+1 Bryan On Dec 1, 2017 13:46, "Dan Rollo" <danro...@gmail.com> wrote:
> +1 > > -Dan > > > > > From: Peter <j...@zeus.net.au> > > Subject: [Report] Apache River - Draft > > Date: December 1, 2017 at 12:42:51 AM EST > > To: "<dev@river.apache.org>" <dev@river.apache.org> > > > > > > Hi River folks, > > > > Draft board report for November, postponed until December. > > > > Regards, > > > > Peter. > > > > <===========================================================> > > > > ## Description: > > > > - Apache River provides a platform for dynamic discovery and lookup > search of network services. Services may be implemented in a number of > languages, while clients are required to be jvm based, to allow proxy jvm > byte code to be provisioned dynamically. > > > > ## Issues: > > > > No significant issues requiring board attention at this time. > > > > ## Activity: > > > > Minimal activity at present. > > > > - Planned relase map: > > > > Release roadmap: > >> > >> River 3.0.1 - thread leak fix > >> River 3.1 - Modular build restructure (& binary release) > >> River 3.2 - Input validation 4 Serialization, delayed unmarshalling& > safe ServiceRegistrar lookup service. > >> River 3.3 - OSGi support > > > > ## Health report: > > > > - Minimal activity at present on dev. > > - No recent commit activity, but there are plans for more work in near > future. > > > > - Future Direction: > > > > * Target IOT space with support for OSGi and IPv6 (security fixes > required prior to announcement) > > * Input validation for java deserialization - prevents DOS and > > Gadget attacks. > > * IPv6 Multicast Service Discovery (River currently only support > > IPv4 multicast discovery). > > * Delayed unmarshalling for Service Lookup and Discovery (includes > > SafeServiceRegistrar mentioned in release roadmap), so > > authentication can occur prior to downloading service proxy's, > > this addresses a long standing security issue with service lookup > > while significantly improving performance under some use cases. > > * Security fixes for SSL endpoints, updated to TLS v1.2 with removal > > of support for insecure cyphers. > > * Maven build to replace existing ant built that uses > > classdepandjar, a bytecode dependency analysis build tool. > > > > ## PMC changes: > > > > - Currently 12 PMC members. > > - One new PMC members added in the last 3 months > > - Last PMC addition was Dan Rollo on Fri 1st December 2017 > > > > ## Committer base changes: > > > > - Currently 16 committers. > > > > ## Releases: > > > > - River-3.0.0 was released on Wed Oct 05 2016 > > > > ## Mailing list activity: > > > > - Relatively quiet in comparison to recent months, however this appears > as a result of reaching concensus after a period of discussion. > > > > ## JIRA activity: > > > > - Nil Activity this period. > > > > > > > > > > > >
