The Apache Software Foundation
Blogging in Action.

The Apache Weekly News Round-up: week ending 8 April 2022

Hello, everyone --let's review the Apache community's activities from over the past week:

The Apache Software Foundation – the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives.
 - The Apache Software Foundation Welcomes 52 New Members https://s.apache.org/2022NewMembers

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFP for ApacheCon North America 2022 (taking place 3-6 October in New Orleans) is now open https://blogs.apache.org/conferences/entry/call-for-presentations-apachecon-north

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 20 April 2022. Running Board calendar and minutes are available.

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 355 Apache Committers changed 17,006,169 lines of code over 3,843 commits. Top 5 contributors, in order, are: Andi Huber, Claus Ibsen, Gary Gregory, Andrea Cosentino, and Chesnay Schepler.   

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Flink Kubernetes Operator 0.1.0 released 
 - Apache NiFi 1.16.0 released 
   -- CVE-2022-26850: Insufficiently protected credentials 
 - Apache Pinot 0.10.0 released 
   -- CVE-2022-23974: Pinot segment push endpoint has a vulnerability in unprotected environments 

Databases --
 - Apache Impala 3.4.1 released

Libraries --
 - Apache Daffodil VS Code 1.0.0

Observability --
 - Apache SkyWalking CLI 0.10.0 released 

Workflow --

Did You Know?

- Did you know that those interested in attending ApacheCon NA 2022 (3-6 October/New Orleans) but are unable to do so for financial reasons are invited to apply for Travel Assistance support? Applications open until 1 July https://apache.org/travel/

- Did you know that the ASF Infrastructure team launched a new GitBox platform with upgraded features and services? 

- Did you know that Beam Summit will be held both online and in-person in Austin, Texas, 18-20 July? https://2022.beamsummit.org/

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 01:05PM Apr 11, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 1 April 2022

Welcome, April --we're opening the month with another great week. Here's what the Apache community has been up to:

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - CFP for ApacheCon North America 2022 (taking place 3-6 October in New Orleans) is now open https://blogs.apache.org/conferences/entry/call-for-presentations-apachecon-north

Sponsor Success at Apache – the blog series that focuses on the people and processes behind why the ASF "just works".
 - "My experience with the Apache Way —a perfect society?" by Etienne Chauchot https://s.apache.org/oree2

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 20 April 2022. Running Board calendar and minutes are available.

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 352 Apache Committers changed 26,605,053 lines of code over 3,949 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Brent Bovenzi, Jarek Potiuk, Gary Gregory, and Andrea Cosentino.  

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX 2.13.0 released
   -- CVE-2022-25757: body_schema check in request-validation plugin can be bypassed

Big Data --
 - Apache Calcite Avatica Go 5.1.0 released 

Cloud --
 - Apache jclouds 2.5.0 released 

Eventing --
 - Apache EventMesh (incubating) 1.4.0 released

Integration --
 - Apache Camel 3.16.0 released

Messaging --
 - Apache Qpid JMS 1.6.0 released

Servers --
 - Apache Tomcat 8.5.78, 9.0.62, 9.0.62, and 10.1.0-M14 (alpha) released 

Security Framework --

Web Frameworks --

Did You Know?

- Did you know that the following Apache projects are celebrating anniversaries in April? Congratulations to Apache CXF (14 years); Avro, HBase, Mahout, Nutch, Tika, and Traffic Server (12 years); Creadur and Jena (10 years); DeltaSpike (9 years); ORC and Parquet (7 years); AsterixDB and Johnzon (6 years); CarbonData and Fineract (5 years); NetBeans, PLC4X, and SkyWalking (3 years); and ShardingSphere (2 years) https://projects.apache.org/committees.html?date

- Did you know that you can anonymously take the 2022 Apache Pulsar Website Survey and help improve the new Pulsar Website? https://lists.apache.org/thread/08hchngnrhz79jhc1d96g3rh8ox2x2db

- Did you know that the ASF has been accepted as a Google Summer of Code mentoring organization for the 17th consecutive year? Apache Project mentors welcome! https://lists.apache.org/thread/cbplf0mszmxx2dv6oor0v227h8kfrk2m

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 01:56PM Apr 04, 2022 by Swapnil M Mane in Newsletter  |   | 

Success at Apache: My experience with the Apache Way —a perfect society?

by Etienne Chauchot

I have been working in software engineering for more than 15 years. I've always contributed to Open Source software as a user or a developer. But I've been contributing to Apache Software Foundation (ASF) projects such as Apache Flink, Apache Beam or Apache Spark for nearly 6 years. It is long enough for me to say that I find the Apache Way is almost the best way to collaborate on software engineering.

I will not describe the Apache way here as there is a lot of good information about that already. I would rather link to the official Apache documentation. I humbly suggest that you read what it is if you don't know it already. 

My point here is to talk about the Apache Way in practice as I’ve experienced it. Of course, every Apache community is different, but what I wanted to emphasize is that applying the Apache Way by the book could lead to what I'd call a "perfect society" even if this word seems a bit naive and over optimistic, or even utopian.

A perfect society

Actually, working with the Apache way was a revelation to me!

ASF projects are governed by merit: what you do inside the community is noted, you get credit and it can lead to you obtaining more rights (direct access to the project repositories, election of committers etc.). Merit also drives decisions, discussing solutions and building consensus or voting for the best one helps lead to the best possible state of the project in the end. The best idea always wins in the long term.

The software is not driven by companies: no vendor concerns should take precedence over community. Consider how the ASF creates new top-level projects (TLP): a project starts in the Apache Incubator and is mentored by people who have already participated in successful Apache projects. When the mentors agree a project is ready, healthy and following The Apache Way, the ASF Board can approve its graduation from the Incubator to become a self-governing TLP. So the project is managed by the community itself and not by a single company and its private financial considerations. This helps drive the best decisions for the software itself and ensures long term maintenance of the software.

It is inclusive: the key aspect is that every voice matters, and that everyone is considered equal no matter their personal background, education, ethnicity or nationality, every contribution is good to take. Community members recognize that people skills may be different and complementary to theirs. So contributions might come from anyone, from anywhere and in any form (blog post, documentation, talk, code, website...)

ASF communities are welcoming: they are in constant search for new talents to join their forces. Being welcoming is very important to build and grow a community. The Open source community is also a great place for people to grow. The way people collaborate is generally by mentoring. Experienced contributors help newcomers or experts share their thoughts with others. It is really also a good way for mentors to share their passion and inspire mentees. Mentoring is in the DNA of the ASF starting with the Incubator when the podling community profits from the experience and advice of a mentor to grow in the Apache Way and become a top level project. 

Communities are self-organized: there is no manager but only technical leaders and mentors. Each community has a PMC that guides its governance, but its responsibilities don’t include assigning work and expecting it to be done. People are self-motivated and I must say that it is the best form of motivation ever! I’ve found the decision-making simple and efficient: there is no solely decision, feedback is always very important. People are willing to share their thoughts and solve problems together.

Community members have a collaborative mindset: they are positive, act constructively and their comments are in the best interest of the project and the community. They are  willing to share their thoughts, review PRs, share advice, accept change requests or bug tickets. People are willing to accept criticism without being defensive. The master word is transparency. 

Last but not least, I’ve seen most people behave gently: the fact that every communication is public guides people to communicate in a positive way. Indeed one of the ASF guiding concepts is "what did not happen publicly didn’t happen" – often said as “what didn’t happen on the mailing list, didn’t happen” but of course this concept can be generalized to any communication tool we use. Examples of good communication I’ve seen in open source communities are: asking questions or suggesting rather than affirming or asking for thoughts rather than disagreeing bluntly. An open source contributor should try to put theirself in the other person's shoes, trying to not hurt their feelings and to not demotivate them.

Considering all of this, what I can tell is that it is the way we all would like people and society in general to behave, no?

Daily life

The funny thing is that it goes even further, after some years of applying this philosophy (I was told lately that it felt almost like a religion) at work on a full time basis, I started applying it to daily life outside of work. It started to become my standard way of behaving in society: 

Meritocracy becomes second nature, for example I reward my home builders with gifts and public credit because they did a good job, I reward my kids for good school work etc... 

I also started to give time to others and share knowledge, mentoring becomes  second nature as well. 

      Another big thing which is very visible is that I now always take good care to give positive communication, leading to positive and constructive thinking. Positivism also becomes a key aspect of my daily life.

On a professional basis, an important thing is that merit never expires. So, if you gain committership on a project, or become a PMC member or even an ASF member, it is for life. So your skills are recognized by your peers for your whole career. This is an incredible credit and a tremendous trust mark!

Can be a bit challenging

In order to avoid being seen as a total idealist, I need to temper a bit:

I remember when I first joined an open source community, I felt intimidated. Community members are generally very senior level and very highly skilled developers. But, remember what is written above: every contribution is good to take. And, with time and mentoring, anyone can earn a place inside the community.

The other thing I felt a bit difficult when I joined is to find where to start: some projects are old enough to have a large community so the amount of code is pretty high. But here again mentoring comes into play: mentors can give you pointers on hot topics, starter tickets or simply areas that need maintenance. And with time, you might be recognized as an expert in a given area and the exciting subjects will come to you. 

And if you feel like you want to join a smaller community try joining a project which is still in the incubation phase!

Conclusion

I hope you enjoyed these insights and I hope it gave you the motivation to join an open source community.

---

Etienne Chauchot has been working in software engineering for more than 15 years and is now specialized in Big Data. He is an Open Source fan, and contributes to Apache projects such as Apache Beam, Apache Flink or Apache Spark. He is also the author of the "Big data Chronicles" blog. He is an Apache Beam committer and PMC member and also an Apache Foundation member.

Posted at 10:21PM Mar 29, 2022 by Sally Khudairi in SuccessAtApache  |   | 

The Apache Weekly News Round-up: week ending 25 March 2022

We're wrapping up another great week with the following activities from the Apache community:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 20 April 2022. Running Board calendar and minutes are available.

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 333 Apache Committers changed 4,901,028 lines of code over 3,786 commits. Top 5 contributors, in order, are: Jean-Louis Monteiro, Jianyun Cheng, Sebastian Bazley, Benoit Tellier, and James Netherton.

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX 2.13.0 released 

Big Data --
 - Apache Calcite Avatica 1.30.0 released
 - Apache SeaTunnel (Incubating) 2.1.0 released 
 - Apache Kyuubi (Incubating) 1.5.0-incubating released

Blockchain --
 - Apache Tuweni (Incubating) 2.2.0 released 

Content --
 - Apache POI 5.2.2 released 
 - Apache Syncope 2.1.11 released 
 - Apache Sling 12 released

IoT --
 - Apache IoTDB 0.13.0 released 
 - Apache StreamPipes (Incubating) 0.69.0 released

Libraries --
 - Apache OpenJPA 3.2.2 released 
 - Apache Daffodil 3.3.0 released

Messaging --
 - Apache Qpid Proton 0.37.0 and Qpid Dispatch 1.19.0 released 
 - Apache Pulsar 2.8.3 released

Search --
 - Apache Solr Operator v0.5.1 released 
 - Apache Lucene 9.1.0 released

Servers --

Did You Know?

- Did you know that improvements to Apache Drill 1.20 include backward compatibility with Apache Hadoop 2; connectors for Apache Phoenix; writing to JDBC data sources; support for new data file formats (including Apache Iceberg and SAS files); and API query improvements?

- Did you know that Apache Calcite 1.30 includes Babel support for <=> operator; SQL hints for temporal table join; fixtures so that dependent projects can write parser, validator, and rules tests; and upgrade jsonpath to fix CVE-2021-27568?

- Did you know that the CloudStack European User Group will be held virtually on 7 April? 

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 11:30AM Mar 28, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 18 March 2022

Happy Friday! Let's take a look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 20 April 2022. Running Board calendar and minutes are available.

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 328 Apache Committers changed 10,109,144 lines of code over 3,415 commits. Top 5 contributors, in order, are: Mark Thomas, Chesnay Schepler, Gary Gregory, Jean-Baptiste Onofré, and Claus Ibsen.     

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Beam 2.37.0 released

Content --
 - Apache Jackrabbit Oak 1.6.23 released 

Cloud Computing --
 - Apache Kafka 3.0.1 released 
 - Apache Libcloud 3.5.0 released 
 - CVE-2022-26779: Apache Cloudstack: insecure random number generation affects project email invitation 

Database --
 - Apache Geode 1.13.8 released 

Integration --
 - Apache Camel 3.11.6 (LTS) released 

Libraries --
 - Apache Commons Daemon 1.3.0 released 

Messaging --
 - Apache ActiveMQ 5.17.0 released
 - Apache Curator 5.2.1 released

Observability --
 - Apache SkyWalking NodeJS 0.4.0 released 

Programming Languages --
 - Apache Groovy 4.0.1 released 

Servers --
 - Apache HTTP Server 2.4.53 released
   -- CVE-2022-23943: mod_sed: Read/write beyond bounds 
   -- CVE-2022-22721: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
   -- CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
   -- CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody
 - Apache Tomcat 8.5.77, 9.0.60, 10.0.18, 10.1.0-M12 (alpha) released
 - Apache Traffic Server 9.1.2 released
 - Apache HttpComponents Core 5.2-beta1 released

Did You Know?

- Did you know that the Apache Druid community will be holding a hybrid meetup on 29 March? 

- Did you know that the Bangor Australia's Bangor Brumbies Football Club site uses Apache Wicket? 

- Did you know that you can support the ASF through one-time and recurring tax-deductible donations online using Apple Pay, Google Pay, and Microsoft Pay using your mobile phone? https://donate.apache.org/

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 03:20PM Mar 21, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 11 March 2022

Hello, everyone --let's review the Apache community's activities from over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 March 2022. Running Board calendar and minutes are available.

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 336 Apache Committers changed 4,769,139 lines of code over 3,697 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Otavio R. Piske, Gary Gregory, Andrea Cosentino, and Andi Huber.   

Apache Project Announcements – the latest updates by category.

Big Data --
 - CVE-2021-38296: Apache Spark: Key Negotiation Vulnerability

Content --
 - Apache Any23 2.7 released
   -- CVE-2022-25312: An XML external entity (XXE) injection vulnerability exists in the RDFa XSLTStylesheet extractor
 - Apache Jackrabbit 2.20.5 released 

Cloud Computing --
  - Apache CloudStack 4.16.1.0 LTS released 

Database --
 - Apache ZooKeeper 3.8.0 released
 - Apache Geode 1.12.9 released

IDE --
 - Apache NetBeans 13 released

IoT --
 - Apache IoTDB 0.12.5 released

Libraries --
 - Apache Olingo 4.9.0 released

Mail --
 - Apache James 3.7.0 released

Orchestration --
 - Apache Hop 1.2.0 released

Did You Know?

- Did you know that the next Apache Druid MeetUp will be held both online and in-person in Tel Aviv on 29 March? 

- Did you know that Apache ShardingSphere SQL Parse Format Function allows you to easily understand and automatically format complicated SQL statements?

- Did you know that the next Apache Airflow Community Meetup will be held on 16 March? Sign up to learn about Data Migration Pipeline with Apache Airflow http://bit.ly/3sES9fL

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 12:47PM Mar 14, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 4 March 2022

We're opening March with a cracking week. Here's what the Apache community has been up to:

Sponsor Apache – a number of tax-deductible sponsorships help offset the ASF's day-to-day operating expenses that include infrastructure support, bandwidth, connectivity, servers, hardware, development environments, legal counsel, accounting services, trademark protection, marketing and publicity, educational events, and more.
 - The Apache Software Foundation Welcomes VMware as its Newest Platinum Sponsor

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Announcing New ASF Board of Directors, elected during this week's Members' Meeting.
 - Next Board Meeting: 16 March 2022. Running Board calendar and minutes are available.

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 332 Apache Committers changed 880,561 lines of code over 3,128 commits. Top 5 contributors, in order, are: Olivier Lamy, Andrea Cosentino, Claus Ibsen, Sebastian Rühl, and Eric Milles. 

Apache Project Announcements – the latest updates by category.

Application Servers/Middleware --
 - Apache Karaf Decanter 2.9.0 released

Content --
 - Apache Jackrabbit Oak 1.22.11 released
 - Apache POI 5.2.1 released
 - CVE-2022-26336: poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception 

FinTech --
 - Apache Fineract 1.6.0 released

Libraries --
 - Apache PDFBox JBIG2 ImageIO plugin 3.0.4 released

Logging Services --
 - Apache Log4j 2.17.2 released

Network Application Framework --
 - Apache MINA FtpServer 1.1.3 released

Servers --
 - Apache Tomcat 9.0.59, 10.0.17 and 10.1.0-M11 (alpha) released 

Workflow --
 - CVE-2021-45229: Apache Airflow: Reflected XSS via Origin Query Argument in URL

Did You Know?

- Did you know that the Apache Ignite community's CFP for IgniteSummit (taking place online 14 June) closes on 29 April?

- Did you know that HugeGraph (incubating), a large-scale and easy-to-use graph database that stores and queries billions of vertices and edges, is the newest podling undergoing development in the Apache Incubator?

- Did you know that the ASF manages 2,180 mailing lists, 486 of which are private? Over the past year, 19,053 authors sent 1,946,990 emails on 869,461 topics! 

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - The Apache Month in Review: January 2022 and video highlights

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:37PM Mar 07, 2022 by Sally Khudairi in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 25 February 2022

Farewell, February --we're wrapping up the month with another great week. Here are the latest updates on the Apache community's activities:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 March 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 323 Apache Committers changed 1,586,514 lines of code over 3,215 commits. Top 5 contributors, in order, are: Claus Ibsen, Jean-Louis Monteiro, Andrea Cosentino, Gary Gregory, and Eric Milles. 

Apache Project Announcements – the latest updates by category.

Application Servers/Middleware --
 - Apache Karaf Decanter 2.9.0 released

Content --
 - Apache Jackrabbit Oak 1.22.11 released
 - Apache JSPWiki CVE-2022-24947: CSRF Account Takeover
   -- CVE-2022-24948: Cross-site scripting vulnerability on User Preferences screen

FinTech --
 - Apache Fineract 1.6.0 released

Network Client --
 - Apache MINA 2.0.23, 2.1.6 released

Workflow --
 - Apache Airflow CVE-2022-24288: RCE in example DAGs

Did You Know?

 - Did you know that Apache Beam helps Palo Alto Networks meet streaming needs by providing a highly-performant, reliable, and resilient data processing framework for 10 million security events per second across 3 petabytes per day?

 - Did you know that the Australian Department of Transport's Vehicle Inspection System webapp is powered by Apache Wicket?

 - Did you know that Apache Ignite is a distributed cache, a distributed database, an in-memory database, and an in-memory data grid? 

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - The Apache Month in Review: January 2022 and video highlights

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:49PM Feb 28, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 18 February 2022

We're wrapping up another great week with the following activities from the Apache community:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 March 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 350 Apache Committers changed 12,933,273 lines of code over 3,260 commits. Top 5 contributors, in order, are: Claus Ibsen, Udo Schnurpfeil, Andrea Cosentino, Mark Thomas, and Paul King.

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Accumulo 1.10.2 released

Content --
 - Apache Tika 1.28.1 released

Libraries --
 - Apache Commons JCS 3.1 released 

Messaging --
 - Apache ActiveMQ 5.16.4 released 

Did You Know?

 - Did you know that select Apache Projects and mentors are preparing for the upcoming GSoC 2022 (mentoring organizations will be announced on 7 March)? Those interested in participating can learn how to get involved at https://community.apache.org/gsoc.html

 - Did you know that the next CloudStack European User Group will be held online on 7 April? 

 - Did you know that the CFP for Ignite Summit (taking place online on 14 June) closes on 29 April? 

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - The Apache Month in Review: January 2022 and video highlights

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 03:55PM Feb 21, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 11 February 2022

Hello, everyone --let's review the Apache community's activities from over the past week:

Apache Software Foundation Statement at 8 February 2022 Senate Committee hearing on Homeland Security and Government Affairs https://s.apache.org/485lz

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 February 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 308 Apache Committers changed 5,335,315 lines of code over 2,989 commits. Top 5 contributors, in order, are: Gary Gregory, Emmanuel Lecharny, Mark Thomas, Liang Zhang, and Tilmann Zäschke. 

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX 2.10.2 released
   -- CVE-2022-24112: apisix/batch-requests plugin allows overwriting the X-REAL-IP header 

Big Data --
 - Apache Beam 2.36.0 released

Content --
 - Apache Traffic Control 6.1.0 released
   -- CVE-2022-23206: Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth
 - Apache Tika 2.3.0 released
   -- Apache Tika 1.x End-Of-Life (EOL) announcement https://s.apache.org/lkqid
 - Apache Jackrabbit 2.21.10 released

Database --
 - Apache JDO 3.2 released
 - Apache Cassandra CVE-2021-44521: Remote code execution for scripted UDFs

Mail --
 - Apache James 3.6.2 released
   -- CVE-2022-22931: Path traversal in Apache James  

Web Frameworks --
 - Apache Wicket 9.8.0 released 

Did You Know?

 - Did you know that you can scale Apache SkyWalking in Kubernetes natively? https://skywalking.apache.org/blog/2022-01-24-scaling-with-apache-skywalking/

 - Did you know that the next Apache Ignite Community Gathering MeetUp will take place online on 16 February? 

 - Did you know that the ASF's seven-member Infrastructure team performs 7M+ weekly checks to ensure services are available around the clock to all Apache Projects and their communities? Average uptime in January 2022 was 100%!

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - The Apache Month in Review: January 2022 and video highlights

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:35PM Feb 14, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 4 February 2022

Welcome, February --we're opening the month with another great week. Here's what the Apache community has been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 February 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.89%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 303 Apache Committers changed 9,625,849 lines of code over 3,255 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Claus Ibsen, Sebastian Bazley, Guillaume Nodet, and Eric Milles.

Apache Project Announcements – the latest updates by category.

Apache Attic -- provides process and solutions when an Apache project has reached its end of life.
 - Apache Ambari is retired
 - Apache Usergrid is retired 

APIs --
 - Apache APISIX 2.12.0 released

Big Data --
 - Apache Kyuubi (incubating) 1.4.1-incubating released
 - Apache Hudi 0.10.1 released
 - Apache Gobblin CVE-2021-36151: Local Credentials Disclosure Vulnerability 

Business Intelligence --
 - Apache Superset CVE-2021-44451: API sensitive information leak 

Content --
 - Apache Jackrabbit Oak 1.8.26 released

Integration --
 - Apache Camel 3.15.0 released

Messaging --
 - Apache Pulsar CVE-2021-41571: Pulsar Admin API allows access to data from other tenants using getMessageById API 

Middleware --
 - Apache Linkis (incubating) released 

Programming Languages --
 - Apache Groovy 4.0.0 released 

Servers --
 - Apache HttpComponents Client 5.1.3 GA released
 - Apache HTTP mod_perl 2.0.12 released

Web Frameworks --
 - Apache Wicket 8.14.0 released 

Did You Know?

 - Did you know that the following Apache Projects are celebrating anniversaries this month? Congratulations to Apache HTTP Server (27 years!); Gump and Portals (18 years); Directory, MyFaces, and Xerces (17 years); Tapestry (16 years); Roller (15 years); Cassandra and Subversion (12 years); Chemistry (11 years); BVal and OpenNLP (10 years); Clerezza (9 years); Knox and Spark (8 years); DataFu (4 years); Unomi (3 years); Daffodil, Ratis, and Solr (2 years)! https://projects.apache.org/committees.html?date

 - Did you know that the ASF is joining the Open Geospatial Consortium and Open Source Geospatial Foundation to hold the 2022 Joint OGC-OSGeo-ASF Code Sprint, taking place 8-10 March? Those interested in helping advance OGC Standards through numerous Apache and OSGeo projects are invited to learn more and sign up at https://portal.ogc.org/public_ogc/register/220225asf_codesprint.php 

 - Did you know that the CFP for Airflow Summit (taking place online 23-27 May) is now open?

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - The Apache Month in Review: January 2022 and video highlights

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:21PM Feb 07, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 28 January 2022

Farewell, January --we're wrapping up the month with another great week. Here are the latest updates on the Apache community's activities:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 February 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 337 Apache Committers changed 1,533,287 lines of code over 3,738 commits. Top 5 contributors, in order, are: Jarek Potiuk, Sebastian Bazley, Claus Ibsen, Harikrishna Patnala, and Mark Thomas.

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache ShenYu (Incubating) 2.4.2 released
   -- CVE-2022-23944: Improper access control
   -- CVE-2022-23945: Missing authentication allows gateway registration 

Application Servers/Middleware --
 - Apache Karaf runtime 4.3.6 released
   -- CVE-2021-41766: Insecure Java Deserialization
   -- CVE-2022-22932: Path traversal flaws 

Blockchain --
 - Apache Tuweni (Incubating) 2.1.0 released

Cloud Computing --
 - Apache Kafka 3.1.0  released 

Content --
 - Apache Jackrabbit Oak 1.22.10 released

Databases --
 - Apache Geode 1.14.3 released 

Integration --
 - Apache Camel 3.14.1 (LTS) released 

Orchestration --
 - Apache Hop 1.1.0 released 

Servers --
 - Apache Tomcat CVE-2022-23181: Local Privilege Escalation 

Web Frameworks --
 - Apache Struts 2.5.29 released 

Did You Know?

 - Did you know that the ASF published a statement following the 13 January meeting at the White House on the security of Open Source software? https://s.apache.org/jri14

 - Did you know that members of the Apache Arrow, Flink, Kafka, Mahout, Maven, OpenOffice, ShardingSphere, Spark, and other project communities will be presenting at FOSDEM (taking place online 5-6 February)? 

 - Did you know that the CFP for Beam Summit (hybrid event taking place 18-20 July) closes on 15 March?

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - The Apache Month in Review: December 2021 and video highlights

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 03:05PM Jan 31, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 21 January 2022

We're wrapping up another great week with the following activities from the Apache community:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 February 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 339 Apache Committers changed 2,470,884 lines of code over 3,505 commits. Top 5 contributors, in order, are: Gary Gregory, Claus Ibsen, Adam Kocoloski, Mark Thomas, and Tian Jiang. 

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX Java Plugin Runner 0.2.0 released

Application Servers/Middleware --
 - Apache Karaf runtime 4.2.15 and 4.3.6 released

Big Data --
 - Apache NiFi 1.15.3 released
 - Apache Flink 1.14.3 released
 - Apache ShardingSphere ElasticJob UI 3.0.1 released
 - Apache Knox 1.6.1 released
   -- CVE-2021-42357: DOM based XSS Vulnerability 

Content --
 - Apache POI 5.2.0 released 

Databases --
 - Apache Geode 1.12.8, 1.13.7 and Kafka Connector 1.1.0 released

Data Management Platform --
 - Apache Ignite 2.12.0 released 

Enterprise Processes Automation / ERP --
 - Apache OFBiz 17.12 End-Of-Life (EOL) announcement https://s.apache.org/hm5oe

Libraries --
 - Apache Log4j CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x
   -- CVE-2022-23305: SQL injection in JDBC Appender in Apache Log4j V1 
   -- CVE-2022-23307: A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution 

Orchestration --
 - The Apache Software Foundation Announces Open Source data orchestration platform Apache® Hop™ as a Top-Level Project https://s.apache.org/4s3ci

Observability --
 - Apache SkyWalking Could on Kubernetes 0.6.1 released

Servers --
 - Apache Tomcat 8.5.75, 9.0.58, 10.0.16, and 10.1.0-M10 (alpha) released 

Workflow --
 - Apache Airflow CVE-2021-45230: Creating DagRuns didn't respect Dag-level permissions in the Webserver 

Did You Know?

 - Did you know that the following Apache projects are celebrating anniversaries this month? Congratulations to Apache Cocoon, James, and Web Services (19 years); Lucene (17 years); ActiveMQ (15 years); Hadoop (14 years); River (11 years); Empire-db and Gora (10 years); OpenMeetings (9 years); Samza (7 years); Arrow (6 years); Ranger (5 years); and Gobblin (1 year) https://projects.apache.org/committees.html?date

 - Did you know that Netflix and Target are building modern analytics applications to deliver interactive data experiences using Apache Druid? 

 - Did you know that Disney+Hotstar's streaming data lakes injest 1 million events per second using Apache Kafka, store 14tb of data per day in an Apache HBase warehouse, and stream using Apache Hudi? https://projects.apache.org/projects.html?category

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - The Apache Month in Review: December 2021 and video highlights

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:06PM Jan 24, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 14 January 2022

Happy Friday! Let's take a look at what the Apache community has been up to over the past week:

ASF Security Report 2021 – the state of security across all Apache projects with key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues https://s.apache.org/SecurityReport2021

Apache Software Foundation statement on White House Open Source Security Summit https://s.apache.org/jri14

 - Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 322 Apache Committers changed 1,963,025 lines of code over 3,852 commits. Top 5 contributors, in order, are: Gary Gregory, Antoine Toulme, Claus Ibsen, Mark Thomas, and Dan Klco. 

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Flink ML 2.0.0 released

Content --
 - Apache Jackrabbit 2.16.9 released

Machine Learning --
 - Apache TVM 0.8.0 released

Network Client --
 - Apache Guacamole 1.4.0 released
   -- CVE-2021-41767: Private tunnel identifier may be included in the non-private details of active connections 
   -- CVE-2021-43999: Improper validation of SAML responses 

Observability --
 - Apache SkyWalking Kong version 0.2.0 released

Workflow --
 - Apache DolphinScheduler 2.0.2 released
 - Apache Airflow Helm Chart 1.4.0 released

Did You Know?

 - Did you know that more than 630,000 individuals have contributed to Apache projects and initiatives since the ASF's incorporation in 1999? https://blogs.apache.org/foundation/entry/apache-in-2021-by-the 

 - Did you know that Apache DolphinScheduler won a "2021 OSC Most Popular Projects" award from OSCHINA?

 - Did you know that video recordings from the 2021 TVMCon (Apache TVM and Open Source ML acceleration conference) are now available online?

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - The Apache Month in Review: December 2021 and video highlights

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:56PM Jan 17, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 7 January 2022

Welcome, 2022! We hope that you have had a festive holiday season and are excited to kick off the new year. Here's what happened over the past week:

 - Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.98%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 280 Apache Committers changed 2,780,891 lines of code over 2,868 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Gary Gregory, Mark Thomas, Harikrishna Patnala, and Claus Ibsen. 

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Avro 1.11.0 released
   -- CVE-2021-43045: Possible DOS vulnerabilities in C# Avro SDK

Enterprise Processes Automation / ERP --
 - Apache OFBiz 18.12.05 released

Integration --
 - Apache Camel 3.11.5 (LTS) released 

Mail --
 - Apache James 3.6.1 released
    -- CVE-2021-38542: STARTTLS command injection (IMAP and POP3)
    -- CVE-2021-40110: IMAP vulnerable to a ReDoS
    -- CVE-2021-40111: IMAP parsing Denial Of Service
    -- CVE-2021-40525: Sieve file storage vulnerable to path traversal attacks 

Network Client --
 - Apache Guacamole 1.4.0 released
 - Apache MINA FTPServer 1.1.2 released

Web Frameworks--
 - Apache Struts 2.5.28.3 released
 - Apache Portals 3.1.1 released
   -- CVE-2021-36737: XSS in V3 Demo Portlet
   -- CVE-2021-36738: XSS vulnerability in the JSP version of the Pluto Applicant MVCBean CDI portlet
   -- CVE-2021-36739: XSS vulnerability in the MVCBean JSP portlet maven archetype

Did You Know?

 - Did you know that in 2021, 724 individuals new to the ASF contributed to Apache projects and initiatives? https://s.apache.org/Apache2021Digits

 - Did you know that Apache Druid is frequently used for AdTech data? https://druid.apache.org/

 - Did you know that PulsarSummit Asia 2022 will be held online on January 15-16? https://pulsar-summit.org/

Apache Community Notices

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:38PM Jan 10, 2022 by Swapnil M Mane in Newsletter  |   |