from the Apache community over the past week include:

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 May. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ –the ASF's official global conference series.
 - Join us at Apache Roadshow Europe/Berlin 11-14 June/Berlin --register for FOSS Backstage and you're in! https://foss-backstage.de/
 - Registration open for ApacheCon North America 24-27 September/Montreal http://apachecon.com/
 - Travel Assistance applications now being accepted through 1 May for ApacheCon/Montreal https://www.apache.org/travel/
 - Save the date: Apache Roadshow and Job Fair 8 October/Fairfax, VA!

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield smashing kicking performance at 99.89% uptime. http://status.apache.org/

ASF Operations Factoid –this week, 577 Apache contributors changed 1,100,555 lines of code over 3,508 commits. Top 5 contributors, in order, are: James Taylor, Steve Gill, Sean Busbey, Karl Wright, and Matteo Merli.

Apache Fineract™ –an Open Source system for core banking as a platform.
 - Apache Fineract 1.1.0 released http://fineract.apache.org/

Apache Jena™ –a framework for developing Semantic Web and Linked Data applications in Java.
 - Apache Jena 3.7.0 released http://jena.apache.org/

Apache Jackrabbit™ – a fully compliant implementation of the Content Repository for Java(TM) Technology API, version 2.0 (JCR 2.0) as specified in the Java Specification Request 283 (JSR 283).
 - Apache Jackrabbit 2.14.5 released http://jackrabbit.apache.org/

Apache Oozie™ –Open Source workflow scheduler for Apache Hadoop used to build complex Big Data transformations.
 - The Apache Software Foundation Announces Apache® Oozie(TM) v5.0.0 https://s.apache.org/FLXS

Apache OpenMeetings™ –provides video conferencing, instant messaging, white board, collaborative document editing and other groupware tools using API functions of the Red5 Streaming Server for Remoting and Streaming.
 - Apache OpenMeetings 4.0.3 released http://openmeetings.apache.org

Apache Subversion™ –leading Open Source version control system.
 - Apache Subversion 1.10.0 released https://subversion.apache.org/
 - The Apache Software Foundation Announces Apache® Subversion® v1.10.0 https://s.apache.org/ICsR

Apache Tomcat™ –an Open Source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. 
 - Apache Tomcat 7.0.86 and 8.0.51 released http://tomcat.apache.org/

Apache Traffic Server™ –a high performance, scalable HTTP Intermediary and proxy cache.
 - Apache Traffic Server v7.1.3 released https://trafficserver.apache.org/

Apache Wicket™ –an Open Source Java component oriented Web application framework.
 - CVE-2018-1325 - Wicket jQuery UI: XSS while displaying value in WYSIWYG editor http://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3CCAJmbs8gYjfWKXJC1QtZoYQAvcxrSSFBXWpogJQ6LQfTBR4eTxQ%40mail.gmail.com%3E

Did You Know?

 - Did you know that Netflix processes 3 trillion events each day using Apache Flink? http://flink.apache.org/

 - Did you know that you can run Apache HBase on YARN via Slider HBase App Package? http://hbase.apache.org/

 - Did you know that you can use familiar BI tools with Apache Drill even when working with Big Data? http://drill.apache.org/

Apache Community Notices:

 - The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 - Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 - A look at the "Apache at 19" promo at https://youtu.be/Fqk_rlKiVIs

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Apache in 2017 - By The Digits https://s.apache.org/h8do

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - "Success at Apache" focuses on the processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html

 - Members of the Apache community will be presenting at DataWorks Summit 16-19 April 2018 in Berlin https://dataworkssummit.com/

 - Open Expo Europe - 6-7 June 2018 in Madrid https://openexpoeurope.com/

 - Meet members of the Apache community at Open Expo Madrid 6-7 June 2018 http://www.openexpo.es/en/

 - We're teaming up the Apache Roadshow Europe with Berlin Buzzwords - 10-12 June 2018 (Apache Lounge dates: 11-12 June) https://berlinbuzzwords.de/

 - The 2018 Apache EU Roadshow will be held during FOSS Backstage in Berlin 13-14 June 2018 https://foss-backstage.de/

 - Apache Big Data project communities will be participating at DataWorks Summit 17-21 June 2018 in San Jose https://dataworkssummit.com/

 - ApacheCon North America will be held 24-29 September in Montreal http://apachecon.com/

 - Save the Date: Apache Roadshow DC and Open Source/Government/Cyber/Job Fair - 8 October 2018 in Fairfax, VA http://apachecon.com/

 - ASF Quarterly Report: Operations Summary: November 2017 - January 2018 https://s.apache.org/UtBD

 - ASF Annual Report is available at https://s.apache.org/FY2017AnnualReport

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

Wednesday April 18, 2018

The Apache Software Foundation Announces Apache® Oozie(TM) v5.0.0

Open Source workflow scheduler for Apache Hadoop used to build complex Big Data transformations.

