Entries tagged [apache]

Tuesday July 27, 2021

The Apache Cassandra Project Releases Apache® Cassandra™ v4.0, the Fastest, Most Scalable and Secure Cassandra Yet

Open Source enterprise-grade Big Data distributed database powers mission-critical deployments with improved performance and unparalleled levels of scale in the Cloud

Wilmington, DE —27 July 2021— The Apache Cassandra Project released today v4.0 of Apache® Cassandra™, the Open Source, highly performant, distributed Big Data database management platform.

"A long time coming, Cassandra 4.0 is the most thoroughly tested Cassandra yet," said Nate McCall, Vice President of Apache Cassandra. "The latest version is faster, more scalable, and bolstered with enterprise security features, ready-for-production with unprecedented scale in the Cloud."

As a NoSQL database, Apache Cassandra handles massive amounts of data across load-intensive applications with high availability and no single point of failure. Cassandra’s largest production deployments include Apple (more than 160,000 instances storing over 100 petabytes of data across 1,000+ clusters), Huawei (more than 30,000 instances across 300+ clusters), and Netflix (more than 10,000 instances storing 6 petabytes across 100+ clusters, with over 1 trillion requests per day), among many others. Cassandra originated at Facebook in 2008, entered the Apache Incubator in January 2009, and graduated as an Apache Top-Level Project in February 2010.

Apache Cassandra v4.0
Cassandra v4.0 effortlessly handles unstructured data, with thousands of writes per second. Three years in the making, v4.0 reflects more than 1,000 bug fixes, improvements, and new features that include:

  • Increased speed and scalability – streams data up to 5 times faster during scaling operations, and up to 25% faster throughput on reads and writes, that delivers a more elastic architecture, particularly in Cloud and Kubernetes deployments.

  • Improved consistency – keeps data replicas in sync to optimize incremental repair for faster, more efficient operation and consistency across data replicas.

  • Enhanced security and observability – audit logging tracks users access and activity with minimal impact to workload performance. New capture and replay enables analysis of production workloads to help ensure regulatory and security compliance with SOX, PCI, GDPR, or other requirements.

  • New configuration settings – exposed system metrics and configuration settings provides flexibility for operators to ensure they have easy access to data that optimize deployments.

  • Minimized latency – garbage collector pause times are reduced to a few milliseconds with no latency degradation as heap sizes increase.

  • Better compression – improved compression efficiency eases unnecessary strain on disk space and improves read performance.


Cassandra 4.0 is community-hardened and tested by Amazon, Apple, DataStax, Instaclustr, iland, Netflix, and others that routinely run clusters as large as 1,000 nodes and with hundreds of real-world use cases and schemas. 

The Apache Cassandra community deployed several testing and quality assurance (QA) projects and methodologies to deploy the most stable release yet. During the testing and QA period, the community generated reproducible workloads that are as close to real-life as possible, while effectively verifying the cluster state against the model without pausing the workload itself.

"In our experience, nothing beats Apache Cassandra for write scaling, and we're looking forward to the performance and management improvements in the 4.0 release," said Elliott Sims, Senior Systems Administrator at Backblaze. "We rely on Cassandra to manage over one exabyte of customer data and serve over 50 billion files for our customers across 175 countries so optimizing Cassandra's capabilities and performance means a lot to us."

"Since 2016, software engineers at Bloomberg have turned to Apache Cassandra because it’s easy to use, easy to scale, and always available," said Isaac Reath, Software Engineering Team Lead, NoSQL Infrastructure at Bloomberg. "Today, Cassandra is used to support a variety of our applications, from low-latency storage of intraday financial market data to high-throughput storage for fixed income index publication. We serve up more than 20 billion requests per day on a nearly 1 PB dataset across a fleet of 1,700+ Cassandra nodes."

"Netflix uses Apache Cassandra heavily to satisfy its ever-growing persistence needs on its mission to entertain the world. We have been experimenting and partially using the 4.0 beta in our environments and its features like Audit Logging and backpressure," said Vinay Chella, Netflix Engineering Manager and Apache Cassandra Committer. "Apache Cassandra 4.0's improved performance helps us reduce infrastructure costs. 4.0's stability and correctness allow us to focus on building higher-level abstractions on top of data store compositions, which results in increased developer velocity and optimized data store access patterns. Apache Cassandra 4.0 is faster, secure, and enterprise-ready; I highly suggest giving it a try in your environments today."

"Apache Cassandra's contributors have worked hard to deliver Cassandra 4.0 as the project's most stable release yet, ready for deployment to production-critical Cloud services," said Scott Andreas, Apache Cassandra Contributor. "Cassandra 4.0 also brings new features, such as faster host replacements, active data integrity assertions, incremental repair, and better compression. The project's investment in advanced validation tooling means that Cassandra users can expect a smooth upgrade. Once released, Cassandra 4.0 will also provide a stable foundation for development of future features and the database's long-term evolution."

Apache Cassandra is in use at Activision, Apple, Backblaze, BazaarVoice, Best Buy, Bloomberg Engineering, CERN, Constant Contact, Comcast, DoorDash, eBay, Fidelity, GitHub, Hulu, ING, Instagram, Intuit, Macy's, Macquarie Bank, Microsoft, McDonalds, Netflix, New York Times, Monzo, Outbrain, Pearson Education, Sky, Spotify, Target, Uber, Walmart, Yelp, and thousands of other companies that have large, active data sets. In fact, Cassandra is used by 40% of the Fortune 100. Select Apache Cassandra case studies are available at https://cassandra.apache.org/case-studies/ 

In addition to Cassandra 4.0, the Project also announced a shift to a yearly release cycle, with releases to be supported for a three-year term.

Catch Apache Cassandra in action through presentations from the April 2021 Cassandra World Party https://s.apache.org/jjv2d .

Availability and Oversight
Apache Cassandra software is released under the Apache License v2.0 and is overseen by a volunteer, self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Cassandra, visit https://cassandra.apache.org/ and https://twitter.com/cassandra .

About Apache Cassandra
Apache Cassandra is an Open Source, distributed, wide column store, NoSQL database management system designed to handle large amounts of data across many commodity servers, providing high availability with no single point of failure. Cassandra offers robust support for clusters spanning multiple datacenters, with asynchronous masterless replication allowing low latency operations for all clients. Apache Cassandra is used in some of the largest data management deployments in the world, including nearly half of the Fortune 100.

© The Apache Software Foundation. "Apache", "Cassandra", "Apache Cassandra", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

#  #  #

Friday July 23, 2021

The Apache News Round-up: week ending 23 July 2021

Happy Friday! Let's review at what's happened with the Apache community over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 18 August 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September) are being held online and free-of-charge:
 - The Apache® Software Foundation Welcomes its Global Community Online at ApacheCon Asia https://s.apache.org/ACAsia2021
    -- Learn more about the ApacheCon Asia from Sheng Wu and Willem Jiang at https://youtube.com/watch?v=hfRCrpnbDhc
 - Program, registration, and Sponsorship opportunities available for both events https://www.apachecon.com/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 321 Apache Committers changed 2,697,642 lines of code over 2,627 commits. Top 5 contributors, in order, are: Mark Thomas, Hugh Miles, Tilman Hausherr, Gary Gregory, and Andrea Cosentino.      

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX Java Plugin Runner 0.1 and Go Plugin Runner 0.1.0 released https://apisix.apache.org/

Big Data --
 - Apache NiFi 1.14.0 released http://nifi.apache.org/

Content --
 - Apache Tika 2.0.0 released https://tika.apache.org/

Databases --
 - Apache Impala 4.0.0 released https://impala.apache.org
   -- CVE-2021-28131: Impala logs contain secrets https://s.apache.org/i92m6

Libraries --
 - Apache Commons Numbers 1.0 released https://commons.apache.org/
 - Apache Commons VFS 2.9.0 released http://commons.apache.org/proper/commons-vfs/

Mail --
 - Apache James MIME4J 0.8.5 released https://james.apache.org/

Web Conferencing --
 - Apache OpenMeetings 6.1.0 released https://openmeetings.apache.org/


Did You Know?

- Did you know that the ASF's Infrastructure team are hiring a new sysadmin to the team? Do you or someone you know have what it takes? Learn more and apply at https://www.indeed.com/job/infrastructure-systems-administrator-e4048d477e40ae7e

- Did you know that Apache Cassandra powers the Woods Hole Oceanographic Institution's Ocean Observatories Initiative network that provides real-time data delivery from 800+ instruments to address the world's oceans' critical scientific issues? http://cassandra.apache.org/

- Did you know that the "Trillions and Trillions Served" documentary on The Apache Software Foundation comprised 65 hours of filming over 8 terrabytes of footage? https://youtube.com/watch?v=JUt2nb0mgwg&feature=youtu.be


Apache Community Notices

- The Apache Month in Review: June 2021 https://s.apache.org/June2021 and video highlights https://youtu.be/yIE8SSHw2iw

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions-WhyApache 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday July 16, 2021

The Apache News Round-up: week ending 16 July 2021

The week has zipped by --it's Friday already-- and it's time to take a look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 July 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September) are being held online and free-of-charge:
 - The Apache® Software Foundation Welcomes its Global Community Online at ApacheCon Asia https://s.apache.org/ACAsia2021
 - Program, registration, and Sponsorship opportunities available for both events https://www.apachecon.com/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.96%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 339 Apache Committers changed 1,212,020 lines of code over 2,824 commits. Top 5 contributors, in order, are: Gary Gregory, Andrea Cosentino, Alex Herbert, Till Rohrmann, and Shen Yi.     

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Beam 2.31.0 released https://beam.apache.org/
 - Apache XMLBeans 5.0.1 released  https://xmlbeans.apache.org/

Build Management --
 - Apache Ant 1.9.16 and 1.10.11 released https://ant.apache.org/
   -- CVE-2021-36374: ZIP and ZIP based, archive denial of service https://s.apache.org/zpczu
   -- CVE-2021-36373: TAR archive denial of service https://s.apache.org/4q75p

Content --
 - Apache Jackrabbit 2.21.7 released http://jackrabbit.apache.org/

Identity Management --
 - Apache Fortress 2.0.6 released http://directory.apache.org/fortress/

Integration --
 - Apache Camel 3.7.5 released https://camel.apache.org/

Libraries --
 - Apache Commons Compress 1.21 released https://commons.apache.org/compress/
   -- CVE-2021-36090: Compress 1.0 to 1.20 denial of service vulnerability https://s.apache.org/q8amn
   -- CVE-2021-35517: Compress 1.1 to 1.20 denial of service vulnerability https://s.apache.org/c62m8
   -- CVE-2021-35516: Compress 1.6 to 1.20 denial of service vulnerability https://s.apache.org/10vmz
   -- CVE-2021-35515: Compress 1.6 to 1.20 denial of service vulnerability https://s.apache.org/nr26m 
 - Apache Commons IO 2.11.0 released https://commons.apache.org/proper/commons-io

Messaging --
 - Apache Qpid JMS 1.1.0 released https://qpid.apache.org/

Network Client/Server --
 - Apache MINA CVE-2021-30129: DoS/OOM leak vulnerability in SSHD Server https://s.apache.org/3oiwl

Observability --
 - Apache SkyWalking Client JS 0.6.0 released https://skywalking.apache.org/

Servers --
 - Apache Tomcat CVE-2021-30639: Denial of Service https://s.apache.org/j21aj
   -- CVE-2021-33037: HTTP request smuggling https://s.apache.org/9sjso
   -- CVE-2021-30640: JNDI realm authentication weakness https://s.apache.org/hcsp0

Web Frameworks --
 - Apache Wicket 8.13.0 released https://wicket.apache.org/

Did You Know?

- Did you know that Airbnb’s Minerva observability platform uses Apache Druid to achieve metric consistency at scale? https://druid.apache.org/ 

- Did you know that the Apache Ignite 3.0.0 Alpha 2 Build Community Gathering will take place on 20 July? https://ignite.apache.org/

- Did you know that the next ApacheTVM community meeting will take place online on 22 July? https://tvm.apache.org/community 


Apache Community Notices

- The Apache Month in Review: June 2021 https://s.apache.org/June2021 and video highlights https://youtu.be/yIE8SSHw2iw

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday July 09, 2021

The Apache News Round-up: week ending 9 July 2021

Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 July 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events are being held in 2021:
 - ApacheCon@Home (21-23 September) - program and registration are live https://www.apachecon.com/acah2021/
 - ApacheCon Asia (6-8 August) - program, registration, keynotes, and sponsors announced https://s.apache.org/ACAsia2021
 - Sponsorship opportunities available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.85%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 321 Apache Committers changed 1,403,021 lines of code over 2,485 commits. Top 5 contributors, in order, are: Shawn McKinney, Claus Ibsen, Dan Haywood, Gary Gregory, and Andi Huber.   

