The Apache Software Foundation Blog
The Apache News Round-up: week ending 27 September 2021
We're closing September with another great week. Here are the latest updates on the Apache community's activities:
ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.- Next Board Meeting: 20 October 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html
ApacheCon™ –
the ASF's official global conference series, bringing Tomorrow's
Technology Today since 1998.
- Our 2021 events are complete: thanks to all speakers, sponsors, participants, and planners for their great turnout!
- Presentations for ApacheCon Asia are available on the ASF YouTube channel. ApacheCon@Home presentations will be posted shortly.
ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
-
7M+ weekly checks yield uptime at 100.00%. Performance checks across 50
different service components spread over more than 250 machines in data
centers around the world. View the Apache Infrastructure Uptime site to see the most recent averages.
Apache Code Snapshot – Over the past week, 328 Apache Committers changed 7,398,124 lines of code over 2,924 commits. Top 5 contributors, in order, are: Harikrishna Patnala, Gary Gregory, Andy Seaborne, Daniel Gruno, and Mark Thomas.
Apache Project Announcements – the latest updates by category.
Big Data --- Apache Druid 0.22.0 released
-- CVE-2021-36749: The HTTP inputSource allows authenticated users to read data from other sources than intended
Cloud Computing --
- Apache Kafka 3.0.0 released
-- CVE-2021-38153: Timing Attack Vulnerability for Apache Kafka Connect and Clients
Data Management Platform --
- Apache Ignite 2.11.0 released
IDE --
- Apache NetBeans 12.5 released
- Apache Pulsar 2.8.1 released
Did You Know?
- Did you know that LinkedIn's 10,000-node cluster for Big Data analytics and machine learning workloads is considered the world's largest Apache Hadoop implementation?
- Did you know that Yelp's new search engine, Nrtsearch, is powered by Apache Lucene?
- Did you know that the Ignite Summit Cloud Edition CFP closes on 15 October?
Apache Community Notices
- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min]
- ASF Annual Report: FY2021 -- Press release and Report (PDF)
- The Apache Way to Sustainable Open Source Success
- Foundation Reports and Statements
- Presentations from ApacheCon Asia are available on YouTube
- "Success at Apache" focuses on the people and processes behind why the ASF "just works."
- Inside Infra: the new interview series with members of the ASF infrastructure team --meet
Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
Drew Foulks https://s.apache.org/InsideInfra-Drew
Greg Stein Part I https://s.apache.org/InsideInfra-Greg
...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
Chris Lambertus Part I https://s.apache.org/InsideInfra-ChrisL and Part II https://s.apache.org/InsideInfra-ChrisL2
- Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn.
- Follow the Apache Community on Facebook and Twitter.
Stay updated about The ASF
For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.
Posted at 06:41AM Sep 27, 2021
by Swapnil M Mane in Newsletter |
|
Apache Ranger response to incorrect analyst report on Cloud data security
Introduction
A recent industry analyst report by GigaOm and sponsored by Immuta comparing Apache Ranger to Immuta paints an incorrect picture on the complexities of using Apache Ranger. We believe the report contains a number of errors and inconsistencies. Unfortunately the Apache Ranger Project Management Committee (PMC) was not contacted by the analyst firm during preparation of the report.
We have attempted to contact the authors and members of the research team several times, requesting the opportunity to review the inaccuracies and have them corrected. Despite our many attempts to rectify the misinformation, no-one from the analyst firm responded.
For the benefit of existing and potential users of Apache Ranger, it is important for Apache Ranger PMC to respond to this report with facts.
Use cases
Let us now go through the scenarios covered in the report, and see how the numbers reported change with appropriate use of Apache Ranger to address the requirements.
Scenario 1b: Mask All PII Data
lists 2 policy changes in Immuta vs 5 in Apache Ranger. In fact, only one Apache Ranger policy would be needed to address this requirement.
Shows author's lack of understanding of Apache Ranger policy model. Series of steps to allow/deny/deny-exception listed are applicable only for an access policy but not for a masking policy. Also, in access policies, allow/deny/deny-exception can be replaced by a switch named denyAllElse, as shown in the image below.
With use of user-groups or roles, a time-tested best practice followed universally by access control systems, this requirement can be met by a single Apache Ranger policy, as shown below.
Masking policy:
Access policy:
Scenario 1c: Allow Email Domains Through the Masking Policy
lists 2 policy changes in Immuta vs 5 in Apache Ranger. In fact, only one Apache Ranger masking policy would be needed to address this requirement. Same as the previous scenario.
Claim: Apache Ranger does not have a regular expression masking policy
Truth: instead of building a virtualization layer that can introduce significant complexities and performance penalties, Apache Ranger uses native capabilities of the data processing application to perform masking and filtering. Given regular expressions are supported by such applications, it will be simpler to create a custom expression to suit your needs like email address, account numbers, credit card numbers; importantly without having to drag security software vendor.
Scenario 1d: Add Two Users Access to All PII Data
lists 1 policy change in Immuta vs 4 in Apache Ranger. However, the following suggests that each user must be updated in Immuta UI to add necessary attributes. Wouldn't the number of steps be as large as the number of users?
Added the AuthorizedSensitiveData > All attribute to each user in the Immuta UI.
counts 4 policy changes in Apache Ranger policies, while the only change needed is to add users (2 or 200 users!) to a group or role. No policy changes are needed if time tested best practices are followed - by referencing groups or roles in policies instead of individual users.
Scenario 2a: Share Data With Managers
lists 1 policy change in Immuta vs 101 in Apache Ranger. With use of lookup tables, which is a common practice in enterprises, the requirement can be met with a single row-filter policy in Apache Ranger.
ss_store_sk in (select store_id from store_authorization where user_name=current_user())
Scenario 2b: Merging Groups
lists 0 policy change in Immuta vs 1 in Apache Ranger. This is the same as the previous scenario, where the author chose to not follow common practice of using lookup tables. With use of a lookup table, as detailed above, no policy changes will be needed in Apache Ranger.
Scenario 2c: Share Additional Data With Managers
lists 0 policy changes in Immuta vs 102 in Apache Ranger. Once again, with use of a lookup table, only 2 policies would be required in Apache Ranger:
table store:
s_store_sk in (select store_id from store_authorization where user_name=current_user())
table store_returns:
sr_store_sk in (select store_id from store_authorization where user_name=current_user())
Scenario 2d: Reorganize Managers Into Regions
lists 0 policy changes in Immuta vs 40 in Apache Ranger. Same as previous scenarios - with use of a lookup table, no policy changes will be needed in Apache Ranger.
Scenario 2e: Restrict Data Access to Specific Countries
lists 1 policy change in Immuta vs 71 in Apache Ranger. With use of a lookup table, only one row-filter policy is needed in Apache Ranger.
Scenario 2f: Grant New User Group Access to All Rows by Default
lists 0 policy change in Immuta vs 30 in Apache Ranger. With use of a lookup table, no additional policy would be needed in Apache Ranger.
Scenario 2g: Apply Policies to a Derived Data Mart
lists 0 policy changes in Immuta vs 140 in Apache Ranger for the addition of 15 tables. With Apache Ranger, new tables can either be added to existing policies, or new policies can be created. It will require 15 policy updates in Apache Ranger - not 140 as claimed by the author. Also, no details on the changes to be done in Immuta (other than ‘0 policy changes’) are provided.
Scenario 3a: "AND" logic policy
says "unable to meet requirement" in Apache Ranger - which is incorrect. The author does suggest a good approach to meet this requirement in Apache Ranger - by creating a role with users who are both the groups, and referencing this role in policies. However, the point about Apache Ranger not supporting policies based on a user belonging to multiple groups is correct. However, this can easily be addressed with a custom condition extension. If there is enough interest from the user community, an enhancement to support this condition out of the box would be considered.
Scenario 3b: Conditional Policies
says "unable to meet requirement" in Apache Ranger - which is incorrect. As mentioned earlier, Apache Ranger leverages expressions supported by underlying data processing engine for masking and row-filtering. The requirement can easily be met with following expression in the masking policy:
CASE WHEN (extract(year FROM current_date()) - birth_year) > 16) THEN {col} ELSE NULL END
There is no need to create views as suggested in the report.
Scenario 3c: Minimization Policies
as mentioned in the report Apache Ranger doesn't support policies to limit the number of records accessed. If there is enough interest from the user community, this enhancement would be considered.
