The Apache Software Foundation Blog

Friday July 16, 2021

The Apache News Round-up: week ending 16 July 2021

The week has zipped by --it's Friday already-- and it's time to take a look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 July 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September) are being held online and free-of-charge:
 - The Apache® Software Foundation Welcomes its Global Community Online at ApacheCon Asia https://s.apache.org/ACAsia2021
 - Program, registration, and Sponsorship opportunities available for both events https://www.apachecon.com/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.96%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 339 Apache Committers changed 1,212,020 lines of code over 2,824 commits. Top 5 contributors, in order, are: Gary Gregory, Andrea Cosentino, Alex Herbert, Till Rohrmann, and Shen Yi.     

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Beam 2.31.0 released https://beam.apache.org/
 - Apache XMLBeans 5.0.1 released  https://xmlbeans.apache.org/

Build Management --
 - Apache Ant 1.9.16 and 1.10.11 released https://ant.apache.org/
   -- CVE-2021-36374: ZIP and ZIP based, archive denial of service https://s.apache.org/zpczu
   -- CVE-2021-36373: TAR archive denial of service https://s.apache.org/4q75p

Content --
 - Apache Jackrabbit 2.21.7 released http://jackrabbit.apache.org/

Identity Management --
 - Apache Fortress 2.0.6 released http://directory.apache.org/fortress/

Integration --
 - Apache Camel 3.7.5 released https://camel.apache.org/

Libraries --
 - Apache Commons Compress 1.21 released https://commons.apache.org/compress/
   -- CVE-2021-36090: Compress 1.0 to 1.20 denial of service vulnerability https://s.apache.org/q8amn
   -- CVE-2021-35517: Compress 1.1 to 1.20 denial of service vulnerability https://s.apache.org/c62m8
   -- CVE-2021-35516: Compress 1.6 to 1.20 denial of service vulnerability https://s.apache.org/10vmz
   -- CVE-2021-35515: Compress 1.6 to 1.20 denial of service vulnerability https://s.apache.org/nr26m 
 - Apache Commons IO 2.11.0 released https://commons.apache.org/proper/commons-io

Messaging --
 - Apache Qpid JMS 1.1.0 released https://qpid.apache.org/

Network Client/Server --
 - Apache MINA CVE-2021-30129: DoS/OOM leak vulnerability in SSHD Server https://s.apache.org/3oiwl

Observability --
 - Apache SkyWalking Client JS 0.6.0 released https://skywalking.apache.org/

Servers --
 - Apache Tomcat CVE-2021-30639: Denial of Service https://s.apache.org/j21aj
   -- CVE-2021-33037: HTTP request smuggling https://s.apache.org/9sjso
   -- CVE-2021-30640: JNDI realm authentication weakness https://s.apache.org/hcsp0

Web Frameworks --
 - Apache Wicket 8.13.0 released https://wicket.apache.org/

Did You Know?

- Did you know that Airbnb’s Minerva observability platform uses Apache Druid to achieve metric consistency at scale? https://druid.apache.org/ 

- Did you know that the Apache Ignite 3.0.0 Alpha 2 Build Community Gathering will take place on 20 July? https://ignite.apache.org/

- Did you know that the next ApacheTVM community meeting will take place online on 22 July? https://tvm.apache.org/community 


Apache Community Notices

- The Apache Month in Review: June 2021 https://s.apache.org/June2021 and video highlights https://youtu.be/yIE8SSHw2iw

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation