The Apache News Round-up: week ending 23 September 2022

Happy Friday, everyone –let’s review the Apache community’s activities from over the past week:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation’s bylaws.

ASF Infrastructure – our distributed team on three continents keeps the ASF’s infrastructure running around the clock.

  • 7M+ weekly checks yield uptime at 100%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF’s Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 263 Apache Committers and 779 contributors changed 2,957,215 lines of code over 3,590 commits. Top five contributors, in order, are: Robbie Gemmell, Clebert Suconic, Jark Wu, Claus Ibsen, and Andrea Cosentino.

Apache Project Announcements – the latest updates by category.

Big Data –

Content –

Cloud Computing –

  • Apache Kafka 2.8.2, 3.0.2, 3.1.2, and 3.2.3 released
    • CVE-2022-34917: Unauthenticated clients may cause OutOfMemoryError on Apache Kafka Brokers

Library –

  • Apache SOAP CVE-2022-40705: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP

Logging Services –

Mail –

Messaging –

  • Apache Pulsar 2.8.4 released
    • CVE-2022-24280: Proxy target broker address isn’t validated
    • CVE-2022-33681: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM
    • CVE-2022-33682: Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack
    • CVE-2022-33683: Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack
  • Apache Qpid JMS 1.7.0 and 2.1.0 released

Observability –

Programming Languages –

Release Auditing –

Servers –

Workflow –

Apache Community Notices

Stay updated about The ASF

For real-time updates, sign up for Apache-related news by sending mail to and follow @TheASF on Twitter. For a broader spectrum from the Apache community, Planet Apache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Have an item? Contact us!

We try to catch all the major announcements and goings on at The ASF, but we’re not all-knowing. Have an item you want to see in the weekly round-up? Send it to