The Apache Software Foundation
Blogging in Action.

The Apache News Round-up: week ending 23 July 2021

Happy Friday! Let's review at what's happened with the Apache community over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 18 August 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September) are being held online and free-of-charge:
 - The Apache® Software Foundation Welcomes its Global Community Online at ApacheCon Asia https://s.apache.org/ACAsia2021
    -- Learn more about the ApacheCon Asia from Sheng Wu and Willem Jiang at https://youtube.com/watch?v=hfRCrpnbDhc
 - Program, registration, and Sponsorship opportunities available for both events https://www.apachecon.com/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 321 Apache Committers changed 2,697,642 lines of code over 2,627 commits. Top 5 contributors, in order, are: Mark Thomas, Hugh Miles, Tilman Hausherr, Gary Gregory, and Andrea Cosentino.      

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX Java Plugin Runner 0.1 and Go Plugin Runner 0.1.0 released https://apisix.apache.org/

Big Data --
 - Apache NiFi 1.14.0 released http://nifi.apache.org/

Content --
 - Apache Tika 2.0.0 released https://tika.apache.org/

Databases --
 - Apache Impala 4.0.0 released https://impala.apache.org
   -- CVE-2021-28131: Impala logs contain secrets https://s.apache.org/i92m6

Libraries --
 - Apache Commons Numbers 1.0 released https://commons.apache.org/
 - Apache Commons VFS 2.9.0 released http://commons.apache.org/proper/commons-vfs/

Mail --
 - Apache James MIME4J 0.8.5 released https://james.apache.org/

Web Conferencing --
 - Apache OpenMeetings 6.1.0 released https://openmeetings.apache.org/

Did You Know?

- Did you know that the ASF's Infrastructure team are hiring a new sysadmin to the team? Do you or someone you know have what it takes? Learn more and apply at https://www.indeed.com/job/infrastructure-systems-administrator-e4048d477e40ae7e

- Did you know that Apache Cassandra powers the Woods Hole Oceanographic Institution's Ocean Observatories Initiative network that provides real-time data delivery from 800+ instruments to address the world's oceans' critical scientific issues? http://cassandra.apache.org/

- Did you know that the "Trillions and Trillions Served" documentary on The Apache Software Foundation comprised 65 hours of filming over 8 terrabytes of footage? https://youtube.com/watch?v=JUt2nb0mgwg&feature=youtu.be

Apache Community Notices

- The Apache Month in Review: June 2021 https://s.apache.org/June2021 and video highlights https://youtu.be/yIE8SSHw2iw

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions-WhyApache 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 10:37AM Jul 23, 2021 by Sally Khudairi in Newsletter  |   | 

The Apache News Round-up: week ending 16 July 2021

The week has zipped by --it's Friday already-- and it's time to take a look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 July 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September) are being held online and free-of-charge:
 - The Apache® Software Foundation Welcomes its Global Community Online at ApacheCon Asia https://s.apache.org/ACAsia2021
 - Program, registration, and Sponsorship opportunities available for both events https://www.apachecon.com/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.96%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 339 Apache Committers changed 1,212,020 lines of code over 2,824 commits. Top 5 contributors, in order, are: Gary Gregory, Andrea Cosentino, Alex Herbert, Till Rohrmann, and Shen Yi.     

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Beam 2.31.0 released https://beam.apache.org/
 - Apache XMLBeans 5.0.1 released  https://xmlbeans.apache.org/

Build Management --
 - Apache Ant 1.9.16 and 1.10.11 released https://ant.apache.org/
   -- CVE-2021-36374: ZIP and ZIP based, archive denial of service https://s.apache.org/zpczu
   -- CVE-2021-36373: TAR archive denial of service https://s.apache.org/4q75p

Content --
 - Apache Jackrabbit 2.21.7 released http://jackrabbit.apache.org/

Identity Management --
 - Apache Fortress 2.0.6 released http://directory.apache.org/fortress/

Integration --
 - Apache Camel 3.7.5 released https://camel.apache.org/

Libraries --
 - Apache Commons Compress 1.21 released https://commons.apache.org/compress/
   -- CVE-2021-36090: Compress 1.0 to 1.20 denial of service vulnerability https://s.apache.org/q8amn
   -- CVE-2021-35517: Compress 1.1 to 1.20 denial of service vulnerability https://s.apache.org/c62m8
   -- CVE-2021-35516: Compress 1.6 to 1.20 denial of service vulnerability https://s.apache.org/10vmz
   -- CVE-2021-35515: Compress 1.6 to 1.20 denial of service vulnerability https://s.apache.org/nr26m 
 - Apache Commons IO 2.11.0 released https://commons.apache.org/proper/commons-io

Messaging --
 - Apache Qpid JMS 1.1.0 released https://qpid.apache.org/

Network Client/Server --
 - Apache MINA CVE-2021-30129: DoS/OOM leak vulnerability in SSHD Server https://s.apache.org/3oiwl

Observability --
 - Apache SkyWalking Client JS 0.6.0 released https://skywalking.apache.org/

Servers --
 - Apache Tomcat CVE-2021-30639: Denial of Service https://s.apache.org/j21aj
   -- CVE-2021-33037: HTTP request smuggling https://s.apache.org/9sjso
   -- CVE-2021-30640: JNDI realm authentication weakness https://s.apache.org/hcsp0

Web Frameworks --
 - Apache Wicket 8.13.0 released https://wicket.apache.org/

Did You Know?

- Did you know that Airbnb’s Minerva observability platform uses Apache Druid to achieve metric consistency at scale? https://druid.apache.org/ 

- Did you know that the Apache Ignite 3.0.0 Alpha 2 Build Community Gathering will take place on 20 July? https://ignite.apache.org/

- Did you know that the next ApacheTVM community meeting will take place online on 22 July? https://tvm.apache.org/community 

Apache Community Notices

- The Apache Month in Review: June 2021 https://s.apache.org/June2021 and video highlights https://youtu.be/yIE8SSHw2iw

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 10:45AM Jul 16, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache News Round-up: week ending 9 July 2021

Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 July 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events are being held in 2021:
 - ApacheCon@Home (21-23 September) - program and registration are live https://www.apachecon.com/acah2021/
 - ApacheCon Asia (6-8 August) - program, registration, keynotes, and sponsors announced https://s.apache.org/ACAsia2021
 - Sponsorship opportunities available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.85%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 321 Apache Committers changed 1,403,021 lines of code over 2,485 commits. Top 5 contributors, in order, are: Shawn McKinney, Claus Ibsen, Dan Haywood, Gary Gregory, and Andi Huber.   

Apache Project Announcements – the latest updates by category.

Apache Attic --provides process and solutions when an Apache project has reached its end of life. http://attic.apache.org/
 - Apache Sqoop is now retired https://s.apache.org/0e51t

Big Data --
 - Apache ShardingSphere ElasticJob 3.0.0 released https://shardingsphere.apache.org

Build Management --
 - Apache AntUnit 1.4.1 released https://ant.apache.org/

Cloud Computing --
 - Apache CloudStack 4.15.1.0 LTS released https://cloudstack.apache.org/

Content --
 - Apache Tika 1.27 released https://tika.apache.org/
 - Apache UIMA Java SDK 2.11.0 released https://uima.apache.org/

Libraries --
 - Apache Jena Fuseki CVE-2021-33192: Display information UI XSS https://s.apache.org/r4893

Messaging --
 - Apache Qpid Proton 0.35.0 and Dispatch 1.16.1 released http://qpid.apache.org/

Servers --
 - Apache Tomcat 8.5.69, 9.0.50, 10.0.8 and 10.1.0-M2 (alpha) released https://tomcat.apache.org/

Web Frameworks --
 - Apache Wicket 9.4.0 released https://wicket.apache.org/

Did You Know?

- Did you know that Apache OpenOffice delivers up to 2.4 Million downloads each month? https://openoffice.apache.org/

- Did you know that Nielsen Marketing Cloud uses Apache Druid for audience and marketing performance analysis? https://druid.apache.org/ 

- Did you know that Apache ShardingSphere has a new blog post that details their v5.0.0 beta release? https://shardingsphere.apache.org/blog/en/material/ss_5.0.0beta/

Apache Community Notices

- The Apache Month in Review: June 2021 https://s.apache.org/June2021 and video highlights https://youtu.be/yIE8SSHw2iw

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 11:10AM Jul 09, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache News Round-up: week ending 2 July 2021

Hello, July --we're midway through the year already. It's been another great week; let's see what the Apache community has been up to:

Apache Month in Review – a round-up of our Round-ups and other newsworthy bits over the past month.
 - June Month in Review https://s.apache.org/June2021 --video highlights at https://youtu.be/yIE8SSHw2iw

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 July 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events are being held in 2021:
 - ApacheCon@Home (21-23 September) - program and registration are live https://www.apachecon.com/acah2021/
 - ApacheCon Asia (6-8 August) - program, registration, keynotes, and sponsors announced https://s.apache.org/ACAsia2021
 - Sponsorship opportunities available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 349 Apache Committers changed 3,463,699 lines of code over 4,141 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Xiaoxiang Yu, Penghui Li, Andrea Cosentino, and Tellier Benoit.

Apache Project Announcements – the latest updates by category.

Apache Attic --provides process and solutions when an Apache project has reached its end of life. http://attic.apache.org/
- Apache MetaModel is now retired https://s.apache.org/69b1q

Big Data --
 - Apache Druid CVE-2021-26920: The HTTP inputSource allows authenticated users to read data from other sources than intended https://s.apache.org/e5oai

Databases --
 - Apache Geode 1.13.3 and 1.12.3 released http://geode.apache.org/

Integration --
 - Apache Camel 3.11.0 released https://camel.apache.org/

Did You Know?

