The Apache Software Foundation Blog
The Apache News Round-up: week ending 27 July 2018
Farewell, July! Let's check out the Apache community's activities from the past week:
ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
- Next Board Meeting: 15 August. Board calendar and minutes http://apache.org/foundation/board/calendar.html
ApacheCon™ –the ASF's official global conference series. Join us!
- 24-27 September: Registration for ApacheCon North America/Montreal is open http://apachecon.com/acna18/
- 8 October: Apache Roadshow and Open Source Job Fair/Fairfax, VA --Save The Date!
- Media and Community Partner opportunities available for *all* official Apache events: drop us a note at firstname.lastname@example.org to help.
ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
- 7M+ weekly checks yield zippity performance at 93.91% uptime. http://status.apache.org/
ASF Operations Factoid –this week, 506 Apache contributors changed 968,003 lines of code over 3,133 commits. Top 5 contributors, in order, are: Tellier Benoit, Karl Heinz Marbaise, Andrea Cosentino, Roberto Cortez, and Gary Gregory.
Apache Accumulo™ –a sorted, distributed key/value store that provides robust, scalable Big Data storage and retrieval.
- Apache Accumulo 1.9.2 released https://accumulo.apache.org/
Apache Calcite™ –a framework for writing Big Data management systems.
- Apache Calcite 1.17.0 released http://calcite.apache.org/
Apache Directory™ Fortress –computer security access management facility written in Java.
- Apache Fortress 2.0.1 released https://directory.apache.org/fortress/
Apache HBase™ –Open Source, distributed, versioned, non-relational database.
- Apache HBase 2.1.0 released https://hbase.apache.org/
Apache HttpComponents™ HttpAsyncClient–a library for client-side HTTP communication built on HttpCore.
- HttpComponents HttpAsyncClient 4.1.4 GA released http://hc.apache.org/
Apache Kafka™ –distributed, fault tolerant, publish-subscribe messaging.
- CVE-2017-12610: Authenticated Kafka clients may impersonate other users http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAOJcB383nmC%2BpxBXoc2JcuD4TXgQrvgjCuovNavmt6sFs4%2BsBQ%40mail.gmail.com%3E
- CVE-2018-1288: Authenticated Kafka clients may interfere with data replication http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAOJcB3905-NRw3baEUGhEaqKipzQ%2BNryJHsK%3DAtF_aFFsF1nOA%40mail.gmail.com%3E
Apache OpenWhisk (incubating) –distributed serverless computing platform.
- CVE-2018-11756 PHP Runtime for Apache OpenWhisk http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAAC1_d4geVGr-%2BOk95Gq9C9P81BXUDT3d9N7-2r%2BqsiPrM5r3w%40mail.gmail.com%3E
- CVE-2018-11757 Docker Skeleton Runtime for Apache OpenWhisk http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAAC1_d7x6buq1aREekk_Eh9SjevQLPLkXc%2BaidiFBMcNz7GGwQ%40mail.gmail.com%3E
Apache Qpid™ –messaging tools that speak AMQP and support many languages and platforms.
- Apache Qpid JMS 0.35.0 released http://qpid.apache.org/
Apache Tomcat™ –an Open Source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies.
- CVE-2018-8019 Apache Tomcat Native Connector - Mishandled OCSP invalid response http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721095943.GA24320%40minotaur.apache.org%3E
- CVE-2018-8020 Apache Tomcat Native Connector - Mishandled OCSP responses can allow clients to authenticate with revoked certificates http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721101944.GA45239%40minotaur.apache.org%3E
- CVE-2018-1336 Apache Tomcat - Denial of Service http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E
- CVE-2018-8037 Apache Tomcat - Information Disclosure http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E
- CVE-2018-8034 Apache Tomcat - Security Constraint Bypass http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E
Did You Know?
- Did you know that you can easily help promote ApacheCon? http://www.apachecon.com/acna18/banners/
- Did you know that you can achieve Machine Learning on SQL by using Apache Hivemall (incubating) on Apache Hive or Apache Spark? http://hivemall.incubator.apache.org/
- Did you know that the highest code contribution value during FY2018 was by Apache Mynewt? $61,769,063 worth of code! https://s.apache.org/FY2018AnnualReport
Apache Community Notices:
- ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport
- The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q
- Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/
- The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3
- Apache in 2017 - By The Digits https://s.apache.org/h8do
- Foundation Statement –Apache Is Open. https://s.apache.org/PIRA
- "Success at Apache" focuses on the processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache
- Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation
- Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/and Twitter account https://twitter.com/ApacheCommunity
- The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html
- ApacheCon North America will be held 24-27 September in Montreal http://apachecon.com/
- Save the Date: Apache Roadshow DC and Open Source/Government/Cyber/Job Fair - 8 October 2018 in Fairfax, VA http://apachecon.com/
- Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/
# # #
Posted at 04:18PM Jul 27, 2018 by Sally in General | |