Apache and GitHub - a friendly PSA about awesomeness
[this post is available online at https://s.apache.org/Wkyw ] With the news of the Apache Software Foundation teaming up more closely with GitHub, we feel it natural to elaborate a bit on what has been going on and what this means for you as a committer and/or user of Apache software. A little bit of history The Apache Software Foundation started experimenting with git as a source code repository system in 2008, and ventured into GitHub in 2010, where we were graciously offered whatever resources we needed. At first, this was merely a mirror of our existing git and subversion repositories, but as time went on, and projects expressed an interest in utilizing the many user-friendly features of GitHub, we started work on enabling projects to make proper use of GitHub some three years ago in the middle of 2016. This project, aptly named `gitbox`, ensured that committers could make full use of the GitHub features, while we kept a place within our own infrastructure for people inclined to continue using our infrastructure for their work. As git is decentralized by its very nature, we were able to use GitHub to augment rather than replace our git workflow, bringing our software development to the millions of users on GitHub in addition to the existing Apache community and committers, on a case-by-case basis. In 2018, we made the decision to combine the two different git service offerings we had into one service, allowing all Apache projects to use GitHub if they so desired. Before then, we had two distinct git services; gitbox and git-wip-us, the initial git service that had been available since 2010. We coordinated the move from git-wip to gitbox with the various Apache projects, and in early 2019 we had migrated all projects to the new service, enabling GitHub features for all git-based Apache projects. With Microsoft's acquisition of GitHub in 2018, and their commitment to help strengthen open source development, we have received additional resources to help lower the bar for contributions, and we'd like to thank GitHub for their support of the Apache Software Foundation through all nine years of using their platform. What this means for you as a committer As stated above, our GitHub integration is an augmentation of our existing service. It is available to all committers on git-based projects to make use of, should they so wish. All new git repositories will automatically be available on both GitHub and Gitbox. For those wishing to take full advantage of GitHub's features, one can link their GitHub and Apache accounts through https://gitbox.apache.org/setup/ which will grant their GitHub account write access to the repositories you'd traditionally have access to at Apache. People that wish to continue using their Apache committer accounts to commit code may continue doing so on gitbox.apache.org with their Apache credentials. Nothing has changed in that respect. As Apache is a very email-centered organization, all GitHub activity is naturally linked to our mailing lists to ensure the same level of openness in the development of our software. What this means for you as a user of Apache software For many projects, the move to GitHub means a lower bar to both contributing as well as troubleshooting and submitting issues to the projects, through the GitHub issue and pull request features. Our commitment to provenance, quality and open governance remains the same, and with our tight integration with GitHub through our linked account service, we are able to bring what made Apache a mark of quality to the many users and contributors on GitHub. As always, if you have any questions, comments, remarks or feedback about this, we welcome you to reach out to the Apache Infrastructure Team at: us...@infra.apache.org = = = NOTE: you are receiving this message because you are subscribed to the announce@apache.org distribution list. To unsubscribe, send email from the recipient account to announce-unsubscr...@apache.org with the word "Unsubscribe" in the subject line.
[ANNOUNCE] Apache Calcite Avatica 1.14.0 released
The Apache Calcite team is pleased to announce the release of Apache Calcite Avatica 1.14.0. Avatica is a framework for building database drivers. Avatica defines a wire API and serialization mechanism for clients to communicate with a server as a proxy to a database. The reference Avatica client and server are implemented in Java and communicate over HTTP. Avatica is a sub-project of Apache Calcite Apache Calcite Avatica 1.14.0 includes around 13 bug fixes and new features. A number of dependencies were upgraded for this release, with Jetty being a noteworthy upgrade due to the old version having a medium severity vulnerability. Avatica users are encouraged to upgrade to 1.14.0 where practical. For a full list of changes, please see the release notes: https://calcite.apache.org/avatica/docs/history.html#v1-14-0 The release is available here: https://calcite.apache.org/avatica/downloads/avatica.html We welcome your help and feedback. For more information on how to report problems and get involved, visit the project website at: https://calcite.apache.org/avatica/ or the Apache Calcite project website: https://calcite.apache.org/ Thanks to everyone involved! Francis Chuang, on behalf of the Apache Calcite team.
[ANNOUNCE] Apache Directory LDAP API 1.0.3 released
he Apache Directory Team is proud to announce the availability of version 1.0.3 of the Apache Directory LDAP API. The Apache Directory LDAP API is an ongoing effort to provide an enhanced LDAP API, as a replacement for JNDI and the existing LDAP API (jLdap and Mozilla LDAP API). This is a schema aware API, with some convenient ways to access a LDAP server. This API is not only targeting the Apache Directory Server, but should work pristine with any LDAP server. It's also an extensible API : new Controls, schema elements and network. This is a bug fix release that fixes an issue when using MINA 2.1.1 version: a SSL/TLS connection would stall because we were waiting on an event that MINA 2.1.1 would never produce. Those using the Apache LDAP API 1.0.2 version should switch to this version. Website : http://directory.apache.org/api Download : http://directory.apache.org/api/downloads-1.html User's Guide : http://directory.apache.org/api/user-guide.html -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
[ANNOUNCE] CVE-2018-8035: Apache UIMA DUCC webserver cross-site scripting (XSS) vulnerability fix
CVE-2018-8035: Apache UIMA DUCC webserver cross-site scripting (XSS) vulnerability due to unintended execution of user supplied javascript code. Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache UIMA DUCC releases including and prior to 2.2.2 Description. The details of this vulnerability were reported to the Apache UIMA Private mailing list. This vulnerability relates to the user's browser processing of DUCC web page input data. The javascript comprising Apache UIMA DUCC which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code. Mitigation: Users are advised to upgrade these UIMA components to the following levels: - Apache UIMA DUCC: upgrade to 3.0.0 or later Credit: Marshall Schor Jerry Cwiklik, on behalf of the Apache UIMA Team
[ANNOUNCE] CVE-2018-8035: Apache UIMA DUCC webserver cross-site scripting (XSS) vulnerability fix
CVE-2018-8035: Apache UIMA DUCC webserver cross-site scripting (XSS) vulnerability due to unintended execution of user supplied javascript code. Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache UIMA DUCC releases including and prior to 2.2.2 Description. The details of this vulnerability were reported to the Apache UIMA Private mailing list. This vulnerability relates to the user's browser processing of DUCC web page input data. The javascript comprising Apache UIMA DUCC which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code. Mitigation: Users are advised to upgrade these UIMA components to the following levels: - Apache UIMA DUCC: upgrade to 3.0.0 or later Credit: Marshall Schor Jerry Cwiklik, on behalf of the Apache UIMA Team
[ANNOUNCE] Apache MINA 2.1.2 released
The Apache MINA project is pleased to announce MINA 2.1.2 ! Apache MINA (http://mina.apache.org) is a network application framework which helps users develop high performance and high scalability network applications easily by providing an abstract, event-driven, asynchronous API over various transports such as TCP/IP and UDP/IP vis Java NIO. The Apache MINA project website includes resources such as introductory presentation slides, tutorials, and examples to help you learn MINA as soon as possible. This is a bug fix release for MINA 2.1.1. it fixes an issue for applications using SSL/TLS, which will stall waiting on a WriteFuture because it does not get signaled when the message has been fully sent. Information relative to the API changes, and migration, are available on the following page: http://mina.apache.org/mina-project/2.1-vs-2.0.html Downloads are available at https://mina.apache.org/downloads-mina_2_1.html The Apache MINA PMC Thanks ! -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
The Apache® Software Foundation Expands Infrastructure with GitHub Integration
[this announcement is available online at https://s.apache.org/7lio ] Provides source code tooling services for 200M+ lines of code across 350+ Apache Projects Wakefield, MA —29 April 2019— The Apache® Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today it has completed its Infrastructure support expansion by migrating its Git service to GitHub. As the world's largest Open Source foundation, the ASF's 200M+ lines of code are overseen by an all-volunteer community of 730 individual ASF Members and 7,000 Apache code committers. Over its 20 year history, 1,058,321,099 lines of code have been committed across 3,022,836 code commits. Apache projects initially had two version control services available via ASF Infrastructure: Apache Subversion and Git. Through the years, an increasing number of projects and their communities wanted to see their source code available on GitHub. As these were read-only mirrors, the ability to use GitHub's tools around those repositories was limited. "In 2016, the Foundation started integrating GitHub's repository and tooling, with our own services. This enabled selected projects to use GitHub's excellent tools," said Greg Stein, ASF Infrastructure Administrator. "Over time, we improved, debugged, and solidified this integration. In late 2018, we asked all projects to move away from our internal git service, to that provided by GitHub. This shift brought all of their tooling to our projects, while we maintain a backup mirror on our infrastructure." GitHub makes it easier for developers to work together, to solve challenging problems, and to create the world’s most important technologies. The platform enables teams to host and review code, manage projects, and build software alongside 31M+ developers, 2M+ businesses and organizations, and across 100M+ repositories. "We're proud to have such a long standing member of the Open Source community migrate to GitHub," said Nat Friedman, Chief Executive Officer of GitHub. "Whether we're working with individual Open Source maintainers and contributors or some of the world's largest Open Source foundations like Apache, GitHub's mission is to be the home for all developers by supporting Open Source communities, addressing their unique needs, and helping Open Source projects thrive." In February 2019, the migration to GitHub was complete, and the ASF's own git service was decommissioned. "We continue to experiment and expand the set of services that GitHub can provide to our communities, given our own needs and requirements," added Stein. "The Foundation has started working closely with GitHub management to explore ways to make this happen, and what will be possible in the future." To learn more on ASF Infrastructure, visit https://www.apache.org/dev/infrastructure.html For performance statistics, visit https://www.apache.org/uptime/ About The Apache Software Foundation (ASF) Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects that provide $20B+ worth of Apache Open Source software to the public at 100% no cost. Through the ASF's merit-based process known as "The Apache Way," more than 730 individual Members and 7,000 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting billions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Anonymous, ARM, Baidu, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Hortonworks, Huawei, IBM, Indeed, Inspur, Leaseweb, Microsoft, ODPi, Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, Tencent, Union Investment, Workday, and Verizon Media. For more information, visit http://apache.org/ and https://twitter.com/TheASF © The Apache Software Foundation. "Apache" and "ApacheCon" are registered trademarks or trademarks of The Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners. # # # NOTE: you are receiving this message because you are subscribed to the announce@apache.org distribution list. To unsubscribe, send email from the recipient account to announce-unsubscr...@apache.org with the word "Unsubscribe" in the subject line.
