The Apache Software Foundation Blog

Monday September 27, 2021

The Apache News Round-up: week ending 27 September 2021

We're closing September with another great week. Here are the latest updates on the Apache community's activities:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 20 October 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - Our 2021 events are complete: thanks to all speakers, sponsors, participants, and planners for their great turnout!
 - Presentations for ApacheCon Asia are available on the ASF YouTube channel. ApacheCon@Home presentations will be posted shortly.

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the Apache Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 328 Apache Committers changed 7,398,124 lines of code over 2,924 commits. Top 5 contributors, in order, are: Harikrishna Patnala, Gary Gregory, Andy Seaborne, Daniel Gruno, and Mark Thomas.

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Druid 0.22.0 released
   -- CVE-2021-36749: The HTTP inputSource allows authenticated users to read data from other sources than intended

Cloud Computing --
 - Apache Kafka 3.0.0 released
   -- CVE-2021-38153: Timing Attack Vulnerability for Apache Kafka Connect and Clients

Data Management Platform --
 - Apache Ignite 2.11.0 released

IDE --
 - Apache NetBeans 12.5 released

Messaging --
 - Apache Pulsar 2.8.1 released


Did You Know?

 - Did you know that LinkedIn's 10,000-node cluster for Big Data analytics and machine learning workloads is considered the world's largest Apache Hadoop implementation?

 - Did you know that Yelp's new search engine, Nrtsearch, is powered by Apache Lucene?

 - Did you know that the Ignite Summit Cloud Edition CFP closes on 15 October?

Apache Community Notices

- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from ApacheCon Asia are available on YouTube

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn

 - Follow the Apache Community on Facebook and Twitter

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos.


Stay updated about The ASF

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.


Tuesday September 21, 2021

Apache Ranger response to incorrect analyst report on Cloud data security

Introduction

A recent industry analyst report by GigaOm and sponsored by Immuta comparing Apache Ranger to Immuta paints an incorrect picture on the complexities of using Apache Ranger. We believe the report contains a number of errors and inconsistencies. Unfortunately the Apache Ranger Project Management Committee (PMC) was not contacted by the analyst firm during preparation of the report.


We have attempted to contact the authors and members of the research team several times, requesting the opportunity to review the inaccuracies and have them corrected. Despite our many attempts to rectify the misinformation, no-one from the analyst firm responded.


For the benefit of existing and potential users of Apache Ranger, it is important for Apache Ranger PMC to respond to this report with facts.


Use cases

Let us now go through the scenarios covered in the report, and see how the numbers reported change with appropriate use of Apache Ranger to address the requirements.


  • Scenario 1b: Mask All PII Data

    • lists 2 policy changes in Immuta vs 5 in Apache Ranger. In fact, only one Apache Ranger policy would be needed to address this requirement. 

    • Shows author's lack of understanding of Apache Ranger policy model. Series of steps to allow/deny/deny-exception listed are applicable only for an access policy but not for a masking policy. Also, in access policies, allow/deny/deny-exception can be replaced by a switch named denyAllElse, as shown in the image below.

    • With use of user-groups or roles, a time-tested best practice followed universally by access control systems, this requirement can be met by a single Apache Ranger policy, as shown below.
      Masking policy:

Access policy:


  • Scenario 1c: Allow Email Domains Through the Masking Policy

    • lists 2 policy changes in Immuta vs 5 in Apache Ranger. In fact, only one Apache Ranger masking policy would be needed to address this requirement. Same as the previous scenario.

    • Claim: Apache Ranger does not have a regular expression masking policy

    • Truth: instead of building a virtualization layer that can introduce significant complexities and performance penalties, Apache Ranger uses native capabilities of the data processing application to perform masking and filtering. Given regular expressions are supported by such applications, it will be simpler to create a custom expression to suit your needs like email address, account numbers, credit card numbers; importantly without having to drag security software vendor.


  • Scenario 1d: Add Two Users Access to All PII Data

    • lists 1 policy change in Immuta vs 4 in Apache Ranger. However, the following suggests that each user must be updated in Immuta UI to add necessary attributes. Wouldn't the number of steps be as large as the number of users?

      • Added the AuthorizedSensitiveData > All attribute to each user in the Immuta UI.

    • counts 4 policy changes in Apache Ranger policies, while the only change needed is to add users (2 or 200 users!) to a group or role. No policy changes are needed if time tested best practices are followed - by referencing groups or roles in policies instead of individual users.


  • Scenario 2a: Share Data With Managers

    • lists 1 policy change in Immuta vs 101 in Apache Ranger. With use of lookup tables, which is a common practice in enterprises, the requirement can be met with a single row-filter policy in Apache Ranger.

ss_store_sk in (select store_id from store_authorization where user_name=current_user())


  • Scenario 2b: Merging Groups

    • lists 0 policy change in Immuta vs 1 in Apache Ranger. This is the same as the previous scenario, where the author chose to not follow common practice of using lookup tables. With use of a lookup table, as detailed above, no policy changes will be needed in Apache Ranger.


  • Scenario 2c: Share Additional Data With Managers

    • lists 0 policy changes in Immuta vs 102 in Apache Ranger. Once again, with use of a lookup table, only 2 policies would be required in Apache Ranger:

table store:
s_store_sk in (select store_id from store_authorization where user_name=current_user())

table store_returns:
sr_store_sk in (select store_id from store_authorization where user_name=current_user())


  • Scenario 2d: Reorganize Managers Into Regions

    • lists 0 policy changes in Immuta vs 40 in Apache Ranger. Same as previous scenarios - with use of a lookup table, no policy changes will be needed in Apache Ranger.


  • Scenario 2e: Restrict Data Access to Specific Countries

    • lists 1 policy change in Immuta vs 71 in Apache Ranger. With use of a lookup table, only one row-filter policy is needed in Apache Ranger.


  • Scenario 2f: Grant New User Group Access to All Rows by Default

    • lists 0 policy change in Immuta vs 30 in Apache Ranger. With use of a lookup table, no additional policy would be needed in Apache Ranger.


  • Scenario 2g: Apply Policies to a Derived Data Mart

    • lists 0 policy changes in Immuta vs 140 in Apache Ranger for the addition of 15 tables. With Apache Ranger, new tables can either be added to existing policies, or new policies can be created. It will require 15 policy updates in Apache Ranger - not 140 as claimed by the author. Also, no details on the changes to be done in Immuta (other than ‘0 policy changes’) are provided.


  • Scenario 3a: "AND" logic policy

    • says "unable to meet requirement" in Apache Ranger - which is incorrect. The author does suggest a good approach to meet this requirement in Apache Ranger - by creating a role with users who are both the groups, and referencing this role in policies. However, the point about Apache Ranger not supporting policies based on a user belonging to multiple groups is correct. However, this can easily be addressed with a custom condition extension. If there is enough interest from the user community, an enhancement to support this condition out of the box would be considered.


  • Scenario 3b: Conditional Policies

    • says "unable to meet requirement" in Apache Ranger - which is incorrect. As mentioned earlier, Apache Ranger leverages expressions supported by underlying data processing engine for masking and row-filtering. The requirement can easily be met with following expression in the masking policy:

      CASE WHEN (extract(year FROM current_date()) - birth_year) > 16) THEN {col} ELSE NULL END


There is no need to create views as suggested in the report.


  • Scenario 3c: Minimization Policies

    • as mentioned in the report Apache Ranger doesn't support policies to limit the number of records accessed. If there is enough interest from the user community, this enhancement would be considered.


  • Scenario 3d: De-Identification Policies

    • Says “unable to meet requirement” in Apache Ranger - which is incorrect. While Apache Ranger doesn’t talk about k-anonymity directly, the requirements can be implemented using Apache Ranger data masking policies - by setting up appropriate masking expressions for columns.

