The Apache News Round-up: week ending 27 July 2018

Back to Blog

Farewell, July! Let’s check out the Apache community’s activities from the past week:

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation’s bylaws.
 – Next Board Meeting: 15 August. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ApacheCon™ –the ASF’s official global conference series. Join us!
 – 24-27 September: Registration for ApacheCon North America/Montreal is open http://apachecon.com/acna18/
 – 8 October: Apache Roadshow and Open Source Job Fair/Fairfax, VA –Save The Date!
 – Media and Community Partner opportunities available for *all* official Apache events: drop us a note at press@apache.org to help.

ASF Infrastructure –our distributed team on three continents keeps the ASF’s infrastructure running around the clock.
 – 7M+ weekly checks yield zippity performance at 93.91% uptime. http://status.apache.org/

ASF Operations Factoid –this week, 506 Apache contributors changed 968,003 lines of code over 3,133 commits. Top 5 contributors, in order, are: Tellier Benoit, Karl Heinz Marbaise, Andrea Cosentino, Roberto Cortez, and Gary Gregory.

Apache Accumulo™ –a sorted, distributed key/value store that provides robust, scalable Big Data storage and retrieval.
 – Apache Accumulo 1.9.2 released https://accumulo.apache.org/

Apache Calcite™ –a framework for writing Big Data management systems.
 – Apache Calcite 1.17.0 released http://calcite.apache.org/

Apache Directory™ Fortress –computer security access management facility written in Java.
 – Apache Fortress 2.0.1 released https://directory.apache.org/fortress/

Apache HBase™ –Open Source, distributed, versioned, non-relational database.
 – Apache HBase 2.1.0 released https://hbase.apache.org/

Apache HttpComponents™ HttpAsyncClient–a library for client-side HTTP communication built on HttpCore.
 – HttpComponents HttpAsyncClient 4.1.4 GA released http://hc.apache.org/

Apache Kafka™ –distributed, fault tolerant, publish-subscribe messaging.
 – CVE-2017-12610: Authenticated Kafka clients may impersonate other users http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAOJcB383nmC%2BpxBXoc2JcuD4TXgQrvgjCuovNavmt6sFs4%2BsBQ%40mail.gmail.com%3E
 – CVE-2018-1288: Authenticated Kafka clients may interfere with data replication http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAOJcB3905-NRw3baEUGhEaqKipzQ%2BNryJHsK%3DAtF_aFFsF1nOA%40mail.gmail.com%3E

Apache OpenWhisk (incubating) –distributed serverless computing platform.
 – CVE-2018-11756 PHP Runtime for Apache OpenWhisk http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAAC1_d4geVGr-%2BOk95Gq9C9P81BXUDT3d9N7-2r%2BqsiPrM5r3w%40mail.gmail.com%3E
 – CVE-2018-11757 Docker Skeleton Runtime for Apache OpenWhisk http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3CCAAC1_d7x6buq1aREekk_Eh9SjevQLPLkXc%2BaidiFBMcNz7GGwQ%40mail.gmail.com%3E

Apache Qpid™ –messaging tools that speak AMQP and support many languages and platforms.
 – Apache Qpid JMS 0.35.0 released http://qpid.apache.org/

Apache Tomcat™ –an Open Source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies.
 – CVE-2018-8019 Apache Tomcat Native Connector – Mishandled OCSP invalid response http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721095943.GA24320%40minotaur.apache.org%3E
 – CVE-2018-8020 Apache Tomcat Native Connector – Mishandled OCSP responses can allow clients to authenticate with revoked certificates http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721101944.GA45239%40minotaur.apache.org%3E
 – CVE-2018-1336 Apache Tomcat – Denial of Service http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E
 – CVE-2018-8037 Apache Tomcat – Information Disclosure http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E
 – CVE-2018-8034 Apache Tomcat – Security Constraint Bypass http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E


Did You Know?

 – Did you know that you can easily help promote ApacheCon? http://www.apachecon.com/acna18/banners/

 – Did you know that you can achieve Machine Learning on SQL by using Apache Hivemall (incubating) on Apache Hive or Apache Spark? http://hivemall.incubator.apache.org/

 – Did you know that the highest code contribution value during FY2018 was by Apache Mynewt? $61,769,063 worth of code! https://s.apache.org/FY2018AnnualReport

Apache Community Notices:

 – ASF Annual Report for FY2018 https://s.apache.org/FY2018AnnualReport

 – The Apache Software Foundation Celebrates 19 Years of Open Source Leadership "The Apache Way" https://s.apache.org/gK4Q

 – Read "Open – For Business – At the ASF" by Merv Adrian, VP Research at Gartner https://blogs.gartner.com/merv-adrian/2018/03/27/open-for-business-at-the-asf/

 – The Apache Software Foundation 2018 Vision Statement https://s.apache.org/zqC3

 – Apache in 2017 – By The Digits https://s.apache.org/h8do

 – Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 – "Success at Apache" focuses on the processes behind why the ASF "just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 – Please follow/like/re-tweet the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation

 – Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/and Twitter account https://twitter.com/ApacheCommunity

 – The list of Apache project-related MeetUps can be found at http://events.apache.org/event/meetups.html

 – ApacheCon North America will be held 24-27 September in Montreal http://apachecon.com/

 – Save the Date: Apache Roadshow DC and Open Source/Government/Cyber/Job Fair – 8 October 2018 in Fairfax, VA http://apachecon.com/

 – Find out how you can participate with Apache community/projects/activities –opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 – Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby
= = =
For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

Related Articles

ASF 2025 Year in Review: Building for Resilience and Growth

As 2025 comes to a close, The ASF reflects on a year defined by steady progress across a wide range of efforts that support...

Read Post

Update on EU Software Regulation: Lots of improvements & good news

Dirk-Willem van Gulik, VP Public Affairs, Apache Software Foundation Over the last two years, The Apache Software Foundation (ASF) and many other open source...

Read Post

The Apache News Round-up: week ending 14 October 2022

We’re wrapping up another great week with the following activities from the Apache community: ASF Board – management and oversight of the business affairs...

Read Post

Subscribe to ASF Plus One, Our Monthly Newsletter