- Did you know that the following Apache projects are celebrating anniversaries this week? Many happy returns to Apache Tcl (21 years), DB (19 years); STeVe (9 years); JSPWiki (8 years); Celix and Tez (7 years); NiFi (6 years); Kudu (5 years); Fluo, MADlib, and Streams (4 years); OpenWhisk (2 years); APISIX (1 year) https://projects.apache.org/committees.html?date

- Did you know that Airflow Summit kicks off 8-16 July? https://airflow.apache.org/

- Did you know that FlinkForward Global will be held virtually 26-27 October? https://flink.apache.org/

Apache Community Notices

- The Apache Month in Review: June 2021 https://s.apache.org/June2021 and video highlights https://youtu.be/yIE8SSHw2iw

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 12:14PM Jul 02, 2021 by Sally Khudairi in Newsletter  |   | 

Apache Month in Review: June 2021

Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in June (video highlights available at https://youtu.be/yIE8SSHw2iw ):

New this month --

 - Success at Apache – the blog series that focuses on the people and processes behind why the ASF "just works".
   Security in Practice by Jarek Potiuk https://s.apache.org/1upl4

 - Apache Attic --provides process and solutions when an Apache project has reached its end of life http://attic.apache.org/
   Apache MetaModel is now retired https://s.apache.org/69b1q

 - Apache Month in Review: May 2021 https://s.apache.org/May2021 + Video highlights https://youtu.be/ByiPjxGu_Tg

Important Dates --

 - Next Board Meeting: 21 July 2021. Board calendar and minutes http://apache.org/foundation/board/calendar.html

 - ApacheCon™ --the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998-- will be held twice in 2021:
   --ApacheCon Asia - 6-8 August
   --ApacheCon@Home - 21-23 September
  Program, Registration, and Sponsorship available for both events https://www.apachecon.com/
  The Apache® Software Foundation Welcomes its Global Community Online at ApacheCon Asia 2021 https://s.apache.org/ACAsia2021

Infrastructure --

In June, 703 Apache Committers changed 14,997,996 lines of code over 12,720 commits. The Committers with the top 5 highest contributions, in order, were: Mark Thomas, Andrea Cosentino, Daniel Haywood, Andi Huber, and Benoit Tellier.  

Project Releases and Updates --

New releases from Apache Airflow (Workflow); Arrow (Big Data); Calcite (Big Data); Camel (Integration); Commons (Libraries); CXF (Libraries); Drill (Big Data); Druid (Big Data); Flink (Big Data); HTTP Server (Servers); IoTDB (IoT); Jackrabbit (Content); Kudu (Big Data); Logging Chainsaw (Libraries); Lucene (Search); MyFaces (Web Frameworks); NetBeans (IDE); NLPCraft (Natural Language Processing); PDFBox (Content); Pulsar (Messaging); Qpid (Messaging); ShardingSphere (Big Data); SkyWalking (Observability); Solr (Search); Tika (Content); Tomcat (Servers)

The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. New to the Apache Incubator in June is Kyuubi, a distributed multi-tenant Thrift JDBC/ODBC server for Big Data management, processing, and analytics. We invite you to review the many projects currently in development in the Apache Incubator, including recent additions in the advertising, Big Data, geospatial, machine learning, messaging, natural language understanding, orchestration, and scheduling categories http://incubator.apache.org/ .

# # #

To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!

Posted at 01:15PM Jul 01, 2021 by Sally Khudairi in Milestones  |   | 

The Apache News Round-up: week ending 25 June 2021

So long, June --let's review the Apache community's weekly activities:

Success at Apache – the blog series that focuses on the people and processes behind why the ASF "just works".
 - Security in Practice by Jarek Potiuk https://s.apache.org/1upl4

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 July 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events are being held in 2021:
 - ApacheCon@Home (21-23 September) - program and registration are live https://www.apachecon.com/acah2021/
 - ApacheCon Asia (6-8 August) - program, registration, keynotes, and sponsors announced https://s.apache.org/ACAsia2021
 - Sponsorship opportunities available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.72%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 338 Apache Committers changed 2,475,387 lines of code over 2,883 commits. Top 5 contributors, in order, are: Mark Thomas, Jarek Potiuk, Claus Ibsen, Otavio Rodolfo Piske, and Dan Haywood.        

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache ShardingSphere 5.0.0-beta released https://shardingsphere.apache.org
 - Apache Arrow 4.0.1 released https://arrow.apache.org/
 - Apache Qpid Broker-J 8.0.5 released https://qpid.apache.org/
 - Apache Kudu 1.15.0 released https://kudu.apache.org/

Integration --
Search --

Did You Know?

- Did you know that the Apache Pinot (incubating) injests with Apache Kafka, Spark, HDFS or Cloud storages, and is ideal for real-time analytics when scaling to billions of records? http://pinot.apache.org/

- Did you know that Apache ECharts has more than three dozen chart types (plus dark mode) to choose from? http://echarts.apache.org/

- Did you know that the Airflow Summit will be held 8-16 July? https://airflow.apache.org/

Apache Community Notices

- The Apache Month in Review: May 2021 https://s.apache.org/May2021 and video highlights https://youtu.be/ByiPjxGu_Tg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 11:35AM Jun 25, 2021 by Sally Khudairi in Newsletter  |   | 

Success at Apache: Security in Practice

by Jarek Potiuk

This post is about the Apache Software Foundation's Security process and security mindset of the Apache Software project’s PMC put to the best use in practice. From this post you can learn why security practices we apply at our projects are important and how they work when they are applied correctly and when the right security-driven mindset is applied by the PMCs but also how important it is for the users of the Apache Software Foundation projects to keep their software updated - including latest security fixes.

