The Apache News Round-up: week ending 16 July 2021

The week has zipped by –it’s Friday already– and it’s time to take a
look at what the Apache community has been up to over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation’s bylaws.
 – Next Board Meeting: 21 July 2021. Board calendar and minutes

ApacheCon™ – the ASF’s official global conference series, bringing Tomorrow’s Technology Today since 1998. ApacheCon Asia (6-8 August) and ApacheCon@Home (21-23 September) are being held online and free-of-charge:
 – The Apache® Software Foundation Welcomes its Global Community Online at ApacheCon Asia
 – Program, registration, and Sponsorship opportunities available for both events

ASF Infrastructure – our distributed team on three continents keeps the ASF’s infrastructure running around the clock.
 – 7M+ weekly checks yield uptime at 99.96%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world.

Apache Code Snapshot – Over the past week, 339 Apache Committers changed 1,212,020 lines of
code over 2,824 commits. Top 5 contributors, in order, are: Gary Gregory, Andrea Cosentino, Alex Herbert, Till Rohrmann, and Shen Yi.     

Apache Project Announcements – the latest updates by category.

Big Data —
 – Apache Beam 2.31.0 released
 – Apache XMLBeans 5.0.1 released

Build Management —
 – Apache Ant 1.9.16 and 1.10.11 released
   — CVE-2021-36374: ZIP and ZIP based, archive denial of
   — CVE-2021-36373: TAR archive denial of service

Content —
 – Apache Jackrabbit 2.21.7 released

Identity Management —
 – Apache Fortress 2.0.6 released

Integration —
 – Apache Camel 3.7.5 released

Libraries —
 – Apache Commons Compress 1.21 released
   — CVE-2021-36090: Compress 1.0 to 1.20 denial of
service vulnerability
   — CVE-2021-35517: Compress 1.1 to 1.20 denial of
service vulnerability
   — CVE-2021-35516: Compress 1.6 to 1.20 denial of
service vulnerability
   — CVE-2021-35515: Compress 1.6 to 1.20 denial of
service vulnerability 
 – Apache Commons IO 2.11.0 released

Messaging —
 – Apache Qpid JMS 1.1.0 released

Network Client/Server —
 – Apache MINA CVE-2021-30129: DoS/OOM leak vulnerability in SSHD Server

Observability —
 – Apache SkyWalking Client JS 0.6.0 released

Servers —
 – Apache Tomcat CVE-2021-30639: Denial of Service
   — CVE-2021-33037: HTTP request smuggling
   — CVE-2021-30640: JNDI realm authentication weakness

Web Frameworks —
 – Apache Wicket 8.13.0 released

Did You Know?

– Did you know that Airbnb’s Minerva observability platform uses Apache Druid to achieve metric consistency at scale? 

– Did you know that the Apache Ignite 3.0.0 Alpha 2 Build Community Gathering will take place on 20 July?

– Did you know that the next ApacheTVM community meeting will take place online on 22 July? 

Apache Community Notices

– The Apache Month in Review: June 2021 and video highlights

– The Apache® Software Foundation Celebrates 22 Years of Open Source Leadership – world’s largest Open Source foundation advances community-led innovation “The Apache Way”

– The Apache Software Foundation Operations Summary: Q3 FY2021 (November 2020 – January 2021) + Video highlights

– Apache in 2020 – By The Digits + Video highlights

– ASF Security Report 2020 + Video highlights

– ASF FY2020 Annual Report

– “Trillions and Trillions Served” documentary on the ASF: 1) full feature 2) “Apache Everywhere” 3) “Why Apache” 4) “Apache Innovation” 

 – The Apache Way to Sustainable Open Source Success

 – Foundation Reports and Statements

 – All presentations from ApacheCon@Home are available at 

 – “Success at Apache” focuses on the people and processes behind why the ASF “just works”.

 – Inside Infra: the new interview series with members of the ASF infrastructure team –meet 
    Chris Thistlethwaite
    Drew Foulks
    Greg Stein Part I
      …Part II and Part III
    Daniel Gruno Part I and Part II
    Gavin McDonald Part I and Part II
    Andrew Wetmore Part I and Part II
    Chris Lambertus Part I  and Part II

 – ASF Targeted Sponsor Manning Publications is offering special deals on the latest books on Apache Airflow, Pulsar, Spark, and Thrift, among other titles and eBooks

 – Follow the ASF on social media: @TheASF on Twitter ( and on LinkedIn at

 – Follow the Apache Community on Facebook and Twitter

 – Are your software solutions Powered by Apache? Download & use our “Powered By” logos

= = =

For real-time updates, sign up for Apache-related news by sending mail to and follow @TheASF on Twitter. For a broader spectrum from the Apache community, provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.