      • for columns that require NULL value to be returned, setup a mask policy with type as MASK_NULL

      • for columns that require a constant value, setup a mask policy with type as CONSTANT and specify desired value - like “NONE”

      • for columns that require a ‘generalized’ value based on the existing value of the column, use custom expressions as shown below. This does require analyzing the table to arrive at generalized values:
        CASE WHEN {col} < 20 THEN 16
            WHEN {col} BETWEEN 20 AND 29 THEN 26
            WHEN {col} BETWEEN 30 AND 39 THEN 36
            WHEN {col} BETWEEN 40 AND 49 THEN 46
            WHEN {col} BETWEEN 50 AND 59 THEN 56
            WHEN {col} BETWEEN 60 AND 69 THEN 66
            WHEN {col} BETWEEN 70 AND 79 THEN 76
            WHEN {col} BETWEEN 80 AND 89 THEN 86
            WHEN {col} BETWEEN 90 AND 99 THEN 96
            ELSE 106
        END

 

What the report doesn't talk about?

It is important to take note of what the report doesn’t talk about. For example:


Extendability: Apache Ranger’s open policy model and plugin architecture enable extending access control to other applications, including custom applications within an enterprise.


Wider acceptance of Apache Ranger by major cloud vendors like AWS, Azure, GCP; and availability of support from seasoned industry experts who continue to contribute to Apache Ranger and extend its reach.


Performance: Apache Ranger policy-engine is highly optimized for performance, which results in only a very small overhead (mostly around 1 millisecond) to authorize accesses; and importantly, there are no overheads in the data access path.


Apache Ranger features like security zones that allow different sets of policies to be applied to data in landing, staging, temp, production zones. A security zone can consist of resources across applications, for example: S3 buckets/paths, Solr collections, Snowflake tables, Presto catalogs/schemas/tables, Trino catalogs/schemas/tables, Apache Kafka topics, Synapse database/schemas/tables.



Monday September 20, 2021

The Apache News Round-up: week ending 17 September 2021

We're wrapping up another great week with the following activities from the Apache community:

Success at Apache

This series focuses on the people and processes behind why the ASF "just works." The most recent entry is  "From Mentee to PMC" by Ephraim Anierobi. 

ASF Annual Report

The ASF annual report is a look back at our many achievements during the 2021 Fiscal Year.

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 20 October 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. ApacheCon Asia was held online 6-8 August; ApacheCon@Home is coming up next on 21-23 September:
 - The Apache® Software Foundation Announces Program for ApacheCon@Home 2021
 - Learn all about ApacheCon with Rich Bowen and Swapnil M Mane
 - Learn about the Community Track from Sharan Foga and Swapnil M Mane 

 - Register for ApacheCon@Home 

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the Apache Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 356 Apache Committers changed 2,986,797 lines of code over 3,104 commits. Top 5 contributors, in order, are: Alex Heneveld, Andrea Cosentino, Stephen Mallette, Andi Huber, and Claus Ibsen.    

Apache Project Announcements – the latest updates by category.

Application Servers/Middleware --
 - Apache Karaf runtime 4.3.3 released 

Content --
 - Apache PDFBox 3.0.0-alpha2 released 
 - Apache Any23 2.5 released 
   -- CVE-2021-38555: An XML external entity (XXE) injection vulnerability exists in StreamUtils.java
   -- CVE-2021-40146: A Remote Code Execution (RCE) vulnerability exists in YAMLExtractor.java

Cloud Computing --
 - Apache jclouds 2.4.0 released 

Integration --
 - Apache Camel 3.11.2 (LTS) released 

IoT --
 - Apache IoTDB 0.12.2 released 

Libraries --
 - Apache Log4j Kotlin API 1.1.0 released 
 - Apache Commons RNG 1.4 released 
 - Apache Jena CVE-2021-39239: XML External Entity (XXE) vulnerability