Scenario 3d: De-Identification Policies
Says “unable to meet requirement” in Apache Ranger - which is incorrect. While Apache Ranger doesn’t talk about k-anonymity directly, the requirements can be implemented using Apache Ranger data masking policies - by setting up appropriate masking expressions for columns.
for columns that require NULL value to be returned, setup a mask policy with type as MASK_NULL
for columns that require a constant value, setup a mask policy with type as CONSTANT and specify desired value - like “NONE”
for columns that require a ‘generalized’ value based on the existing value of the column, use custom expressions as shown below. This does require analyzing the table to arrive at generalized values:
CASE WHEN {col} < 20 THEN 16
WHEN {col} BETWEEN 20 AND 29 THEN 26
WHEN {col} BETWEEN 30 AND 39 THEN 36
WHEN {col} BETWEEN 40 AND 49 THEN 46
WHEN {col} BETWEEN 50 AND 59 THEN 56
WHEN {col} BETWEEN 60 AND 69 THEN 66
WHEN {col} BETWEEN 70 AND 79 THEN 76
WHEN {col} BETWEEN 80 AND 89 THEN 86
WHEN {col} BETWEEN 90 AND 99 THEN 96
ELSE 106
END
What the report doesn't talk about?
It is important to take note of what the report doesn’t talk about. For example:
Extendability: Apache Ranger’s open policy model and plugin architecture enable extending access control to other applications, including custom applications within an enterprise.
Wider acceptance of Apache Ranger by major cloud vendors like AWS, Azure, GCP; and availability of support from seasoned industry experts who continue to contribute to Apache Ranger and extend its reach.
Performance: Apache Ranger policy-engine is highly optimized for performance, which results in only a very small overhead (mostly around 1 millisecond) to authorize accesses; and importantly, there are no overheads in the data access path.
Apache Ranger features like security zones that allow different sets of policies to be applied to data in landing, staging, temp, production zones. A security zone can consist of resources across applications, for example: S3 buckets/paths, Solr collections, Snowflake tables, Presto catalogs/schemas/tables, Trino catalogs/schemas/tables, Apache Kafka topics, Synapse database/schemas/tables.
Posted at 06:41PM Sep 21, 2021
by Madhan in General |
|
The Apache News Round-up: week ending 17 September 2021
We're wrapping up another great week with the following activities from the Apache community:
Success at Apache
This series focuses on the people and processes behind why the ASF "just works." The most recent entry is "From Mentee to PMC" by Ephraim Anierobi.
ASF Annual Report
The ASF annual report is a look back at our many achievements during the 2021 Fiscal Year.
- Press release: The Apache Software Foundation Announces Annual Report for 2021 Fiscal Year
- ASF FY2021 Annual Report (PDF)
- Next Board Meeting: 20 October 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html
ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. ApacheCon Asia was held online 6-8 August; ApacheCon@Home is coming up next on 21-23 September:
- The Apache® Software Foundation Announces Program for ApacheCon@Home 2021
- Learn all about ApacheCon with Rich Bowen and Swapnil M Mane
- Learn about the Community Track from Sharan Foga and Swapnil M Mane
- Register for ApacheCon@Home
ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
- 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the Apache Infrastructure Uptime site to see the most recent averages.
Apache Code Snapshot – Over the past week, 356 Apache Committers changed 2,986,797 lines of code over 3,104 commits. Top 5 contributors, in order, are: Alex Heneveld, Andrea Cosentino, Stephen Mallette, Andi Huber, and Claus Ibsen.
Apache Project Announcements – the latest updates by category.
Application Servers/Middleware --- Apache Karaf runtime 4.3.3 released
Content --
- Apache PDFBox 3.0.0-alpha2 released
- Apache Any23 2.5 released
-- CVE-2021-38555: An XML external entity (XXE) injection vulnerability exists in StreamUtils.java
-- CVE-2021-40146: A Remote Code Execution (RCE) vulnerability exists in YAMLExtractor.java
Cloud Computing --
- Apache jclouds 2.4.0 released
Integration --
- Apache Camel 3.11.2 (LTS) released
IoT --
- Apache IoTDB 0.12.2 released
Libraries --
- Apache Log4j Kotlin API 1.1.0 released
- Apache Commons RNG 1.4 released
- Apache Jena CVE-2021-39239: XML External Entity (XXE) vulnerability
Observability --
- Apache SkyWalking Python Agent 0.7.0 and Satellite 0.2.0 released
Search --
- Apache Solr Operator v0.4.0 released
Security Framework --
- Apache Shiro CVE-2021-41303: Before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass
Servers --
- Apache Tomcat 8.5.71, 9.0.53, 10.0.11, and 10.1.0-M5 (alpha) released
-- CVE-2021-41079: Denial of Service
- Apache HttpComponents Core 5.2-alpha1 released
Web Frameworks -
- Apache Wicket 9.5.0 released
Did You Know?
- Did you know that NASA JPL uses Apache Kafka to enable real-time data feeds from Mars?
- Did you know that ASF Infrastructure's uptime during FY2021 was 99.75%?
- Did you know that Shopify uses Apache Flink to analyze 10 TB+ of data?
Apache Community Notices
- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min]
- The Apache Month in Review: August 2021
- The Apache Way to Sustainable Open Source Success
- Foundation Reports and Statements
- Presentations from ApacheCon Asia are available on YouTube
- "Success at Apache" focuses on the people and processes behind why the ASF "just works."
- Inside Infra: the new interview series with members of the ASF infrastructure team --meet
Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
Drew Foulks https://s.apache.org/InsideInfra-Drew
Greg Stein Part I https://s.apache.org/InsideInfra-Greg
...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
Chris Lambertus Part I https://s.apache.org/InsideInfra-ChrisL and Part II https://s.apache.org/InsideInfra-ChrisL2
- Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn.
- Follow the Apache Community on Facebook and Twitter.
Stay updated about The ASF
For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.
Posted at 02:36PM Sep 20, 2021
by Swapnil M Mane in Newsletter |
|
Success at Apache: from Mentee to PMC
by Ephraim Anierobi
This post is about how I became a committer and a Project Management Committee (PMC) member of Apache Airflow, and provides guidance to those new to programming, are new to contributing to open-source projects, and want to become committers and PMC members in their respective Apache projects.
About a year and a half after changing my career from electrical engineering to software development, I became a committer and a Project Management Committee member of Apache Airflow. Becoming a committer and a PMC member is a reward and a kind of validation that you are on the right part of your journey.
On February 16, 2021, I accepted an invitation to become a committer in Apache Airflow. It came as a surprise, as I was not expecting it. Six months down the line, I received another surprise invitation to become a PMC member in Apache Airflow.
These are impressive feats for me because before contributing to Apache Airflow, I didn't have experience working with other programmers. I was making websites and taught a few friends of mine how to make their own. I didn't have a mentor, and no one has ever seen my code to advise whether to continue on my journey or drop the idea of becoming a programmer.
While I desired to work with experienced programmers to improve my skills, I feared people seeing my code would talk me down. I almost gave up on my journey only to come across an Outreachy post on Twitter looking for interns for open source projects. Outreachy is a tech diversity program that provides three months of paid, remote internships to people underrepresented in tech.
I was ready to change my career and was looking for mentorship, but couldn't find an internship that could help me get started in my journey. In Nigeria where I'm living, your location affects your chances of getting an entry-level job. I was not close to the major cities.
So I applied for an internship through Outreachy.
There are two application processes. The initial application involves explaining your background and why you should be accepted into the program. You must pass the initial application before you could proceed to the next. The second application process (called the contribution period) is where you choose an open source project that matches your skill sets and then contribute to it. You must have some minimum contributions before you could be accepted.
That was how I found Apache Airflow.
You could imagine the joy I had when I was accepted into the program.
Here are things I did which I believe would help you in your journey to becoming an Apache committer and a PMC member.
Asking Questions
Asking questions is the fastest way to learn. Don't be afraid to ask questions if you do not understand something. I ask questions a lot and I always get answers, but I didn't start by asking questions: I made 40 commits to the repository without understanding what Airflow does. It was not until I joined my new employer Astronomer that I learned what DAG is and what a data pipeline is. Now I can easily reproduce issues following someone's descriptions. I wish I had asked questions earlier --I could have had more experience by now!
Start small
If you are like me, with little experience, start contributing from the minor issues. Find good first issues and work on them. You don't have to wait to contribute a large change before contributing.
While working on the REST API project, which I got hired by Outreachy to do, I was looking at the codebase. I started with Airflow providers because it was easy for me to understand. There were so many requests about providers at the time and I started looking into it, reading the code base, and helping with the providers. I didn't go into the core straight up; I avoided it. My first PR was on simple database migration during the Outreachy contribution period.
Refactor codes
Airflow is complex. Till now, I'm still learning it. Just last week I learned about how the execution date works. I know there are a lot of other things I have not understood very well but refactoring helped me to understand a lot.
When I was to work in the scheduler, I found the file was so large that I went back and forth without progress. I worked on separating the files and I'm glad I did because after that I could contribute. I recommend refactoring code but do not go into large refactoring. A little at a time, with the hope to understand the project. Avoid the core of the project if you are just starting.
Issues
One thing about issues is that most reporters would tell you how to reproduce them. Most times, you would find that the issue is quite easy to fix. I usually jump on those and fix them. Other times, I had to contact my superiors before I could fix it.
Looking at reported issues gives an added advantage that you could learn how the software works in the real world. Try to reproduce as many issues as possible. It adds to your knowledge.
Pull Requests
Here's where you can learn a great deal. I start my day by looking at the PRs. Most PRs link to issues. I read the issues and study PRs. I must admit that some of these PRs are just too complex for me. If I don't understand it, sometimes I ask questions, other times I go to the next PR. When I jump to the next PR, I record the topic that made me jump to the next and plan on reading about it some other time.
When you make a PR, ask for reviews in the community channel of communication. Airflow uses Slack and the mailing list for communications. You should ask for reviews in the slack channel and not the mailing list. The reviews not only give information on how to fix the problem but also teach you best practices in programming.
Culture
The ASF has a code of conduct that covers the Foundations activities as well as the projects. Read it first.
Among many other things, you would learn in Apache Airflow is communication. How to communicate with people in a civil manner. Spend time reading PR reviews, you will learn a lot and especially how to ask people to make changes to their code.
Conclusion
You don't have to wait for an invitation to contribute to an Apache project. You don't have to become an Outreachy intern to get involved with something you're interested in.
Don't be afraid to make a PR because nobody will penalize you if you're wrong. I know the feeling that people may think you are not good enough, forget it, they know you are new to the field and if you are thinking that they don't know your level in the language, forget it too, they know you are still a junior because it says so in your code. I can't count how many times I have had code reviews that showed me a better way to implement the code. Be open-minded, make mistakes, and excel.
Ephraim Anierobi started to work on the Apache Airflow project as an Outreachy Intern in May 2020. He became a committer in February 2021 and a member of the Apache Airflow Project Management Committee (PMC) in August 2021. He is a software engineer at Astronomer.
Posted at 02:32PM Sep 16, 2021
by Sally Khudairi in SuccessAtApache |
|
The Apache News Round-up: week ending 10 September 2021
We're wrapping up another great week with the following activities from the Apache community:
ASF Annual Report – a look back at our many achievements during the 2021 Fiscal Year
- Press release https://s.apache.org/FY2021AnnualReport-pressrelease
- Full report https://s.apache.org/FY2021AnnualReport
- Next Board Meeting: 15 September 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html
ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. ApacheCon Asia was held online 6-8 August; ApacheCon@Home is coming up next on 21-23 September:
- The Apache® Software Foundation Announces Program for ApacheCon@Home 2021 https://s.apache.org/ACHome2021
- Learn all about ApacheCon with Rich Bowen and Swapnil M Mane https://youtu.be/m_c7NJ5yMOg
- Learn about the Community Track from Sharan Foga and Swapnil M Mane https://youtu.be/8cZF-gaE3a4
- Register for ApacheCon@Home https://www.apachecon.com/acah2021/
ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
- 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/
Apache Code Snapshot – Over the past week, 326 Apache Committers changed 9,187,985 lines of code over 2,985 commits. Top 5 contributors, in order, are: Harikrishna Patnala, Andi Huber, Yann Ylavic, Andrea Cosentino, and Benoit Tellier.
Apache Project Announcements – the latest updates by category.
