Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:
ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws. - Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock. - 7M+ weekly checks yield uptime at 99.99%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages. http://www.apache.org/uptime/ Apache Code Snapshot – Over the past week, 317 Apache Committers changed 9,133,089 lines of code over 3,258 commits. Top 5 contributors, in order, are: Gary Gregory, Harikrishna Patnala, Claus Ibsen, Duo Zhang, and Andi Huber. Apache Project Announcements – the latest updates by category. Big Data -- - Apache NiFi 1.15.2 released https://nifi.apache.org/ - Apache HBase 3.0.0-alpha-2 released https://hbase.apache.org/ - Apache Parquet 1.11.2 and 1.12.2 released https://parquet.apache.org/ -- CVE-2021-41561: Potential DoS in case of malicious Parquet file https://s.apache.org/sla5a Build Management -- - Apache Archiva 2.2.7 released https://archiva.apache.org/ Content -- - Apache JSPWiki 2.11.1 released https://jspwiki-wiki.apache.org/ - Apache Traffic Control 6.0.2 released https://trafficcontrol.apache.org/ - Apache Jackrabbit FileVault 3.5.8 released http://jackrabbit.apache.org/ - Apache Tika 1.28 and 2.2.1 released https://tika.apache.org/ Databases -- - Apache Geode 1.12.7, 1.13.6, and 1.14.2 released http://geode.apache.org/ Data Management Platform -- - Apache Ignite 2.11.1 released http://ignite.apache.org/ IoT -- - Apache PLC4X 0.9.1 released https://plc4x.apache.org/ -- CVE-2021-43083: Buffer overflow in PLC4C via crafted server response https://s.apache.org/copq5 Enterprise Processes Automation / ERP -- - Apache OFBiz 18.12.04 released https://ofbiz.apache.org/ Libraries -- - Apache Log4j 2.3.1, 2.12.3, and 2.17.0 released http://logging.apache.org/ -- CVE-2021-45105: Log4j2 does not always protect from infinite recursion in lookup evaluation https://s.apache.org/fyc6z - Apache MXNet (Incubating) 1.9.0 released http://mxnet.incubator.apache.org - Apache Daffodil 3.2.1 https://daffodil.apache.org/ Mail -- - Apache James 3.6.1 released https://james.apache.org/ Messaging -- - Apache Qpid JMS 0.60.1, 0.61.0, 1.4.1, and 1.5.0 released https://qpid.apache.org/ - Apache Pulsar 2.9.1 released https://pulsar.apache.org/ Search -- - Apache Lucene 8.11.1 released http://lucene.apache.org/ - Apache Solr 8.11.1 released http://solr.apache.org/ -- CVE-2021-44548: Apache Solr information disclosure vulnerability through DataImportHandler https://s.apache.org/qwwas Servers -- - Apache HTTP Server 2.4.52 released https://httpd.apache.org/ -- CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua https://s.apache.org/8254b -- CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations https://s.apache.org/novfh - Apache HttpComponents Core 5.1.3 GA released https://hc.apache.org/ Web Frameworks-- - Apache Struts 2.5.28.1 and 2.5.28.2 released https://struts.apache.org/ Workflow -- - Apache DolphinScheduler 2.0.1 released https://dolphinscheduler.apache.org/ - Apache Airflow 2.2.3 released https://airflow.apache.org/ Did You Know? - Did you know that ASF Security posted the status of more than three dozen Apache Projects in relation to the recent Apache Log4j vulnerability? https://blogs.apache.org/security/entry/cve-2021-44228 (please check individual projects not included in this list for updates) - Did you know that Apache Roller (which powers blogs.apache.org) new v6.1.0 contains upgrades for more than a dozen dependencies (including Log4j), along with many bug fixes and improvements to the code base? https://roller.apache.org/ - Did you know that tax-deductible donations support the ASF's day-to-day operations that benefit 350+ Apache Projects and their communities? Donate online using ACH, credit card, PayPal, Apple Pay, Google Pay, and Microsoft Pay https://donate.apache.org/ Apache Community Notices - The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature https://www.youtube.com/watch?v=JUt2nb0mgwg [49 min] 2) "Apache Everywhere" https://www.youtube.com/watch?v=nXtIti9jMFI [6 min] 3) "Why Apache" https://www.youtube.com/watch?v=YM5dLvNatRs [2.5 min] 4) “Apache Innovation” https://www.youtube.com/watch?v=qkvqJaX4S50 [40 min] - ASF Annual Report: FY2021 -- Press release https://blogs.apache.org/foundation/entry/the-apache-software-foundation-announces78 and Report https://www.apache.org/foundation/docs/FY2021AnnualReport.pdf (PDF) - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI - Foundation Reports and Statements http://www.apache.org/foundation/reports.html - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel. https://www.youtube.com/c/TheApacheFoundation/ - "Success at Apache" focuses on the people and processes behind why the ASF "just works." https://blogs.apache.org/foundation/category/SuccessAtApache - Inside Infra: the new interview series with members of the ASF infrastructure team --meet Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris Drew Foulks https://s.apache.org/InsideInfra-Drew Greg Stein Part I https://s.apache.org/InsideInfra-Greg ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3 Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2 Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2 Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2 Chris Lambertus Part I https://s.apache.org/InsideInfra-ChrisL and Part II https://s.apache.org/InsideInfra-ChrisL2 - Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn. - Follow the Apache Community on Facebook and Twitter. - Are your software solutions Powered by Apache? Download & use our "Powered By" logos. http://www.apache.org/foundation/press/kit/#poweredby Stay updated about The ASF For real-time updates, sign up for Apache-related news by sending mail to announce-subscr...@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers. = = = NOTE: you are receiving this message because you are subscribed to the announce@apache.org distribution list. To unsubscribe, send email from the recipient account to announce-unsubscr...@apache.org with the word "Unsubscribe" in the subject line. Best regards, Swapnil M Mane, www.apache.org