Observability --
 - Apache SkyWalking Python Agent 0.7.0 and Satellite 0.2.0 released 

Search --
 - Apache Solr Operator v0.4.0 released 

Security Framework --
 - Apache Shiro CVE-2021-41303: Before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass

Servers --
 - Apache Tomcat 8.5.71, 9.0.53, 10.0.11, and 10.1.0-M5 (alpha) released 
   -- CVE-2021-41079: Denial of Service
 - Apache HttpComponents Core 5.2-alpha1 released 

Web Frameworks -
 - Apache Wicket 9.5.0 released 

Did You Know?

 - Did you know that NASA JPL uses Apache Kafka to enable real-time data feeds from Mars?

 - Did you know that ASF Infrastructure's uptime during FY2021 was 99.75%?

 - Did you know that Shopify uses Apache Flink to analyze 10 TB+ of data? 

Apache Community Notices

- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - The Apache Month in Review: August 2021 

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from ApacheCon Asia are available on YouTube

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn

 - Follow the Apache Community on Facebook and Twitter

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos.


Stay updated about The ASF

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Thursday September 16, 2021

Success at Apache: from Mentee to PMC

by Ephraim Anierobi

This post is about how I became a committer and a Project Management Committee (PMC) member of Apache Airflow, and provides guidance to those new to programming, are new to contributing to open-source projects, and want to become committers and PMC members in their respective Apache projects.

About a year and a half after changing my career from electrical engineering to software development, I became a committer and a Project Management Committee member of Apache Airflow. Becoming a committer and a PMC member is a reward and a kind of validation that you are on the right part of your journey.

On February 16, 2021, I accepted an invitation to become a committer in Apache Airflow. It came as a surprise, as I was not expecting it. Six months down the line, I received another surprise invitation to become a PMC member in Apache Airflow.

These are impressive feats for me because before contributing to Apache Airflow, I didn't have experience working with other programmers. I was making websites and taught a few friends of mine how to make their own. I didn't have a mentor, and no one has ever seen my code to advise whether to continue on my journey or drop the idea of becoming a programmer.

While I desired to work with experienced programmers to improve my skills, I feared people seeing my code would talk me down. I almost gave up on my journey only to come across an Outreachy post on Twitter looking for interns for open source projects. Outreachy is a tech diversity program that provides three months of paid, remote internships to people underrepresented in tech.

I was ready to change my career and was looking for mentorship, but couldn't find an internship that could help me get started in my journey. In Nigeria where I'm living, your location affects your chances of getting an entry-level job. I was not close to the major cities. 

So I applied for an internship through Outreachy. 

There are two application processes. The initial application involves explaining your background and why you should be accepted into the program. You must pass the initial application before you could proceed to the next. The second application process (called the contribution period) is where you choose an open source project that matches your skill sets and then contribute to it. You must have some minimum contributions before you could be accepted.

That was how I found Apache Airflow.

You could imagine the joy I had when I was accepted into the program.

Here are things I did which I believe would help you in your journey to becoming an Apache committer and a PMC member.

Asking Questions

Asking questions is the fastest way to learn. Don't be afraid to ask questions if you do not understand something. I ask questions a lot and I always get answers, but I didn't start by asking questions: I made 40 commits to the repository without understanding what Airflow does. It was not until I joined my new employer Astronomer that I learned what DAG is and what a data pipeline is. Now I can easily reproduce issues following someone's descriptions. I wish I had asked questions earlier --I could have had more experience by now!

Start small

If you are like me, with little experience, start contributing from the minor issues. Find good first issues and work on them. You don't have to wait to contribute a large change before contributing.

While working on the REST API project, which I got hired by Outreachy to do, I was looking at the codebase. I started with Airflow providers because it was easy for me to understand. There were so many requests about providers at the time and I started looking into it, reading the code base, and helping with the providers. I didn't go into the core straight up; I avoided it. My first PR was on simple database migration during the Outreachy contribution period.

Refactor codes

Airflow is complex. Till now, I'm still learning it. Just last week I learned about how the execution date works. I know there are a lot of other things I have not understood very well but refactoring helped me to understand a lot.

When I was to work in the scheduler, I found the file was so large that I went back and forth without progress. I worked on separating the files and I'm glad I did because after that I could contribute. I recommend refactoring code but do not go into large refactoring. A little at a time, with the hope to understand the project. Avoid the core of the project if you are just starting.

Issues

One thing about issues is that most reporters would tell you how to reproduce them. Most times, you would find that the issue is quite easy to fix. I usually jump on those and fix them. Other times, I had to contact my superiors before I could fix it.

Looking at reported issues gives an added advantage that you could learn how the software works in the real world. Try to reproduce as many issues as possible. It adds to your knowledge.

Pull Requests

Here's where you can learn a great deal. I start my day by looking at the PRs. Most PRs link to issues. I read the issues and study PRs. I must admit that some of these PRs are just too complex for me. If I don't understand it, sometimes I ask questions, other times I go to the next PR. When I jump to the next PR, I record the topic that made me jump to the next and plan on reading about it some other time.

When you make a PR, ask for reviews in the community channel of communication. Airflow uses Slack and the mailing list for communications. You should ask for reviews in the slack channel and not the mailing list. The reviews not only give information on how to fix the problem but also teach you best practices in programming.

Culture

The ASF has a code of conduct that covers the Foundations activities as well as the projects. Read it first.

Among many other things, you would learn in Apache Airflow is communication. How to communicate with people in a civil manner. Spend time reading PR reviews, you will learn a lot and especially how to ask people to make changes to their code.

Conclusion

You don't have to wait for an invitation to contribute to an Apache project. You don't have to become an Outreachy intern to get involved with something you're interested in.

Don't be afraid to make a PR because nobody will penalize you if you're wrong. I know the feeling that people may think you are not good enough, forget it, they know you are new to the field and if you are thinking that they don't know your level in the language, forget it too, they know you are still a junior because it says so in your code. I can't count how many times I have had code reviews that showed me a better way to implement the code. Be open-minded, make mistakes, and excel.


Ephraim Anierobi started to work on the Apache Airflow project as an Outreachy Intern in May 2020. He became a committer in February 2021 and a member of the Apache Airflow Project Management Committee (PMC) in August 2021. He is a software engineer at Astronomer.

= = = "Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works" https://blogs.apache.org/foundation/category/SuccessAtApache

Friday September 10, 2021

The Apache News Round-up: week ending 10 September 2021

We're wrapping up another great week with the following activities from the Apache community:

ASF Annual Report – a look back at our many achievements during the 2021 Fiscal Year
 - Press release https://s.apache.org/FY2021AnnualReport-pressrelease
 - Full report https://s.apache.org/FY2021AnnualReport

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 September 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. ApacheCon Asia was held online 6-8 August; ApacheCon@Home is coming up next on 21-23 September:
 - The Apache® Software Foundation Announces Program for ApacheCon@Home 2021 https://s.apache.org/ACHome2021
 - Learn all about ApacheCon with Rich Bowen and Swapnil M Mane https://youtu.be/m_c7NJ5yMOg
 - Learn about the Community Track from Sharan Foga and Swapnil M Mane
https://youtu.be/8cZF-gaE3a4
 - Register for ApacheCon@Home https://www.apachecon.com/acah2021/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 326 Apache Committers changed 9,187,985 lines of code over 2,985 commits. Top 5 contributors, in order, are: Harikrishna Patnala, Andi Huber, Yann Ylavic, Andrea Cosentino, and Benoit Tellier.     

