blob: cbed94027faa4fdc2401fb4fbe5253344b9039b2 [file] [log] [blame]
## Description:
The mission of JSPWiki is the creation and maintenance of software related to
Leading open source WikiWiki engine, feature-rich and built around standard
JEE components (Java, servlets, JSP).
## Project Status:
Current project status: Ongoing, with low activity.
Issues for the board: There are no issues requiring board attention.
## Membership Data:
Apache JSPWiki was founded 2013-07-17 (11 years ago)
There are currently 15 committers and 9 PMC members in this project.
The Committer-to-PMC ratio is 5:3.
Community changes, past quarter:
- Arturo Bernal was added to the PMC on 2023-06-21
- Arturo Bernal was added as committer on 2023-06-21
## Project Activity:
2.12.2 was finally released on 2024/06/17 and the pending CVE fixed by this
version was also published. We got an additional vulnerability report which is
now under discussion at private@j.a.o.
Activity this quarter has been focused on preparing the code for the release,
fixing some small issues and requests for the release. Also, we merged a
contributor's PR right after that.
The refactor, referenced on previouse reports, to benefit from virtual threads
under JDK-21, is not complete yet and was parked to focus on the release.
There've been some discussion to switch to JDK-17 / Jakarta 10, so next release
most probably will be 3.0.0 to reflect this change.
## Community Health:
Work on latest master shows commits from 2 commiters, which contains among
other things the aforementioned PR from a contributor.
No questions unanswered on MLs, although they continue to have little traffic.
Board comment on previous report:
```
cdutz:
Left a comment on the private list as the project was approving jira accounts
from obvious spammers such as pharmacyusa10 Also did I read the report
correctly: There was an attack using all attack vectors known to the project
already. From the fact that they were successful I would guess that they are
known and no new ones were added, but they were not fixed, right?
```
Sorry I missed the e-mail with the comment, so didn't see it. Regarding the
jira accounts, as noted on list, we're truly sorry about that and we'll look
more closely next time. In fact, we've denied the last request, redirecting
to the ML, as it appeared to be another spammer.
As for the attack vector's question, they were known and fixed vectors, so
nothing really happened, excepting having to restore pages to remove the
dirt. The attacks consisted on trying to edit pages, users, groups, etc. in
order to try XSS, SQL Injection and privilege escalation; none of them were
successful.