Apache DC Roadshow - Mar. 25, 2020 - Speakers Sought!

[Kevin A. McGrail]

Happy 2020!

The CFP for the Apache Roadshow in DC opened over the holidays and we
need speakers!  Apply today as a speaker at
https://www.papercall.io/cfps/2811/submissions/new and spread the word
if you have other speakers you recommend!

Topics include Apache Projects & CARE Initiatives, Cybersecurity & Open
Source Software in Start-Ups as well as Lightning Pitches by selected
Start-Ups.

More info at https://www.apachecon.com/usroadshowdc20/

KAM

-- 
Kevin A. McGrail
kmcgr...@apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

[ANNOUNCE] Apache Lucene 8.4.1 released

[Ishan Chattopadhyaya]

## 13 January 2020, Apache Lucene™ 8.4.1 available

The Lucene PMC is pleased to announce the release of Apache Lucene 8.4.1.

Apache Lucene is a high-performance, full-featured text search engine
library written entirely in Java. It is a technology suitable for
nearly any application that requires full-text search, especially
cross-platform.

There is practically no difference between Lucene 8.4.0 release and
this (8.4.1) release. Users need not upgrade. This release is done due
to the accompanying Solr 8.4.1 release.

The release is available for immediate download at:

  

### Lucene 8.4.1 Release Highlights:

(No Changes since 8.4.0)

Note: The Apache Software Foundation uses an extensive mirroring network for
distributing releases. It is possible that the mirror you are using may not have
replicated the release yet. If that is the case, please try another mirror.
This also applies to Maven access.

[ANNOUNCE] Apache Crail 1.2-incubating released

[Adrian Schuepbach]

The Apache Crail community is pleased to announce the release of
Apache Crail version 1.2-incubating.

[If any] The key features of this release are:
- Allow namenode as parameter instead of conf file.
- Make host NQN configurable
- Several bug fixes

Crail is a high-performance distributed data store designed for fast
sharing of ephemeral data in distributed data processing workloads. You
can read more about Crail on the website: https://crail.apache.org/

The release is available at:
https://crail.incubator.apache.org/download/

The full change log is available here:
https://github.com/apache/incubator-crail/blob/v1.2/HISTORY.md

We welcome any help and feedback. Check out
https://crail.incubator.apache.org/community/
to get involved.

Thanks to all involved for making this first release happen!

Thanks,
Adrian

--
Apache Crail is an effort undergoing incubation at The Apache Software
Foundation (ASF), sponsored by the Apache Incubator PMC. Incubation is
required of all newly accepted projects until a further review
indicates that the infrastructure, communications, and decision making
process have stabilized in a manner consistent with other successful
ASF projects. While incubation status is not necessarily a reflection
of the completeness or stability of the code, it does indicate that the
project has yet to be fully endorsed by the ASF.```

[ANNOUNCEMENT] HttpComponents Core 4.4.13 Released

[Oleg Kalnichevski]

The Apache HttpComponents project is pleased to announce 4.4.13 GA
release of HttpComponents Core.

This is a maintenance release that corrects a number of defects
discovered since release 4.4.12.

Please note that as of 4.4 HttpCore requires Java 1.6 or newer.

Download -

Release notes -

HttpComponents site -


About HttpComponents Core

HttpCore is a set of low level HTTP transport components that can be
used to build custom client and server side HTTP services with a
minimal footprint. HttpCore supports two I/O models: a blocking I/O
model based on the classic Java I/O and a non-blocking, event driven
I/O model based on Java NIO.

[ANNOUNCE] Apache Daffodil (incubating) 2.5.0 Released

[Steve Lawrence]

The Apache Daffodil (incubating) community is pleased to announce the
release of version 2.5.0.

Notable changes in this release include user defined functions, BLOBs,
unordered sequences, 2GB+ files, and preparation for decreasing schema
compile time.

Detailed release notes and downloads are available at:

https://daffodil.apache.org/releases/2.5.0/

Daffodil is an open source implementation of the Data Format
Description Language (DFDL) specification that uses DFDL schemas to
parse fixed format data into an infoset, which is most commonly
represented as either XML or JSON. This allows the use of
well-established XML or JSON technologies and libraries to consume,
inspect, and manipulate fixed format data in existing solutions.
Daffodil is also capable of the reverse by serializing or "unparsing"
an XML or JSON infoset back to the original data format.

For more information about Daffodil visit:

https://daffodil.apache.org/

Regards,
The Apache Daffodil Team



=

*Disclaimer*

Apache Daffodil is an effort undergoing incubation at The Apache
Software Foundation (ASF), sponsored by the Apache Incubator PMC.
Incubation is required of all newly accepted projects until a further
review indicates that the infrastructure, communications, and decision
making process have stabilized in a manner consistent with other
successful ASF projects. While incubation status is not necessarily a
reflection of the completeness or stability of the code, it does
indicate that the project has yet to be fully endorsed by the ASF.

[ANNOUNCE] Apache Parquet Format release 2.8.0

[Gabor Szadovszky]

I'm pleased to announce the release of Parquet Format 2.8.0!

Parquet is a general-purpose columnar file format for nested data. It uses
space-efficient encodings and a compressed and splittable structure for
processing frameworks like Hadoop.

Changes are listed at:
https://github.com/apache/parquet-format/blob/apache-parquet-format-2.8.0/CHANGES.md

This release can be downloaded from: https://parquet.apache.org/downloads/

Java artifacts are available from Maven Central.

Thanks to everyone for contributing!

CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint

[Randall Hauch]

CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets
in tasks endpoint

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected:

Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.3.0

Description:

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0,
2.2.1, or 2.3.0 are configured with one or more config providers, and a
connector is created/updated on that Connect cluster to use an externalized
secret variable in a substring of a connector configuration property value
(the externalized secret variable is not the whole configuration property
value), then any client can issue a request to the same Connect cluster to
obtain the connector's task configurations and the response will contain
the plaintext secret rather than the externalized secrets variable.


Mitigation:

Apache Kafka Connect users should upgrade to one of the following versions
where this vulnerability has been fixed:
- 2.0.2 or higher
- 2.1.2 or higher
- 2.2.2 or higher
- 2.3.1 or higher

Acknowledgements:

This issue was first reported by Oleksandr Diachenko.


Regards,

Randall

[ANNOUNCE] Apache ODE is moved to Attic

[Sathwik B P]

Announcing that the Apache ODE committers have voted to retire the
project due to inactivity.

Apache ODE (Orchestration Director Engine) software executes business
processes written
following the WS-BPEL 
standard. It talks to web services, sending and receiving messages,
handling data manipulation and error recovery as described by your
process definition.
It supports both long and short living process executions to
orchestrate all the services
that are part of your application.

Retiring a project is not as simple as turning everything off, as
existing users need to both know that the project is retiring and
retain access to the necessary information for their own development
efforts.

You can read more about Apache ODE retirement at:

   http://attic.apache.org/projects/ode.html
Follow the JIRA https://issues.apache.org/jira/browse/ATTIC-175

The user mailing list remains open, while the rest of the project's
resources will continue to be available in a read-only state -
website, wikis, svn, downloads and bug tracker with no change in url.

Providing process and solutions to make it clear when an Apache
project has reached its end of life is the role of the Apache Attic,
and you can read more about that at:

   http://attic.apache.org/

Thanks,

Sathwik Bantwal Premakumar
on behalf of the Apache Attic and the now retired Apache ODE project