The Apache Weekly News Round-up: week ending 7 January 2022

Welcome, 2022! We hope that you have had a festive holiday season
and are excited to kick off the new year. Here’s what happened over the
past week:

Apache in 2021 – By The Digits – a look at the achievements from the Apache Community over the past 12 months.
 – Summary and stats at
 – Video highlights

The Apache Month in Review – highlights of what we’ve accomplished over the past month.
 – December 2021

ASF Board
 – management and oversight of the business affairs of the corporation in accordance with the Foundation’s bylaws.

 – Next Board Meeting: 19 January 2022. Board calendar and minutes

ASF Infrastructure – our distributed team on three continents keeps the ASF’s infrastructure running around the clock.
7M+ weekly checks yield uptime at 99.98%. Performance checks across 50
different service components spread over more than 250 machines in data
centers around the world. View the ASF’s Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot 
Over the past week, 280 Apache Committers changed 2,780,891 lines of
code over 2,868 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Gary Gregory, Mark Thomas, Harikrishna Patnala, and Claus Ibsen. 

Apache Project Announcements – the latest updates by category.

Big Data —
 – Apache Avro 1.11.0 released
   — CVE-2021-43045: Possible DOS vulnerabilities in C# Avro SDK

Enterprise Processes Automation / ERP —
 – Apache OFBiz 18.12.05 released

Integration —
 – Apache Camel 3.11.5 (LTS) released 

Mail —
 – Apache James 3.6.1 released
    — CVE-2021-38542: STARTTLS command injection (IMAP and POP3)
    — CVE-2021-40110: IMAP vulnerable to a ReDoS
    — CVE-2021-40111: IMAP parsing Denial Of Service
    — CVE-2021-40525: Sieve file storage vulnerable to path traversal attacks 

Network Client —
 – Apache Guacamole 1.4.0 released
 – Apache MINA FTPServer 1.1.2 released

Web Frameworks–
 – Apache Struts released
 – Apache Portals 3.1.1 released
   — CVE-2021-36737: XSS in V3 Demo Portlet
   — CVE-2021-36738: XSS vulnerability in the JSP version of the Pluto Applicant MVCBean CDI portlet
   — CVE-2021-36739: XSS vulnerability in the MVCBean JSP portlet maven archetype

Did You Know?

 – Did you know that in 2021, 724 individuals new to the ASF contributed to Apache projects and initiatives?

 – Did you know that Apache Druid is frequently used for AdTech data?

 – Did you know that PulsarSummit Asia 2022 will be held online on January 15-16?

Apache Community Notices

 – Watch “Trillions and Trillions Served“, the documentary on the ASF 1) full feature [49 min] 2) “Apache Everywhere” [6 min] 3) “Why Apache” [2.5 min] 4) “Apache Innovation” [40 min] 

 – ASF Annual Report: FY2021 — Press release and Report (PDF)

 – The Apache Way to Sustainable Open Source Success 

 – Foundation Reports and Statements

 – Presentations from 2021’s ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 – “Success at Apache” focuses on the people and processes behind why the ASF “just works.” 

 – Inside Infra: the new interview series with members of the ASF infrastructure team –meet 
    Chris Thistlethwaite
    Drew Foulks
    Greg Stein Part I
      …Part II and Part III
    Daniel Gruno Part I and Part II
    Gavin McDonald Part I and Part II
    Andrew Wetmore Part I and Part II
    Chris Lambertus Part I  and Part II

 – Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn

 – Follow the Apache Community on Facebook and Twitter

 – Are your software solutions Powered by Apache? Download & use our “Powered By” logos.

Stay updated about The ASF

real-time updates, sign up for Apache-related news by sending mail to and follow @TheASF on Twitter. For a
broader spectrum from the Apache community, provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.