Google Git
Sign in
apache / infrastructure-blogs-archive / 73ea802295d3241520bcbc54d011a0977d6e895b / . / _posts / 2021-12-27-the-apache-weekly-news-round6.html
blob: 0cbeb697bbbf7d8e847f4665b08082ca358ebc95 [file] [log] [blame]
---
layout: post
status: PUBLISHED
published: true
title: 'The Apache Weekly News Round-up: week ending 24 December 2021'
id: 421460f5-183e-4f49-8d8d-c1d8b3d69436
date: '2021-12-27 14:38:10 -0500'
categories: foundation
tags:
- apache
- newsletter
- news
- foundation
- asf
- roundup
- '2021'
- innovation
- community
- software
- projects
- weekly
- opensource
- updates
permalink: foundation/entry/the-apache-weekly-news-round6
---
</p></p></p></p></p></p>
<p>Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:</p>
<p><span style="font-weight: 700;">ASF Board</span>&nbsp;&ndash; management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.<br>&nbsp;- Next Board Meeting: 19 January 2022. Board calendar and minutes&nbsp;<a href="https://apache.org/foundation/board/calendar.html" target="_blank">https://apache.org/foundation/board/calendar.html</a></p>
<p><span style="font-weight: 700;">ASF Infrastructure</span>&nbsp;&ndash; our distributed team on three continents keeps the ASF's infrastructure running around the clock.<br>&nbsp;-<br />
7M+ weekly checks yield uptime at 99.99%. Performance checks across 50<br />
different service components spread over more than 250 machines in data<br />
centers around the world. View the <a href="http://www.apache.org/uptime/" target="_blank">ASF's Infrastructure Uptime site to see the most recent averages</a>. <br></p>
<p><span style="font-weight: 700;">Apache Code Snapshot&nbsp;</span>&ndash;<br />
Over the past week, 317 Apache Committers changed 9,133,089 lines of<br />
code over 3,258 commits. Top 5 contributors, in order, are: <span>Gary Gregory, </span><span>Harikrishna Patnala, Claus Ibsen, Duo Zhang, and Andi Huber.</span><span style="font-weight: 700;"></span></p>
<p><span style="font-weight: 700;">Apache Project Announcements</span>&nbsp;&ndash; the latest updates by category.</p>
<p>Big Data --<br>&nbsp;- <a href="https://nifi.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://nifi.apache.org/" target="_blank">NiFi</a></span> 1.15.2 released<br>&nbsp;- <a href="https://hbase.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://hbase.apache.org/" target="_blank">HBase</a></span> 3.0.0-alpha-2 released<br>&nbsp;- <a href="https://parquet.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://parquet.apache.org/" target="_blank">Parquet</a></span> 1.11.2 and 1.12.2 released <br>&nbsp;&nbsp; -- <a href="https://s.apache.org/sla5a" target="_blank">CVE-2021-41561</a>: Potential DoS in case of malicious Parquet file <a href="https://s.apache.org/sla5a"></a></p>
<p>Build Management --<br>&nbsp;- <a href="https://archiva.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://archiva.apache.org/" target="_blank">Archiva</a></span> 2.2.7 released <br></p>
<p>Content --<br>&nbsp;-&nbsp;<a href="https://jspwiki-wiki.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://jspwiki-wiki.apache.org/" target="_blank">JSPWiki</a></span> 2.11.1 released <br>&nbsp;- <a href="https://trafficcontrol.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://trafficcontrol.apache.org/" target="_blank">Traffic</a></span><a href="https://trafficcontrol.apache.org/" target="_blank"> </a><span class="il"><a href="https://trafficcontrol.apache.org/" target="_blank">Control</a></span> 6.0.2 released <br>&nbsp;- <a href="http://jackrabbit.apache.org/" target="_blank">Apache </a><span class="il"><a href="http://jackrabbit.apache.org/" target="_blank">Jackrabbit</a></span> FileVault 3.5.8&nbsp; released <br>&nbsp;- <a href="https://tika.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://tika.apache.org/" target="_blank">Tika</a></span><a href="https://tika.apache.org/" target="_blank"> </a>1.28 and 2.2.1 released <br></p>