The idea of this article was triggered by a recent blog post of the security researcher Ian Caroll that has earned USD 13.000 on bug bounties by simply following up the results of Apache Security process applied by the Apache Airflow PMC. This saved quite a few businesses a lot of trouble, but it was only possible due to the foundations laid down by the ASF and the PMC of the project.

Here is what Ian Caroll has to say about it: “This issue was a great example of how ASF's transparent way of fixing and disclosing vulnerabilities worked to protect users of their software, and gave many organizations a wake-up call on ensuring they upgrade and protect their open-source software.”

Apache Airflow is one of the most common orchestration software used in the industry currently, and due to its nature, it sounds like an important vector of attack - if you run it internally in your company, you are likely to interact with pretty much all your systems, and if you manage to break in through Airflow, it might cascade into as many systems you connect to. Therefore the Apache Airflow PMC takes security very seriously. So seriously that we have the whole discussion panel about Apache Airflow Security at the Airflow Summit that is coming soon - July 8-16th.

This post's main point is to show how important it is to follow the security best practices for all the software lifecycle and how important it is to think about it at every step of building and releasing the software (and beyond).

Let's start from the very beginning: making sure the code development process is secure. Like most of the ASF projects, the Apache Airflow project is developed in GitHub and together with a growing number of projects we use GitHub Actions to run continuous integration. There are a number of best practices and security hardening practices published by Github that you should follow when you run your CI with GitHub Actions, and we rigorously follow them, including monitoring of the "Security blog of GitHub" and following it’s advisories.

And we have not stopped there. We actively think and discuss the potential security threats and ways how - for example supply chain attacks can be performed on our project, and we share our findings at the discussion mailing lists of the ASF and introducing recommendations for all ASF projects to make use of the best practices. One of the results there is documenting the practices and sharing them at the builds@apache.org. But we also raised a few security issues to GitHub and as a result of that (at least that’s the feedback we got from GitHub) they implemented some improvements that we apply in practice. The recent example of that is a change implemented by GitHub to allow control of permissions of the GitHub Token used during the CI build which resulted in this PR. Few months ago, we raised concern that having the blanket "write" permission is quite dangerous, and GitHub responded and implemented the change, which allowed us to limit the scope of tokens used for our builds and increase protection against a wide range of attacks - with the supply-chain attacks being recently the most prominent ones, leading to ransomware threats and millions of dollars paid to hackers. 

This is where the security mindset for the Apache Airflow PMC starts with and this lays the foundation for the next steps where the Apache Software Foundation takes a crucial role in - releasing the software and monitoring for security vulnerabilities. The ASF has a rather well established process for disclosing and following up with security vulnerabilities for the ASF projects. One that is very straightforward and simple to follow for everyone involved - starting from security researchers, who raise those issues, going through the voluntary (!) security team of the ASF that has to handle (from the upcoming annual report) 387 reports of possible vulnerabilities spanned across 95 of the top level ASF projects, which led to 155 CVEs (Common Vulnerabilities and Exposures) assigned, and end up with the PMC that has to handle solving the issues and follow up with reporting. Heck, ASF even introduced an internal portal to report and keep track of all the CVEs as well as report the yearly security summary report and video.

This process is very clear about responsible disclosure and publishing the vulnerabilities, the way how security researchers, the ASF security team and PMC can collaborate when security is discovered. Quite a recent experience there was discovering and announcing CVE-2021-29621: User enumeration in database authentication in Flask-AppBuilder. This issue was reported to the ASF - following the process - by Dolev Farhi he responsibly disclosed it together with proof-of-concept reproducible scenario that allowed us to quickly verify that the issue exists and (more importantly) that allowed us to verify that the issue is fixed when we fixed it. 

At the end of the process this is the message we got from Dolev: "Truly enjoyed working with you. Thanks so much for your help in bringing this to closure and making Airflow what it is."

The CVE was an interesting one because it was not an issue with the Airflow code, but it was introduced by a dependency of Airflow - Flask-AppBuilder. Fortunately the process is built in the way that we can involve and collaborate with other projects in solving it, and we got excellent support from Daniel Gaspar. We tried and tested the fix locally, provided it to Daniel which let Daniel quickly implement it and release a new version of Flask AppBuilder fixing it. This was also important for the Apache Superset project (Daniel is a PMC there as well) which also uses Flask-AppBuilder and suffered from the same vulnerability. This shows how security is a distributed issue and how much cooperation is important and how much a good security process should embrace it. I truly enjoyed cooperation with Daniel, and Dolev as we helped to test release candidate of Flask AppBuilder. Later on, when the CVE was published, we announced it following the regular announcement process.

Here is what Daniel has to say about it: "A great example of multiple open source projects working together, elevating each other to higher quality. The whole is greater than the sum of the parts. Got a clear report with a proposed fix, reproducible steps all backed by the ASF security process, it was a breeze to fix and release." 

This leads to the most important point. We can do only as much as we can when it comes to developing and releasing our software. But then it’s up to our users to upgrade to the latest versions. If they don’t, they remain vulnerable. This was the actual reason for the blog post I mentioned initially - despite announcing a CVE-2020-17526 and releasing a fixed version a long time ago, many of our users did not follow the announcements and did not upgrade to the latest version of Airflow. I must stress here the importance of this step - as long as our users do not upgrade to fixed versions, there is not much we can do to help them. It's all in our users' hands! This time it ended up with just USD 13.000 paid to Ian in the form of bounties, because Ian is a responsible security researcher (so called "white hat"). But imagine some bad characters doing the same thing Ian did.

Of course we understand that this might sometimes be difficult to migrate to newer versions of a software, but here we also have another solution that we applied last year, and one that might seem surprising at first, but makes perfect sense when you look at the consequences. Consistent versioning and release support predictability. When we announced Airflow 2.0 last year, there was a small but important change we introduced - full support for Semantic Versioning which we follow rigorously since. We also published a predictable version lifecycle. Why is this important ? Because the users might be pretty sure that they can safely upgrade “patchlevel” version of Airflow when it gets released without even thinking about potential migration problems. Also when you release the "feature" - minor version of Airflow, we promise it is backwards-compatible and even if the migration process might be a bit longer, they can apply it without worrying about spending a lot of time for the migration of their DAGs (DAGs are the users workflow definitions that some of our customers have many thousands of as their entire data processing is orchestrated by Airflow). 

We also publish (and will continue to) the support schedule for our major releases, so that the users can be prepared and plan migration to new major releases in advance. As with all software we sometimes will implement backwards-incompatible changes which will cause our users to spend more time on migrations. Those old releases will stop receiving security fixes at some date and the best you can do as a user is to migrate to the supported version before the date!

Which leads to the last and most important point in this article. If you are a diligent reader and look at the announcement I mentioned above for CVE-2021-29621, you will see that the fix for that is only released for Airflow 2 series. Why? Because Airflow 1.10 just reached its end-of-life on June 17th 2021. When we released Airflow 2, half a year ago, we agreed in the community that we will only support Airflow 1.10 with critical/security fixes for 6 months. And we did - for example the CVE-2020-17526 has been addressed in the Airflow 1.10.14. 

But this time is over now. This is the first security vulnerability that we addressed only for Airflow 2. If you are still using Airflow 1.10 - you are on your own now. You are no longer protected by the security process of the ASF, the security team of ASF and airflow PMC. What’s even more - security researchers who raise the issues, even if they find it, might not be eager to responsibly disclose it, knowing also that the issue will not be fixed anyway. When you read about the next ransomware attack and millions of dollars paid, think if you would like one day your company to face this kind of dilemma. Even if it costs time and money to keep your software updated, preventing this kind of problem is far cheaper than dealing with the consequences of such an attack.

Upgrade NOW! to the latest release of Airflow 2 and keep on doing it for the future releases!

Be sure to join us at Airflow Summit online 8-16 July https://airflowsummit.org/ --registration is free and open to all.

# # #

Jarek Potiuk started to work on the Apache Airflow project in September 2018. He became an Apache Airflow committer in April 2019 and a member of the Apache Airflow Project Management Committee (PMC) in October 2019. He was elected an ASF Member in April 2021. He is an Apache project mentor in Outreachy and Google Summer of Code and was a mentor in Google Season of Docs. Jarek is an independent Open Source Contributor and Advisor and always keen on making it easier for people with different backgrounds to join OSS projects. = = = "Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works" https://blogs.apache.org/foundation/category/SuccessAtApache 

Posted at 04:52PM Jun 23, 2021 by Sally Khudairi in SuccessAtApache  |   | 

The Apache News Round-up: week ending 18 June 2021

The week has zipped by --it's Friday already-- and it's time to take a look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 21 July 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events are being held in 2021:
 - ApacheCon@Home (21-23 September) - NEW: program is live; registration is open https://www.apachecon.com/acah2021/
 - ApacheCon Asia (6-8 August) - program, registration, keynotes, and sponsors announced https://s.apache.org/ACAsia2021
 - Sponsorship opportunities available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.98%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 328 Apache Committers changed 7,971,444 lines of code over 2,795 commits. Top 5 contributors, in order, are: Andi Huber, Mark Thomas, Andrea Cosentino, Tellier Benoit, and Hugh Miles.    

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Druid 0.21.1 released https://druid.apache.org/
 - Apache Drill 1.19.0 released  https://drill.apache.org/

Servers --
 - Apache Tomcat 8.5.68 and 10.1.0-M1 (alpha) released https://tomcat.apache.org/

Did You Know?

- Did you know that registration for ApacheCon Asia and ApacheCon@Home is free, and allows participants to choose to support the events by making an optional donation of $10, $20, or $50? https://www.apachecon.com/

- Did you know that the Apache HTTP Server project are using libera for their user support channel? Join the main channel on #httpd and #httpd-dev for the dev community --to connect, check out https://libera.chat/guides/connect . http://httpd.apache.org/

- Did you know that Apache Pinot (incubating) will be holding an online MeetUp on 22 June? https://www.meetup.com/apache-pinot/events/277817649/

Apache Community Notices

- The Apache Month in Review: May 2021 https://s.apache.org/May2021 and video highlights https://youtu.be/ByiPjxGu_Tg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 06:26AM Jun 18, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache News Round-up: week ending 11 June 2021

Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 June 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events are being held in 2021:
 - ApacheCon Asia (6-8 August) - program, registration, keynotes, and sponsors announced https://s.apache.org/ACAsia2021
 - ApacheCon@Home (21-23 September) - registration is open https://www.apachecon.com/acah2021/register.html 
 - Sponsorship opportunities available for both events https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.45%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 371 Apache Committers changed 2,051,196 lines of code over 3,026 commits. Top 5 contributors, in order, are: Dan Haywood, Mark Thomas, Andrea Cosentino, Claus Ibsen and Andi Huber.     

