I agree with Dan here that bragging about 'one of the quickest' is not needed, but noting we are up-to-date with Log4J patches and have documentation for mitigation might be a better approach.
My $.02 --Mark On Fri, Feb 4, 2022 at 11:34 AM Dan Smith <dasm...@vmware.com> wrote: > Counting the kafka connector I'm not sure bragging about CVE patching > speed is justified, but otherwise looks good to me! > > -Dan > ________________________________ > From: Nabarun Nag <n...@vmware.com> > Sent: Tuesday, February 1, 2022 2:25 PM > To: dev@geode.apache.org <dev@geode.apache.org> > Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th > > Thank you for the feedback, please find the new draft with the added > review comments. > > ## Project Activity: > We issued 9 releases this quarter which include an updated Log4j2 version > to handle the remote code execution CVE. The project had one of the > quickest turnaround times from the Log4j2 CVE disclosure to the patch > releases with the fix. Apache Geode Kafka Connector 1.1.0 was also released > this quarter. > We have also started the effort to remove the use of deprecated components > in the project. > > > Recent Releases of Apache Geode: > > - 1.14.3 was released on 2022-01-25 > > - 1.13.7 was released on 2022-01-22 > > - 1.12.8 was released on 2022-01-13 > > - 1.12.7 was released on 2022-12-17 > > - 1.13.6 was released on 2021-12-17 > > - 1.14.2 was released on 2021-12-17 > > - 1.12.6 was released on 2021-12-11 > > - 1.13.5 was released on 2021-12-11 > > - 1.14.1 was released on 2021-12-11 > > > ________________________________ > From: Owen Nichols <onich...@vmware.com> > Sent: Tuesday, February 1, 2022 12:39 PM > To: dev@geode.apache.org <dev@geode.apache.org> > Subject: Re: [DRAFT] Apache Geode Board report due by Wed Feb 9th > > 1.12.8 seems to be missing from the list of releases. Also consider > bragging about Geode’s turnaround time from CvE disclosure to patch > release…only one other ASF project got theirs out faster than we did. > > > --- > Sent from Workspace ONE Boxer< > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwhatisworkspaceone.com%2Fboxer&data=04%7C01%7Cdasmith%40vmware.com%7C38f5f23b5d3447df5bee08d9e5d1dbd4%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637793511813886329%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=klI3CJDjpPQoknRVSncdCMBJWbctMIQmOSl5pjyalgc%3D&reserved=0 > > > > On January 31, 2022 at 1:57:18 PM PST, Dave Barnes <dbar...@apache.org> > wrote: > LGTM +1 > > On Mon, Jan 31, 2022 at 12:50 PM Nabarun Nag <n...@vmware.com> wrote: > > > This is a draft of our report to the board. Please let me know if there > > are details you'd like me to add! > > > > --Naba > > > > ## Description: > > The mission of Apache Geode is the creation and maintenance of software > > related > > to a data management platform that provides real-time, consistent access > to > > data-intensive applications throughout widely distributed cloud > > architectures. > > > > ## Issues: > > There are no Board-level issues at this time. > > > > ## Membership Data: > > Apache Geode was founded 2016-11-15 (5 years ago) > > There are currently 115 committers and 54 PMC members in this project. > > The Committer-to-PMC ratio is roughly 2:1. > > > > Community changes, past quarter: > > - No new PMC members. Last addition was Donal Evans on 2021-03-22. > > - No new committers. Last addition was Alberto Bustamante on 2021-05-13. > > > > ## Project Activity: > > We issued 8 releases this quarter which include an updated Log4j2 version > > to handle the remote code execution CVE. Apache Geode Kafka Connector > 1.1.0 > > was also released this quarter. > > We have also started the effort to remove the use of deprecated > components > > in > > the project. > > > > Recent Releases of Apache Geode: > > - 1.14.3 was released on 2022-01-25 > > - 1.13.7 was released on 2022-01-22 > > - 1.12.7 was released on 2022-12-17 > > - 1.13.6 was released on 2021-12-17 > > - 1.14.2 was released on 2021-12-17 > > - 1.12.6 was released on 2021-12-11 > > - 1.13.5 was released on 2021-12-11 > > - 1.14.1 was released on 2021-12-11 > > > > Work on releasing 1.15.0 is progressing as planned. > > > > Apache Geode Kafka Connector 1.1.0 was released on 2022-01-18. > > > > ## Community Health: > > - Continuing our monthly video conferences. > > - Addition of Kafka Connector project to grow the community. > > - Mailing lists are seeing the usual amount of traffic involving > > discussions > > related to improving performance, operation protocols, etc. > > > > > > >
