The Apache Weekly News Round-up: week ending 24 December 2021

Happy Friday, everyone. The Apache community has had another great week. Let’s review what we’ve been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation’s bylaws.
 – Next Board Meeting: 19 January 2022. Board calendar and minutes

ASF Infrastructure – our distributed team on three continents keeps the ASF’s infrastructure running around the clock.
7M+ weekly checks yield uptime at 99.99%. Performance checks across 50
different service components spread over more than 250 machines in data
centers around the world. View the ASF’s Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot 
Over the past week, 317 Apache Committers changed 9,133,089 lines of
code over 3,258 commits. Top 5 contributors, in order, are: Gary Gregory, Harikrishna Patnala, Claus Ibsen, Duo Zhang, and Andi Huber.

Apache Project Announcements – the latest updates by category.

Big Data —
 – Apache NiFi 1.15.2 released
 – Apache HBase 3.0.0-alpha-2 released
 – Apache Parquet 1.11.2 and 1.12.2 released
   — CVE-2021-41561: Potential DoS in case of malicious Parquet file

Build Management —
 – Apache Archiva 2.2.7 released

Content —
 – Apache JSPWiki 2.11.1 released
 – Apache Traffic Control 6.0.2 released
 – Apache Jackrabbit FileVault 3.5.8  released
 – Apache Tika 1.28 and 2.2.1 released

Databases —
 – Apache Geode 1.12.7, 1.13.6, and 1.14.2 released 

Data Management Platform —
 – Apache Ignite 2.11.1 released

IoT —
 – Apache PLC4X 0.9.1 released
   — CVE-2021-43083: Buffer overflow in PLC4C via crafted server response 

Enterprise Processes Automation / ERP —
 – Apache OFBiz 18.12.04 released 

Libraries —
 – Apache Log4j 2.3.1, 2.12.3, and 2.17.0 released
   — CVE-2021-45105: Log4j2 does not always protect from infinite recursion in lookup evaluation
 – Apache MXNet (Incubating) 1.9.0 released
 – Apache Daffodil 3.2.1 released

Mail —
  – Apache James 3.6.1 released 

Messaging — 
 – Apache Qpid JMS 0.60.1, 0.61.0, 1.4.1, and 1.5.0 released
 – Apache Pulsar 2.9.1 released 

Search —
 – Apache Lucene 8.11.1 released
 – Apache Solr 8.11.1 released
   — CVE-2021-44548: Apache Solr information disclosure vulnerability through DataImportHandler 

Servers —
 – Apache HTTP Server 2.4.52 released
   — CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua
   — CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations
 – Apache HttpComponents Core 5.1.3 GA released

Web Frameworks–
Apache Struts and released 

Workflow —
 – Apache DolphinScheduler 2.0.1 released
 – Apache Airflow 2.2.3 released

Did You Know?

 – Did you know that ASF Security posted the status of more than three
dozen Apache Projects in relation to the recent Apache Log4j
vulnerability? (please check individual projects not included in this list for updates)

 – Did you know that Apache Roller (which powers
new v6.1.0 contains upgrades for more than a dozen dependencies
(including Log4j), along with many bug fixes and improvements to the
code base?

 – Did you know that tax-deductible donations support the ASF’s day-to-day
operations that benefit 350+ Apache Projects and their communities?
Donate online using ACH, credit card, PayPal, Apple Pay, Google Pay, and
Microsoft Pay

Apache Community Notices

 – The Apache Month in Review: November 2021 and video highlights

 – Watch “Trillions and Trillions Served“, the documentary on the ASF 1) full feature [49 min] 2) “Apache Everywhere” [6 min] 3) “Why Apache” [2.5 min] 4) “Apache Innovation” [40 min] 

 – ASF Annual Report: FY2021 — Press release and Report (PDF)

 – The Apache Way to Sustainable Open Source Success 

 – Foundation Reports and Statements

 – Presentations from 2021’s ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 – “Success at Apache” focuses on the people and processes behind why the ASF “just works.” 

 – Inside Infra: the new interview series with members of the ASF infrastructure team –meet 
    Chris Thistlethwaite
    Drew Foulks
    Greg Stein Part I
      …Part II and Part III
    Daniel Gruno Part I and Part II
    Gavin McDonald Part I and Part II
    Andrew Wetmore Part I and Part II
    Chris Lambertus Part I  and Part II

 – Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn

 – Follow the Apache Community on Facebook and Twitter

 – Are your software solutions Powered by Apache? Download & use our “Powered By” logos.

Stay updated about The ASF

real-time updates, sign up for Apache-related news by sending mail to and follow @TheASF on Twitter. For a
broader spectrum from the Apache community, provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.