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Calcite 1.27.0 released https://calcite.apache.org/

Servers --
 - Apache Tomcat Native 1.2.30 released https://tomcat.apache.org/

Web Frameworks --
 - Apache MyFaces Core 3.0.1 released http://myfaces.apache.org/

Did You Know?

- Did you know that the following Apache projects are celebrating their anniversary this month? Many happy returns to Apache SpamAssassin (17 years); Santuario (15 years); Commons and Wicket (14 years); Sling (12 years); Karaf (11 years); Flume and VCL (9 years); Mesos (8 years); Atlas and Mynewt (4 years)! https://projects.apache.org/committees.html?date

- Did you know that the Apache SkyWalking Day, originally scheduled for 20 June in Shenzhen, has been cancelled? https://skywalking.apache.org/

- Did you know that Apache PLC4X has just received their vendor ID for the PROFIBUS and PROFINET standard specifications with the aim of providing the first truly Open Source Profinet Master driver? https://plc4x.apache.org/

Apache Community Notices

- The Apache Month in Review: May 2021 https://s.apache.org/May2021 and video highlights https://youtu.be/ByiPjxGu_Tg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 07:51AM Jun 11, 2021 by Sally Khudairi in Newsletter  |   | 

The Apache News Round-up: week ending 4 June 2021

Hello, June --let's take a look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 June 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events are being held in 2021: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September).
 - Registration and sponsorship opportunities available for both events https://www.apachecon.com/

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 357 Apache Committers changed 2,152,074 lines of code over 2,986 commits. Top 5 contributors, in order, are: Albumen Kevin, Andrea Cosentino, Gary Gregory, Gilles Sadowski, and Daniel Gruno.     

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Flink 1.13.1 released https://flink.apache.org/

Content --
 - Apache Tika 2.0.0-BETA released https://tika.apache.org/

IDE --
 - Apache NetBeans 12.4 released http://netbeans.apache.org/

Integration --
 - Apache Camel 2.25.4 released https://camel.apache.org/

Libraries --
  - Apache Commons IO 2.9.0 released https://commons.apache.org/proper/commons-io/

Messaging --
 - Apache Qpid ProtonJ2 1.0.0-M2 released https://qpid.apache.org/

Observability --
 - Apache SkyWalking NodeJS 0.3.0 released https://skywalking.apache.org/

Servers --
 - Apache HTTP Server 2.4.48 released https://httpd.apache.org/

Web Frameworks --
 - Apache MyFaces Core v2.3-next-M6 released http://myfaces.apache.org/

Did You Know?

- Did you know that Pulsar Virtual Summit North America 2021 (16-17 June) is offering 20 free tickets to the Apache community on a first come, first served basis? Sign up at https://s.apache.org/llazg

- Did you know that registration is open for SkyWalking Day (19 June), co-organized with Tengyuan Club and hosted by Tencent? https://s.apache.org/SkyWalkingDay2021

- Did you know that the program for Airflow Summit 2021 (8-16 July) is now available? https://airflowsummit.org/schedule/ 

Apache Community Notices

- The Apache Month in Review: May 2021 https://s.apache.org/May2021 and video highlights https://youtu.be/ByiPjxGu_Tg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 01:36PM Jun 04, 2021 by Sally Khudairi in Newsletter  |   | 

Apache Month in Review: May 2021

Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in May (video highlights available at https://youtu.be/ByiPjxGu_Tg ):

New this month --

 - The Apache Attic provides process and solutions when an Apache project has reached its end of life. Apache Trafodion has retired https://s.apache.org/57y49

 - Apache Month in Review: April 2021 https://s.apache.org/Apr2021 + Video highlights https://youtu.be/EOA1L1PjCYg

Important Dates --

 - Next Board Meeting: 16 June 2021. Board calendar and minutes http://apache.org/foundation/board/calendar.html

 - ApacheCon™ --the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998-- will be held twice in 2021:
   --ApacheCon Asia - 6-8 August
   --ApacheCon@Home - 21-23 September
  Registration and sponsorship opportunities for both events available at https://www.apachecon.com/

Infrastructure --

In May, 699 Apache Committers changed 6,744,402 lines of code over 13,427 commits. The Committers with the top 5 highest contributions, in order, were: Jean-Baptiste Onofré, Andrea Cosentino, Mark Thomas, Albumen Kevin, and Daniel Haywood.  