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX Go Plugin Runner 0.2.0 released https://apisix.apache.org/

Application Servers --
 - Apache Geronimo Arthur 1.0.3 released https://geronimo.apache.org/arthur

Databases --
 - Apache Geode 1.14.0 released http://geode.apache.org/

Content --
 - Apache Jackrabbit 2.14.10 released http://jackrabbit.apache.org/

Programming Languages --
 - Apache Groovy 2.5.15, 3.0.9, and 4.0.0-beta-1 released https://groovy.apache.org/

Workflow --
 - Apache DolphinScheduler 1.3.8 released https://dolphinscheduler.apache.org/
 - Apache Airflow CVE-2021-38540: Variable Import endpoint missed authentication check https://s.apache.org/88ww5


Did You Know?

 - Did you know that ByteDance uses Apache Hudi to build exabyte-scale data lakes for services such as TikTok? http://hudi.apache.org/

 - Did you know that the Netherlands and Japan Pulsar MeetUp groups are having meetups in September? https://pulsar.apache.org/en/events/

 - Did you know that Kafka Summit will be held online and free of charge 14-15 September? http://kafka.apache.org/events

Apache Community Notices

- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" [6 min] https://s.apache.org/ApacheEverywhere 3) "Why Apache" [2.5 min] https://s.apache.org/ASF-Trillions-WhyApache 4) “Apache Innovation” [40 min] https://s.apache.org/ApacheInnovation

 - The Apache Month in Review: August 2021 https://s.apache.org/August2021

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - Presentations from ApacheCon Asia are available at https://s.apache.org/ApacheConAsia2021-talks

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday September 03, 2021

The Apache News Round-up: week ending 3 September 2021

Welcome, September --we're opening the month with another great week. Here's what the Apache community has been up to:

ASF Annual Report – a look back at our many achievements during the 2021 Fiscal Year
 - Press release https://s.apache.org/FY2021AnnualReport-pressrelease
 - Full report https://s.apache.org/FY2021AnnualReport

Apache Month in Review – a round-up of our Round-ups and other newsworthy bits over the past month.
 - August Month in Review https://s.apache.org/August2021

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 September 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. ApacheCon Asia was held online 6-8 August; ApacheCon@Home is coming up next on 21-23 September:
 - The Apache® Software Foundation Announces Program for ApacheCon@Home 2021 https://s.apache.org/ACHome2021
 - Learn about the Community Track from Sharan Foga and Swapnil M Mane https://youtu.be/8cZF-gaE3a4
 - Register for ApacheCon@Home https://www.apachecon.com/acah2021/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 340 Apache Committers changed 2,033,185 lines of code over 3,224 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Mark Thomas, Andrea Cosentino, Andi Huber, Harikrishna Patnala, and Albumen Kevin.         

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX 2.9 released https://apisix.apache.org/

Big Data --
 - The Apache Drill Project Announces Apache® DrillTM v1.19 Milestone Release https://s.apache.org/bfhy6
 - Apache Qpid Broker-J 8.0.6 and Proton-J 0.33.9 released https://qpid.apache.org/
 - Apache Hudi 0.9.0 released https://hudi.apache.org/
 - Apache Zeppelin CVE-2021-36090: Bash command injection in spark interpreter https://s.apache.org/njaui
   -- CVE-2020-13929: Notebook permissions bypass https://s.apache.org/tx1s1
   -- CVE-2021-27578: Cross Site Scripting in markdown interpreter https://s.apache.org/701t0

Content --
 - Apache Tika 2.1.0 released https://tika.apache.org/

Libraries --
 - Apache Commons DBCP 2.9.0 released http://commons.apache.org/dbcp/

Servers --
 - Apache Tomcat Native 1.2.31 released https://tomcat.apache.org/


Did You Know?