Wakefield, MA —18 April 2018— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® OozieTM v5.0.0, the workflow scheduler for Apache Hadoop.

Apache Oozie is a scalable, reliable, and extensible Java Web application used for job workflow scheduling and operational services management within an Apache Hadoop cluster. Integrated with the Hadoop stack, Oozie supports jobs for Apache projects such as Spark, Hive, MapReduce, Pig, and Sqoop, and can also schedule system-specific jobs, such as Java programs and shell scripts. The project entered the Apache Incubator in 2011, and graduated as an Apache Top-Level Project in 2012.

"Apache Oozie 5's flagship feature, Oozie on YARN, started off as a 1 day hackathon project almost 4 years ago, and it's great to see that the Oozie community has taken it on and made it ready for everyone to use," said Robert Kanter, Vice President of Apache Oozie. "It's a big change to Oozie's architecture, and I think our users are going to be very happy with the benefits it brings."

Apache Oozie allows cluster administrators to build complex Big Data transformations out of multiple component tasks. This provides greater control over jobs and also makes it easier to repeat those jobs at predetermined intervals. 

Oozie combines multiple jobs sequentially into one logical unit of work through 1) Oozie Workflow jobs -- Directed Acyclic Graphs (DAGs) of actions; and 2) Oozie Coordinator jobs -- recurrent Oozie Workflow jobs triggered by time (frequency) and data availability. Apache Oozie 5.0.0 includes new features, bug fixes and minor improvements that include:
  • moved launcher from MapReduce mapper to YARN ApplicationMaster;
  • switched from Tomcat 6 to embedded Jetty 9;
  • updated third party libraries;
  • completely rewritten workflow graph generator;
  • JDK 8 support;
  • deprecated Instrumentation in favor of Metrics;
  • added indexes to speed up DB queries; and 
  • fixed CVE-2017-15712

The full list of new features can be found in the project release notes at https://oozie.apache.org/docs/5.0.0/release-log.txt

"Oozie 5 is a major milestone for the project," said Andras Piros, Apache Oozie committer and Apache Oozie v5.0 Release Manager. "We are proud to provide all the new functionality to big data administrators, data engineers, and data scientists who can leverage a faster, more streamlined, and more secure workflow orchestrator. Features like Oozie on YARN, Jetty 9 support, and ecosystem revamp enable Apache Hadoop users to create and schedule Hadoop jobs in an efficient and modern way not seen before."

"Oozie has long been a staple of a productive Apache Hadoop deployment, playing an important role in orchestrating the rest of the ecosystem. Oozie 5 represents the next step in where Oozie is headed," added Kanter. "The Apache Oozie community has already got some great features in the works for our next release. We welcome anyone who wants to contribute to join us in making Oozie the best it can be."

Availability and Oversight
Apache Oozie software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Oozie, visit http://oozie.apache.org/

About The Apache Software Foundation (ASF)
Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server --the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 680 individual Members and 6,500 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, ARM, Baidu, Bloomberg, Budget Direct, Capital One, Cash Store, Cerner, Cloudera, Comcast, Facebook, Google, Hortonworks, Huawei, IBM, Indeed, Inspur, iSIGMA, ODPi, LeaseWeb, Microsoft, PhoenixNAP, Pivotal, Private Internet Access, Red Hat, Target, Union Investment, and Yahoo. For more information, visit http://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "Oozie", "Apache Oozie", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Monday April 16, 2018

The Apache Software Foundation Announces Apache® Subversion® v1.10.0

Open Source version control system ranked among leaders in $970MM+ market

Wakefield, MA —16 April 2018— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® Subversion® v1.10.0, the popular centralized software version control system.

With Apache Subversion, files and directories can be edited, copied, deleted, merged, and tagged, with each such operation leaving a permanent entry in the version control system's history record. Files can be locked for exclusive access. The system supports a command-line interface and several third-party graphical interfaces, and can also be scripted in Python, Perl, Ruby, or Java. Subversion is very portable and runs on virtually all general-purpose operating systems in use today. The software versioning and revision control system initiated in 2000, entered the Apache Incubator in 2009, and graduated as an Apache Top-Level Project in 2010.