Project Releases and Updates --

New releases from Apache ActiveMQ (Messaging); Airflow (Big Data); Allura (Content); APISIX (API); Calcite (Big Data); Camel (Integration); Daffodil (Libraries); Fineract (FinTech); Flink (Big Data); HttpComponents (Servers); Jackrabbit (Content); Kafka (Big Data); Karaf (Application Servers/Middleware); Log4cxx (Libraries); MyFaces (Web Frameworks); OpenOffice (Content); Pulsar (Messaging); Qpid (Messaging); Skywalking (Application Performance Management); Tomcat (Servers); UIMA (Content).

The Apache Incubator is the primary entry path for projects wishing to become an official part of the ASF. New to the Apache Incubator in May is ShenYu, a Microservices API gateway. We invite you to review the many projects currently in development in the Apache Incubator, including recent additions in the advertising, Big Data, geospatial, machine learning, messaging, natural language understanding, orchestration, and scheduling categories http://incubator.apache.org/ .

# # #

To see our Weekly News Round-ups (published every Friday), visit https://blogs.apache.org/foundation/ and click on the calendar or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. We appreciate your support!

Posted at 12:47PM Jun 01, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache News Round-up: week ending 28 May 2021

Farewell, May --we're wrapping up the month with another great week. Here are the latest updates on the Apache community's activities:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 June 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events held in 2021 are: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September).
 - Registration is open for both ApacheCons https://www.apachecon.com/
 - Sponsor ApacheCon https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.86%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 372 Apache Committers changed 2,873,998 lines of code over 3,580 commits. Top 5 contributors, in order, are: Mark Thomas, Jean-Baptiste Onofré, Andrea Cosentino, Albumen Kevin, and Hugh Miles.             

Apache Project Announcements – the latest updates by category.

APIs --
 - Apache APISIX 2.6 released https://apisix.apache.org/

FinTech --
 - Apache Fineract 1.5.0 released http://fineract.apache.org/

Messaging --
 - Apache Qpid JMS 0.59.0 and 1.0.0 released https://qpid.apache.org/
 - Apache Pulsar 2.7.2 released https://pulsar.apache.org/

Did You Know?

- Did you know that Apache Cassandra powers thousands of nodes, petabytes of data, and tens of millions of queries per second across Instagram's five data centers? https://cassandra.apache.org/

- Did you know that Apache NLPCraft (incubating) now supports the new Intent Definition Language (IDL)? https://nlpcraft.apache.org/

- Did you know that Apache Pinot (incubating) now offers geospatial support? http://pinot.apache.org/

Apache Community Notices

- The Apache Month in Review: April 2021 https://s.apache.org/Apr2021 and video highlights https://youtu.be/EOA1L1PjCYg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 05:58AM May 28, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache News Round-up: week ending 21 May 2021

Welcome, Friday --the Apache community has had another great week. Let's review what's going on:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 June 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events held in 2021 are: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September).
 - Registration is open for both ApacheCons https://www.apachecon.com/
 - Sponsor ApacheCon https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 359 Apache Committers changed 1,198,596 lines of code over 3,072 commits. Top 5 contributors, in order, are: Tellier Benoit, Hugh Miles, Andrea Cosentino, Claus Ibsen, and Mark Thomas.             

Apache Project Announcements – the latest updates by category.

Application Servers/Middleware --
 - Apache Karaf runtime 4.3.2 released https://karaf.apache.org/

Big Data --
 - Apache Calcite Avatica 1.18.0 released https://calcite.apache.org/
 - Apache Kafka 2.7.1 released https://kafka.apache.org/

Content --
 - Apache Allura 1.13.0 released https://allura.apache.org/
 - Apache UIMA Ruta 3.1.0 released https://uima.apache.org/

Libraries --
 - Apache Daffodil 3.1.0 https://daffodil.apache.org/

Messaging --
 - Apache Qpid Dispatch 1.16.0 released https://qpid.apache.org/

Observability --
 - Apache SkyWalking Client JS 0.5.1 released https://skywalking.apache.org/

Did You Know?

- Did you know that Ignite Summit kicks off next week? Join the Apache Ignite community online on 25 May https://ignite-summit.org/

- Did you know that Berlin Buzzwords features dozens of Apache Projects in data scalability, search, storage, and streaming? Presentations by many members of Apache Projects, PMCs, and communites. This year's event will be taking place online 14-17 June https://2021.berlinbuzzwords.de/

- Did you know that the Tuvalu Vodafone Web app is powered by Apache Wicket? http://wicket.apache.org/

Apache Community Notices

- The Apache Month in Review: April 2021 https://s.apache.org/Apr2021 and video highlights https://youtu.be/EOA1L1PjCYg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 10:43AM May 21, 2021 by Swapnil M Mane in Newsletter  |   | 

The Apache News Round-up: week ending 14 May 2021

Hello, Friday --let's take a look at the Apache community's activities from the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 May 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events held in 2021 are: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September).
 - Register today for both ApacheCons https://www.apachecon.com/
 - Sponsor ApacheCon https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 358 Apache Committers changed 1,048,796 lines of code over 3,149 commits. Top 5 contributors, in order, are: Dan Haywood, Andrea Cosentino, Tilman Hausherr, Haonan Hou, and Claus Ibsen.          

Apache Project Announcements – the latest updates by category.

