[ANNOUNCE] Apache OpenMeetings 3.2.1 released

[Maxim Solodovnik]

The Apache Openmeetings project is pleased to announce
the release of Apache Openmeetings 3.2.1.
The release is available for download from
http://openmeetings.apache.org/downloads.html

Apache OpenMeetings provides video conferencing, instant messaging, white board,
collaborative document editing and other groupware tools using API functions of
the Red5 Streaming Server for Remoting and Streaming.

Service release 1 for 3.2.0, provides following improvements:

Room
* Video is more stable
* Office files download is fixed
* Multi-upload is added
* External video works as expected
* WB drawing on slides works as expected

Chat
* chat is made resizable
* multiple issues in chat are fixed
* typing indicator is added

Calendar
* date/time validator is improved
* whole group can be invited by admin to event

Other fixes and improvements

49 issues were fixed please check
https://www.apache.org/dist/openmeetings/3.2.1/CHANGELOG

and Detailed list:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312720=12339215

For more information on Apache Openmeeting please visit project home
page: http://openmeetings.apache.org

Apache OpenMeetings Team

[ANNOUNCE] Apache Streams 0.5-incubating release

[sblackmon]

 
The Apache Streams team is pleased to announce the release of Apache Streams 
0.5-incubating.  

Sources are now available from Apache mirrors (
http://www.apache.org/dyn/closer.cgi/incubator/streams/releases/0.5-incubating/ 
) and binaries are now available from the apache maven repository ( 
http://repository.apache.org/ ) and maven central ( 
http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.apache.streams%22%20v%3A%220.5-incubating%22
 )  

Apache Streams (incubating) unifies a diverse world of digital profiles and 
online activities into common formats and vocabularies, and makes these 
datasets accessible across a variety of databases, devices, and platforms for 
streaming, browsing, search, sharing, and analytics use-cases.  

The project aims to provide simple two-way data interchange with popular REST 
APIs using industry standard data representations and common interfaces. 
Streams compatibility with multiple storage back-ends and ability to be 
embedded within any java-based real-time or batch data processing platform 
ensures that its interoperability features come with little technical baggage.  

0.5-incubating is a feature release which updates persist support for neo4j to 
include the bolt binary protocol, updates persist support for cassandra to 
include SSL support, and adds persist support for riak via both http and binary 
protocols.  

0.5-incubating also contains bug fixes, documentation improvements, and release 
process improvements, including but not limited to removing the streams-master 
parent repo from the build plan.  

More details on Apache Streams can be found at:
http://streams.incubator.apache.org/  

Thanks to all the contributors who made the release possible, and encourage 
anyone interested in using or contributing to the project to join the dev 
mailing list ( mailto:dev-subscr...@streams.incubator.apache.org ) 

Regards,

Apache Streams (incubating) Community

--- DISCLAIMER Apache Streams is an effort undergoing incubation at the  
Apache Software Foundation (ASF), sponsored by the Apache Incubator PMC.  
Incubation is required of all newly accepted projects until a further  
review indicates that the infrastructure, communications, and decision  
making process have stabilized in a manner consistent with other successful  
ASF projects. While incubation status is not necessarily a reflection of  
the completeness or stability of the code, it does indicate that the  
project has yet to be fully endorsed by the ASF.

[ANNOUNCE] Apache Kudu 1.3.0 released

[Todd Lipcon]

The Apache Kudu team is happy to announce the release of Kudu 1.3.0.

Kudu is an open source storage engine for structured data which supports
low-latency random access together with efficient analytical access
patterns. It is designed within the context of the Apache Hadoop ecosystem
and supports many integrations with other data analytics projects both
inside and outside of the Apache Software Foundation.

Apache Kudu 1.3 is a minor release which adds various new features,
improvements, bug fixes, and optimizations on top of Kudu 1.2. Highlights
include:

- significantly improved support for security, including Kerberos
authentication, TLS encryption, and coarse-grained (cluster-level)
authorization
- automatic garbage collection of historical versions of data
- lower space consumption and better performance in default configurations.

The above list of changes is non-exhaustive. Please refer to the release
notes below for an expanded list of important improvements, bug fixes, and
incompatible changes before upgrading:

Download it here: http://kudu.apache.org/releases/1.3.0/
Full release notes:
http://kudu.apache.org/releases/1.3.0/docs/release_notes.html

Thanks to the 25 developers who contributed code or documentation to this
release!

Regards,
The Apache Kudu team

CVE-2017-5644 - Possible DOS (Denial of Service) in Apache POI versions prior to 3.15

[Dominik Stadler]

Hi,

Vendor: The Apache Software Foundation

Versions affected: all versions prior to version 3.15
Apache POI in versions prior to release 3.15 allows remote attackers to
cause a denial of service (CPU consumption)
via a specially crafted OOXML file, aka an XML Entity Expansion (XEE)
attack.

Users with applications which accept content from external or untrusted
sources are advised to upgrade to
Apache POI 3.15 or newer.

Thanks to Xiaolong Zhu and Huijun Chen from Huawei Technologies Co., Ltd.
for reporting the vulnerability.


Dominik Stadler
on behalf of the Apache POI PMC

[ANNOUNCE] Apache Knox 0.12.0 Release

[sumit gupta]

The Apache Knox team is proud to announce the release of Apache Knox 0.12.0!

Apache Knox is a REST API Gateway for providing secure access to the data
and processing resources of Hadoop clusters. More details on Apache Knox
can be found at: http://knox.apache.org/

The release has some great enhancements and new features. Some highlights are:

- Proxy support for Solr UI and API
- Proxy support for Gremlin Server REST API
- KnoxToken API for acquiring a Knox Access Token
- Proxy support for Zeppelin UI through Knox
- New release module for KnoxShell
- YARN RM HA implementation for REST API and UI
- Support for pluggable validator for Header pre authentication provider


The release bits are available at:
http://www.apache.org/dyn/closer.cgi/knox/0.12.0

The change list is in the CHANGES file in the above directory.

We would like to thank all contributors who made the release possible and
to invite others, that are interested in helping out, to engage the
community on the dev and users lists!

In particular, we'd like to thank the following contributors from our
community:

Jeffrey E Rodriguez
Shi Wang
Mohammad Kamrul Islam
Kevin Risden
Prabhjyot Singh
Colm O hEigeartaigh
Vincent Devillers
Attila Kanto
Richard Ding

[ANNOUNCE] Apache Tephra-0.11.0-incubating released

[Gokul Gunasekaran]

Hi All,

The Apache Tephra team is excited to announce the latest release of
Apache Tephra-0.11.0-incubating. This is the fourth release of Apache
Tephra.

Apache Tephra is a transaction engine for distributed data stores like
Apache HBase. It provides ACID semantics for concurrent data operations
that span over region boundaries in HBase using Optimistic Concurrency
Control.

The release artifacts are available at
http://www.apache.org/dyn/closer.cgi/incubator/tephra/0.11.0-incubating/src

Maven artifacts have also been made available on repository.apache.org.

We would like to thank all the contributors that made this release possible.

Thanks,
The Apache Tephra (incubating) Team

=

*Disclaimer*

Apache Tephra is an effort undergoing incubation at The Apache Software
Foundation (ASF), sponsored by the name of Apache Incubator PMC. Incubation
is required of all newly accepted projects until a further review indicates
that the infrastructure, communications, and decision making process have
stabilized in a manner consistent with other successful ASF projects. While
incubation status is not necessarily a reflection of the completeness or
stability of the code, it does indicate that the project has yet to be
fully endorsed by the ASF.

[ANNOUNCE] Release of Apache NiFi nifi-nar-maven-plugin 1.2.0

[Bryan Bende]

Hello

The Apache NiFi team would like to announce the release of Apache NiFi
nifi-nar-maven-plugin 1.2.0.

The Apache NiFi NAR Maven Plugin helps to build NiFi Archive bundles
(NARs) to support the class loader isolation model in NiFi.

More details on Apache NiFi can be found here:
https://nifi.apache.org/

Maven artifacts have been made available here:
https://repository.apache.org/content/repositories/releases/org/apache/nifi/nifi-nar-maven-plugin/1.2.0/

Issues closed/resolved for this list can be found here:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316020=12339193

Release note highlights can be found here:
https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-NiFiNARMavenPluginVersion1.2.0

Thank you,

The Apache NiFi team

[ANN] [SECURITY] Struts Extras secure Multipart plugins GA

[Lukasz Lenart]

The Apache Struts group is pleased to announce that the Apache Struts
2 Secure Jakarta Multipart parser plugin and Apache Struts 2 Secure
Jakarta Stream Multipart parser plugin are available as a “General
Availability” release. The GA designation is our highest quality
grade.

These releases address one critical security vulnerability:

- Possible Remote Code Execution when performing file upload based on
Jakarta Multipart parser S2-045, S2-046 (CVE-2017-5638)

http://struts.apache.org/docs/s2-045.html
http://struts.apache.org/docs/s2-046.html

Those plugins were released to allow users running older versions of
the Apache Struts secure their applications in easy way. You don’t
have to migrate to the latest version (which is still preferable) but
by applying one of those plugins, your application won’t be vulnerable
anymore.

It is a drop-in installation, just select a proper jar file and copy
it to WEB-INF/lib folder. Please read the README
(https://github.com/apache/struts-extras) for more details and
supported Apache Struts versions.

All developers are strongly advised to perform this action.

Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list, and, if
appropriate, file a tracking ticket.

You can download those plugins from our download page.
http://struts.apache.org/download.cgi#struts-extras


Kind regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

[ANNOUNCE] Apache UIMA Java SDK 3.0.0-alpha02 released

[Marshall Schor]

The Apache UIMA team is pleased to announce the release of the Apache UIMA Java
SDK, version 3.0.0-alpha02.  This is the second alpha release, and is intended 
to enable a wider set of users to test this version and give feedback.  

Apache UIMA  is a component architecture and framework
for the analysis of unstructured content like text, video and audio data.

This release is a major rewrite of the internals of core UIMA, and 
includes many new features, including:
 -- support for arbitrary Java objects in the CAS
 -- New semi-built-in UIMA types: FSArrayList, FSHashSet, IntegerArrayList
 -- New "select" framework integrated with Java 8 Streams
 -- Elimination of concurrent modification exception 
  while iterating over UIMA indexes
 -- Automatic Garbage Collection of unreferenced Feature Structures

The major change from the first alpha release is the updating of the logging
framework.  The same UIMA logger is there, but it now goes to various backends
via the popular SLF4J logging facade. 

See the UIMA News  item ( 
http://uima.apache.org/news.html#19 Mar 2017 ) for more details.

A full description of the new and changed parts is here:
http://uima.apache.org/d/uimaj-3.0.0-alpha02/version_3_users_guide.html

This release requires Java 8, and is intended to be backwards compatible with
existing Version 2 pipeline code, except for the need to regenerate or migrate
(tooling provided) user-defined JCas class definitions.

Please send feedback via the Apache UIMA project mailing lists.

 -Marshall Schor, for the Apache UIMA development team



signature.asc
Description: OpenPGP digital signature