APIs --
- Apache APISIX Go Plugin Runner 0.2.0 released https://apisix.apache.org/
Application Servers --
- Apache Geronimo Arthur 1.0.3 released https://geronimo.apache.org/arthur
- Apache Geode 1.14.0 released http://geode.apache.org/
Content --
- Apache Jackrabbit 2.14.10 released http://jackrabbit.apache.org/
- Apache Groovy 2.5.15, 3.0.9, and 4.0.0-beta-1 released https://groovy.apache.org/
Workflow --
- Apache DolphinScheduler 1.3.8 released https://dolphinscheduler.apache.org/
- Apache Airflow CVE-2021-38540: Variable Import endpoint missed authentication check https://s.apache.org/88ww5
Did You Know?
- Did you know that ByteDance uses Apache Hudi to build exabyte-scale data lakes for services such as TikTok? http://hudi.apache.org/
- Did you know that the Netherlands and Japan Pulsar MeetUp groups are having meetups in September? https://pulsar.apache.org/en/events/
- Did you know that Kafka Summit will be held online and free of charge 14-15 September? http://kafka.apache.org/events
Apache Community Notices
- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" [6 min] https://s.apache.org/ApacheEverywhere 3) "Why Apache" [2.5 min] https://s.apache.org/ASF-Trillions-WhyApache 4) “Apache Innovation” [40 min] https://s.apache.org/ApacheInnovation
- The Apache Month in Review: August 2021 https://s.apache.org/August2021
- The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI
- Foundation Reports and Statements http://www.apache.org/foundation/reports.html
- Presentations from ApacheCon Asia are available at https://s.apache.org/ApacheConAsia2021-talks
- "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache
- Inside Infra: the new interview series with members of the ASF infrastructure team --meet
Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
Drew Foulks https://s.apache.org/InsideInfra-Drew
Greg Stein Part I https://s.apache.org/InsideInfra-Greg
...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
Chris Lambertus Part I https://s.apache.org/InsideInfra-ChrisL and Part II https://s.apache.org/InsideInfra-ChrisL2
- Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation
- Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity
= = =
For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.
Posted at 12:16PM Sep 10, 2021
by Swapnil M Mane in Newsletter |
|
The Apache News Round-up: week ending 3 September 2021
Welcome, September --we're opening the month with another great week. Here's what the Apache community has been up to:
ASF Annual Report – a look back at our many achievements during the 2021 Fiscal Year
- Press release https://s.apache.org/FY2021AnnualReport-pressrelease
- Full report https://s.apache.org/FY2021AnnualReport
Apache Month in Review – a round-up of our Round-ups and other newsworthy bits over the past month.
- August Month in Review https://s.apache.org/August2021
ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
- Next Board Meeting: 15 September 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html
ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. ApacheCon Asia was held online 6-8 August; ApacheCon@Home is coming up next on 21-23 September:
- The Apache® Software Foundation Announces Program for ApacheCon@Home 2021 https://s.apache.org/ACHome2021
- Learn about the Community Track from Sharan Foga and Swapnil M Mane https://youtu.be/8cZF-gaE3a4
- Register for ApacheCon@Home https://www.apachecon.com/acah2021/
ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
- 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/
Apache Code Snapshot – Over the past week, 340 Apache Committers changed 2,033,185 lines of code over 3,224 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Mark Thomas, Andrea Cosentino, Andi Huber, Harikrishna Patnala, and Albumen Kevin.
Apache Project Announcements – the latest updates by category.
APIs --
- Apache APISIX 2.9 released https://apisix.apache.org/
Big Data --
- The Apache Drill Project Announces Apache® DrillTM v1.19 Milestone Release https://s.apache.org/bfhy6
- Apache Qpid Broker-J 8.0.6 and Proton-J 0.33.9 released https://qpid.apache.org/
- Apache Hudi 0.9.0 released https://hudi.apache.org/
- Apache Zeppelin CVE-2021-36090: Bash command injection in spark interpreter https://s.apache.org/njaui
-- CVE-2020-13929: Notebook permissions bypass https://s.apache.org/tx1s1
-- CVE-2021-27578: Cross Site Scripting in markdown interpreter https://s.apache.org/701t0
Content --
- Apache Tika 2.1.0 released https://tika.apache.org/
- Apache Commons DBCP 2.9.0 released http://commons.apache.org/dbcp/
Servers --
- Apache Tomcat Native 1.2.31 released https://tomcat.apache.org/
Did You Know?
