Entries tagged [apache]

Friday February 14, 2020

The Apache News Round-up: week ending 14 February 2020

Happy Friday (and Valentine's Day for those who celebrate) --let's review what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 February 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 1) Registration open; Sponsorship opportunities available: Apache Roadshow/DC --25 March in CHANTILLY, VA. Topics include Apache Projects & CARE Initiatives (with  George Mason University Center for Assurance Research & Engineering); Cybersecurity; and Open Source Software in Start-Ups. https://www.apachecon.com/usroadshowdc20/
 2) CFP open. Sponsorship opportunities available: Apache Roadshow/Chicago --18-19 May in CHICAGO, IL. https://www.apachecon.com/chiroadshow20/
 3) Sponsorship opportunities available. Apache Roadshow/Seattle --10-12 June in REDMOND, WA. Topics include Data and Analytics, ML and AI, Java, Cloud, Containers, Servers, and Web Frameworks. https://www.apachecon.com/searoadshow20
 4) CFP open; Registration open; Sponsorship opportunities available: ApacheCon North America --28 September - 2 October in NEW ORLEANS, LA. Topics include Big Data Integration, Community, IoT, Search, Geospatial, Graphing, Integration, Servers, and more. Apache Project content includes Camel, Cassandra, Cloudstack, Fineract, Flagon, Gobblin, Groovy, HTTP Server, Ignite, Karaf, Observability, Solr/Lucene, Tomcat, and Traffic Server/Traffic Control, among others. https://www.apachecon.com/acna2020/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.85%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 943 Apache contributors changed 3,276,658 lines of code over 3,818 commits. Top 5 contributors, in order, are: Andrea Tarocchi, Andrea Cosentino, Claus Ibsen, Lukasz Lenart, and Duo Zhang.

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Arrow 0.16.0 released https://arrow.apache.org/

Content --
 - Apache Jackrabbit Oak 1.22.1 released https://jackrabbit.apache.org/

Cryptography
 - Apache Milagro (Incubating) Crypto-C V2.0.1 released https://milagro.apache.org/

Libraries --
 - Apache Commons Compress 1.20 released https://commons.apache.org/compress/
 - Apache Commons CSV 1.8 released https://commons.apache.org/proper/commons-csv/

Programming Languages --
 - Apache Groovy 3.0.0 released https://groovy.apache.org/

Servers --
 - Apache Tomcat 8.5.51 and 9.0.31 released http://tomcat.apache.org/


Did You Know?

 - Did you know that Apache Impala now supports Apache Hudi (incubating), Hive, and ORC? http://impala.apache.org/

 - Did you know that the Apache NetBeans C/C++ donation by Oracle is nearing completion? Review and final stage countdown is on https://lists.apache.org/thread.html/rc62f519d5a203d1624cbc5116e0db399fed8ce7560bc7594a93e6fd8%40%3Cdev.netbeans.apache.org%3E

 - Did you know that you can access your favorite Apache project logos at http://apache.org/logos/ ?

Apache Community Notices:

 - Apache Month In Review: January 2020 – overview of events that have taken place within the Apache community https://s.apache.org/1bbb1

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday February 07, 2020

The Apache News Round-up: week ending 7 February 2020

Welcome, February! We're wrapping up another great week with the following activities:

ASF Security Report 2019 – the state of security across all Apache projects with key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues https://s.apache.org/tbyxg

Success at Apache – the monthly blog series that focuses on the people and processes behind why the ASF "just works".
 - "Success at Apache: Literally" by Chris Thistlethwaite https://s.apache.org/xjcrj

Apache Month In Review: January 2020 – a new monthly overview of events that have taken place within the Apache community https://s.apache.org/1bbb1

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 February 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFP Open: ApacheCon North America - 28 September - 2 October - tracks include Big Data, Cloud, Community, Content Delivery, FinTech, Geospatial, Graphing, IoT, Observability, Search, Servers, and more. https://www.apachecon.com/
 - Registration Open: Apache Roadshow/DC - 25 March - topics include Apache projects in CARE initiatives, cybersecurity, start-ups, and more. https://www.apachecon.com/usroadshowdc20/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.89%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 879 Apache contributors changed 2,008,768 lines of code over 3,559 commits. Top 5 contributors, in order, are: Andrea Cosentino, Claus Ibsen, Jean-Baptiste Onofré, Mark Thomas, and Tilman Hausherr.    

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Flink 1.9.2 released https://flink.apache.org/
 - Apache Beam 2.19.0 released https://beam.apache.org/
 - Apache NiFi 1.11.1 released https://nifi.apache.org/

Content --
 - Apache Jackrabbit Oak 1.6.20 and 1.8.20 released https://jackrabbit.apache.org/

Enterprise Processes Automation / ERP --
 - Apache OFBiz 16.11.07 released https://ofbiz.apache.org

Libraries --
 - Apache Velocity Engine 2.2 released https://velocity.apache.org/
 - Apache DeltaSpike 1.9.3 released https://deltaspike.apache.org/

Network Client --
 - Apache Guacamole 1.1.0 released https://guacamole.apache.org/

Did You Know?

 - Did you know that the following Apache projects are celebrating their anniversaries this month? Many happy returns to Apache HTTP Server (25 years!); Gump and Portals (16 years); Directory, MyFaces, and Xerces (15 years); Tapestry (14 years); Roller (13 years); Cassandra and Subversion (10 years); Chemistry (9 years); BVal and OpenNLP (8 years); Clerezza and Crunch (7 years); Knox, Open Climate Workbench, and Spark (6 years); DataFu (2 years); and Unomi (1 year). https://projects.apache.org/committees.html?date

 - Did you know that, over past year, the ASF processed 759 Individual Contributor License Agreements, 34 Corporate Contributor License Agreements, and 40 Software Grants? https://s.apache.org/Apache2019Digits

 - Did you know that Apache Airflow is having its first MeetUp in Bangalore? http://airflow.apache.org/

Apache Community Notices:

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Wednesday February 05, 2020

Apache Month in Review: January 2020

We're pleased to introduce a new monthly overview of events that have taken place within the Apache community. Below is the wrap-up of our activities in January:

New this month --

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - Apache Software Foundation 2019 Security Report https://s.apache.org/tbyxg

 - Launch of 2020 ASF Community Survey https://s.apache.org/pzol5

 - Update on "Trillions and Trillions Served", the documentary on the ASF https://s.apache.org/ASF-Trillions


Important Dates --

 - Registration open: Apache Roadshow/DC 25 March --tracks include Apache Projects and CARE Initiatives, Cybersecurity, and Start‑Ups. https://www.apachecon.com/usroadshowdc20/

 - Now open: CFP for ApacheCon North America --tracks include Big Data, Cloud, Community, Content Delivery, FinTech, Geospatial, Graphing, IoT, Observability, Search, Servers, and more. https://www.apachecon.com/

 - Next Board Meeting: 19 February 2020. http://apache.org/foundation/board/calendar.html


Infrastructure --

The ASF's distributed, seven-member Infrastructure team oversees our highly-reliable, distributed network under the leadership of VP Infrastructure David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure supports 300+ Apache projects and their communities across ~200 individual machines, 1,400+ repositories, more than half a petabyte of software source releases, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly checks to ensure services are available around the clock. The average uptime in January was 99.94%.


Committer Activity --

In January, 898 Apache Committers changed 4,835,906 lines of code over 14,064 commits. The Committers with the top 5 highest contributions, in order, were: Dan Haywood, Andrea Cosentino, Jean-Baptiste Onofré, Claus Ibsen, and Andi Huber.

Project Releases and Updates --

New releases from Apache Beam (Big Data), Commons Codec (Libraries), Commons VFS (Libraries), Crail (incubating; Libraries), Daffodil (incubating; Libraries), Drill (Big Data), Druid (Big Data), Geode (Big Data), Groovy (Programming Languages), HttpComponents (4 releases; Servers), IoTDB (incubating; IoT); Jackrabbit (5 releases; Content), Juneau (Libraries), Libcloud (2 releases; Cloud Computing), Lucene/Solr (2 releases; Search), NiFi (Big Data), OpenNLP (Machine Learning), OpenWebBeans (Libraries), Parquet (Big Data), Pulsar (Messaging), Qpid (Messaging), SpamAssassin (Mail), and Wicket (2 releases; Web Frameworks).

The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. YuniKorn (Resource Scheduler) is the latest podling undergoing development in the Apache Incubator http://incubator.apache.org/

The Apache Attic provides process and solutions to make it clear when an Apache project has reached its end of life. Apache ODE (Orchestration) has retired to the Attic https://attic.apache.org/

# # #

Monday February 03, 2020

Success at Apache: Literally

by Chris Thistlethwaite

I became part of the Apache community as a member of the ASF Infrastructure team in 2016, and was elected an ASF Member in 2019.

Browsing through the other "Success at Apache" posts made me reflect on the word "success". Years ago, I was asked in a job interview, "How do you define success?". After a pause, I asked back, "In what?", which threw the interviewer off a bit. That's just too broad of a question for me to define one answer: success in a career, success as a human, success as a team member, success at a software release, the list goes on and on. 

Every day there's a giant list of possible successes and failures, and that’s even before you get to work ...so keep that in mind as you continue reading.

In August of 2016 I came across a blog post that would change my life forever. 

At the time, I was looking for a new job that was taking longer than I expected. Taking a long shot, I sent off a very sparse email replying to the post. Two days later David Nalley (VP Infrastructure) replied, introducing me to Daniel Gruno who'd be doing the first round of interviewing. Fast forward a few months, and, spoiler alert: I got the job.

My first day "in the office" was in Seville, Spain, on November 14th during ApacheCon EU. Let me jump back a bit: most of the "Success at Apache" posts talk about the extensive background the authors have, both in the Open Source community and the ASF. While I use httpd, LAMP, etc. all the time, I never really found out how the "sausage was made". Apache has well-made products and the philosophy of how they were built intrigued me. My career until that point has mostly been inside Microsoft shops, usually with me suggesting FOSS solutions in meetings and only getting to use them in small-ish batches. A few MySQL boxes here, a few other Linux machines there, but not "full stack" kinda stuff: I ran it where I could but I was very happy with Microsoft products. "Best tool for the job", right? 

Anyway, back to Spain. I don't travel as much as I should, my Spanish is terrible (or enough to get me into a bar fight), and I'm traveling to a country I've never been to.

Friday November 11th was the last day at my previous job. Saturday afternoon, I left my wife and kid to jump on a plane for Seville, Sunday-ish I landed, and on Monday I started work in another country, at a job that was 98% Linux-based (Windows Jenkins build nodes), with people whom I’ve never seen before because no one used video chat during the interviews --at a conference held by the foundation I now work for. 

You may ask yourself, "How did I get here?", as I sure did: queue "Once in a Lifetime" by the Talking Heads...

My time at the ASF has been very interesting to say the least. With such a huge range of users of Apache software, some days I'm helping a large global company trying to get a product out the door, other days I'm troubleshooting a broken commit for someone working in their basement between dinner and baths for the kids. That's what makes this place special: those contributions help the community and help the common good of the project. The unique perspective I have is from within Infra. We don't just support the ASF, we support all projects in one way or another. One project might just be getting started with automated builds in Jenkins while another has been using CI/CD for years. That's a true strength of the ASF: disparate parts come together as a whole in a way that wouldn't work otherwise. Some days my job has nothing to do with technology, it's just getting the right people together on an email to figure out how to solve a problem, leveraging the different parts.

As mentioned earlier, "success" is a moving target, and at Apache, it's no different. Though in my case, any success at my job means I'm helping the ASF become successful, which in turn helps the projects and communities it supports. Behind every commit is a person, just working towards their own success.

I'm glad that I took the chance to respond to the job opening. Every job, company, and environment have a fair share of unpredictably and diversity. At the ASF, those traits are celebrated, leveraged, leaned on, and held up by the great people I get to work with and the community that I'm proud to be a part of.


Chris Thistlethwaite has been fixing problems and herding cats since before he can remember. He likes digging through log files to find solutions to complex problems and then turning his findings into pretty charts and graphs. After working at Avenue A | Razorfish, Sharebuilder, and some small startups, he brought his unique perspective on DevOps/Systems Engineering to the ASF Infrastructure team, where he specializes in monitoring systems. In his spare time, he enjoys homelabbing and spending time with his family.

= = =

"Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works" https://blogs.apache.org/foundation/category/SuccessAtApache

Friday January 31, 2020

Apache Software Foundation Security Report: 2019

Synopsis: This report explores the state of security across all Apache Software Foundation projects for the calendar year 2019. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues.

Released: 31 January 2020

Author: Mark Cox, Vice President Security, The Apache Software Foundation

Background
The security committee of The Apache Software Foundation (ASF) oversee and co-ordinate the handling of vulnerabilities across all of the 300+ Apache projects.  Established in 2002 and comprising of all volunteers, we have a consistent process for how issues are handled, and this process includes how our projects must disclose security issues.

Anyone finding security issues in any Apache project can report them to security@apache.org where they are recorded and passed on to the relevant dedicated security teams or project management committees (PMC) to handle.  The security committee see all the issues reported across all the addresses and keep track of the issues throughout the vulnerability lifecycle.  

The security committee is responsible for ensuring that issues are dealt with properly and will actively remind projects of their outstanding issues and responsibilities.  As a board committee, we have the ability to take action including blocking their future releases or, worst case, archiving a project if such projects are unresponsive to handling their security issues.  This, along with the Apache Software License, are key parts of the ASF’s general oversight function around official releases, allowing the ASF to protect individual developers and giving users confidence to deploy and rely on ASF software.  

The oversight into all security reports, along with tools we have developed, gives us the ability to easily create statistics on the issues. 

Statistics for 2019
In 2019 our security addresses received in total over 18,000 emails. After spam filtering and thread grouping this comes to 620 non-spam threads.  Unfortunately many security reports do look like spam and so the security team are careful to review all messages to ensure real reports are not missed for long.



Diagram 1: Breakdown of ASF security email threads for calendar year 2019*

Diagram 1 gives the breakdown of those 620 threads.  138 threads (22%) were people confused by the Apache License.  As many projects use the Apache License, not just those under the ASF umbrella, users can get confused when they see the Apache License and they don't understand what it is.  This is most common for example on mobile phones where the licenses are displayed in the settings menu, usually due to the inclusion of software by Google released under the Apache License.

The next 162 of the 620 (26%) are email threads that are not spam but are also not reports of new vulnerabilities.  These are generally people asking support-type questions or how old vulnerabilities were dealt with.

That left 320 reports of new vulnerabilities in 2019, which spanned across 84 of the top level projects.  These 320 reports are a mix of both external reporters and internal; for example where a project has found an issue themselves and followed the ASF process to assign it a CVE name and address it.  Note that we don’t track the reporter affiliation, and ASF reporters often use non-ASF email addresses for reporting, so we can’t give a break down of internal vs external reports .

The next step is that the appropriate project triages the report to see if it's really an issue or not.  At this stage invalid reports, or things that are not actually vulnerabilities at all, get rejected back to the reporter.  Of the remaining issues that are accepted they are are assigned appropriate CVE names and eventually fixes are released.

As of January 1st 2020, 19 of those 320 reports were still under triage (i.e. the project had not yet determined if the report is accepted or rejected).  The process of triage and investigation varies in time depending on the project, availability of resources, and number of issues to be assessed.  As a general guideline we try to ensure projects have triaged issues within 90 days of the report.  The timeline for the fixing of issues depends on the schedules of the projects themselves and issues of lower severity are most often held to future pre-planned releases.  

The remaining closed 301 reports led to us assigning 122 CVE names.  Some vulnerability reports may include multiple issues, some reports are across multiple projects, and some reports are duplicates where the same issue is found by different reporters, so there isn't an exact one-to-one mapping of accepted reports to CVE names.  The Apache Security committee handle CVE name allocation and are a Mitre Candidate Naming Authority (CNA), so all requests for CVE names in any ASF project are routed through us, even if the reporter is unaware and contacts Mitre directly or goes public with an issue before contacting us. 

Noteworthy events
During 2019 there were a few events worth discussion; either because they were severe and high risk, they had readily available exploits, or otherwise due to media attention.   These included:

  • January 2019: Securonix published a report outlining an increase of attacks of Apache Hadoop instances that have not been configured with authentication.  Public exploits and a Metasploit module exist to perform remote code execution on unprotected Hadoop YARN systems.

  • April 2019: A flaw in Apache HTTP Server 2.4 (CVE-2019-0211).  A user who has access to write scripts on a web server could elevate those privileges to root.  A public exploit is available for this issue.

  • April 2019: A flaw in older versions of Apache Axis that parsed a file retrieved insecurely from an expired domain, allowing remote code execution (CVE-2019-0227).

  • June 2019: Jonathan Leitschuh contacted us after finding a number of Java build dependencies were being downloaded over insecure paths (i.e. HTTP rather than HTTPS).  We did not classify these as security vulnerabilities in themselves as exploiting them would require MITM attacks at build time.  We worked with ASF projects including those identified by the reporter to ensure that we use secure URLs.  Now, in 2020, a number of repositories are requiring secure URLs.

  • August 2019: The Black Duck Synopsys team reviewed older Struts releases and advisories and found some discrepancies in the reported affected versions.   The Struts team worked through their findings and issued corrections where needed.  This can be important if users are running older versions that they don't think are affected by an issue based on the advisories, but they actually are.  However, those same users are likely vulnerable to the other issues that have since been fixed and so we'd always recommend users upgrade to the latest version of Struts to ensure they have a version that contains fixes for all the published security issues.

  • August 2019: Netflix found a number of denial of service vulnerabilities affecting various HTTP/2 implementations. ASF projects containing HTTP/2 implementations were investigated and analysed the issues reported. Both Apache HTTP Server and Apache TrafficServer released updates to address denial of service issues that affected them.  Apache Tomcat also made performance improvements to HTTP/2 handling but the issues were not classed as denial of service.

  • September 2019: A RiskSense report highlighted vulnerabilities known to be used by Ransomware which included four in ASF projects.  The four vulnerabilities were all fixed in earlier years and all had updates and mitigations available before any ransomware took advantage of them.  Users should always ensure they pay attention to security updates in any ASF projects they use and prioritise updating for any remote or critical vulnerabilities. The four vulnerabilities were:

     -- CVE-2016-3088 in Apache ActiveMQ.  Targeted by XBash, this issue was trivial to exploit.  It was fixed in Active MQ 5.14.0 and mitigation was also available.

     -- CVE-2017-12615 in Apache Tomcat.  It is surprising to see this issue on the list as it affects a non-default and quite unlikely flaw.  However, it's an issue that is probed by Lucky (a variant of "Satan"), so if there is a server configured in this way it will get exposed. This issue only affected Windows platforms on non-default config, it was fixed in Tomcat 7.0.81, and mitigation is also available.  Note that Lucky will also do brute force attacks targeting weak passwords on  accessible Tomcat Web Admin consoles.

     -- CVE-2017-5638 in Apache Struts.  This issue is known to be exploited in the wild, however the first exploitation was discovered after the advisory and fix was published.  Used by Lucky (a variant of Satan).  It was fixed in Struts 2.3.32 and 2.5.10.1, and a mitigation is also available.

     -- CVE-2018-11776 in Apache Struts.  This issue is also used by Lucky.  It was fixed in Struts 2.3.35, 2.5.17, a possible mitigation is available but upgrading is advised.

  • Dec 2019: A flaw in Apache Olingo allowing XML External Entity (XXE) attacks (CVE-2019-17554).  This issue could be used, for example, to retrieve arbitrary files from a server.  A public exploit example exists for this issue.

  • A number of flaws in Apache Solr through the year that could allow remote code execution.  Public exploits exist for some of the issues as well as a Metasploit module.

  • The European Commission EU-FOSSA 2 project sponsored bug bounty programs for users finding security issues in both Apache Kafka and Apache Tomcat.  No issues were fixed in Apache Kafka.  Two issues were fixed in Apache Tomcat: CVE-2019-0232 (Important severity, affecting Windows platforms, public exploits including a Metasploit module are available) and CVE-2019-0221 (Low severity).   As well as running the bug bounties, EU-FOSSA 2 also sponsored a successful hackathon in June 2019.
Conclusion

Apache Software Foundation projects are highly diverse and independent.  They have different languages, communities, management, and security models.  However one of the things every project has in common is a consistent process for how reported security issues are handled.

The ASF Security Committee work closely with the project teams, communities, and reporters to ensure that issues get handled quickly and correctly.  This responsible oversight is a principle of The Apache Way and helps ensure Apache software is stable and can be trusted.

This report gave metrics for calendar year 2019 showing from the 18,000 emails received we triaged over 300 vulnerability reports leading to fixing just over 100 (CVE) issues.  If you have vulnerability information you would like to share with or comments on this report please contact us.

# # #

graphic created by http://sankeymatic.com/build/ using code :

Threads [138] License Confusion

Threads [162] Support Questions

Threads [320] Vulnerability Reports

Vulnerability Reports [19] Under Triage

Vulnerability Reports [301] Closed

Closed [122] CVE

1000x600

colour B source

The Apache News Round-up: week ending 31 January 2020

Farewell, January --we're wrapping up the month with another great week. Here are the latest updates on the Apache community's activities:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 February 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFPs OPEN: Apache Roadshow/DC and ApacheCon North America https://www.apachecon.com/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 746 Apache contributors changed 1,854,769 lines of code over 3,280 commits. Top 5 contributors, in order, are: Dan Haywood, Andrea Cosentino, Claus Ibsen, Jean-Baptiste Onofré and Jarek Potiuk.     

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Druid 0.17.0 released http://druid.apache.org/
 - Apache Beam 2.18.0 released http://beam.apache.org/
 - Apache NiFi 1.11.0 released http://nifi.apache.org/

Cloud Computing --
 - Apache Libcloud 3.0.0-rc1 released https://libcloud.apache.org/

Content --
 - Apache Jackrabbit Oak 1.10.8 and 1.24.0 released http://jackrabbit.apache.org/

Libraries --
 - Apache OpenWebBeans-2.0.14 released http://openwebbeans.apache.org/

Mail --
 - Apache SpamAssassin 3.4.4 released http://spamassassin.apache.org/

Servers --
 - Apache HttpComponents Client 5.0 beta7 (GA candidate) released https://hc.apache.org/

Did You Know?

 - Did you know that Apache Flink supports schema migration on its state so that application changes can be made without having to start from square one? https://flink.apache.org/

 - Did you know that tracks for ApacheCon North America include Big Data integration/Gobblin (incubating), Apache Camel/Integration, Cassandra, CloudStack, Community, Content Delivery, Fineract, Flagon (incubating), Geospatial, Graph, Groovy, HTTP Server/Web, Ignite, Internet of Things, Karaf, Observability, Solr/Lucene/Search, and Tomcat? https://s.apache.org/cfp2020

 - Did you know that Amazon, DataStax, IBM, Microsoft, Neo4j, and many others use Apache Tinkerpop? http://tinkerpop.apache.org/providers.html

Apache Community Notices:

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday January 24, 2020

The Apache News Round-up: week ending 24 January 2020

Happy Friday! We're wrapping up another great week with the following activities:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 February 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998
 - CFPs OPEN: Apache Roadshow/DC and ApacheCon North America https://www.apachecon.com/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.96%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 860 Apache contributors changed 3,062,286 lines of code over 3,401 commits. Top 5 contributors, in order, are: Dan Haywood, Andi Huber, Jarek Potiuk, Andrea Cosentino, and Kaxil Naik.

Apache Incubator – the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation.
 - Welcome APISIX, NuttX, StreamPipes, and TubeMQ as new podlings undergoing development http://incubator.apache.org/

Apache Project Announcements – the latest updates by category.

Content --
 - Apache Jackrabbit Oak 1.4.25 and 1.8.19 released http://jackrabbit.apache.org/

Libraries --
 - Apache Juneau 8.1.3 released http://juneau.apache.org/

Messaging --
 - Apache Pulsar 2.5.0 released http://pulsar.apache.org/

Servers --
 - Apache HttpComponents Client 4.5.11 GA released https://hc.apache.org/

Did You Know?

 - Did you know that ASF Conferences has 6 events planned this year: Apache Roadshows in Washington DC, Chicago, and Seattle, plus Europe and China, as well as ApacheCon in New Orleans? https://www.apachecon.com/

 - Did you know that in 2019 the Top 5 Apache Project repositories by commits, in order, were: Camel, HBase, Flink, Beam, and Hadoop? https://s.apache.org/Apache2019Digits

 - Did you know that the German virtual coaching app Dranbleiben is powered by Apache Wicket? https://wicket.apache.org/

Apache Community Notices:

 - "Trillions and Trillions Served", the documentary on the ASF, is in post-production. Catch the teaser at https://s.apache.org/ASF-Trillions

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday January 17, 2020

The Apache News Round-up: week ending 17 January 2020

Greetings everyone --it's time to review the Apache community's activities from the past week:

Watch the first teaser for "Trillions and Trillions Served", the documentary on The Apache Software Foundation, which resumed filming during ApacheCon 2019 https://s.apache.org/ASF-Trillions

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 February 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998
 - CFP OPEN: Apache Roadshow/DC https://www.apachecon.com/usroadshowdc20/index.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.83%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 903 Apache contributors changed 2,766,467 lines of code over 3,961 commits. Top 5 contributors, in order, are: Dan Haywood, Andrea Cosentino, Mark Thomas, Andi Huber, and Daniel Sun.   

Apache Project Announcements – the latest updates by category.

Attic --
 - Apache ODE retired https://attic.apache.org/

Big Data --
 - Apache Parquet Format 2.8.0 released https://parquet.apache.org/

Content --
 - Apache Jackrabbit Jackrabbit Oak 1.22.0 released http://jackrabbit.apache.org/

IoT --
 - Apache IoTDB (Incubating) 0.9.1 released http://iotdb.apache.org/

Libraries --
 - Apache Daffodil (Incubating) 2.5.0 https://daffodil.apache.org/
 - Apache Crail (Incubating) 1.2 released https://crail.apache.org/

Messaging --
 - Apache Qpid Broker-J 7.1.7 released https://qpid.apache.org/

Programming Languages --
 - Apache Groovy 3.0.0-rc-3 released https://groovy.apache.org/

Search --
 - Apache Lucene 8.4.1 released http://lucene.apache.org/

Servers --
 - Apache HttpComponents Core 4.4.13 released https://hc.apache.org/

Web Framework --
 - Apache Wicket 9.0.0-M4 released https://wicket.apache.org/

Did You Know?

 - Did you know that new podlings undergoing development in the Apache Incubator include projects in microservices, embedded operating systems, IoT data streams, messaging queues, transactional frameworks, and batch implementations? http://incubator.apache.org/

 - Did you know that, in 2019, more than 75% of contributors were new to Apache? https://s.apache.org/Apache2019Digits

 - Did you know that 2019's Top 5 Apache Project repositories by size (Lines of Code) were: NetBeans (8,354,466); OpenOffice (7,828,646); Flex (whiteboard: 5,233,277); Mynewt (core: 4,108.323); Flex (SDK: 3,933,522)? https://s.apache.org/Apache2019Digits

Apache Community Notices:

 - Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday January 10, 2020

The Apache News Round-up: week ending 10 January 2020

Happy Friday, everyone --let's review what the Apache community has been up to over the past week:

Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 January 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998
 - CFP OPEN: Apache Roadshow/DC https://www.apachecon.com/usroadshowdc20/index.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.98%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 886 Apache contributors changed 1,134,112 lines of code over 3,651 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Michał Narajowski, Dan Haywood, Andrea Cosentino, and Andi Huber.           

Apache Project Announcements – the latest updates by category.

Content --
 - Apache Jackrabbit 2.20.0 released https://jackrabbit.apache.org/

Libraries --
 - Apache Commons Codec 1.14 released https://commons.apache.org/proper/commons-codec/

Machine Learning --
 - Apache OpenNLP 1.9.2 released https://opennlp.apache.org/

Servers --
 - Apache HttpComponents Core 5.0 beta11 (GA candidate) released https://hc.apache.org

Web Frameworks --
 - Apache Wicket 7.16.0 and 8.7.0 released https://wicket.apache.org/


Did You Know?

 - Did you know that 200M+ lines of Apache code are stewarded by the ASF's all-volunteer community, comprising 765 individual Members, 206 Apache Project Management Committees (PMCs), and more than 7,200 Committers? https://s.apache.org/Apache2019Digits

 - Did you know that the following Apache projects are celebrating anniversaries this month? Apache Cocoon, James, and Web Services (17 years); Lucene (15 years); ActiveMQ (13 years); Hadoop (12 years); River (9 years); Empire-db and Gora (7 years); OpenMeetings (7 years); Samza (5 years); Arrow (4 years); Ranger (3 years). Many happy returns! https://projects.apache.org/committees.html?date

 - Did you know that new entries in the Apache Incubator include projects in IIoT data analytics; real-time embedded operating systems; and distributed messaging queues? http://incubator.apache.org/


Apache Community Notices:

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday January 03, 2020

The Apache News Round-up: week ending 3 January 2020

Welcome, 2020! We hope that you have had a festive holiday season and are excited to kick off the new year. Here's what happened over the past week:

Apache in 2019 - By The Digits https://s.apache.org/Apache2019Digits

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 January 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

Apache Diversity & Inclusion – newly-formed committee supports initiatives that promote diversity, equity, and inclusion across the greater Apache community.
 - FINAL CALL: respond to the 2020 ASF Community Survey before 4 January https://s.apache.org/pzol5

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998
 - CFP OPEN: Apache Roadshow/DC https://www.apachecon.com/usroadshowdc20/index.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.94%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 506 Apache contributors changed 647,823 lines of code over 2,002 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Gary Gregory, Dan Haywood, Carlos Rovira, and Andrew Wetmore.    

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Geode 1.11.0 released https://geode.apache.org/
 - Apache Drill 1.17.0 released https://drill.apache.org/

Cloud Computing --
 - Apache Libcloud 2.8.0 released https://libcloud.apache.org/

Libraries --
 - Apache Commons VFS 2.5.0 released http://commons.apache.org/proper/commons-vfs/

Search --
 - Apache Lucene 8.4.0 and Solr 8.4.0 released http://lucene.apache.org/


Did You Know?

 - Did you know that the European Commission created its new API Gateway infrastructure using Apache Camel? https://camel.apache.org/

 - Did you know that NBC Universal uses Apache Tinkerpop's Gremlin to write complicated traversals? http://tinkerpop.apache.org/

 - Did you know that blogs.apache.org is powered by Apache Roller? Version 6 just released! http://roller.apache.org/


Apache Community Notices:

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Wednesday January 01, 2020

Apache in 2019 - By The Digits

What an accomplished year for The Apache Software Foundation: 2019 heralded 20 years of Open Source leadership "The Apache Way". Our rallying cry of "Community Over Code" informs everything we do, with billions worldwide benefiting from more than $20B worth of community-led software, provided 100% free-of-charge. Highlights include:

Apache Projects —https://projects.apache.org/

  • Total number of projects + sub-projects - 339
  • Top-Level Projects - 206
  • Podlings in the Apache Incubator - 46
  • ASF Committees (non-Projects) - 11
  • Other groups, including operations/support - 60


Community/People —http://home.apache.org/

  • Apache Committers - 7,203 (7,038 active)
  • ASF Members (individuals) - 765
  • New Members elected - 40


Apache Projects/Code —https://projects.apache.org/statistics.html

3,081 Apache Committers changed 59,309,787 lines of code over 171,689 commits, with an all-time high of 12,250 individuals contributing to Apache projects this year.


Profile of Apache Committers in 2019



More than 75% of contributors in 2019 were new to Apache


Top 5 Committers
  1. Andrea Cosentino (3,841 commits; 588,217 lines changed)
  2. Tilman Hausherr (2,791 commits; 64,805 lines changed)
  3. Claus Ibsen (2,562 commits; 628,919 lines changed)
  4. Jean-Baptiste Onofré (2,498 commits; 81,563 lines changed)
  5. Mark Thomas (2,452 commits; 331,234 lines changed)

Top 5 Apache Project Repositories by Commits
  1. Camel
  2. HBase
  3. Flink
  4. Beam
  5. Hadoop

Top 5 Apache Project Repositories by Size (Lines of Code)
  1. NetBeans (8,354,466)
  2. OpenOffice (7,828,646)
  3. Flex (whiteboard: 5,233,277)
  4. Mynewt (core: 4,108.323)
  5. Flex (SDK: 3,933,522)

Mailing Lists —https://lists.apache.org/
  • Total number of mailing lists 1,399
  • 19,385 authors sent 2,116,421 emails on 1,034,478 topics

Top 5 most active Apache user@ mailing lists
  1. Flink
  2. Lucene-Solr
  3. Ignite
  4. Kafka
  5. Tomcat

Top 5 most active Apache dev@ mailing lists
  1. Beam
  2. Flink
  3. Tomcat
  4. Royale
  5. NetBeans

Contributor License Agreements and Software Grants —https://www.apache.org/licenses/

We welcomed an average of 187 new code contributors and 1,670 new people filing issues each month during 2019. Individuals who are granted write access to the Apache repositories must submit an Individual Contributor License Agreement (ICLA). Corporations that have assigned employees to work on Apache projects as part of an employment agreement may sign a Corporate CLA (CCLA) for contributing intellectual property via the corporation. Individuals or corporations donating a body of existing software or documentation to one of the Apache projects need to execute a formal Software Grant Agreement (SGA) with the ASF. 
  • ICLAs - 759
  • CCLAs - 34
  • Grants - 40

Sponsorship and Individual Support —http://apache.org/foundation/contributing.html

The generous support of hundreds of individual donors and Sponsors helps offset the ASF's day-to-day operating expenses that include Infrastructure, Accounting, Legal, Fundraising, Marketing & Publicity, and other services.

ASF Sponsors provide financial backing for the ASF's operations.

  • Platinum: Amazon Web Services, Cloudera, Comcast, Facebook, Google, Leaseweb, Microsoft, Pineapple Fund, Tencent, and Verizon Media.
  • Gold: Anonymous, ARM, Bloomberg, Handshake, Huawei, IBM, Indeed, Union Investment, and Workday.
  • Silver: Aetna, Alibaba Cloud Computing, Baidu, Budget Direct, Capital One, CarGurus, Cerner, Inspur, ODPi, Private Internet Access, Red Hat, and Target.
  • Bronze: Airport Rentals, Bestecasinobonussen.nl, The Blog Starter, Bookmakers, Cash Store, Casino2k, Cloudsoft, The Economic Secretariat, Emerio, Footprints Recruiting, Gundry MD, HostChecka.com, HostingAdvice.com, Journal Review, LeoVegas Indian Online Casino, Host Advice, Mutuo Kredit AG, Online Holland Casino, ProPrivacy, PureVPN, RX-M, SCAMS.info, Site Builder Report, Start a Blog by Ryan Robinson, Talend, The Best VPN, Top10VPN, Twitter, and Web Hosting Secret Revealed.

ASF Targeted Sponsors provide the Foundation with non-financial contributions for specific activities or programs.

  • Targeted Platinum: CloudBees, DLA Piper, JetBrains, Microsoft, OSU Open Source Labs, Sonatype, and Verizon Media.
  • Targeted Gold: Atlassian, The CrytpoFund, Datadog, PhoenixNAP, and Quenda.
  • Targeted Silver: Amazon Web Services, HotWax Systems, and Rackspace.
  • Targeted Bronze: Bintray, Education Networks of America, Google, Hopsie, No-IP, PagerDuty, Peregrine Computer Consultants Corporation, Sonic.net, SURFnet, and Virtru.


Collectively, our Members, Committers, contributors, users, supporters, and sponsors further our mission of providing Open Source software for the public good. Learn more about The Apache Software Foundation's activities in the FY2019 Annual Report https://s.apache.org/FY2019AnnualReport

Help keep Apache software accessible to everyone: to sponsor or make a contribution* to the ASF, please visit http://apache.org/foundation/contributing.html

Here's to a brilliant 2020!

* The ASF is a US 501(c)(3) not-for-profit charitable organization, whose tax identification number is 47-0825376. The ASF is recognized by Charity Navigator and cited with the Gold Seal of Transparency by GuideStar.

# # #

Friday December 27, 2019

The Apache News Round-up: week ending 27 December 2019

Here we are --the last Friday of the year-- we wish everyone happy holidays and a great finish to 2019. Thank you for your dedicated readership: below is our final weekly round-up; we'll be back in your inbox in 2020:

Support Apache – help the ASF continue to provide $20B+ worth of software for the public good –at 100% no cost.
 - In the final days of the calendar year, we ask that you consider a tax-deductible, charitable gift to the ASF. https://s.apache.org/fxyz1

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 January 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

Apache Diversity & Inclusion – newly-formed committee supports initiatives that promote diversity, equity, and inclusion across the greater Apache community.
 - FINAL CALL: respond to the 2020 ASF Community Survey before 4 January. Thanks in advance! https://s.apache.org/pzol5

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998
 - CFP and Registration OPEN for Apache Roadshow/DC https://www.apachecon.com/usroadshowdc20/index.html
 - Apache Events for 2020 and 2019's presentations are available at https://www.apachecon.com/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.98%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 598 Apache contributors changed 7,672,323 lines of code over 2,519 commits. Top 5 contributors, in order, are: Gary Gregory, Andrew Wetmore, Tomaz Muraus, Jean-Baptiste Onofré, and Shad Storhaug.

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Kylin 3.0.0 released http://kylin.apache.org

Content --
 - Apache JSPWiki 2.11.0.M6 released https://jspwiki-wiki.apache.org/
 - Apache PDFBox 2.0.18 released http://pdfbox.apache.org/
 - Apache Roller 6.0.0 released https://roller.apache.org/

Libraries --
 - Apache Qpid Dispatch 1.10.0 released http://qpid.apache.org/
 - Apache Olingo 4.7.1 released https://olingo.apache.org/

Machine Learning --
 - Apache Hivemall (Incubating) 0.6.0 released http://hivemall.incubator.apache.org/


Did You Know?

 - Did you know that Apache CloudStack has been named Best Cloud Management Software/IaaS Platform by TechRadar? https://techradar.com/in/best/best-cloud-management-software

 - Did you know that Lyft's real-time analytics infrastructure is powered by Apache Druid (incubating), Flink, and Kafka? http://druid.apache.org/ https://flink.apache.org/ https://kafka.apache.org/

 - Did you know that regular users of Apache Maven can contribute back to the project from the "up for grabs" list? https://s.apache.org/up-for-grabs_maven


Apache Community Notices:

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - CFP and pre-registration open for the first Pulsar Summit http://pulsar.apache.org/blog/2019/12/18/Pulsar-summit-cfp/

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday December 20, 2019

The Apache News Round-up: week ending 20 December 2019

We're down to the final weeks of the year, and the Apache community continues to march forward. Here's what we've been up to:

Support Apache – help the ASF continue to provide $20B+ worth of software for the public good –at 100% no cost.
 - Companies such as Bloomberg Philanthropies, IBM, Microsoft, and Wells Fargo's matching gift programs offer tax benefits, and provide their employees the ability to boost their support of a diverse set of nonprofit organizations. Thank you for your tax-deductible, year-end charitable gift to the ASF https://s.apache.org/fxyz1

 ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - The Apache Software Foundation Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n
 - Next Board Meeting: 15 January 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html

Apache Diversity & Inclusion – newly-formed committee supports initiatives that promote diversity, equity, and inclusion across the greater Apache community.
 - The 2020 ASF Community Survey closes on 4 January: we'd love your insight! https://s.apache.org/pzol5

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998
 - CFP and Registration OPEN for Apache Roadshow/DC https://www.apachecon.com/usroadshowdc20/index.html
 - ApacheCon 2019's interviews, presentations, and photos are available at https://www.apachecon.com/history.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.93%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 919 Apache contributors changed 1,473,033 lines of code over 4,069 commits. Top 5 contributors, in order, are: Tilman Hausherr, Tellier Benoit, Andrea Cosentino, Bruce Schuchardt, and Andi Huber.    

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Kafka 2.4.0 released http://kafka.apache.org/

Content --
 - Apache PDFBox JBIG2 ImageIO 3.0.3 released http://pdfbox.apache.org/

Identity Management --
 - Apache Fortress 2.0.4 released http://directory.apache.org/fortress/

IoT --
 - Apache IoTDB (Incubating) 0.8.2 released http://iotdb.apache.org/

Libraries --
 - Apache Log4j 2.13.0 released http://logging.apache.org/
 - Apache DeltaSpike 1.9.2 released http://deltaspike.apache.org/

Machine Learning --
 - Apache Hivemall (Incubating) 0.6.0 released http://hivemall.incubator.apache.org/

Messaging --
 - Apache Qpid Proton 0.30.0 released http://qpid.apache.org

Servers --
 - Apache Tomcat 7.0.99 and 8.5.50 released http://tomcat.apache.org/

Web Conferencing --
 - Apache OpenMeetings 4.0.10 and 5.0.0-M3 released http://openmeetings.apache.org

Did You Know?

 - Did you know that Apache SkyWalking is used at enterprises, universities and research centers such as Alibaba Cloud, China Mobile, DiDi, InBev, Lenovo, Peking University, and WeBank? http://skywalking.apache.org/

 - Did you know that Apache IoTDB (incubating) received a "Most Popular Open Source Project From China in 2019" award? http://iotdb.apache.org/

 - Did you know that the Apache Syncope admin console is now available in French Canadian? http://syncope.apache.org/


Apache Community Notices:

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - ASF Operations Summary: Q2 FY2020 (August - October 2019) https://s.apache.org/2kv2n

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Sunday December 15, 2019

The Apache Software Foundation Operations Summary: August - October 2019

FOUNDATION OPERATIONS SUMMARY

Second Quarter, Fiscal Year 2020 (August - October 2019)

"...a preeminent organization in the world of open source software... The ASF has always distinguished itself by maintaining a consistent mode of project governance and evolution, known as "The Apache Way"."
—Brian Proffitt, Senior Principal Community Architect, Red Hat Open Source Program Office (ASF Silver Sponsor)


> Conferences and 
Events: During this period we held two major Apache events.

In September we held ApacheCon North America in Las Vegas, Nevada, and celebrated the 20th anniversary of the ASF. We had around 725 attendees at the Flamingo Hotel. Event details may be found at https://www.apachecon.com/acna19/   Videos of the plenary sessions and other selected content may be found at https://www.youtube.com/watch?v=0CLDVMcyo1s&list=PLU2OcwpQkYCzWULP5C-C9eTF4DcbnYa2l and audio from selected other presentations is at http://feathercast.apache.org/   Photos from the event are at https://photos.apachecon.com/?/category/2

In October we held ApacheCon Europe in Berlin, Germany. We had around 300 in attendance at the Kulturbrauerei Berlin. Event details may be found at https://aceu19.apachecon.com/  Session videos may be found at https://www.youtube.com/watch?v=2EvCF4XKLso&list=PLU2OcwpQkYCxVGCGWtMxb9d27Z-pcoN9a  Photos from the event are at https://photos.apachecon.com/?/category/1

At the end of this period, we were in planning for our 2020 schedule of events. This will include:

  • Apache Roadshow Chicago (Proposed) - 2020-05-27 to 2020-05-30 Chicago, IL, USA
  • Apache Roadshow, Seattle - 2020-06-10 to 2020-06-13 Seattle, WA, USA
  • ApacheCon North America, New Orleans - 2020-09-28 to 2020-10-03 New Orleans, LA, USA
  • Apache Roadshow China (Proposed) - 2020-10-24 to 2020-10-26, (Location TBD)

(Please note that some of these events are still tentative.)

For sponsorship opportunities, please contact planners@apachecon.com

Upcoming events are listed at http://events.apache.org/ and may change as planning progresses.

> Community DevelopmentDuring this quarter a key theme was event participation.

In August our main focus was dealing with the requests for ordering project stickers for ApacheCon. For this special anniversary event we wanted to ensure that any many projects as possible would have stickers available on the ASF booth.

The main focus in September was to help provide support for Apachecon NA in Las Vegas. As usual we co-ordinated the Apache booth which was staffed by our community volunteers from various projects. They had the chance to speak to attendees, promote their project and hand out a range of giveaways. The ASF booth was also the central place where the Apache feather was on display for all attendees to sign. 

In October the feather was also taken to Berlin for ApacheCon EU and attendees were also invited to sign the feather. Once again we had a central and dynamic booth which became a meeting hub for attendees.

As part of bringing the Apache Way to new audiences, an Apache Day event was held in Indore, India during September. The aim was to give people an overview of the ASF, the Apache Way and also give some practical help in becoming a contributor.

Also this quarter we participated at CCOSS 19 in Guadalajara, Mexico. There was an Apache track with talks ranging from Getting Started to Governance and Open Source Licences. This was a great opportunity to connect with potential new contributors to open source.

We are still receiving requests to participate at events so need to put a plan in place for 2020.

> Committers and Contributions: Over the past quarter, 1,581 contributors committed 42,338 changes that amount to 14,073,594 lines of code across Apache projects. The top 5 contributors, in order, were: Tilman Hausherr (1,010 commits), Andrea Cosentino (788 commits), Mark Robert Miller (771 commits), Mark Thomas (681 commits), and Jean-Baptiste Onofré (616 commits).

All individuals who are granted write access to the Apache repositories must submit an Individual Contributor License Agreement (ICLA). Corporations that have assigned employees to work on Apache projects as part of an employment agreement may sign a Corporate CLA (CCLA) for contributing intellectual property via the corporation. Individuals or corporations donating a body of existing software or documentation to one of the Apache projects need to execute a formal Software Grant Agreement (SGA) with the ASF.

During Q2 FY2020, the ASF Secretary processed 210 ICLAs, 7 CCLAs, and 14 Software Grants. History of Apache committer growth can be seen at https://projects.apache.org/timelines.html

> Brand Management: Operations — The work of the Brand Management team falls broadly into one of three categories:

  • trademark transfers and registrations
  • granting permission to use our marks
  • addressing potential infringements of our marks

The volume of work this quarter has been roughly double that of the previous quarter. The increase has been mostly in the areas of requests to use our marks and queries regarding potential infringements. The increase in volme has been manageable, largely due to the tracking system we have put in place.

This quarter has seen requests to use Apache marks for user groups, events, merchandise, publications and training courses with nearly all requests being granted, subject to our Trademark Usage Policy. There have been a few cases this quarter of requests being made for marks that the ASF does not own which we have redirected to the correct owners.

Registrations — A number of registrations came up for renewal this quarter. We review each renewal as it comes up and, as a result, opted not to renew some of those registrations. The remaining renewals are in now progress.

Some registrations, particularly those outside the US, tend to be more complex. This quarter some of our registrations in China have continued to require additional work to help them progress.

Infringements — Potential infringements are brought to our attention from both internal and external sources. The majority of infringements we see are accidental and our project communities are able to resolve these quickly and informally with occasional input from the Brand Management team. A small number of issues take longer to resolve. We made progress on some of these this quarter and hope that that progress will continue next quarter.

We received multiple reports of a significant infringement this quarter and are in contact with the company concerned to remedy the situation. We hope to have this resolved in the next quarter.

And finally…

The Brand Management team  welcomes your comments and suggestions as well as any questions you might have. Please see https://www.apache.org/foundation/marks/contact for our contact details.

> Infrastructure: The datacenter fast-exit mentioned last quarter was completed, as an all-hands shift. That went very well, and our services have been relocated. That sudden move really helped us to double-check our configuration management (Puppet-based) and to reallocate services to better-cost providers, to stretch our Infrastructure dollar.

For a short while in August, we experienced some email issues that created a perfect storm with one of our primary providers. That has been resolved, with a new mail queue monitoring system and alerting, helping to improve our ongoing level of uptime and service.

September was our 20th Anniversary ApacheCon North America, held in Las Vegas, Nevada. The entire team traveled to Vegas to meet with each other and with the community. It was a great opportunity to put faces to new names, to see some old faces, and to get a bit of work and team bonding accomplished.

We also launched our new ".asf.yaml" service for out projects to self-service many aspects of their GitHub presence, and workflow for publishing project websites. More features for the projects, and less tickets for the team. This has been working well, and we continue to improve upon its capabilities. One of the Apache community members provided several features through some Pull Requests -- it is always great to see someone in the community helping out the thousands of others who form Apache.

One of our final initiatives in the quarter, was a revamp of how we map projects' Apache Subversion repositories over to GitHub. We upgraded the server, improved the mapping system, and pruned out numerous unused projects (eg. they had switched to git). We also improved the resiliency of our GitHub-based webhooks by using message queues for repeatability, and to hold messages while we upgrade the primary server. We've seen improvements in stability and ordering, already.

> Financial Statement:


> Fundraising: Fundraising work continues smoothly with very few non-BAU/business-as-usual details to share. "No news is good news", as they say!

We are pleased to report that the online form and digital agreement signature procedures announced last quarter are working well and keeping busywork to a minimum.

We once again thank all of our wonderful ApacheCon sponsors that showed up in force at ApacheCon NA and ApacheCon EU and were glad to enjoy some in-person time with both Event and Foundation sponsors.

A targeted sponsorship for D&I was received and processed per our BAU procedure. This was the first exercise of the procedure and worked well. We also continued conversations with a targeted sponsor for a project as well as explored the possibility of a crypto token donation.

= = =

Thank you to all our Sponsors --

  • PLATINUM: Amazon Web Services, Cloudera, Comcast, Facebook, Google, LeaseWeb, Microsoft, Pineapple Fund, Verizon Media, Tencent
  • GOLD: Anonymous, ARM, Bloomberg, Handshake, Huawei, IBM, Indeed, Union Investment, Workday
  • SILVER: Aetna, Alibaba Cloud Computing, Baidu, Budget Direct, Capital One, Cerner, Inspur, ODPi, Private Internet Access, Red Hat, Target
  • BRONZE: Airport Rentals, The Blog Starter, Bookmakers, Cash Store, Bestecasinobonussen.nl, CarGurus, Casino2k, Cloudsoft, The Economic Secretariat, Emerio, Footprints Recruiting, Gundry MD, HostChecka.com, Host Advice, HostingAdvice.com, Journal Review, LeoVegas Indian Online Casino,  Mutuo Kredit AG, Online Holland Casino, ProPrivacy, PureVPN, RX-M, SCAMS.info, Site Builder Report, Start a Blog by Ryan Robinson, Talend, The Best VPN, Top10VPN, Twitter, Web Hosting Secret Revealed
  • TARGETED PLATINUM: CloudBees, DLA Piper, JetBrains, Microsoft, OSU Open Source Labs, Sonatype, Verizon Media
  • TARGETED GOLD: Atlassian, The CrytpoFund, Datadog, PhoenixNAP, Quenda
  • TARGETED SILVER: Amazon Web Services, HotWax Systems, Rackspace
  • TARGETED BRONZE: Bintray, Education Networks of America, Google, Hopsie, No-IP, PagerDuty, Peregrine Computer Consultants Corporation, Sonic.net, SURFnet, Virtru

To sponsor The Apache Software Foundation, visit http://apache.org/foundation/sponsorship.html . To make a one-time or monthly recurring donation, please visit https://donate.apache.org/

# # #

Report prepared by Sally Khudairi, Vice President Marketing & Publicity, with contributions by Rich Bowen, Vice President Conferences; Sharan Foga, Vice President Community Development; Mark Thomas, Vice President Brand Management; David Nalley, Vice President Infrastructure; Greg Stein, ASF Infrastructure Administrator; Tom Pappas, Vice President Finance; and Daniel Ruggeri, Vice President Fundraising.

For more information, subscribe to the announce@apache.org mailing list and visit http://www.apache.org/, the ASF Blog at http://blogs.apache.org/, the @TheASF on Twitter, and https://www.linkedin.com/company/the-apache-software-foundation.

(c) The Apache Software Foundation 2019.

Friday December 13, 2019

The Apache News Round-up: week ending 13 December 2019

Happy Friday, everyone. We've had a productive week --let's review:

Support Apache – help the ASF continue to provide $20B+ worth of software –at 100% no cost– for the public good.
 - As a US 501(c)(3) not-for-profit charitable organization, we do not pay for code development or contributions by our Board of Directors, Executive Officers, 765 Individual ASF Members, 205 Apache Project Management Committees, 7,500+ Committers and countless contributors. Less than 10% of the funds we raise is spent on overhead. Thank you for your individual or corporate tax-deductible, year-end charitable gift to the ASF https://s.apache.org/fxyz1

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws. 
 - Next Board Meeting: 18 December 2019. Board calendar and minutes http://apache.org/foundation/board/calendar.html

Apache Diversity & Inclusion – newly-formed committee supports initiatives that promote diversity, equity, and inclusion across the greater Apache community.
 - Have you taken the 2020 ASF Community Survey yet? https://s.apache.org/pzol5

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998
 - CFP and Registration OPEN for Apache Roadshow/DC https://www.apachecon.com/usroadshowdc20/index.html
 - ApacheCon 2019's interviews, presentations, and photos are available at https://www.apachecon.com/history.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.86%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 389 Apache contributors changed 726,972 lines of code over 2,315 commits. Top 5 contributors, in order, are: Claus Ibsen, Alex Herbert, Jarek Potiuk, Tilman Hausherr, and Rene Cordier.  

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Druid (incubating) 0.16.1 released http://druid.apache.org/
 - Apache HBase 2.1.8 released http://hbase.apache.org/

Cloud --
 - Apache Libcloud 2.7.0 released http://libcloud.apache.org/

Content --
 - Apache Jackrabbit 2.19.6 and Jackrabbit Oak 1.10.7 released http://jackrabbit.apache.org/
 - Apache Tika 1.23 released http://tika.apache.org/

Libraries --
 - Apache Commons Pool 2.8.0 released http://commons.apache.org/
 - Apache Juneau 8.1.2 released http://juneau.apache.org/

Mail --
 - Apache SpamAssassin 3.4.3 released https://spamassassin.apache.org/

Messaging --
 - Apache Qpid Broker-J 7.1.6, Qpid Proton-J 0.33.3, and Qpid JMS 0.48.0 released http://qpid.apache.org

Programming Language --
 - Apache Groovy 3.0.0-rc-2 released http://groovy.apache.org/

Servers --
 - Apache Tomcat 9.0.30 released http://tomcat.apache.org/

Did You Know?

 - Did you know that the following Apache projects are celebrating anniversaries this month? Apache Portable Runtime (APR; 19 years); Logging Services (16 years); Cayenne and OFBiz (13 years); Synapse (12 years); Camel (11 years); Axis,  OpenWebBeans, and Pivot (10 years); Aries (9 years); Flex (7 years); Helix (6 years); Flink (5 years); Beam and Eagle (3 years); Trafodion (2 years); Airflow (1 year) --many happy returns! https://projects.apache.org/

 - Did you know that the European Commission’s Directorate-General for Informatics (DIGIT) is powered by Apache HTTP Server, Apache Lucene, and Apache Tomcat? https://aceu19.apachecon.com/session/open-source-software-european-commissions-informatics-directorate

 - Did you know that Kirjastot Bibliotek Library uses Apache Wicket? https://wicket.apache.org/


Apache Community Notices:

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Celebrating 20 Years Community-led Development "The Apache Way" https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998 http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache Camel, Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation