[ANNOUNCE] Apache POI 5.1.0 released

[PJ Fanning]

The Apache POI project is pleased to announce the release of POI 5.1.0.

Featured are a handful of new areas of functionality, and numerous bug fixes.


See the downloads page for binary and source distributions:
https://poi.apache.org/download.html


Release Notes


Changes



The most notable changes in this release are:


* upgrade dependencies: XmlBeans 5.0.2, XMLSec 2.2.3, Batik 1.14,
BouncyCastle 1.69, Commons-Compress 1.21, ...

* switching build to Gradle - Ant build is not supported anymore [#65206]

* XSLFTable::addRow functionality reverted to pre-5.0.0 [github-221]

* XSSFDrawing - import chart from other drawing [#63901]

* Support for Excel functions IFS, SWITCH, TEXTJOIN, IFNA, MAXIFS,
MINIFS, AVERAGEIFS, TDIST

* Fix SVG-related image rendering




A full list of changes is available in the change log:
https://poi.apache.org/changes.html.

People interested should also follow the dev mailing list to track
further progress.


Release Contents




This release comes in two forms:

 - pre-built binaries containing compiled versions of all Apache POI
components and documentation

   (poi-bin-5.1.0-20211024.zip or poi-bin-5.1.0-20211024.tgz)

 - source archive you can build POI from (poi-src-5.1.0-20211024.zip
or poi-src-5.1.0-20211024.tgz)

  Unpack the archive and use the following command to build all POI
components with Apache Ant 1.8+ and JDK 1.8 or higher:


  ant jar


 Pre-built versions of all POI components are also available in the
central Maven repository

 under Group ID "org.apache.poi" and Version "5.1.0"


All release artifacts are accompanied by MD5 checksums and PGP signatures

that you can use to verify the authenticity of your download.

The public key used for the PGP signature can be found at

https://svn.apache.org/repos/asf/poi/tags/REL_5_1_0/KEYS


About Apache POI

---


Apache POI is well-known in the Java field as a library for reading and

writing Microsoft Office file formats, such as Excel, PowerPoint, Word,

Visio, Publisher and Outlook. It supports both the older (OLE2) and

new (OOXML - Office Open XML) formats.


See https://poi.apache.org/ for more details

Thanks to all our contributors for making this release possible.

On behalf of the Apache POI PMC,
PJ

[ANNOUNCEMENT] HttpComponents Client 5.2-alpha1 Released

[Oleg Kalnichevski]

The Apache HttpComponents project is pleased to announce 5.2-alpha1
release of HttpComponents HttpClient.

This is the first ALPHA release in the 5.2 release series that upgrades
minimal JRE level to version 1.8 (8u251 is required) and includes
several protocol level and API improvements. It also includes all bug
fixes from the 5.1 branch.

Notable changes and features included in the 5.2 series:

* Upgrade to Java 8.

* Improved support for TLS upgrade and HTTP protocol upgrade (async).

* Support for H2 tunneling via HTTP/1.1 proxy.

* Conformance to RFC 7617 (The 'Basic' HTTP Authentication Scheme).

* Improved connection configuration on a per-route basis.

* Improved TLS configuration on a per-host basis.


Download - 
Release notes - <
https://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-5.2.x.txt
HttpComponents site - 

About HttpComponents HttpClient

The Hyper-Text Transfer Protocol (HTTP) is perhaps the most
significantprotocol used on the Internet today. Web services, network-
enabled appliances and the growth of network computing continue to
expand the role of the HTTP protocol beyond user-driven web browsers,
while increasing the number of applications that require HTTP support.

Although the java.net package provides basic functionality for
accessing resources via HTTP, it doesn't provide the full flexibility
or functionality needed by many applications. HttpClient seeks to fill
this voidby providing an efficient, up-to-date, and feature-rich
package implementing the client side of the most recent HTTP standards
and recommendations.

Designed for extension while providing robust support for the base
HTTPprotocol, HttpClient may be of interest to anyone building HTTP-
aware client applications such as web browsers, web service clients, or
systems that leverage or extend the HTTP protocol for distributed
communication.

[ANNOUNCE] Apache SystemDS 2.2.0 released

[Janardhan]

The Apache SystemDS team is pleased to announce the release of Apache
SystemDS version 2.2.0. This is the second minor release after 2.0.0.

Apache SystemDS is an open source ML system for the end-to-end data science
lifecycle from data integration, cleaning, and feature engineering,
over efficient,
local and distributed ML model training, to deployment and serving.


For detailed information about the updates, please access the release notes [1].

To download the distribution, and learn more about the SystemDS project,
visit [2].

We would like to thank all the contributors that made the release possible.

--
[1] https://systemds.apache.org/release-notes/systemds-release-notes-2.2.0.html
[2] http://systemds.apache.org/

Thanks and Regards,
Janardhan Pulivarthi
on behalf of The Apache SystemDS Team

CVE-2021-27644: Apache DolphinScheduler: DolphinScheduler mysql jdbc connector parameters deserialize remote code execution

[Calvin Kirs]

Severity: low

Description:

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL 
injection in the data source center. (Only applicable to MySQL data source with 
internal login account password)


Credit:

This issue was discovered by Jinchen Sheng of Ant FG Security Lab

[ANNOUNCE] Apache Wicket 9.6.0 released

[Andrea Del Bene]

The Apache Wicket PMC is proud to announce Apache Wicket 9.6.0!

Apache Wicket is an open source Java component oriented web application
framework that powers thousands of web applications and web sites for
governments, stores, universities, cities, banks, email providers, and
more. You can find more about Apache Wicket at https://wicket.apache.org

This release marks another minor release of Wicket 9. We
use semantic versioning for the development of Wicket, and as such no
API breaks are present in this release compared to 9.0.0.

Using this release
--

With Apache Maven update your dependency to (and don't forget to
update any other dependencies on Wicket projects to the same version):


    org.apache.wicket
    wicket-core
    9.6.0


Or download and build the distribution yourself, or use our
convenience binary package you can find here:

 * Download: http://wicket.apache.org/start/wicket-9.x.html#manually

Upgrading from earlier versions
---

If you upgrade from 9.y.z this release is a drop in replacement. If
you come from a version prior to 9.0.0, please read our Wicket 9
migration guide found at

 * http://s.apache.org/wicket9migrate

Have fun!

— The Wicket team



    CHANGELOG for 9.6.0:


** Bug

    * [WICKET-6921] - MultipartFormComponentListener breaks on hidden 
components


** Improvement

    * [WICKET-6920] - Improve the examples to use the browser's 
light/dark mode

    * [WICKET-6924] - Allow image/avif in SecurePackageResourceGuard
    * [WICKET-6927] - Get rid of java.security.AccessController

** Task

    * [WICKET-6918] - Add links to latest wicket.xsd to the web site
    * [WICKET-6919] - Improve EnclosureContainer's javadoc to explain 
that it should not be used with 

    * [WICKET-6925] - Deprecate AbstractWrapModel