- Did you know that the following projects are celebrating anniversaries in September? Congratulations to Apache ServiceMix (14 years); Hive, Pig, and Shiro (11 years); Airavata, Bigtop, and SIS (9 years); Curator (8 years); Storm (7 years); Yetus (6 years); RocketMQ and Royale (4 years); Pulsar (3 years); Rya (2 years); IoTDB (1 year) https://projects.apache.org/committees.html?date
- Did you know that Apache Cordova will be archiving all older translated documentation? https://cordova.apache.org/announcements/2021/08/25/translations.html
- Did you know that Flink Forward will be held 26-27 October? http://flink.apache.org/
Apache Community Notices
- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" [6 min] https://s.apache.org/ApacheEverywhere 3) "Why Apache" [2.5 min] https://s.apache.org/ASF-Trillions-WhyApache 4) “Apache Innovation” [40 min] https://s.apache.org/ApacheInnovation
- The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI
- Foundation Reports and Statements http://www.apache.org/foundation/reports.html
- Presentations from ApacheCon Asia are available at https://s.apache.org/ApacheConAsia2021-talks
- "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache
- Inside Infra: the new interview series with members of the ASF infrastructure team --meet
Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
Drew Foulks https://s.apache.org/InsideInfra-Drew
Greg Stein Part I https://s.apache.org/InsideInfra-Greg
...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
Chris Lambertus Part I https://s.apache.org/InsideInfra-ChrisL and Part II https://s.apache.org/InsideInfra-ChrisL2
- Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation
- Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity
= = =
For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.
Posted at 11:15AM Sep 03, 2021
by Swapnil M Mane in Newsletter |
|
Apache Month in Review: August 2021
Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in August:
New this month --
- The Apache Software Foundation Announces Apache® Pinot™ as a Top-Level Project https://s.apache.org/ft8p6
- The Apache® Software Foundation Announces Program for ApacheCon@Home 2021 https://s.apache.org/ACHome2021
- The Apache Drill Project Announces Apache® Drill™ v1.19 Milestone Release https://s.apache.org/bfhy6
- The Apache® Software Foundation Announces Annual Report for 2021 Fiscal Year https://s.apache.org/FY2021AnnualReport-pressrelease
- Apache Month in Review: July 2021 https://s.apache.org/July2021 + Video highlights https://youtu.be/KIYB1g6SKhg
Important Dates --
- Next Board Meeting: 15 September 2021. Board calendar and minutes http://apache.org/foundation/board/calendar.html
- ApacheCon™ --the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998-- is being held twice in 2021:
- UPCOMING: Register for ApacheCon@Home - 21-23 September https://www.apachecon.com/acah2021/
-- Learn about the Community Track from Sharan Foga and Swapnil M Mane https://youtu.be/8cZF-gaE3a4
- Completed: ApacheCon Asia - 6-8 August --presentations available at https://s.apache.org/37n3z
Infrastructure --
Committer Activity --
In August, 764 Apache Committers changed 15,185,996 lines of code over 17,295 commits. The Committers with the top 5 highest contributions, in order, were: Claus Ibsen, Alex Herbert, Andrea Cosentino, Harikrishna Patnala, and Kaxil Naik.
Project Releases and Updates --
New releases from Apache ActiveMQ (Messaging); Airflow (Workflow); APISIX (APIs); Camel (Integration); Commons (Libraries); EventMesh (incubating; Eventing); Flink (Big Data); Geode (Databases); Hop (incubating; Orchestration); Jackrabbit (Content); NiFi (Big Data); OFBiz (ERP/Enterprise Resource Planning); Portable Runtime (Libraries); Pulsar (Messaging); Qpid (Messaging); Roller (Content); ServiceComb (Libraries); Teaclave (incubating; Confidential Computing); Tika (Content); Tomcat (Servers); Traffic Server (Servers).
Apache Project Anniversaries in August: jUDDI (11 years); Any23, Lucene.Net, and Oozie (9 years); Ignite, Serf, and Usergrid (6 years); HAWQ (3 years). Many happy returns!
The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. Linkis (Middleware) entered the Apache Incubator in August. More than three dozen projects are currently undergoing development in the Apache Incubator http://incubator.apache.org/ .
# # #
To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!
Posted at 02:11PM Sep 01, 2021
by Sally Khudairi in Newsletter |
|