Apache Project Announcements – the latest updates by category.

Apache Attic --provides process and solutions when an Apache project has reached its end of life. http://attic.apache.org/
 - Apache Sqoop is now retired https://s.apache.org/0e51t

Big Data --
 - Apache ShardingSphere ElasticJob 3.0.0 released https://shardingsphere.apache.org

Build Management --
 - Apache AntUnit 1.4.1 released https://ant.apache.org/

Cloud Computing --
 - Apache CloudStack 4.15.1.0 LTS released https://cloudstack.apache.org/

Content --
 - Apache Tika 1.27 released https://tika.apache.org/
 - Apache UIMA Java SDK 2.11.0 released https://uima.apache.org/

Libraries --
 - Apache Jena Fuseki CVE-2021-33192: Display information UI XSS https://s.apache.org/r4893

Messaging --
 - Apache Qpid Proton 0.35.0 and Dispatch 1.16.1 released http://qpid.apache.org/

Servers --
 - Apache Tomcat 8.5.69, 9.0.50, 10.0.8 and 10.1.0-M2 (alpha) released https://tomcat.apache.org/

Web Frameworks --
 - Apache Wicket 9.4.0 released https://wicket.apache.org/


Did You Know?

- Did you know that Apache OpenOffice delivers up to 2.4 Million downloads each month? https://openoffice.apache.org/

- Did you know that Nielsen Marketing Cloud uses Apache Druid for audience and marketing performance analysis? https://druid.apache.org/ 

- Did you know that Apache ShardingSphere has a new blog post that details their v5.0.0 beta release? https://shardingsphere.apache.org/blog/en/material/ss_5.0.0beta/


Apache Community Notices

- The Apache Month in Review: June 2021 https://s.apache.org/June2021 and video highlights https://youtu.be/yIE8SSHw2iw

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday July 02, 2021

The Apache News Round-up: week ending 2 July 2021

Hello, July --we're midway through the year already. It's been another great week; let's see what the Apache community has been up to:

Apache Month in Review – a round-up of our Round-ups and other newsworthy bits over the past month.
 - June Month in Review https://s.apache.org/June2021 --video highlights at https://youtu.be/yIE8SSHw2iw

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 July 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events are being held in 2021:
 - ApacheCon@Home (21-23 September) - program and registration are live https://www.apachecon.com/acah2021/
 - ApacheCon Asia (6-8 August) - program, registration, keynotes, and sponsors announced https://s.apache.org/ACAsia2021
 - Sponsorship opportunities available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 349 Apache Committers changed 3,463,699 lines of code over 4,141 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Xiaoxiang Yu, Penghui Li, Andrea Cosentino, and Tellier Benoit.

Apache Project Announcements – the latest updates by category.

Apache Attic --provides process and solutions when an Apache project has reached its end of life. http://attic.apache.org/
- Apache MetaModel is now retired https://s.apache.org/69b1q

Big Data --
 - Apache Druid CVE-2021-26920: The HTTP inputSource allows authenticated users to read data from other sources than intended https://s.apache.org/e5oai

Databases --
 - Apache Geode 1.13.3 and 1.12.3 released http://geode.apache.org/

Integration --
 - Apache Camel 3.11.0 released https://camel.apache.org/


Did You Know?

- Did you know that the following Apache projects are celebrating anniversaries this week? Many happy returns to Apache Tcl (21 years), DB (19 years); STeVe (9 years); JSPWiki (8 years); Celix and Tez (7 years); NiFi (6 years); Kudu (5 years); Fluo, MADlib, and Streams (4 years); OpenWhisk (2 years); APISIX (1 year) https://projects.apache.org/committees.html?date

- Did you know that Airflow Summit kicks off 8-16 July? https://airflow.apache.org/

- Did you know that FlinkForward Global will be held virtually 26-27 October? https://flink.apache.org/


Apache Community Notices

- The Apache Month in Review: June 2021 https://s.apache.org/June2021 and video highlights https://youtu.be/yIE8SSHw2iw

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Thursday July 01, 2021

Apache Month in Review: June 2021

Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in June (video highlights available at https://youtu.be/yIE8SSHw2iw ):

New this month --

 - Success at Apache – the blog series that focuses on the people and processes behind why the ASF "just works".
   Security in Practice by Jarek Potiuk https://s.apache.org/1upl4

 - Apache Attic --provides process and solutions when an Apache project has reached its end of life http://attic.apache.org/
   Apache MetaModel is now retired https://s.apache.org/69b1q

 - Apache Month in Review: May 2021 https://s.apache.org/May2021 + Video highlights https://youtu.be/ByiPjxGu_Tg


Important Dates --

 - Next Board Meeting: 21 July 2021. Board calendar and minutes http://apache.org/foundation/board/calendar.html

 - ApacheCon™ --the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998-- will be held twice in 2021:
   --ApacheCon Asia - 6-8 August
   --ApacheCon@Home - 21-23 September
  Program, Registration, and Sponsorship available for both events https://www.apachecon.com/
  The Apache® Software Foundation Welcomes its Global Community Online at ApacheCon Asia 2021 https://s.apache.org/ACAsia2021


Infrastructure --

Our seven-member Infrastructure team on three continents oversees our highly-reliable, distributed network under the leadership of VP Infrastructure David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure supports 300+ Apache projects and their communities across ~200 individual machines, 1,400+ repositories, 5-6PB in traffic annually, ~75M downloads per month, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly checks to ensure services are available around the clock. The average uptime in May was 99.71%. http://www.apache.org/uptime/

Committer Activity --

In June, 703 Apache Committers changed 14,997,996 lines of code over 12,720 commits. The Committers with the top 5 highest contributions, in order, were: Mark Thomas, Andrea Cosentino, Daniel Haywood, Andi Huber, and Benoit Tellier.  

Project Releases and Updates --

New releases from Apache Airflow (Workflow); Arrow (Big Data); Calcite (Big Data); Camel (Integration); Commons (Libraries); CXF (Libraries); Drill (Big Data); Druid (Big Data); Flink (Big Data); HTTP Server (Servers); IoTDB (IoT); Jackrabbit (Content); Kudu (Big Data); Logging Chainsaw (Libraries); Lucene (Search); MyFaces (Web Frameworks); NetBeans (IDE); NLPCraft (Natural Language Processing); PDFBox (Content); Pulsar (Messaging); Qpid (Messaging); ShardingSphere (Big Data); SkyWalking (Observability); Solr (Search); Tika (Content); Tomcat (Servers)

The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. New to the Apache Incubator in June is Kyuubi, a distributed multi-tenant Thrift JDBC/ODBC server for Big Data management, processing, and analytics. We invite you to review the many projects currently in development in the Apache Incubator, including recent additions in the advertising, Big Data, geospatial, machine learning, messaging, natural language understanding, orchestration, and scheduling categories http://incubator.apache.org/ .

# # #

To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!

Friday June 25, 2021

The Apache News Round-up: week ending 25 June 2021

So long, June --let's review the Apache community's weekly activities:

Success at Apache – the blog series that focuses on the people and processes behind why the ASF "just works".
 - Security in Practice by Jarek Potiuk https://s.apache.org/1upl4

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 July 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events are being held in 2021:
 - ApacheCon@Home (21-23 September) - program and registration are live https://www.apachecon.com/acah2021/
 - ApacheCon Asia (6-8 August) - program, registration, keynotes, and sponsors announced https://s.apache.org/ACAsia2021
 - Sponsorship opportunities available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.72%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 338 Apache Committers changed 2,475,387 lines of code over 2,883 commits. Top 5 contributors, in order, are: Mark Thomas, Jarek Potiuk, Claus Ibsen, Otavio Rodolfo Piske, and Dan Haywood.        

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache ShardingSphere 5.0.0-beta released https://shardingsphere.apache.org
 - Apache Arrow 4.0.1 released https://arrow.apache.org/
 - Apache Qpid Broker-J 8.0.5 released https://qpid.apache.org/
 - Apache Kudu 1.15.0 released https://kudu.apache.org/

Integration --
 - Apache Camel 3.4.6 released https://camel.apache.org/

IoT --
 - Apache IoTDB 0.11.4 and 0.12.1 released https://iotdb.apache.org/

Search --
 - Apache Lucene 8.9.0 and Solr 8.9.0 released http://lucene.apache.org/

Workflow --
 - Apache Airflow CVE-2021-29621: User enumeration in database authentication in Flask-AppBuilder <= 3.2.3 https://s.apache.org/jeee7


Did You Know?

- Did you know that the Apache Pinot (incubating) injests with Apache Kafka, Spark, HDFS or Cloud storages, and is ideal for real-time analytics when scaling to billions of records? http://pinot.apache.org/

- Did you know that Apache ECharts has more than three dozen chart types (plus dark mode) to choose from? http://echarts.apache.org/

- Did you know that the Airflow Summit will be held 8-16 July? https://airflow.apache.org/

Apache Community Notices

- The Apache Month in Review: May 2021 https://s.apache.org/May2021 and video highlights https://youtu.be/ByiPjxGu_Tg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Wednesday June 23, 2021

Success at Apache: Security in Practice

by Jarek Potiuk


This post is about the Apache Software Foundation's Security process and security mindset of the Apache Software project’s PMC put to the best use in practice. From this post you can learn why security practices we apply at our projects are important and how they work when they are applied correctly and when the right security-driven mindset is applied by the PMCs but also how important it is for the users of the Apache Software Foundation projects to keep their software updated - including latest security fixes.


The idea of this article was triggered by a recent blog post of the security researcher Ian Caroll that has earned USD 13.000 on bug bounties by simply following up the results of Apache Security process applied by the Apache Airflow PMC. This saved quite a few businesses a lot of trouble, but it was only possible due to the foundations laid down by the ASF and the PMC of the project.


Here is what Ian Caroll has to say about it: “This issue was a great example of how ASF's transparent way of fixing and disclosing vulnerabilities worked to protect users of their software, and gave many organizations a wake-up call on ensuring they upgrade and protect their open-source software.


Apache Airflow is one of the most common orchestration software used in the industry currently, and due to its nature, it sounds like an important vector of attack - if you run it internally in your company, you are likely to interact with pretty much all your systems, and if you manage to break in through Airflow, it might cascade into as many systems you connect to. Therefore the Apache Airflow PMC takes security very seriously. So seriously that we have the whole discussion panel about Apache Airflow Security at the Airflow Summit that is coming soon - July 8-16th.


This post's main point is to show how important it is to follow the security best practices for all the software lifecycle and how important it is to think about it at every step of building and releasing the software (and beyond).


Let's start from the very beginning: making sure the code development process is secure. Like most of the ASF projects, the Apache Airflow project is developed in GitHub and together with a growing number of projects we use GitHub Actions to run continuous integration. There are a number of best practices and security hardening practices published by Github that you should follow when you run your CI with GitHub Actions, and we rigorously follow them, including monitoring of the "Security blog of GitHub" and following it’s advisories.


And we have not stopped there. We actively think and discuss the potential security threats and ways how - for example supply chain attacks can be performed on our project, and we share our findings at the discussion mailing lists of the ASF and introducing recommendations for all ASF projects to make use of the best practices. One of the results there is documenting the practices and sharing them at the builds@apache.org. But we also raised a few security issues to GitHub and as a result of that (at least that’s the feedback we got from GitHub) they implemented some improvements that we apply in practice. The recent example of that is a change implemented by GitHub to allow control of permissions of the GitHub Token used during the CI build which resulted in this PR. Few months ago, we raised concern that having the blanket "write" permission is quite dangerous, and GitHub responded and implemented the change, which allowed us to limit the scope of tokens used for our builds and increase protection against a wide range of attacks - with the supply-chain attacks being recently the most prominent ones, leading to ransomware threats and millions of dollars paid to hackers


This is where the security mindset for the Apache Airflow PMC starts with and this lays the foundation for the next steps where the Apache Software Foundation takes a crucial role in - releasing the software and monitoring for security vulnerabilities. The ASF has a rather well established process for disclosing and following up with security vulnerabilities for the ASF projects. One that is very straightforward and simple to follow for everyone involved - starting from security researchers, who raise those issues, going through the voluntary (!) security team of the ASF that has to handle (from the upcoming annual report) 387 reports of possible vulnerabilities spanned across 95 of the top level ASF projects, which led to 155 CVEs (Common Vulnerabilities and Exposures) assigned, and end up with the PMC that has to handle solving the issues and follow up with reporting. Heck, ASF even introduced an internal portal to report and keep track of all the CVEs as well as report the yearly security summary report and video.


This process is very clear about responsible disclosure and publishing the vulnerabilities, the way how security researchers, the ASF security team and PMC can collaborate when security is discovered. Quite a recent experience there was discovering and announcing CVE-2021-29621: User enumeration in database authentication in Flask-AppBuilder. This issue was reported to the ASF - following the process - by Dolev Farhi he responsibly disclosed it together with proof-of-concept reproducible scenario that allowed us to quickly verify that the issue exists and (more importantly) that allowed us to verify that the issue is fixed when we fixed it. 


At the end of the process this is the message we got from Dolev: "Truly enjoyed working with you. Thanks so much for your help in bringing this to closure and making Airflow what it is."


The CVE was an interesting one because it was not an issue with the Airflow code, but it was introduced by a dependency of Airflow - Flask-AppBuilder. Fortunately the process is built in the way that we can involve and collaborate with other projects in solving it, and we got excellent support from Daniel Gaspar. We tried and tested the fix locally, provided it to Daniel which let Daniel quickly implement it and release a new version of Flask AppBuilder fixing it. This was also important for the Apache Superset project (Daniel is a PMC there as well) which also uses Flask-AppBuilder and suffered from the same vulnerability. This shows how security is a distributed issue and how much cooperation is important and how much a good security process should embrace it. I truly enjoyed cooperation with Daniel, and Dolev as we helped to test release candidate of Flask AppBuilder. Later on, when the CVE was published, we announced it following the regular announcement process.


Here is what Daniel has to say about it: "A great example of multiple open source projects working together, elevating each other to higher quality. The whole is greater than the sum of the parts. Got a clear report with a proposed fix, reproducible steps all backed by the ASF security process, it was a breeze to fix and release." 


This leads to the most important point. We can do only as much as we can when it comes to developing and releasing our software. But then it’s up to our users to upgrade to the latest versions. If they don’t, they remain vulnerable. This was the actual reason for the blog post I mentioned initially - despite announcing a CVE-2020-17526 and releasing a fixed version a long time ago, many of our users did not follow the announcements and did not upgrade to the latest version of Airflow. I must stress here the importance of this step - as long as our users do not upgrade to fixed versions, there is not much we can do to help them. It's all in our users' hands! This time it ended up with just USD 13.000 paid to Ian in the form of bounties, because Ian is a responsible security researcher (so called "white hat"). But imagine some bad characters doing the same thing Ian did.


Of course we understand that this might sometimes be difficult to migrate to newer versions of a software, but here we also have another solution that we applied last year, and one that might seem surprising at first, but makes perfect sense when you look at the consequences. Consistent versioning and release support predictability. When we announced Airflow 2.0 last year, there was a small but important change we introduced - full support for Semantic Versioning which we follow rigorously since. We also published a predictable version lifecycle. Why is this important ? Because the users might be pretty sure that they can safely upgrade “patchlevel” version of Airflow when it gets released without even thinking about potential migration problems. Also when you release the "feature" - minor version of Airflow, we promise it is backwards-compatible and even if the migration process might be a bit longer, they can apply it without worrying about spending a lot of time for the migration of their DAGs (DAGs are the users workflow definitions that some of our customers have many thousands of as their entire data processing is orchestrated by Airflow). 


We also publish (and will continue to) the support schedule for our major releases, so that the users can be prepared and plan migration to new major releases in advance. As with all software we sometimes will implement backwards-incompatible changes which will cause our users to spend more time on migrations. Those old releases will stop receiving security fixes at some date and the best you can do as a user is to migrate to the supported version before the date!


Which leads to the last and most important point in this article. If you are a diligent reader and look at the announcement I mentioned above for CVE-2021-29621, you will see that the fix for that is only released for Airflow 2 series. Why? Because Airflow 1.10 just reached its end-of-life on June 17th 2021. When we released Airflow 2, half a year ago, we agreed in the community that we will only support Airflow 1.10 with critical/security fixes for 6 months. And we did - for example the CVE-2020-17526 has been addressed in the Airflow 1.10.14. 


But this time is over now. This is the first security vulnerability that we addressed only for Airflow 2. If you are still using Airflow 1.10 - you are on your own now. You are no longer protected by the security process of the ASF, the security team of ASF and airflow PMC. What’s even more - security researchers who raise the issues, even if they find it, might not be eager to responsibly disclose it, knowing also that the issue will not be fixed anyway. When you read about the next ransomware attack and millions of dollars paid, think if you would like one day your company to face this kind of dilemma. Even if it costs time and money to keep your software updated, preventing this kind of problem is far cheaper than dealing with the consequences of such an attack.


Upgrade NOW! to the latest release of Airflow 2 and keep on doing it for the future releases!


Be sure to join us at Airflow Summit online 8-16 July https://airflowsummit.org/ --registration is free and open to all.


# # #


Jarek Potiuk started to work on the Apache Airflow project in September 2018. He became an Apache Airflow committer in April 2019 and a member of the Apache Airflow Project Management Committee (PMC) in October 2019. He was elected an ASF Member in April 2021. He is an Apache project mentor in Outreachy and Google Summer of Code and was a mentor in Google Season of Docs. Jarek is an independent Open Source Contributor and Advisor and always keen on making it easier for people with different backgrounds to join OSS projects. = = = "Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works" https://blogs.apache.org/foundation/category/SuccessAtApache 

Friday June 18, 2021

The Apache News Round-up: week ending 18 June 2021

The week has zipped by --it's Friday already-- and it's time to take a look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 July 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events are being held in 2021:
 - ApacheCon@Home (21-23 September) - NEW: program is live; registration is open https://www.apachecon.com/acah2021/
 - ApacheCon Asia (6-8 August) - program, registration, keynotes, and sponsors announced https://s.apache.org/ACAsia2021
 - Sponsorship opportunities available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.98%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 328 Apache Committers changed 7,971,444 lines of code over 2,795 commits. Top 5 contributors, in order, are: Andi Huber, Mark Thomas, Andrea Cosentino, Tellier Benoit, and Hugh Miles.    

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Druid 0.21.1 released https://druid.apache.org/
 - Apache Drill 1.19.0 released  https://drill.apache.org/

Content --
 - Apache PDFBox 2.0.24 released https://pdfbox.apache.org/
 - Apache PDFBox CVE-2021-31811: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file https://s.apache.org/50vi6
   and CVE-2021-31812: A carefully crafted PDF file can trigger an infinite loop while loading the file https://s.apache.org/cl4ye
 - Apache Jackrabbit 2.20.3 released http://jackrabbit.apache.org/

Libraries --
 - Apache Chainsaw 2.1.0 released https://logging.apache.org/chainsaw
 - Apache Chainsaw CVE-2020-9493: Java deserialization in Chainsaw https://s.apache.org/7w31l
 - Apache CXF CVE-2021-30468: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter https://s.apache.org/jxa3r

Messaging --
 - Apache Pulsar 2.8.0 released https://pulsar.apache.org/

Natural Language Processing --
 - Apache NLPCraft 0.8.0 (incubating) released https://nlpcraft.apache.org/

Observability --
 - Apache SkyWalking 8.6.0 released https://skywalking.apache.org/

Servers --
 - Apache Tomcat 8.5.68 and 10.1.0-M1 (alpha) released https://tomcat.apache.org/


Did You Know?

- Did you know that registration for ApacheCon Asia and ApacheCon@Home is free, and allows participants to choose to support the events by making an optional donation of $10, $20, or $50? https://www.apachecon.com/

- Did you know that the Apache HTTP Server project are using libera for their user support channel? Join the main channel on #httpd and #httpd-dev for the dev community --to connect, check out https://libera.chat/guides/connect . http://httpd.apache.org/

- Did you know that Apache Pinot (incubating) will be holding an online MeetUp on 22 June? https://www.meetup.com/apache-pinot/events/277817649/


Apache Community Notices

- The Apache Month in Review: May 2021 https://s.apache.org/May2021 and video highlights https://youtu.be/ByiPjxGu_Tg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Friday June 11, 2021

The Apache News Round-up: week ending 11 June 2021

Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 June 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events are being held in 2021:
 - ApacheCon Asia (6-8 August) - program, registration, keynotes, and sponsors announced https://s.apache.org/ACAsia2021
 - ApacheCon@Home (21-23 September) - registration is open https://www.apachecon.com/acah2021/register.html 
 - Sponsorship opportunities available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.45%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 371 Apache Committers changed 2,051,196 lines of code over 3,026 commits. Top 5 contributors, in order, are: Dan Haywood, Mark Thomas, Andrea Cosentino, Claus Ibsen and Andi Huber.     

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Calcite 1.27.0 released https://calcite.apache.org/

Servers --
 - Apache Tomcat Native 1.2.30 released https://tomcat.apache.org/

Web Frameworks --
 - Apache MyFaces Core 3.0.1 released http://myfaces.apache.org/

Did You Know?

- Did you know that the following Apache projects are celebrating their anniversary this month? Many happy returns to Apache SpamAssassin (17 years); Santuario (15 years); Commons and Wicket (14 years); Sling (12 years); Karaf (11 years); Flume and VCL (9 years); Mesos (8 years); Atlas and Mynewt (4 years)! https://projects.apache.org/committees.html?date

- Did you know that the Apache SkyWalking Day, originally scheduled for 20 June in Shenzhen, has been cancelled? https://skywalking.apache.org/

- Did you know that Apache PLC4X has just received their vendor ID for the PROFIBUS and PROFINET standard specifications with the aim of providing the first truly Open Source Profinet Master driver? https://plc4x.apache.org/


Apache Community Notices

- The Apache Month in Review: May 2021 https://s.apache.org/May2021 and video highlights https://youtu.be/ByiPjxGu_Tg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Wednesday June 09, 2021

The Apache® Software Foundation Welcomes its Global Community Online at ApacheCon(TM) Asia 2021

Asia edition of the official Apache global conference series to be held virtually, with 140+ sessions, and keynote and plenary sessions by luminaries from AliCloud, API7, DiDi Chuxing, Huawei, Kyligence, PingCAP, Tencent Cloud, Tsinghua University, and more. 

Wilmington, DE —9 June 2021— The Apache® Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced keynotes, sponsors, and program for ApacheConTM Asia, taking place online 6-8 August 2021. Registration is open and free for all attendees.

"We’re excited to hold ApacheCon Asia online following last year’s highly successful ApacheCon@Home," said Sheng Wu, ApacheCon Asia co-Chair and member of the ASF Board of Directors. "The pandemic mobilized the global Apache community to collectively produce a first-rate online event, supported by an outstanding group of sponsors. We are proud to build on ApacheCon’s new virtual format and bring the ApacheCon Asia program to participants joining us from any location."

ApacheCon is the ASF's official global conference series, first held in 1998. ApacheCon draws attendees from more than 130 countries to experience "Tomorrow's Technology Today" independent of business interests, corporate biases, or sales pitches.

ApacheCon showcases the latest breakthroughs from dozens of Apache projects, with content selected entirely by Apache projects and their communities. ApacheCon Asia joins ApacheCon@Home, taking place online 21-23 September, to meet the educational demands of the growing Apache community of developers, users, and enthusiasts worldwide.

"Tune in to ApacheCon Asia's 140+ sessions to learn the latest developments, best practices, and lessons learned with Apache projects, incubating podlings, and community-led development 'The Apache Way',” said Willem Jiang, ApacheCon Asia co-Chair and initiator of Apache Local Community Beijing. "Participants can also connect and network virtually with attendees, speakers, and sponsors in real-time, as well as revisit presentations and explore additional tracks after the event."

Participants at all levels will learn about Apache project innovations in categories that include: APIs and Microservices; Big Data; Community; Culture; Data Visualization; Incubator; Integration; IoT and IIoT; Messaging; Middleware; Observability; Streaming; Servers; Workflow and Data Governance. 

Featured Apache projects include Airflow, APISIX, Arrow, Atlas, Bigtop, BookKeeper, brpc (incubating), Camel, CarbonData, Cassandra, Commons, DolphinScheduler, Doris (incubating), Druid, Dubbo, ECharts, Flink, Hadoop, HBase, Hive, HUDI, Ignite, Impala, InLong (incubating), IoTDB, Kafka, Kudu, Kylin, Liminal (incubating), MXNet (incubating), Nemo (incubating), Ozone, Pegasus (incubating), Pinot (incubating), PLC4X, Pulsar, RocketMQ, ServiceComb, ShardingSphere, SkyWalking, Sling, Spark, StreamPipes (incubating), Superset, Teaclave (incubating), Tomcat, YuniKorn (Incubating), and more.

Keynote presentations will be delivered by Dongxu Huang, CTO of PingCAP; Jianmin Wang, Dean, School of Software at Tsinghua University; Sharan Foga, ASF Board Member; and Sheng Wu, ASF Board Member. Plenary sessions will be presented by AliCloud, API7, DiDi Chuxing, Huawei, Kyligence, and Tencent Cloud.

The full program is available at https://apachecon.com/acasia2021/tracks.html

ApacheCon Asia sponsors include Strategic Sponsor Huawei; Platinum Sponsors AliCloud, API7, DiDi Chuxing, Kyligence, and Tencent Cloud; Gold Sponsors AWS and Baidu; and Silver Sponsors Imply and SphereEx. Huawei, Tencent, DiDi, AWS, Baidu, Imply, and SphereEx are also Sponsors of ApacheCon@Home at the above levels.

To sponsor ApacheCon Asia and/or ApacheCon@Home, visit https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

Register today at https://apachecon.com/acasia2021/register.html .

About ApacheCon
ApacheCon is the official global conference series of The Apache Software Foundation. Since 1998 ApacheCon has been drawing participants at all levels to explore "Tomorrow's Technology Today" across 350+ Apache projects and their diverse communities. In 2020 and 2021 ApacheCon events showcase ubiquitous Apache projects and emerging innovations virtually through sessions, keynotes, real-world case studies, community events, and more, all online and free of charge. For more information, visit http://apachecon.com/ and https://twitter.com/ApacheCon .

About The Apache Software Foundation (ASF)
Established in 1999, The Apache Software Foundation is the world’s largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASF’s all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 850+ individual Members and 200 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with 8,200+ Committers through the ASF’s meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cloudera, Comcast, Confluent, Didi Chuxing, Facebook, Google, Handshake, Huawei, IBM, Microsoft, Namebase, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF .


© The Apache Software Foundation. "Apache", "Airflow", "Apache Airflow", "APISIX", "Apache APISIX", "Arrow", "Apache Arrow", "Atlas", "Apache Atlas", "Bigtop", "Apache Bigtop", "BookKeeper", "Apache BookKeeper", "Camel", "Apache Camel", "CarbonData", "Apache CarbonData", "Cassandra", "Apache Cassandra", "Commons", "Apache Commons", "DolphinScheduler", "Apache DolphinScheduler", "Druid", "Apache Druid", "Dubbo", "Apache Dubbo", "ECharts", "Apache ECharts", "Flink", "Apache Flink", "Hadoop", "Apache Hadoop", "HBase", "Apache HBase", "Hive", "Apache Hive", "HUDI", "Apache HUDI", "Ignite", "Apache Ignite", "Impala", "Apache Impala", "IoTDB", "Apache IoTDB", "Kafka", "Apache Kafka", "Kudu", "Apache Kudu", "Kylin", "Apache Kylin", "Ozone", "Apache Ozone", "PLC4X", "Apache PLC4X", "Pulsar", "Apache Pulsar", "RocketMQ", "Apache RocketMQ", "ServiceComb", "Apache ServiceComb", "ShardingSphere", "Apache ShardingSphere", "SkyWalking", "Apache SkyWalking", "Sling", "Apache Sling", "Spark", "Apache Spark", "Superset", "Apache Superset", "Tomcat", "Apache Tomcat", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Friday June 04, 2021

The Apache News Round-up: week ending 4 June 2021

Hello, June --let's take a look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 June 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events are being held in 2021: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September).
 - Registration and sponsorship opportunities available for both events https://www.apachecon.com/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 357 Apache Committers changed 2,152,074 lines of code over 2,986 commits. Top 5 contributors, in order, are: Albumen Kevin, Andrea Cosentino, Gary Gregory, Gilles Sadowski, and Daniel Gruno.     

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Flink 1.13.1 released https://flink.apache.org/

Content --
 - Apache Tika 2.0.0-BETA released https://tika.apache.org/

IDE --
 - Apache NetBeans 12.4 released http://netbeans.apache.org/

Integration --
 - Apache Camel 2.25.4 released https://camel.apache.org/

Libraries --
  - Apache Commons IO 2.9.0 released https://commons.apache.org/proper/commons-io/

Messaging --
 - Apache Qpid ProtonJ2 1.0.0-M2 released https://qpid.apache.org/

Observability --
 - Apache SkyWalking NodeJS 0.3.0 released https://skywalking.apache.org/

Servers --
 - Apache HTTP Server 2.4.48 released https://httpd.apache.org/

Web Frameworks --
 - Apache MyFaces Core v2.3-next-M6 released http://myfaces.apache.org/

Did You Know?

- Did you know that Pulsar Virtual Summit North America 2021 (16-17 June) is offering 20 free tickets to the Apache community on a first come, first served basis? Sign up at https://s.apache.org/llazg

- Did you know that registration is open for SkyWalking Day (19 June), co-organized with Tengyuan Club and hosted by Tencent? https://s.apache.org/SkyWalkingDay2021

- Did you know that the program for Airflow Summit 2021 (8-16 July) is now available? https://airflowsummit.org/schedule/ 


Apache Community Notices

- The Apache Month in Review: May 2021 https://s.apache.org/May2021 and video highlights https://youtu.be/ByiPjxGu_Tg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Tuesday June 01, 2021

Apache Month in Review: May 2021

Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in May (video highlights available at https://youtu.be/ByiPjxGu_Tg ):

New this month --

 - The Apache Attic provides process and solutions when an Apache project has reached its end of life. Apache Trafodion has retired https://s.apache.org/57y49

 - Apache Month in Review: April 2021 https://s.apache.org/Apr2021 + Video highlights https://youtu.be/EOA1L1PjCYg


Important Dates --

 - Next Board Meeting: 16 June 2021. Board calendar and minutes http://apache.org/foundation/board/calendar.html

 - ApacheCon™ --the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998-- will be held twice in 2021:
   --ApacheCon Asia - 6-8 August
   --ApacheCon@Home - 21-23 September
  Registration and sponsorship opportunities for both events available at https://www.apachecon.com/


Infrastructure --

Our seven-member Infrastructure team on three continents oversees our highly-reliable, distributed network under the leadership of VP Infrastructure David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure supports 300+ Apache projects and their communities across ~200 individual machines, 1,400+ repositories, 5-6PB in traffic annually, ~75M downloads per month, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly checks to ensure services are available around the clock. The average uptime in May was 99.95%. http://www.apache.org/uptime/

Committer Activity --

In May, 699 Apache Committers changed 6,744,402 lines of code over 13,427 commits. The Committers with the top 5 highest contributions, in order, were: Jean-Baptiste Onofré, Andrea Cosentino, Mark Thomas, Albumen Kevin, and Daniel Haywood.  

Project Releases and Updates --

New releases from Apache ActiveMQ (Messaging); Airflow (Big Data); Allura (Content); APISIX (API); Calcite (Big Data); Camel (Integration); Daffodil (Libraries); Fineract (FinTech); Flink (Big Data); HttpComponents (Servers); Jackrabbit (Content); Kafka (Big Data); Karaf (Application Servers/Middleware); Log4cxx (Libraries); MyFaces (Web Frameworks); OpenOffice (Content); Pulsar (Messaging); Qpid (Messaging); Skywalking (Application Performance Management); Tomcat (Servers); UIMA (Content).

The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. New to the Apache Incubator in May is ShenYu, a Microservices API gateway. We invite you to review the many projects currently in development in the Apache Incubator, including recent additions in the advertising, Big Data, geospatial, machine learning, messaging, natural language understanding, orchestration, and scheduling categories http://incubator.apache.org/ .

# # #

To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!

Friday May 28, 2021

The Apache News Round-up: week ending 28 May 2021

Farewell, May --we're wrapping up the month with another great week. Here are the latest updates on the Apache community's activities:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 June 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events held in 2021 are: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September).
 - Registration is open for both ApacheCons https://www.apachecon.com/
 - Sponsor ApacheCon https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.86%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 372 Apache Committers changed 2,873,998 lines of code over 3,580 commits. Top 5 contributors, in order, are: Mark Thomas, Jean-Baptiste Onofré, Andrea Cosentino, Albumen Kevin, and Hugh Miles.             

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX 2.6 released https://apisix.apache.org/

FinTech --
 - Apache Fineract 1.5.0 released http://fineract.apache.org/

Messaging --
 - Apache Qpid JMS 0.59.0 and 1.0.0 released https://qpid.apache.org/
 - Apache Pulsar 2.7.2 released https://pulsar.apache.org/

Did You Know?

- Did you know that Apache Cassandra powers thousands of nodes, petabytes of data, and tens of millions of queries per second across Instagram's five data centers? https://cassandra.apache.org/

- Did you know that Apache NLPCraft (incubating) now supports the new Intent Definition Language (IDL)? https://nlpcraft.apache.org/

- Did you know that Apache Pinot (incubating) now offers geospatial support? http://pinot.apache.org/


Apache Community Notices

- The Apache Month in Review: April 2021 https://s.apache.org/Apr2021 and video highlights https://youtu.be/EOA1L1PjCYg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.


Friday May 21, 2021

The Apache News Round-up: week ending 21 May 2021

Welcome, Friday --the Apache community has had another great week. Let's review what's going on:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 June 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events held in 2021 are: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September).
 - Registration is open for both ApacheCons https://www.apachecon.com/
 - Sponsor ApacheCon https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 359 Apache Committers changed 1,198,596 lines of code over 3,072 commits. Top 5 contributors, in order, are: Tellier Benoit, Hugh Miles, Andrea Cosentino, Claus Ibsen, and Mark Thomas.             

Apache Project Announcements – the latest updates by category.

Application Servers/Middleware --
 - Apache Karaf runtime 4.3.2 released https://karaf.apache.org/

Big Data --
 - Apache Calcite Avatica 1.18.0 released https://calcite.apache.org/
 - Apache Kafka 2.7.1 released https://kafka.apache.org/

Content --
 - Apache Allura 1.13.0 released https://allura.apache.org/
 - Apache UIMA Ruta 3.1.0 released https://uima.apache.org/

Libraries --
 - Apache Daffodil 3.1.0 https://daffodil.apache.org/

Messaging --
 - Apache Qpid Dispatch 1.16.0 released https://qpid.apache.org/

Observability --
 - Apache SkyWalking Client JS 0.5.1 released https://skywalking.apache.org/

Did You Know?

- Did you know that Ignite Summit kicks off next week? Join the Apache Ignite community online on 25 May https://ignite-summit.org/

- Did you know that Berlin Buzzwords features dozens of Apache Projects in data scalability, search, storage, and streaming? Presentations by many members of Apache Projects, PMCs, and communites. This year's event will be taking place online 14-17 June https://2021.berlinbuzzwords.de/

- Did you know that the Tuvalu Vodafone Web app is powered by Apache Wicket? http://wicket.apache.org/


Apache Community Notices

- The Apache Month in Review: April 2021 https://s.apache.org/Apr2021 and video highlights https://youtu.be/EOA1L1PjCYg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks https://deals.manning.com/the-latest-apache-innovations/

 - Follow the ASF on social media: @TheASF on Twitter (https://twitter.com/TheASF) and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter https://twitter.com/ApacheCommunity

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation