[ANNOUNCE] Release Apache Traffic Control 3.0.2

[dgelinas]

The Apache Traffic Control team is proud to announce the release of Apache 
Traffic Control 3.0.2.


More details regarding Apache Traffic Control can be found at:

http://trafficcontrol.apache.org/

The release artifacts, along with release notes, can be found here:

http://trafficcontrol.apache.org/releases/


Thanks!

The Apache Traffic Control Team

[ANNOUNCE] CVE-2019-12405: Apache Traffic Control LDAP-based authentication vulnerability

[Rawlin Peters]

CVE-2019-12405: Apache Traffic Control LDAP-based authentication vulnerability

Severity: Critical

Vendor: The Apache Software Foundation

Versions affected:
Traffic Control 3.0.0
Traffic Control 3.0.1

Description:
The Traffic Ops API component of the Apache Traffic Control project is
vulnerable to improper authentication when LDAP is enabled. Given a username
for a user that can be authenticated via LDAP, it is possible to improperly
authenticate as that user without that user's correct password.

Mitigation:
3.x users should upgrade to 3.0.2.
If the upgrade cannot be done immediately, LDAP authentication can be disabled
by removing the Traffic Ops LDAP configuration file -- ldap.conf -- in order to
mitigate the vulnerability until an upgrade to 3.0.2 can be performed.

References:
Downloads:
http://trafficcontrol.apache.org/releases/
CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12405
Project security:
http://trafficcontrol.apache.org/security/
--
Thanks,
Rawlin

[ANNOUNCE] Apache Maven 3.6.2 released

[Enrico Olivelli]

The Apache Maven team is proud to announce Apache Maven version
3.6.2.

Maven is a software project management and comprehension tool. Based on the
concept of a project object model (POM), Maven can manage a project’s
build, reporting, and documentation from a central place.

Highlights:

- This release focuses mostly performance improvements, better memory
footprint, and less CPU usage.

- We are continuing to convert Maven Core to use JSR 330 annotations
instead of Plexus (still not finished, see MNG-5577).

- New support for ‘release’ qualifier (see MNG-6655).

- The toolchain.xml file supports environment variables (see MNG-6665).


For Apache Maven release details and downloads, visit:

https://maven.apache.org/download.cgi


Maven 3.6.2 Release Notes are at:

https://maven.apache.org/docs/3.6.2/release-notes.html


We would like to thank the contributors that made the release possible.

Regards,

The Apache Maven Team

The Apache News Round-up: week ending 6 September 2019

[Swapnil M Mane]

[this newsletter is available online at https://s.apache.org/a49bs]

Happy September! Let's take a look at the activities from the Apache
community over the past week:

ASF Board – management and oversight of the business affairs of the
corporation in accordance with the Foundation's bylaws.
- Next Board Meeting: 18 September 2019. Board calendar and minutes
http://apache.org/foundation/board/calendar.html

ApacheCon™ – the ASF's official global conference series, bringing
Tomorrow's Technology Today since 1998
 - Countdown to ApacheCon North America and Europe -- we look forward
to seeing you in Las Vegas and Berlin -- REGISTER TODAY!
https://www.apachecon.com/
 - Catch the latest on ApacheCon™,  Q With Community Track Leader,
Sharan Foga, ASF’S VP of Apache Community Development exclusively on
https://feathercast.apache.org/

ASF Infrastructure – our distributed team on three continents keeps
the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.75%. Performance checks across
50 different service components spread over more than 250 machines in
data centers around the world. http://www.apache.org/uptime/

Apache Code Snapshot – this week, 800 Apache contributors changed
1,666,694 lines of code over 3,132 commits. Top 5 contributors, in
order, are: Jean-Baptiste Onofré, Stephen Mallette, Andrea Cosentino,
Gary Gregory, and Chesnay Schepler.

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Myriad 0.4.0 (Incubating) released http://myriad.apache.org

Build Management --
 - Apache Ant 1.10.7 released http://ant.apache.org

Content --
 - Apache Jackrabbit 2.16.5 and 2.18.3 released http://jackrabbit.apache.org

Databases --
 - Apache HBase 2.1.6 released http://hbase.apache.org

Libraries --
 - Apache Juneau 8.1.0 released http://juneau.apache.org
 - Apache Commons Text 1.8 released
http://commons.apache.org/proper/commons-text
 - Apache Flagon UserALE.js 2.0.2 (Incubating) released
http://flagon.incubator.apache.org

Servers --
 - Apache HttpComponents Core 4.4.12 released http://hc.apache.org


Did You Know?

 -  Did you know that the ASF's day-to-day operating expenses are
offset by the generous donations of our Sponsors? The ASF is supported
by 10 Platinum Sponsors, 9 Gold Sponsors, 11 Silver Sponsors, 25
Bronze Sponsors, and 6 Platinum Targeted Sponsors, 5 Gold Targeted
Sponsors, 3 Silver Targeted Sponsors, and 10 Bronze Targeted Sponsors
https://s.apache.org/w7bw1

 - Did you know the following Apache projects are celebrating
anniversaries this month? Many Happy Returns to Apache ServiceMix (12
years); Hive, Pig, and Shiro (9 years); Airavata, Bigtop, SIS, and
Stanbol (7 years); Curator (6 years); Storm (5 years); Yetus (4
years); DRAT, RocketMQ, and Royale (2 years); and Pulsar (1 year).
https://projects.apache.org/committees.html?date

 - Did you know that ApacheCon sponsors and community partners include
Aiven, AWS, Comcast. CrowdStrike, DataStax, Google Cloud, IBM, HotWax
Systems, Instaclustr, Linode, LinuxMagic, Manning Publications, Red
Hat, PCCC, ShapeBlue, SK Telecom, StreamNative, The Last Pickle, and
more? Learn more at https://www.apachecon.com/

Apache Community Notices:

 - Celebrating 20 Years Community-led Development "The Apache Way"
https://s.apache.org/ASF20thAnniversary

 - ASF Founders look back on 20 Years of the ASF
https://blogs.apache.org/foundation/entry/our-founders-look-back-on

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements
http://www.apache.org/foundation/reports.html

 - ApacheCon: Tomorrow's Technology Today since 1998
http://s.apache.org/ApacheCon

 - ASF Annual Report for FY2019 https://s.apache.org/FY2019AnnualReport

 - The Apache Software Foundation 2018 Vision Statement
https://s.apache.org/zqC3

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - "Success at Apache" focuses on the processes behind why the ASF
"just works". https://blogs.apache.org/foundation/category/SuccessAtApache

 - Please follow/like/re-tweet the ASF on social media:  @TheASF on
Twitter (https://twitter.com/TheASF) and on LinkedIn at
https://www.linkedin.com/company/the-apache-software-foundation

 - Do friend and follow us on the Apache Community Facebook page
https://www.facebook.com/ApacheSoftwareFoundation/and Twitter account
https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at
http://events.apache.org/event/meetups.html

 - Registration is open for ApacheCon North America 9-12 September
2019 http://apachecon.com/

 - Spark + AI Summit 2019 will be held 15-17 October in Amsterdam
https://databricks.com/sparkaisummit/

 - Registration open for ApacheCon Europe 22-24 October 2019
http://apachecon.com/

 - Find out how you can participate with Apache
community/projects/activities --opportunities open with Apache Camel,
Apache HTTP Server, and more! https://helpwanted.apache.org/

 - Are