Happy Friday, everyone. The Apache community has had another great week. Let’s review what we’ve been up to:
ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation’s bylaws.
– Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html
ASF Infrastructure – our distributed team on three continents keeps the ASF’s infrastructure running around the clock.
7M+ weekly checks yield uptime at 99.99%. Performance checks across 50
different service components spread over more than 250 machines in data
centers around the world. View the ASF’s Infrastructure Uptime site to see the most recent averages.
Apache Code Snapshot –
Over the past week, 317 Apache Committers changed 9,133,089 lines of
code over 3,258 commits. Top 5 contributors, in order, are: Gary Gregory, Harikrishna Patnala, Claus Ibsen, Duo Zhang, and Andi Huber.
Apache Project Announcements – the latest updates by category.
Big Data —
– Apache NiFi 1.15.2 released
– Apache HBase 3.0.0-alpha-2 released
– Apache Parquet 1.11.2 and 1.12.2 released
— CVE-2021-41561: Potential DoS in case of malicious Parquet file
Build Management —
– Apache Archiva 2.2.7 released
– Apache JSPWiki 2.11.1 released
– Apache Traffic Control 6.0.2 released
– Apache Jackrabbit FileVault 3.5.8 released
– Apache Tika 1.28 and 2.2.1 released
– Apache Geode 1.12.7, 1.13.6, and 1.14.2 released
Data Management Platform —
– Apache Ignite 2.11.1 released
– Apache PLC4X 0.9.1 released
— CVE-2021-43083: Buffer overflow in PLC4C via crafted server response
Enterprise Processes Automation / ERP —
– Apache OFBiz 18.12.04 released
– Apache Log4j 2.3.1, 2.12.3, and 2.17.0 released
— CVE-2021-45105: Log4j2 does not always protect from infinite recursion in lookup evaluation
– Apache MXNet (Incubating) 1.9.0 released
– Apache Daffodil 3.2.1 released
– Apache James 3.6.1 released
– Apache Qpid JMS 0.60.1, 0.61.0, 1.4.1, and 1.5.0 released
– Apache Pulsar 2.9.1 released
– Apache Lucene 8.11.1 released
– Apache Solr 8.11.1 released
— CVE-2021-44548: Apache Solr information disclosure vulnerability through DataImportHandler
– Apache HTTP Server 2.4.52 released
— CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua
— CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations
– Apache HttpComponents Core 5.1.3 GA released
– Apache Struts 184.108.40.206 and 220.127.116.11 released
– Apache DolphinScheduler 2.0.1 released
– Apache Airflow 2.2.3 released
Did You Know?
– Did you know that ASF Security posted the status of more than three
dozen Apache Projects in relation to the recent Apache Log4j
vulnerability? https://blogs.apache.org/security/entry/cve-2021-44228 (please check individual projects not included in this list for updates)
– Did you know that Apache Roller (which powers blogs.apache.org)
new v6.1.0 contains upgrades for more than a dozen dependencies
(including Log4j), along with many bug fixes and improvements to the
code base? https://roller.apache.org/
– Did you know that tax-deductible donations support the ASF’s day-to-day
operations that benefit 350+ Apache Projects and their communities?
Donate online using ACH, credit card, PayPal, Apple Pay, Google Pay, and
Microsoft Pay https://donate.apache.org/
Apache Community Notices
– The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ
– Watch “Trillions and Trillions Served“, the documentary on the ASF 1) full feature [49 min] 2) “Apache Everywhere” [6 min] 3) “Why Apache” [2.5 min] 4) “Apache Innovation” [40 min]
– ASF Annual Report: FY2021 — Press release and Report (PDF)
– The Apache Way to Sustainable Open Source Success
– Foundation Reports and Statements
– Presentations from 2021’s ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.
– “Success at Apache” focuses on the people and processes behind why the ASF “just works.”
– Inside Infra: the new interview series with members of the ASF infrastructure team –meet
Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
Drew Foulks https://s.apache.org/InsideInf
Greg Stein Part I https://s.apache.org/InsideInfra-Greg
…Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
Chris Lambertus Part I https://s.apache.org/InsideInfra-ChrisL and Part II https://s.apache.org/InsideInfra-ChrisL2
– Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn.
– Follow the Apache Community on Facebook and Twitter.
Stay updated about The ASF
real-time updates, sign up for Apache-related news by sending mail to
email@example.com and follow @TheASF on Twitter. For a
broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.