"Dealing with merge conflicts is one of the most complicated aspects of version control. While merge conflicts in a text file are usually best resolved by editing the file directly, merge conflicts can also occur when the directory tree structure of a project is changed. Resolving such structural conflicts requires users to manipulate entire collections of files and directories at once, which is time-consuming and error-prone," said Stefan Sperling, Vice President of Apache Subversion. "With Subversion 1.10, structural conflicts can now be resolved with support from a built-in interactive conflict resolver which automates conflict resolution tasks users had to perform manually in the past. This is a major usability improvement and saves users who do a lot of merging a significant amount of time."

Apache Subversion 1.10 is the result of more than three years’ development effort, and features:
  • Numerous bug fixes
  • Improved path-based authorization
  • New interactive conflict resolver
  • LZ4 compression support over the wire and backend storage
  • Shelving (experimental)

The full list of new features can be found in the project release notes at https://subversion.apache.org/docs/release-notes/1.10.html

In its new "Version Control Systems Market: Global Industry Analysis" report, Future Market Insights estimates that the version control systems market will exhibit 11.5% CAGR and reach US$971.8MM by 2027. Apache Subversion has been ranked in the "Market Leader" quadrant in G2 Crowd’s "Best Version Control Systems" for 2018. Time tracking and productivity tool producer Time Doctor recommends, "if you want to have a single master source tree that is being worked on by a small core development group, SVN should be the first system you try as it’s reliable and tailored for that."

Millions of users worldwide rely on Apache Subversion (SVN) to safely and easily manage version control across an array of applications.

"As a large Open Source project with many moving parts, and many connections to other projects, the FreeBSD operating system depends on Apache Subversion to be its single source of truth for all version control operations," said members of the FreeBSD Core team. "Subversion has proved to be a reliable, stable, and overall usable system for the project for many years and we appreciate the high quality of the work done in designing and maintaining SVN."  

"Apache Subversion is a reliable and robust centralized version control system that is well suited for enterprises," said Michael Diers, Technical Director of elego Software Solutions GmbH. "Over the years, we have had very little problems with Subversion deployments that we setup and maintain for our customers. Its development community is very competent, friendly and welcoming."

"One of the usually overlooked advantages of Apache Subversion is that it works natively on all modern platforms, including Windows," said Ivan Zhakov, Technical Director of VisualSVN Software Ltd. "Subversion is based on Apache Portable Runtime and does not impose dependencies on Cygwin or its replacements. Nowadays, this advantage is of extreme importance for enterprise users who work in heterogeneous environment in the vast majority of cases."

"Assembla customers rely on Apache Subversion to build leading edge technologies and products in a secure and scalable environment," said Jacek Materna, Assembla CTO. "With more than 4,000 Assembla users running SVN, we are excited to have contributed directly to Apache Subversion 1.10.0 and the improved performance and key features it will bring. LZ4 Compression, improved path-based authorization and shelving are just a few of the updates that represent significant innovation for SVN."

"Over 18 years of its development, Subversion has grown into a very mature and solid version control package supported by a friendly and healthy Open Source project community with long-term productivity and success," added Sperling. "Subversion's community and wider ecosystem is an exemplary example of how the collaborative Open Source development model can work to the benefit of its users, its developers, and its sponsors."

Availability and Oversight
Apache Subversion software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Subversion, visit http://subversion.apache.org/

About The Apache Software Foundation (ASF)
Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server --the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 680 individual Members and 6,500 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, ARM, Baidu, Bloomberg, Budget Direct, Capital One, Cash Store, Cerner, Cloudera, Comcast, Facebook, Google, Hortonworks, Huawei, IBM, Inspur, iSIGMA, ODPi, LeaseWeb, Microsoft, PhoenixNAP, Pivotal, Private Internet Access, Red Hat, Target, Union Investment, and Yahoo. For more information, visit http://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "Subversion", "Apache Subversion", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Friday April 13, 2018

The Apache News Round-up: week ending 13 April 2018

Hello, Friday. Let's look back on our Apache activities over the past week:

Success at Apache –a monthly blog series that focuses on the processes behind why the ASF "just works".
 - Am I there yet? A n00b's perspective by Charles Givre https://s.apache.org/QyEK

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 18 April. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ –the ASF's official global conference series.
 - Three official Apache events will be taking place this year: 1) Apache Roadshow Europe/Berlin (join us at FOSS Backstage); 2) ApacheCon North America/Montreal (Registration now open!); and 3) Apache Roadshow and Job Fair/Fairfax http://apachecon.com/
 - Travel Assistance applications now being accepted through 1 May for ApacheCon/Montreal https://www.apache.org/travel/

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield smashing "four nines" performance at 99.99% uptime. http://status.apache.org/

ASF Operations Factoid –this week, 519 Apache contributors changed 1,000,559 lines of code over 3,088 commits. Top 5 contributors, in order, are: Karl Heinz Marbaise, Duo Zhang, Matt Sicker, Claus Ibsen, and Jeremy Mitchell.

Apache Attic™ –provides process and solutions to make it clear when an Apache project has reached its end of life.
 - Apache Oltu retired http://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3CCD6C954D-F93A-473E-9B2F-60C05231D532%40apache.org%3E

Apache BookKeeper™ –a scalable, fault-tolerant, and low-latency storage service optimized for real-time workloads.
 - Apache BookKeeper 4.6.2 released https://bookkeeper.apache.org/

Apache Geode™ –a Big Data management platform that provides a database-like consistency model, reliable transaction processing and a shared-nothing architecture to maintain very low latency performance with high concurrency processing.
 - Apache Geode 1.5.0 released http://geode.apache.org/

Apache Groovy™ –a multi-faceted programming language for the JVM.
 - Apache Groovy 2.5.0-rc-1 released https://groovy.apache.org/

Apache Jackrabbit™ – a fully compliant implementation of the Content Repository for Java(TM) Technology API, version 2.0 (JCR 2.0) as specified in the Java Specification Request 283 (JSR 283).
 - Apache Jackrabbit 2.17.2 released http://jackrabbit.apache.org/

Apache Lucene™ Solr –an Open Source enterprise search server based on the Lucene Java search library.
 - CVE-2018-1308: XXE attack through Apache Solr's DIH's dataConfig request parameter http://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E

Apache NiFi™ –an easy to use, powerful, and reliable system to process and distribute Big Data.
- Apache NiFi 1.6.0 released https://nifi.apache.org/

Apache Subversion™ –leading Open Source version control system.
 - Apache Subversion 1.10.0-rc2 released https://subversion.apache.org/

Apache Tomcat™ –an Open Source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. 
 - Apache Tomcat 8.5.30 and 9.0.7 released http://tomcat.apache.org/

Did You Know?

 - Did you know that Apache Tinkerpop has two new pieces of documentation: 1) Collections Recipe, and 2) Gremlin's Anatomy Tutorial? http://tinkerpop.apache.org/

 - Did you know that Huawei uses Apache Flink for its Cloud Stream Service? http://flink.apache.org/

 - Did you know that cron expressions generator Cron Maker webapp is powered by Apache Wicket? http://wicket.apache.org

Apache Community Notices:

 - The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 - Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 - A look at the "Apache at 19" promo at https://youtu.be/Fqk_rlKiVIs

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Apache in 2017 - By The Digits https://s.apache.org/h8do

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - "Success at Apache" focuses on the processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html

 - Members of the Apache community will be presenting at DataWorks Summit 16-19 April 2018 in Berlin https://dataworkssummit.com/

 - Open Expo Europe - 6-7 June 2018 in Madrid https://openexpoeurope.com/

 - Meet members of the Apache community at Open Expo Madrid 6-7 June 2018 http://www.openexpo.es/en/

 - We're teaming up the Apache Roadshow Europe with Berlin Buzzwords - 10-12 June 2018 (Apache Lounge dates: 11-12 June) https://berlinbuzzwords.de/

 - The 2018 Apache EU Roadshow will be held during FOSS Backstage in Berlin 13-14 June 2018 https://foss-backstage.de/

 - Apache Big Data project communities will be participating at DataWorks Summit 17-21 June 2018 in San Jose https://dataworkssummit.com/

 - ApacheCon North America will be held 24-29 September in Montreal http://apachecon.com/

 - Save the Date: Apache Roadshow DC and Open Source/Government/Cyber/Job Fair - 8 October 2018 in Fairfax, VA http://apachecon.com/

 - ASF Quarterly Report: Operations Summary: November 2017 - January 2018 https://s.apache.org/UtBD

 - ASF Annual Report is available at https://s.apache.org/FY2017AnnualReport

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

Tuesday April 10, 2018

Success at Apache: Am I there yet? A n00b's perspective

by Charles Givre

Let me start out by saying that I am not a developer. I do have a technical background, but I hadn't coded in Java for at least 10 years before I got involved in the Apache Drill project. One has to wonder how, as a non-developer, I ended up as a committer for the Drill project. In this blog post, I'd like to share with you how I came to be involved with the Drill project.