<p>Databases --<br><br />
&nbsp;-&nbsp;<a href="http://geode.apache.org/" target="_blank">Apache </a><span class="il"><a href="http://geode.apache.org/" target="_blank">Geode</a></span> 1.12.7, 1.13.6, and 1.14.2 released&nbsp;</p>
<p>Data Management Platform --<br><br />
&nbsp;- <a href="http://ignite.apache.org/" target="_blank">Apache </a><span class="il"><a href="http://ignite.apache.org/" target="_blank">Ignite</a></span> 2.11.1 released <br></p>
<p>IoT --<br><br />
&nbsp;- <a href="https://plc4x.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://plc4x.apache.org/" target="_blank">PLC4X</a></span> 0.9.1 released <br>&nbsp;&nbsp; -- <a href="https://s.apache.org/copq5" target="_blank">CVE-2021-43083</a>: Buffer overflow in PLC4C via crafted server response&nbsp;</p>
<p>Enterprise Processes Automation / ERP --<br><br />
&nbsp;- <a href="https://ofbiz.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://ofbiz.apache.org/" target="_blank">OFBiz</a></span> 18.12.04 released&nbsp;</p>
<p>Libraries --<br>&nbsp;- <a href="http://logging.apache.org/" target="_blank">Apache </a><span class="il"><a href="http://logging.apache.org/" target="_blank">Log4j</a></span> 2.3.1, 2.12.3, and 2.17.0 released <br>&nbsp;&nbsp; -- <a href="https://s.apache.org/fyc6z" target="_blank">CVE-2021-45105</a>: Log4j2 does not always protect from infinite recursion in lookup evaluation <br>&nbsp;- <a href="http://mxnet.incubator.apache.org" target="_blank">Apache </a><span class="il"><a href="http://mxnet.incubator.apache.org" target="_blank">MXNet</a></span> (Incubating) 1.9.0 released <br>&nbsp;- <a href="https://daffodil.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://daffodil.apache.org/" target="_blank">Daffodil</a></span> 3.2.1 released<a href="https://daffodil.apache.org/" rel="noreferrer" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://daffodil.apache.org/&amp;source=gmail&amp;ust=1640443797760000&amp;usg=AOvVaw34IuINx33MNTrLCxLTNKoT"></a></p>
<p>Mail --<br>&nbsp; - <a href="https://james.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://james.apache.org/" target="_blank">James</a></span> 3.6.1 released&nbsp;</p>
<p>Messaging --&nbsp; <br>&nbsp;- <a href="https://qpid.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://qpid.apache.org/" target="_blank">Qpid</a></span> <span class="il">JMS</span> 0.60.1, 0.61.0, 1.4.1, and 1.5.0 released <br>&nbsp;- <a href="https://pulsar.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://pulsar.apache.org/" target="_blank">Pulsar</a></span><a href="https://pulsar.apache.org/" target="_blank"> </a>2.9.1 released&nbsp;</p>
<p>Search --<br>&nbsp;- <a href="http://lucene.apache.org/" target="_blank">Apache </a><span class="il"><a href="http://lucene.apache.org/" target="_blank">Lucene</a></span> 8.11.1 released <br>&nbsp;- <a href="http://solr.apache.org/" target="_blank">Apache Solr </a>8.11.1 released <br>&nbsp;&nbsp; -- <a href="https://s.apache.org/qwwas" target="_blank">CVE-2021-44548</a>: Apache Solr information disclosure vulnerability through DataImportHandler&nbsp;</p>
<p>Servers --<br>&nbsp;-&nbsp;<a href="https://httpd.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://httpd.apache.org/" target="_blank">HTTP</a></span><a href="https://httpd.apache.org/" target="_blank"> </a><span class="il"><a href="https://httpd.apache.org/" target="_blank">Server</a></span> 2.4.52 released <br>&nbsp;&nbsp; -- <a href="https://s.apache.org/8254b" target="_blank">CVE-2021-44790</a>: Possible buffer overflow when parsing multipart content in mod_lua <br>&nbsp;&nbsp; -- <a href="https://s.apache.org/novfh" target="_blank">CVE-2021-44224</a>: Possible NULL dereference or SSRF in forward proxy configurations <br>&nbsp;- <a href="https://hc.apache.org/" target="_blank">Apache HttpComponents</a> Core 5.1.3 GA released <br><br>Web Frameworks--<br>- <a href="https://struts.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://struts.apache.org/" target="_blank">Struts</a></span> 2.5.28.1 and 2.5.28.2 released&nbsp;</p></p>
<p>Workflow --<br>&nbsp;- <a href="https://dolphinscheduler.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://dolphinscheduler.apache.org/" target="_blank">DolphinScheduler</a></span> 2.0.1 released <br>&nbsp;- <a href="https://airflow.apache.org/" target="_blank">Apache </a><span class="il"><a href="https://airflow.apache.org/" target="_blank">Airflow</a></span> 2.2.3 released <br></p></p>
<p><span style="font-weight: 700;"><br>Did You Know?</span><br></p>
<p>&nbsp;- Did you know that ASF Security posted the status of more than three<br />
dozen Apache Projects in relation to the recent Apache Log4j<br />
vulnerability? <a target="_blank" class="c-link" data-stringify-link="https://blogs.apache.org/security/entry/cve-2021-44228" data-sk="tooltip_parent" href="https://blogs.apache.org/security/entry/cve-2021-44228" rel="noopener noreferrer" tabindex="-1" data-remove-tab-index="true">https://blogs.apache.org/security/entry/cve-2021-44228</a> (please check individual projects not included in this list for updates)</p>
<p>&nbsp;- Did you know that Apache Roller (which powers <a target="_blank" class="c-link" data-stringify-link="http://blogs.apache.org" data-sk="tooltip_parent" href="http://blogs.apache.org" rel="noopener noreferrer">blogs.apache.org</a>)<br />
new v6.1.0 contains upgrades for more than a dozen dependencies<br />
(including Log4j), along with many bug fixes and improvements to the<br />
code base? <a target="_blank" class="c-link" data-stringify-link="https://roller.apache.org/" data-sk="tooltip_parent" href="https://roller.apache.org/" rel="noopener noreferrer">https://roller.apache.org/</a></p>
<p>&nbsp;- Did you know that tax-deductible donations support the ASF's day-to-day<br />
operations that benefit 350+ Apache Projects and their communities?<br />
Donate online using ACH, credit card, PayPal, Apple Pay, Google Pay, and<br />
Microsoft Pay <a target="_blank" class="c-link" data-stringify-link="https://donate.apache.org/" data-sk="tooltip_parent" href="https://donate.apache.org/" rel="noopener noreferrer">https://donate.apache.org/</a><br><br></p>
<h3>Apache Community Notices</h3>
<p>&nbsp;- The Apache Month in Review: November 2021&nbsp;<a href="https://s.apache.org/November2021" target="_blank">https://s.apache.org/November2021</a>&nbsp;and video highlights&nbsp;<a href="https://youtu.be/L1qMXw5MxJQ" target="_blank">https://youtu.be/L1qMXw5MxJQ</a> </p>
<p>&nbsp;- Watch "<a href="https://www.youtube.com/watch?v=JUt2nb0mgwg" target="_blank">Trillions and Trillions Served</a>", the documentary on the ASF 1)&nbsp;<a href="https://www.youtube.com/watch?v=JUt2nb0mgwg" target="_blank">full feature</a>&nbsp;[49 min] 2) "<a href="https://www.youtube.com/watch?v=nXtIti9jMFI" target="_blank">Apache Everywhere</a>" [6 min] 3) "<a href="https://www.youtube.com/watch?v=YM5dLvNatRs" target="_blank">Why Apache</a>" [2.5 min] 4)&nbsp;&ldquo;<a href="https://www.youtube.com/watch?v=qkvqJaX4S50" target="_blank">Apache Innovation</a>&rdquo; [40 min]&nbsp;<br></p>
<p>&nbsp;- ASF Annual Report: FY2021 --&nbsp;<a href="https://blogs.apache.org/foundation/entry/the-apache-software-foundation-announces78" target="_blank">Press release</a>&nbsp;and&nbsp;<a href="https://www.apache.org/foundation/docs/FY2021AnnualReport.pdf" target="_blank">Report</a>&nbsp;(PDF)</p>
<p>&nbsp;- The Apache Way to&nbsp;<a href="https://s.apache.org/GhnI" target="_blank">Sustainable Open Source Success</a>&nbsp;</p>
<p>&nbsp;-&nbsp;<a href="http://www.apache.org/foundation/reports.html" target="_blank">Foundation Reports and Statements</a><br></p>
<p>&nbsp;- Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the&nbsp;<a href="https://www.youtube.com/c/TheApacheFoundation/" target="_blank" style="background-color: rgb(255, 255, 255);">ASF YouTube channel</a>.</p>
<p>&nbsp;- "<a href="https://blogs.apache.org/foundation/category/SuccessAtApache" target="_blank">Success at Apache</a>" focuses on the people and processes behind why the ASF "just works."&nbsp;<br></p>
<div>
<p>&nbsp;- Inside Infra: the new interview series with members of the ASF infrastructure team --meet&nbsp;<br>&nbsp; &nbsp; Chris Thistlethwaite&nbsp;<a href="https://s.apache.org/InsideInfra-Chris" target="_blank">https://s.apache.org/InsideInfra-Chris</a><br>&nbsp; &nbsp; Drew Foulks&nbsp;<a href="https://s.apache.org/InsideInfra-Drew" rel="noreferrer" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://s.apache.org/InsideInfra-Drew&amp;source=gmail&amp;ust=1588339104628000&amp;usg=AFQjCNF9dVEn48pV7o9HBG14sP9uprU8Xw">https://s.apache.org/InsideInf<wbr>ra-Drew</a><br>&nbsp; &nbsp; Greg Stein Part I&nbsp;<a href="https://s.apache.org/InsideInfra-Greg" target="_blank">https://s.apache.org/InsideInfra-Greg</a><br>&nbsp; &nbsp; &nbsp; ...Part II&nbsp;<a href="https://s.apache.org/InsideInfra-Greg2" target="_blank">https://s.apache.org/InsideInfra-Greg2</a>&nbsp;and Part III&nbsp;<a href="https://s.apache.org/InsideInfra-Greg3" target="_blank">https://s.apache.org/InsideInfra-Greg3</a><br>&nbsp; &nbsp; Daniel Gruno Part I&nbsp;<a href="https://s.apache.org/InsideInfra-Daniel1" target="_blank">https://s.apache.org/InsideInfra-Daniel1</a>&nbsp;and Part II&nbsp;<a href="https://s.apache.org/InsideInfra-Daniel2" target="_blank">https://s.apache.org/InsideInfra-Daniel2</a><br>&nbsp;&nbsp;&nbsp; Gavin McDonald Part I&nbsp;<a href="https://s.apache.org/InsideInfra-Gavin" target="_blank">https://s.apache.org/InsideInfra-Gavin</a>&nbsp;and Part II&nbsp;<a href="https://s.apache.org/InsideInfra-Gavin2" target="_blank">https://s.apache.org/InsideInfra-Gavin2</a><br>&nbsp;&nbsp;&nbsp; Andrew Wetmore Part I&nbsp;<a href="https://s.apache.org/InsideInfra-Andrew" target="_blank">https://s.apache.org/InsideInfra-Andrew</a>&nbsp;and Part II&nbsp;<a href="https://s.apache.org/InsideInfra-Andrew2" target="_blank">https://s.apache.org/InsideInfra-Andrew2</a><br>&nbsp; &nbsp; Chris Lambertus Part I&nbsp;&nbsp;<a href="https://s.apache.org/InsideInfra-ChrisL" target="_blank">https://s.apache.org/InsideInfra-ChrisL</a>&nbsp; and Part II&nbsp;<a href="https://s.apache.org/InsideInfra-ChrisL2" target="_blank">https://s.apache.org/InsideInfra-ChrisL2</a></p>
</div>
<div>
<p>&nbsp;- Follow the ASF on social media:&nbsp;<a href="https://twitter.com/TheASF" target="_blank">@TheASF on Twitter</a>&nbsp;and&nbsp;<a href="https://www.linkedin.com/company/the-apache-software-foundation" target="_blank">The ASF page LinkedIn</a>.&nbsp;<br></p>
<p>&nbsp;- Follow the&nbsp;<a href="https://www.facebook.com/ApacheSoftwareFoundation/" target="_blank">Apache Community on Facebook</a>&nbsp;and&nbsp;<a href="https://twitter.com/ApacheCommunity" target="_blank">Twitter</a>.&nbsp;</p>
</div>
<div>&nbsp;- Are your software solutions Powered by Apache?&nbsp;<a href="http://www.apache.org/foundation/press/kit/#poweredby" target="_blank">Download &amp; use our "Powered By" logos</a>.<br></div>
<p><span class="LrzXr"></span><span class="LrzXr"></span></p>
<div>
<hr>
<h2>Stay updated about The ASF</h2>
<p>For<br />
real-time updates, sign up for Apache-related news by sending mail to<br />
announce-subscribe@apache.org and follow @TheASF on Twitter. For a<br />
broader spectrum from the Apache community,&nbsp;<a href="https://twitter.com/PlanetApache">https://twitter.com/PlanetApache</a>&nbsp;provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.</p>
</div></p></p></p></p></p>