 - Did you know that the following projects are celebrating anniversaries in September? Congratulations to Apache ServiceMix (14 years); Hive, Pig, and Shiro (11 years); Airavata, Bigtop, and SIS (9 years); Curator (8 years); Storm (7 years); Yetus (6 years); RocketMQ and Royale (4 years); Pulsar (3 years); Rya (2 years); IoTDB (1 year) https://projects.apache.org/committees.html?date

 - Did you know that Apache Cordova will be archiving all older translated documentation? https://cordova.apache.org/announcements/2021/08/25/translations.html

 - Did you know that Flink Forward will be held 26-27 October? http://flink.apache.org/

Apache Community Notices

- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" [6 min] https://s.apache.org/ApacheEverywhere 3) "Why Apache" [2.5 min] https://s.apache.org/ASF-Trillions-WhyApache 4) “Apache Innovation” [40 min] https://s.apache.org/ApacheInnovation

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - Presentations from ApacheCon Asia are available at https://s.apache.org/ApacheConAsia2021-talks

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Wednesday September 01, 2021

Apache Month in Review: August 2021

Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in August:

New this month --

The Apache Software Foundation Announces Apache® Pinot™ as a Top-Level Project https://s.apache.org/ft8p6

- The Apache® Software Foundation Announces Program for ApacheCon@Home 2021 https://s.apache.org/ACHome2021

- The Apache Drill Project Announces Apache® Drill™ v1.19 Milestone Release https://s.apache.org/bfhy6

- The Apache® Software Foundation Announces Annual Report for 2021 Fiscal Year https://s.apache.org/FY2021AnnualReport-pressrelease

- Apache Month in Review: July 2021 https://s.apache.org/July2021 + Video highlights https://youtu.be/KIYB1g6SKhg


Important Dates --

- Next Board Meeting: 15 September 2021. Board calendar and minutes http://apache.org/foundation/board/calendar.html

- ApacheCon™ --the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998-- is being held twice in 2021:
  - UPCOMING: Register for ApacheCon@Home - 21-23 September https://www.apachecon.com/acah2021/
    -- Learn about the Community Track from Sharan Foga and Swapnil M Mane https://youtu.be/8cZF-gaE3a4
  - Completed: ApacheCon Asia - 6-8 August --presentations available at https://s.apache.org/37n3z


Infrastructure --

Our seven-member Infrastructure team on three continents oversees our highly-reliable, distributed network under the leadership of VP Infrastructure David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure supports 300+ Apache projects and their communities across ~200 individual machines, 1,400+ repositories, 5-6PB in traffic annually, ~75M downloads per month, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly checks to ensure services are available around the clock. The average uptime in August was 99.61%. http://www.apache.org/uptime/


Committer Activity --

In August, 764 Apache Committers changed 15,185,996 lines of code over 17,295 commits. The Committers with the top 5 highest contributions, in order, were: Claus Ibsen, Alex Herbert, Andrea Cosentino, Harikrishna Patnala, and Kaxil Naik.  


Project Releases and Updates --

New releases from Apache ActiveMQ (Messaging); Airflow (Workflow); APISIX (APIs); Camel (Integration); Commons (Libraries); EventMesh (incubating; Eventing); Flink (Big Data); Geode (Databases); Hop (incubating; Orchestration); Jackrabbit (Content); NiFi (Big Data); OFBiz (ERP/Enterprise Resource Planning); Portable Runtime (Libraries); Pulsar (Messaging); Qpid (Messaging); Roller (Content); ServiceComb (Libraries); Teaclave (incubating; Confidential Computing); Tika (Content); Tomcat (Servers); Traffic Server (Servers).

Apache Project Anniversaries in August: jUDDI (11 years); Any23, Lucene.Net, and Oozie (9 years); Ignite, Serf, and Usergrid (6 years); HAWQ (3 years). Many happy returns!

The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. Linkis (Middleware) entered the Apache Incubator in August. More than three dozen projects are currently undergoing development in the Apache Incubator http://incubator.apache.org/ .

# # #

To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation