The Apache Software Foundation
Blogging in Action.

The Apache Weekly News Round-up: week ending 21 January 2022

We're wrapping up another great week with the following activities from the Apache community:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 February 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 339 Apache Committers changed 2,470,884 lines of code over 3,505 commits. Top 5 contributors, in order, are: Gary Gregory, Claus Ibsen, Adam Kocoloski, Mark Thomas, and Tian Jiang. 

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX Java Plugin Runner 0.2.0 released

Application Servers/Middleware --
 - Apache Karaf runtime 4.2.15 and 4.3.6 released

Big Data --
 - Apache NiFi 1.15.3 released
 - Apache Flink 1.14.3 released
 - Apache ShardingSphere ElasticJob UI 3.0.1 released
 - Apache Knox 1.6.1 released
   -- CVE-2021-42357: DOM based XSS Vulnerability 

Content --
 - Apache POI 5.2.0 released 

Databases --
 - Apache Geode 1.12.8, 1.13.7 and Kafka Connector 1.1.0 released

Data Management Platform --
 - Apache Ignite 2.12.0 released 

Enterprise Processes Automation / ERP --
 - Apache OFBiz 17.12 End-Of-Life (EOL) announcement https://s.apache.org/hm5oe

Libraries --
 - Apache Log4j CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x
   -- CVE-2022-23305: SQL injection in JDBC Appender in Apache Log4j V1 
   -- CVE-2022-23307: A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution 

Orchestration --
 - The Apache Software Foundation Announces Open Source data orchestration platform Apache® Hop™ as a Top-Level Project https://s.apache.org/4s3ci

Observability --
 - Apache SkyWalking Could on Kubernetes 0.6.1 released

Servers --
 - Apache Tomcat 8.5.75, 9.0.58, 10.0.16, and 10.1.0-M10 (alpha) released 

Workflow --
 - Apache Airflow CVE-2021-45230: Creating DagRuns didn't respect Dag-level permissions in the Webserver 

Did You Know?

 - Did you know that the following Apache projects are celebrating anniversaries this month? Congratulations to Apache Cocoon, James, and Web Services (19 years); Lucene (17 years); ActiveMQ (15 years); Hadoop (14 years); River (11 years); Empire-db and Gora (10 years); OpenMeetings (9 years); Samza (7 years); Arrow (6 years); Ranger (5 years); and Gobblin (1 year) https://projects.apache.org/committees.html?date

 - Did you know that Netflix and Target are building modern analytics applications to deliver interactive data experiences using Apache Druid? 

 - Did you know that Disney+Hotstar's streaming data lakes injest 1 million events per second using Apache Kafka, store 14tb of data per day in an Apache HBase warehouse, and stream using Apache Hudi? https://projects.apache.org/projects.html?category

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - The Apache Month in Review: December 2021 and video highlights

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:06PM Jan 24, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 14 January 2022

Happy Friday! Let's take a look at what the Apache community has been up to over the past week:

ASF Security Report 2021 – the state of security across all Apache projects with key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues https://s.apache.org/SecurityReport2021

Apache Software Foundation statement on White House Open Source Security Summit https://s.apache.org/jri14

 - Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 322 Apache Committers changed 1,963,025 lines of code over 3,852 commits. Top 5 contributors, in order, are: Gary Gregory, Antoine Toulme, Claus Ibsen, Mark Thomas, and Dan Klco. 

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Flink ML 2.0.0 released

Content --
 - Apache Jackrabbit 2.16.9 released

Machine Learning --
 - Apache TVM 0.8.0 released

Network Client --
 - Apache Guacamole 1.4.0 released
   -- CVE-2021-41767: Private tunnel identifier may be included in the non-private details of active connections 
   -- CVE-2021-43999: Improper validation of SAML responses 

Observability --
 - Apache SkyWalking Kong version 0.2.0 released

Workflow --
 - Apache DolphinScheduler 2.0.2 released
 - Apache Airflow Helm Chart 1.4.0 released

Did You Know?

 - Did you know that more than 630,000 individuals have contributed to Apache projects and initiatives since the ASF's incorporation in 1999? https://blogs.apache.org/foundation/entry/apache-in-2021-by-the 

 - Did you know that Apache DolphinScheduler won a "2021 OSC Most Popular Projects" award from OSCHINA?

 - Did you know that video recordings from the 2021 TVMCon (Apache TVM and Open Source ML acceleration conference) are now available online?

Apache Community Notices

 - Apache in 2021 - By The Digits + Video highlights 

 - The Apache Month in Review: December 2021 and video highlights

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:56PM Jan 17, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 7 January 2022

Welcome, 2022! We hope that you have had a festive holiday season and are excited to kick off the new year. Here's what happened over the past week:

 - Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.98%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 280 Apache Committers changed 2,780,891 lines of code over 2,868 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Gary Gregory, Mark Thomas, Harikrishna Patnala, and Claus Ibsen. 

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Avro 1.11.0 released
   -- CVE-2021-43045: Possible DOS vulnerabilities in C# Avro SDK

Enterprise Processes Automation / ERP --
 - Apache OFBiz 18.12.05 released

Integration --
 - Apache Camel 3.11.5 (LTS) released 

Mail --
 - Apache James 3.6.1 released
    -- CVE-2021-38542: STARTTLS command injection (IMAP and POP3)
    -- CVE-2021-40110: IMAP vulnerable to a ReDoS
    -- CVE-2021-40111: IMAP parsing Denial Of Service
    -- CVE-2021-40525: Sieve file storage vulnerable to path traversal attacks 

Network Client --
 - Apache Guacamole 1.4.0 released
 - Apache MINA FTPServer 1.1.2 released

Web Frameworks--
 - Apache Struts 2.5.28.3 released
 - Apache Portals 3.1.1 released
   -- CVE-2021-36737: XSS in V3 Demo Portlet
   -- CVE-2021-36738: XSS vulnerability in the JSP version of the Pluto Applicant MVCBean CDI portlet
   -- CVE-2021-36739: XSS vulnerability in the MVCBean JSP portlet maven archetype

Did You Know?

 - Did you know that in 2021, 724 individuals new to the ASF contributed to Apache projects and initiatives? https://s.apache.org/Apache2021Digits

 - Did you know that Apache Druid is frequently used for AdTech data? https://druid.apache.org/

 - Did you know that PulsarSummit Asia 2022 will be held online on January 15-16? https://pulsar-summit.org/

Apache Community Notices

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:38PM Jan 10, 2022 by Swapnil M Mane in Newsletter  |   | 

Apache in 2021 - By The Digits

During 2021 the all-volunteer Apache community has demonstrated unwavering commitment to our tenet of "Community Over Code." Highlights over the past year include —[Read More]

Posted at 06:47PM Jan 03, 2022 by Sally Khudairi in Milestones  |   | 

Apache Month in Review: December 2021

Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in December  [video highlights available] :

New This Month --

- Apache Month in Review: November 2021

Important Dates --

- Next Board Meeting: 19 January 2022. Board calendar and minutes

Infrastructure --

In December, 600 Apache Committers changed 23,123,232 lines of code over 13,572 commits. The Committers with the top 5 highest contributions, in order, were: Gary Gregory, Claus Ibsen, Jean-Baptiste Onofré, Harikrishna Patnala, and Andi Huber.

Project Releases and Updates --
New releases from Apache Airflow (Workflow); APISIX (API); Archiva (Build Management); Calcite (Big Data); Camel (Integration); Daffodil (Libraries); DolphinScheduler (Workflow); Druid (Big Data); Flink (Big Data); Fortress (Identity Management); Geode (Database); Groovy (Programming Languages); HBase (Big Data); HttpComponents (Servers); HTTP Server (Servers); Ignite (Big Data); IoTDB (IoT); Jackrabbit (Content); James (Mail); JMeter (Testing); JSPWiki (Content); Karaf (Application Servers/Middleware); Kyuubi (Incubating; Big Data); Log4j (Libraries); Lucene (Search); MXNet (Incubating; Libraries); NetBeans (Integrated Development Environment); NiFi (Big Data); OFBiz (Enterprise Processes Automation / ERP); Parquet (Big Data); PDFBox (Content); PLC4X (IoT); Pulsar (Messaging); Qpid (Messaging); Skywalking (Application Performance Management); Solr (Search); Struts (Web Frameworks); Tika (Big Data); Tomcat (Servers); Traffic Control (Servers); Wicket (Web Frameworks); and XMLBeans (Library).

Apache Project Anniversaries in December: Apache Portable Runtime (APR; 21 years); Logging Services (18 years); Cayenne and OFBiz (15 years); Synapse (14 years); Camel (13 years); Axis, OpenWebBeans, Pivot (12 years); Aries (11 years); Flex (9 years); Helix (8 years); Flink (7 years); Beam (5 years); Airflow (3 years); Druid (2 years); DataSketches (1 year); ECharts (1 year); and Mnemonic (1 year). Many happy returns!

The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. More than three dozen projects are currently undergoing development in the Apache Incubator.

# # #

To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!

Posted at 04:52PM Jan 03, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 31 December 2021

Here we are --the last day of the year-- we wish everyone a happy new year. Thank you for your dedicated readership: below is our final weekly round-up for 2021; we'll be back in your inbox in 2022:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 183 Apache Committers changed 8,306,446 lines of code over 2,124 commits. Top 5 contributors, in order, are: Gary Gregory, Claus Ibsen, Michael Osipov, Jacques Le Roux, and Tilman Hausherr.

Apache Project Announcements – the latest updates by category.

Application Servers/Middleware --
 - Apache Karaf runtime 4.2.14 and 4.3.5 released 

Big Data --
 - Apache XMLBeans 5.0.3 released

IoT --
 - Apache IoTDB 0.12.4 released 

Eventing --
 - Apache EventMesh (incubating) 1.3.0 released 

Libraries --
 - Apache Log4j 2.3.2 and 2.12.4 released 

Messaging -- 
 - Apache Qpid ProtonJ2 1.0.0-M4 released
 - Apache Pulsar 2.7.4 released

Observability --
 - Apache SkyWalking Nginx LUA 0.6.0 and Satellite 0.5.0 released 

Programming Languages --
 - Apache Groovy 4.0.0-rc-2 released

Testing --
 - Apache JMeter 5.4.3 released

Did You Know?

 - Did you know that the latest details on Apache Log4j vulnerabilities are available on the Apache Logging Services security page? https://logging.apache.org/log4j/2.x/security.html

 - Did you know that dozens of organizations such as Amazon, AT&T, Facebook (Meta), Uber, and Zillow use Apache Sedona (incubating) for their geospatial data processing pipelines? 

 - Did you know that tax-deductible donations support the ASF's day-to-day operations that benefit 350+ Apache Projects and their communities? Donate online using ACH, credit card, PayPal, Apple Pay, Google Pay, and Microsoft Pay https://donate.apache.org/

Apache Community Notices

 - The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 03:25PM Jan 03, 2022 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 24 December 2021

Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 317 Apache Committers changed 9,133,089 lines of code over 3,258 commits. Top 5 contributors, in order, are: Gary Gregory, Harikrishna Patnala, Claus Ibsen, Duo Zhang, and Andi Huber.

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache NiFi 1.15.2 released
 - Apache HBase 3.0.0-alpha-2 released
 - Apache Parquet 1.11.2 and 1.12.2 released
   -- CVE-2021-41561: Potential DoS in case of malicious Parquet file

Build Management --
 - Apache Archiva 2.2.7 released

Content --
 - Apache JSPWiki 2.11.1 released
 - Apache Traffic Control 6.0.2 released
 - Apache Jackrabbit FileVault 3.5.8  released
 - Apache Tika 1.28 and 2.2.1 released

Databases --
 - Apache Geode 1.12.7, 1.13.6, and 1.14.2 released 

Data Management Platform --
 - Apache Ignite 2.11.1 released

IoT --
 - Apache PLC4X 0.9.1 released
   -- CVE-2021-43083: Buffer overflow in PLC4C via crafted server response 

Enterprise Processes Automation / ERP --
 - Apache OFBiz 18.12.04 released 

Libraries --
 - Apache Log4j 2.3.1, 2.12.3, and 2.17.0 released
   -- CVE-2021-45105: Log4j2 does not always protect from infinite recursion in lookup evaluation
 - Apache MXNet (Incubating) 1.9.0 released
 - Apache Daffodil 3.2.1 released

Mail --
  - Apache James 3.6.1 released 

Messaging -- 
 - Apache Qpid JMS 0.60.1, 0.61.0, 1.4.1, and 1.5.0 released
 - Apache Pulsar 2.9.1 released 

Search --
 - Apache Lucene 8.11.1 released
 - Apache Solr 8.11.1 released
   -- CVE-2021-44548: Apache Solr information disclosure vulnerability through DataImportHandler 

Servers --
 - Apache HTTP Server 2.4.52 released
   -- CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua
   -- CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations
 - Apache HttpComponents Core 5.1.3 GA released

Web Frameworks--
- Apache Struts 2.5.28.1 and 2.5.28.2 released 

Workflow --
 - Apache DolphinScheduler 2.0.1 released
 - Apache Airflow 2.2.3 released

Did You Know?

 - Did you know that ASF Security posted the status of more than three dozen Apache Projects in relation to the recent Apache Log4j vulnerability? https://blogs.apache.org/security/entry/cve-2021-44228 (please check individual projects not included in this list for updates)

 - Did you know that Apache Roller (which powers blogs.apache.org) new v6.1.0 contains upgrades for more than a dozen dependencies (including Log4j), along with many bug fixes and improvements to the code base? https://roller.apache.org/

 - Did you know that tax-deductible donations support the ASF's day-to-day operations that benefit 350+ Apache Projects and their communities? Donate online using ACH, credit card, PayPal, Apple Pay, Google Pay, and Microsoft Pay https://donate.apache.org/

Apache Community Notices

 - The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:38PM Dec 27, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 17 December 2021

We're wrapping up another great week with the following activities from the Apache community:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 346 Apache Committers changed 1,957,663 lines of code over 3,699 commits. Top 5 contributors, in order, are: Sebastian Bazley, Claus Ibsen, Owen Nichols, Gary Gregory, and Daniel Gruno.  

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Druid 0.22.1 released
 - Apache Calcite Avatica 1.20.0 released
 - Apache NiFi 1.15.1 released
 - Apache Flink 1.14.2, 1.13.5, 1.12.7, and 1.11.6 released 

Build Management --
 - Apache Archiva 2.2.6 released

Content --
 - Apache Jackrabbit 2.21.9  released
 - Apache Tika 2.2.0 released
 - Apache PDFBox 2.0.25 released 

Databases --
 - Apache Geode 1.12.6, 1.13.5, and 1.14.1 released 

Enterprise Processes Automation / ERP --
 - Apache OFBiz 18.12.03 released

Identity Management --
 - Apache Fortress 2.0.7 released 

Integration --
 - Apache Camel 3.14.0 released

Libraries --
 - Apache Log4j 2.12.2 and 2.16.0 released
   -- CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
   -- CVE-2021-45046: Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

Search --
 - Apache Solr 8.11.1 released 

Servers --
 - Apache HttpComponents HttpAsyncClient 4.1.5 GA released 

Testing --
 - Apache JMeter 5.4.2 released 

Web Frameworks --
 - Apache Struts 2.5.28 released

Did You Know?

 - Did you know that the Apache Logging Services Project Management Committee (PMC) worked around the clock to release v.2.15.0 and v2.16.0 to address the critical Log4j RCE vulnerability? https://logging.apache.org/log4j/2.x/

 - Did you know that many Apache Projects and their communities have provided patches, fixes, or guidelines for their users to mitigate the recent Apache Log4j Zero Day vulnerability? Check the list of Apache Projects affected by the Log4j CVE https://blogs.apache.org/security/entry/cve-2021-44228 , and read our published statement and FAQs at https://blogs.apache.org/foundation/entry/apache-log4j-cves for more information.

 - Did you know that the Apache Local Chapter/Beijing recently celebrated its 2-year anniversary, joining Indore (2.5 years), Warsaw and Budapest (1.5 years), Lagos (4 months), and Shenzhen (launching this week!)? 

- Did you know that individuals and organizations can support the ASF through one-time and recurring tax-deductible donations online using ACH, credit card, and PayPal, as well as Apple Pay, Google Pay, and Microsoft Pay (using your mobile device)? https://donate.apache.org/

Apache Community Notices

 - The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:14PM Dec 20, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 10 December 2021

Hello, everyone --let's review the Apache community's activities from over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 December 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.80%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 286 Apache Committers changed 2,227,208 lines of code over 2,986 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Mark Thomas, Sylwester Lachiewicz, Andi Huber, and Claus Ibsen.

Apache Project Announcements – the latest updates by category.

Apache Attic --provides process and solutions when an Apache project has reached its end of life.
 - Apache Joshua is now retired

Big Data --
 - Apache Kyuubi (incubating) 1.4.0-incubating released

IDE --
 - Apache NetBeans 12.6 released

Libraries --
 - Apache Daffodil 3.2.0 released
 - Apache Log4j 2.15.0 released
   -- CVE-2021-44228: JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Observability --
- Apache SkyWalking 8.9.0, Satellite 0.4.0, and Kubernetes 4.2.0 released

Programming Languages --
 - Apache Groovy 4.0.0-rc-1 released

Search --
 - Apache Lucene 9.0.0 released

Servers --
 - Apache Tomcat 10.1.0-M8 (alpha), 10.0.14, and 9.0.56 released
 - Apache HttpComponents Core 4.4.15 released

Did You Know?

 - Did you know that Banco Central Do Brasil uses Apache Wicket for its Central Bank's Circulation Management System?

 - Did you know that the Apache Pinot Annual Recap and Roadmap MeetUp has been rescheduled to 13 December?

 - Did you know that individuals and organizations can support the ASF through one-time and repeat donations (weekly/monthly/quarterly/annually) online using ACH, credit card, and PayPal, as well as Apple Pay, Google Pay, and Microsoft Pay (using your mobile device)? https://donate.apache.org/

Apache Community Notices

 - The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 09:43PM Dec 13, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 3 December 2021

Welcome, December --we're opening the month with another great week. Here's what the Apache community has been up to:

Apache Month in Review – a round-up of our Round-ups and other newsworthy bits over the past month.
 - November Month in Review

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 December 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.74%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 286 Apache Committers changed 9,525,136 lines of code over 4,725 commits. Top 5 contributors, in order, are: Krist Wongsuphasawat, Jesse Yang, Yongjie Zhao, Gary Gregory, and Ville Brofeldt.

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX 2.11.0 released

Web Frameworks -
 - Apache Wicket 9.7.0 released

Did You Know?

 - Did you know that the following Apache Projects are celebrating anniversaries this month? Congratulations to Apache Ant (19 years); HttpComponents (14 years); Attic, Buildr, CouchDB, and Qpid (13 years); Community Development (12 years); OODT and ZooKeeper (11 years); Kafka and Syncope (9 years); Ambari (8 years); BookKeeper and Drill (7 years); Brooklyn, Groovy, Kylin, and REEF (6 years); Geode (5 years); Guacamole and Impala (4 years); Griffin (3 years); Petri (2 years); Superset and TVM (1 year)!

 - Did you know that Apache Hudi enables streaming of hundreds of terabytes of data into data lakes each day?

 - Did you know that individual and corporate donations help the all-volunteer ASF continue to steward 350+ Apache Projects and their communities, and provide more than $22B worth of Apache software to the public good at 100% no charge? https://donate.apache.org/

Apache Community Notices

- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:50PM Dec 06, 2021 by Swapnil M Mane in Newsletter  |   | 

Apache Month in Review: November 2021

Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in November  [video highlights available] :

New This Month --

- Sponsor Success at Apache - the blog series that focuses on the people and processes behind why the ASF "just works", featuring insights and experiences from the perspective of select ASF Sponsors. The latest entry is "Exploration and Practice of the Apache Way in Tencent" by Mark Shan.

- Apache Month in Review: October 2021

Important Dates --

- Next Board Meeting: 15 December 2021. Board calendar and minutes

- Apache TVM TVMCon - 15-17 December 2021

Infrastructure --

In November, 628 Apache Committers changed 39,505,956 lines of code over 18,511 commits. The Committers with the top 5 highest contributions, in order, were: Krist Wongsuphasawat, Jesse Yang, Ville Brofeldt, Yongjie Zhao, and Mark Thomas. 

Project Releases and Updates --

New releases from Apache Airflow (Big Data); APISIX (API); Arrow (Big Data); Avro (Big Data); Beam (Big Data); Camel (Integration); CloudStack (Cloud Computing); Commons CLI (Libraries); DolphinScheduler (Workflow); Groovy (Programming Languages); HttpComponents (Servers); IoTDB (IoT); Jackrabbit (Content); JSPWiki (Content); Kafka (Big Data); Lucene (Search); MINA (Network Client/Server); NiFi (Big Data); OFBiz (Enterprise Processes Automation / ERP); Ozone (Big Data); POI (Content); Qpid (Messaging); ShardingSphere (Big Data); Skywalking (Application Performance Management); Solr (Search); Struts (Web Frameworks); Superset (Big Data); Tomcat (Servers); Traffic Control (Servers); Traffic Server (Servers); Wicket (Web Frameworks).

Apache Project Anniversaries in November: Apache Ant (19 years); HttpComponents (14 years); Attic, Buildr, CouchDB, and Qpid (13 years); Community Development ("ComDev", 12 years); OODT and ZooKeeper (11 years); Kafka and Syncope (9 years); Ambari (8 years); BookKeeper, Drill, and MetaModel (7 years); Brooklyn, Groovy, Kylin, and REEF (6 years); Geode (5 years); Guacamole, Impala, and Mnemonic (4 years); Griffin (3 years); Petri (2 years); and Superset and TVM (1 year). Many happy returns!

The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. More than three dozen projects are currently undergoing development in the Apache Incubator.

# # #

To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!

Posted at 04:54PM Dec 01, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 26 November 2021

We're wrapping up another great week with the following activities from the Apache community:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 December 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.97%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 303 Apache Committers changed 18,449,074 lines of code over 6,624 commits. Top 5 contributors, in order, are: Krist Wongsuphasawat, Jesse Yang, Ville Brofeldt, Yongjie Zhao, and Harikrishna Patnala.    

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX 2.10.2 released
   -- CVE-2021-43557: Path traversal in request_uri variable

Big Data --
 - Apache Beam 2.34.0 released

Cloud Computing --
 - Apache Kafka 2.6.3 released 

Content --
 - Apache JSPWiki 2.11.0 released
   -- CVE-2021-44140: Arbitrary file deletion on logout
   -- CVE-2021-40369: Cross-site scripting vulnerability on Denounce plugin

Enterprise Processes Automation / ERP --
 - Apache OFBiz 18.12.02 released

Integration --
 - Apache Camel 3.11.4 (LTS) released

Messaging --
 - Apache Qpid Dispatch 1.18.0 released

Did You Know?

 - Did you know that Giving Tuesday, the global day of giving, takes place this year on Tuesday 30 November. Your individual and corporate donations help the all-volunteer ASF continue to steward 350+ Apache Projects and their communities, and provide more than $22B worth of Apache software to the public good at 100% no charge? https://donate.apache.org/

 - Did you know that you can learn more about Apache TVM --the ASF's first full stack software and hardware co-optimization project-- at TVMCon, taking place online and free-of-charge 15-17 December?

 - Did you know that the New Zealand government uses Apache Wicket for its national statistics Website?

Apache Community Notices

- The Apache Month in Review: October 2021 and video highlights

- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 03:27PM Nov 29, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 19 November 2021

Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 December 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.57%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 340 Apache Committers changed 4,175,400 lines of code over 3,102 commits. Top 5 contributors, in order, are: Daniel Gruno, Christofer Dutz, Sebastian Rühl, Sebastian Bazley, and Claus Ibsen.  

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Arrow 6.0.1 released
 - Apache Ozone 1.2.0 released
   -- CVE-2021-36372: Original block tokens are persisted and can be retrieved
   -- CVE-2021-39231: Missing authentication/authorization on internal RPC endpoints
   -- CVE-2021-39232: Missing admin check for SCM related admin commands
   -- CVE-2021-39233: Container-related datanode operations can be called without authorization
   -- CVE-2021-39234: Raw block data can be read bypassing ACL/authorization
   -- CVE-2021-39235: Access mode of block tokens are not enforced
   -- CVE-2021-39236: Owners of the S3 tokens are not validated
   -- CVE-2021-41532: Unauthenticated access to Ozone Recon HTTP endpoints 

Business Intelligence --
 - Apache Superset CVE-2021-42250: Possible log injection

Cloud Computing --
 - Apache CloudStack 4.16.0.0 released

Content --
 - Apache Jackrabbit Oak 1.6.22 released

Integration --
 - Apache Camel 3.13.0 released

IoT --
 - Apache IoTDB 0.12.3 released

Observability --

- Apache SkyWalking Infra E2E 1.1.0 released

Programming Languages --
 - Apache Groovy 4.0.0-beta-2 released

Search --
 - Apache Lucene 8.11.0 released
 - Apache Solr 8.11.0 and Operator v0.5.0 released

Servers --
 - Apache Tomcat 8.5.73, 9.0.55, 10.0.13, 10.1.0-M7 (alpha) released
 - Apache HttpComponents Client 5.1.2 GA released
 - Apache Traffic Control: CVE-2021-43350: LDAP filter injection vulnerability in Traffic Ops

Web Frameworks --
 - Apache Struts 2.5.27 released

Did You Know?

 - Did you know that the ASF's Corporate Contribution options include Employee Giving Programs, Volunteer Grants, and Corporate Matching Gifts? End-of-year donations are welcome in any amount --thank you in advance for considering supporting the ASF! https://apache.org/foundation/contributing#support-the-asf-today

 - Did you know that Apache Pinot was featured in the Disney comedy film, "Home Sweet Home Alone"? https://twitter.com/ApachePinot/status/1459378780586262528

 - Did you know that Apache DolphinScheduler v2.0 is 20x more performant than previous versions? http://dolphinscheduler.apache.org/

Apache Community Notices

- The Apache Month in Review: October 2021 and video highlights

- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:32PM Nov 22, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache Weekly News Round-up: week ending 12 November 2021

Hello, everyone --let's review the Apache community's activities from over the past week:

Sponsor Success at Apache – the blog series that focuses on the people and processes behind why the ASF "just works", featuring insights and experiences from the perspective of select ASF Sponsors
 - "Exploration and Practice of the Apache Way in Tencent" by Mark Shan

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 17 November 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.94%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 352 Apache Committers changed 11,730,654 lines of code over 3,823 commits. Top 5 contributors, in order, are: Krzysztof Kopyściński, Mark Thomas, Andrea Cosentino, Adam Kocoloski, and Tomaž Muraus.

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache NiFi 1.15.0 released
 - Apache ShardingSphere 5.0.0 released

Business Intelligence --
 - Apache Superset CVE-2021-41972: Credentials leak

Content --
 - Apache Jackrabbit 2.20.4 and Jackrabbit Oak 1.8.25 released
 - Apache Traffic Control 6.0.1 released and CVE-2021-43350: LDAP filter injection vulnerability in Traffic Ops

Messaging --
 - Apache Qpid Proton 0.36.0 released

Did You Know?

 - Did you know that the Apache Unomi community will be holding their first Unomi developer MeetUp online and free of charge on 18 November?

 - Did you know that the Apache Ignite community are preparing for the vote on v2.12, are redesigning their project Website, and will be kicking off Ignite Summit Cloud Edition 16 November? Catch up on a busy week ahead!

 - Did you know that Uber Eats' new real-time exactly-once ad event processing is powered by Apache Flink, Apache Kafka, and Apache Pinot? 

Apache Community Notices

- The Apache Month in Review: October 2021 and video highlights

- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 02:46PM Nov 15, 2021 by Sally Khudairi in Newsletter  |   | 

The Apache News Round-up: week ending 5 November 2021

Welcome November --we've closed October with another great week. Here are the latest updates on the Apache community's activities:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 17 November 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998.
 - Our 2021 events are complete: thanks to all speakers, sponsors, participants, and planners for their great turnout!
 - Presentations for ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the Apache Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 309 Apache Committers changed 6,052,770 lines of code over 2,644 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Claus Ibsen, Yuan Tian, Andrea Cosentino, and Sebastian Rühl.  

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Arrow 6.0.0 released
 - Apache Avro 1.11.0 released

Content --
 - Apache POI 5.1.0 released

Enterprise Processes Automation / ERP --
 - Apache OFBiz 18.12.01 released

Libraries --
 - Apache Commons CLI 1.5.0 released

Network Client/Server --
 - Apache MINA 2.0.22 and 2.1.5 released
   -- CVE-2021-41973: HTTP listener DOS

Observability --
 - Apache SkyWalking Java Agent 8.8.0 released

Servers --
 - Apache Traffic Server 9.1.1 and 8.1.3 released
 - Apache HttpComponents Client 5.2-alpha1 released

Web Frameworks -
 - Apache Wicket 9.6.0 released

Workflow --
 - Apache Airflow 2.2.1 released
 - Apache DolphinScheduler CVE-2021-27644: mysql jdbc connector parameters deserialize remote code execution

Did You Know?

 - Did you know that the following Apache Projects are celebrating anniversaries this month? Congratulations to Apache Ant (19 years); HttpComponents (14 years); Attic, Buildr, CouchDB, and Qpid (13 years); ComDev (12 years); OODT and ZooKeeper (11 years); Kafka and Syncope (9 years); Ambari (8 years); BookKeeper and Drill (7 years); Brooklyn, Groovy, Kylin, and REEF (6 years); Geode (5 years); Guacamole and Impala (4 years); Griffin (3 years); Petri (2 years); as well as Superset and TVM (1 year)

 - Did you know that Druid Summit Americas and EMEA events and watch parties start on 9 November? Secure your spot today!

 - Did you know that Ignite Summit Cloud Edition kicks off on 16 November? Learn more at http://ignite.apache.org/

Apache Community Notices

- The Apache Month in Review: October 2021 https://s.apache.org/October2021 and video highlights https://youtu.be/3rPR6tNt-dg

- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from ApacheCon Asia are available on YouTube

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

Posted at 03:31PM Nov 08, 2021 by Swapnil M Mane in Newsletter  |   |