Apache Attic --provides process and solutions when an Apache project has reached its end of life. http://attic.apache.org/
 - Apache Trafodion is now retired https://s.apache.org/57y49

Content --
 - Apache UIMA uimaFIT 3.2.0 released https://uima.apache.org/

Libraries --
 - Apache Log4cxx 0.12.0 released https://logging.apache.org/

Messaging --
 - Apache ActiveMQ 5.15.15, 5.16.2 released https://activemq.apache.org/

Observability --
 - Apache SkyWalking Kong 0.1.1 released https://skywalking.apache.org/

Servers --
 - Apache HttpComponents Client 5.1 GA released https://hc.apache.org/
 - Apache Tomcat 8.5.66, 9.0.46, 10.0.6 released https://tomcat.apache.org/

Web Frameworks --
 - Apache MyFaces Core 2.0.25 released http://myfaces.apache.org/

Did You Know?

- Did you know that those interested in Big Data scheduling and distributed data sharding can join the joint Apache DolphinScheduler - ShardingSphere Global *Online* co-MeetUp tomorrow --Saturday, 15 May 2-5PM PT (UTC -7)? Participation is FREE and open to all https://meetup.com/dolphinscheduler/events/277413098/ 

- Did you know that the Apache CloudStack community will be holding the European CloudStack User Group virtually on 27 May? More information and registration is available at https://zoom.us/webinar/register/3916172600434/WN_-zsXhTq_Ttu1Ktz82my06Q

- Did you know that Apache APISIX, CarbonData, DolphinScheduler, Dubbo, ECharts, EventMesh (Incubating), IoTDB, Pulsar, RocketMQ, ShardingSphere, SkyWalking, and the Apache Local Community/Beijing are all mentoring communities for the Summer 2021 of Open Source Promotion Plan? https://summer.iscas.ac.cn/help/en/

Apache Community Notices

- The Apache Month in Review: April 2021 https://s.apache.org/Apr2021 and video highlights https://youtu.be/EOA1L1PjCYg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 12:18PM May 14, 2021 by Sally Khudairi in Newsletter  |   | 

The Apache News Round-up: week ending 7 May 2021

Welcome, May --we're opening the month with another great week. Here's what the Apache community has been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 May 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing Tomorrow's Technology Today since 1998. Two events held in 2021 are: ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September).
 - Registration is open for both ApacheCons https://www.apachecon.com/
 - Sponsorships available https://www.apachecon.com/acah2021/2021_ApacheCon_prospectus.pdf

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.95%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 339 Apache Committers changed 1,251,406 lines of code over 2,937 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Tilman Hausherr, Andrea Cosentino, Claus Ibsen, and Sylwester Lachiewicz.         

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Flink 1.13.0 released https://flink.apache.org/

Content --
 - Media Alert: Apache OpenOffice Recommends upgrade to v4.1.10 to mitigate legacy vulnerability https://s.apache.org/4gj2y
 - Apache OpenOffice 4.1.10 released https://www.openoffice.org/
 - Apache UIMA Java SDK 3.2.0 released https://uima.apache.org/
 - Apache Jackrabbit 2.12 retired http://jackrabbit.apache.org/

Integration --
 - Apache Camel 3.7.4 released https://camel.apache.org/

Servers --
 - Apache HttpComponents Core 5.1.1 GA released https://hc.apache.org/

Workflow --
 - Apache Airflow CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL https://s.apache.org/f5bfx

Did You Know?

- Did you know that the following Apache projects are celebrating anniversaries this week? Many happy returns to Geronimo (17 years); Tomcat (16 years); OpenJPA, POI, TomEE, and Turbine (14 years); Libcloud (10 years); Giraph and ManifoldCF (9 years); Phoenix (7 years); Whimsy (6 years); Bahir, TinkerPop, and Zeppelin (5 years); SystemDS (4 years); Dubbo (2 years); Hudi and Iceberg (1 year). https://projects.apache.org/committees.html?date

- Did you know that eBay uses Apache Flink to power Big Data streaming for its recommendation engine in real-time? https://flink.apache.org/

- Did you know that Norwegian business management solutions provider Visma powers its Enterprise Suite to serve more than 1 Million customers and 12,500+ employees using Apache Wicket? http://wicket.apache.org/

Apache Community Notices

- The Apache Month in Review: April 2021 https://s.apache.org/Apr2021 and video highlights https://youtu.be/EOA1L1PjCYg

- The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation "The Apache Way" https://s.apache.org/22ndAnniversay

- The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video highlights https://youtu.be/S6FWqAuA_8M

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits + Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 + Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

- "Trillions and Trillions Served" documentary on the ASF: 1) full feature https://s.apache.org/Trillions-Feature 2) "Apache Everywhere" https://s.apache.org/ApacheEverywhere 3) "Why Apache" https://s.apache.org/ASF-Trillions 4) “Apache Innovation” https://s.apache.org/ApacheInnovation 

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements http://www.apache.org/foundation/reports.html

 - All presentations from ApacheCon@Home are available at https://www.youtube.com/c/TheApacheFoundation/ 

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

Posted at 07:37AM May 07, 2021 by Swapnil M Mane in Newsletter  |   |