Hi all, thanks for the project update notes. Below is the
report I submitted to the board. Please let me know
of any errors or missing parts.
thanks,
bryan
================================================
## Description:
The mission of the Apache DB project is to create and maintain
commercial-quality, open-source, database solutions based on software licensed
to the Foundation, for distribution at no charge to the public.
The Apache DB TLP consists of the following subprojects:
o Derby : a relational database implemented entirely in Java.
o JDO : focused on building the API and the TCK for compatibility
testing of Java Data Object implementations providing data
persistence.
o Torque : an object-relational mapper for Java.
## Project Status:
Current project status: Ongoing, with moderate activity
Issues for the board: none
## Membership Data:
Apache DB was founded 2002-07-16 (22 years ago)
There are currently 48 committers and 45 PMC members in this project.
The Committer-to-PMC ratio is roughly 1:1.
Community changes, past quarter:
- No new PMC members. Last addition was Tobias Bouschen on 2023-08-27.
- No new committers. Last addition was Max Philipp Wriedt on 2023-04-14.
## Project Activity:
Several security issues were brought to the DB project's attention
this quarter, and were addressed by various community members:
- JDO community addressed an XSS vulnerability in the project's
old archived Javadocs by removing the no-longer-required Javadocs
from the project website.
- DB community addressed an XSS vulnerability in the (retired) ddlutils
Javadocs by removing the no-longer-required Javadocs from the
project website.
- Derby community examined an arbitrary file write vulnerability
in the Derby client libraries and determined that it was best
addressed via a combination of
- documentation of the requirement for users to use this
particular log-tracing feature with care,
- and notice to known clients.
Apache security team assisted with the resolution of these security
issues and we are grateful as always for their prompt and thorough
help!
Torque team are readying a new release and discussing whether it
should be classified as a minor release or a major release based
on its changes. It would probably become either release 5.2 or 6.0,
depending on the outcome of the discussions.
Derby team have been verifying Derby compatibility with JDKs 21
and 22. No new problems have been revealed.
JDO team have been investigating several issues uncovered by
runs of the TCK.
## Community Health:
DB project health was good over the winter. All the project
teams were actively discussing development issues and working
on fixes and enhancements.
---------------------------------------------------------------------
To unsubscribe, e-mail: torque-dev-unsubscr...@db.apache.org
For additional commands, e-mail: torque-dev-h...@db.apache.org