But first, why Drill?

I first heard about Drill at an industry conference several years ago. I was speaking with Dr. Ellen Friedman about some data issues we were having and she casually mentioned have I tried Drill? I had not heard of it at that point, so I did some research and it seemed as if Drill could solve a lot of problems that my clients were having. But then, I tried using it and kept getting stuck.  

If you aren't familiar with Apache Drill, Drill is an SQL engine which allows you to query any kind of self-describing data. After experimenting with Drill for a while, I was impressed enough to thing that the tool had major potential in security. One of the biggest problems that Drill solves is the need to Extract, Transform, Load (ETL) data into an analytic tool before actually doing analysis of that data. This ETL process adds no value to anything really, and costs large enterprises literally millions of dollars as well as adding unnecessary delays between the time data is ingested and when the data is actually available for analysis. In security applications, this delay directly translates into risk. The longer it takes to make your data available, the more time it will take to potentially find malicious activity and hence, more risk. Therefore, if you're able to query the data without having to do any kind of ETL or ingestion, you are lowering your risk as well as potentially saving millions of dollars.

Getting Involved

Unfortunately, when I started using Drill, I saw this potential, but I couldn't get it to work. My next step from here was to try to get assistance at my company. I pitched the ideas to my company leadership, but it proved very difficult to get the company to pull Java developers from revenue generating projects to work on this "pie-in-the-sky", unproven project. After spending several months on this, I got really frustrated and decided that I was going to try to do it myself, however, I really had no idea what I was doing. I hadn't coded in Java for at least 10 years at the time, and had zero experience with all the modern Java development tools such as Maven and Git. What I did have was persistence, so I started asking for help and decided that I was going to dive right in and start adding the functionality that I felt Drill needed to be useful in security applications. I started working on something that someone else started—the HTTPD format plugin for Drill. Most of the coding was done, but there was still enough there for me to get my hands dirty and start figuring things out.

What I learned

I still would not consider myself a developer, but after getting that particular item committed to the codebase, I learned a lot about how open source projects actually work as well as writing production quality code. Since then, I've tried to add at least one bit of new functionality to each Drill release. I would encourage anyone who is interested in contributing to an Open Source project at the Apache Software Foundation, to dive right in, and start. There are still a lot of ideas I have for Drill, and with time, I hope to have the time to see them through to implementation.

In conclusion, I'm fairly certain that my involvement with Drill and the Apache Software Foundation is really just beginning. I'm currently working on the O'Reilly book about Apache Drill with a fellow Drill committer. It is my hope that the book will spark additional interest in Apache Drill. Open Source software is at the heart of the ongoing data revolution which is dramatically expanding what is possible with data. I firmly believe that Apache Drill will have a role to play in this data revolution and I'm honored to have the opportunity to play a small role in developing Drill.

Charles Givre CISSP is a Lead Data Scientist at Deutsche Bank where he works in the Chief Information Security Office (CISO). Mr. Givre is an active data science instructor and regularly teaches classes about data science and security at various industry conferences, such as BlackHat. Mr. Givre is a committer for the Apache Drill project and together with Mr. Paul Rogers, is working on the forthcoming O’Reilly book about Apache Drill. He can be reached at cgivre(at)apache(dot)org.  

= = =

"Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works" https://blogs.apache.org/foundation/category/SuccessAtApache

# # #

Friday April 06, 2018

The Apache News Round-up: week ending 6 April 2018

Here comes April with quite a few Apache activities:

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 18 April. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ –the ASF's official global conference series.
 - Three official Apache events will be taking place this year: 1) Apache Roadshow Europe/Berlin; 2) ApacheCon North America/Montreal; and 3) Apache Roadshow and Job Far/Fairfax http://apachecon.com/
 - Travel Assistance applications now being accepted for ApacheCon/Montreal https://www.apache.org/travel/

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield smashing "four nines" performance at 99.99% uptime. http://status.apache.org/

ASF Operations Factoid –this week, 528 Apache contributors changed 1,006,554 lines of code over 3,263 commits. Top 5 contributors, in order, are: Carlos Sanchez Gonzalez, Daniel Sun, Paul King, Karl Heinz Marbaise, and Matt Sicker.

Apache FreeMarker™ –a template engine: a Java library to generate text output (HTML web pages, e-mails, configuration files, source code, etc.) based on templates and changing data.
 - Apache FreeMarker 2.3.28 released https://freemarker.apache.org/

Apache Hive™ –Big Data warehouse software that facilitates querying and managing large datasets residing in distributed storage.
 - [SECURITY] CVE-2018-1315 'COPY FROM FTP' statement in HPL/SQL can write to arbitrary location if the FTP server is compromised http://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3CCABDpyChQXi-JSh%3DbytOLsdq7o%2BeSst6hU_s8RN4jQoPzLR2vLQ%40mail.gmail.com%3E
 - [SECURITY] CVE-2018-1282 JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned http://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3CCABDpyCjSKaT9bVNajr0L52b_abuxHL0xWLB%3D5%2B%2BytUzD_JyCRg%40mail.gmail.com%3E
 - [SECURITY] CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files http://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3CCABDpyChmEOPSBAxb%2BipyGVfhuS4Zq%2Bw0CFn-EANy%2B_TD0o-8%2Bw%40mail.gmail.com%3E

Apache Jackrabbit™ Oak –a scalable, high-performance hierarchical content repository designed for use as the foundation of modern world-class Web sites and other demanding content applications.
 - Apache Jackrabbit Oak 1.4.21 released http://jackrabbit.apache.org/

Apache Lucene™ Solr™ –an Open Source enterprise search server based on the Lucene Java search library. 
 - Reference Guide for Solr 7.3 released https://lucene.apache.org/solr/guide/7_3

Apache Qpid™ –a cross-platform messaging solution that implements the Advanced Message Queuing Protocol.
- Apache Qpid C++ 1.38.0, Qpid Proton 0.22.0, Qpid Broker-J 7.0.3, and Apache Qpid for Java 6.1.6 released http://qpid.apache.org/

Apache ServiceComb (incubating) –a Restful based service-registry that provides micro-services discovery and micro-service management.
 - Apache Service-Center (incubating) 0.1.0, 1.0.0-m1 and Apache ServiceComb Java-Chassis (incubating) version 1.0.0-m1 released http://servicecomb.incubator.apache.org/

Did You Know?

 - Did you know that the following Apache projects are celebrating anniversaries this month? CXF (10 yrs); Avro, HBase, Mahout, Nutch, Tika, and Traffic Server (8 yrs); Creadur and Jena (6 yrs); DeltaSpike (5 yrs); ORC and Parquet (3 yrs); Apex, AsterixDB, and Johnzon (2 yrs); and CarbonData, Fineract, and Metron (1 yr) --many happy returns! https://projects.apache.org/committees.html?date

 - Did you know that Microsoft Azure's CosmosDB supports Apache Tinkerpop's graph traversal language? http://tinkerpop.apache.org/

 - Did you know that Apache NetBeans Day UK will take place 2 April 2018? https://jaxenter.com/netbeans/apache-netbeans-day-uk-2018

Apache Community Notices:

 - The Apache®Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 - Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 - A look at the "Apache at 19" promo at https://youtu.be/Fqk_rlKiVIs

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Apache in 2017 - By The Digits https://s.apache.org/h8do

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - "Success at Apache" focuses on the processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html

 - Members of the Apache community will be presenting at DataWorks Summit 16-19 April 2018 in Berlin https://dataworkssummit.com/

 - Open Expo Europe - 6-7 June 2018 in Madrid https://openexpoeurope.com/

 - Meet members of the Apache community at Open Expo Madrid 6-7 June 2018 http://www.openexpo.es/en/

 - We're teaming up the Apache Roadshow Europe with Berlin Buzzwords - 10-12 June 2018 (Apache Lounge dates: 11-12 June) https://berlinbuzzwords.de/

 - The 2018 Apache EU Roadshow will be held during FOSS Backstage in Berlin 13-14 June 2018 https://foss-backstage.de/

 - Apache Big Data project communities will be participating at DataWorks Summit 17-21 June 2018 in San Jose https://dataworkssummit.com/

 - ApacheCon North America will be held 24-29 September in Montreal http://apachecon.com/

 - Save the Date: Apache Roadshow DC and Open Source/Government/Cyber/Job Fair - 8 October 2018 in Fairfax, VA http://apachecon.com/

 - ASF Quarterly Report: Operations Summary: November 2017 - January 2018 https://s.apache.org/UtBD

 - ASF Annual Report is available at https://s.apache.org/FY2017AnnualReport

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation