[ANNOUNCE] Apache IoTDB 0.12.3 released

[Haonan Hou]

The Apache IoTDB team is pleased to announce the release of Apache IoTDB
0.12.3.

Apache IoTDB (Database for Internet of Things) is an IoT native database
with high performance for data management and analysis, deployable on the
edge and the cloud.

This is a bug-fixed version of 0.12.2, which includes a number of improvements:

## Improvements

* [IOTDB-842] Better Export/Import-CSV Tool
* [IOTDB-1738] Cache paths list in batched insert plan
* [IOTDB-1792] remove tomcat-embed dependency and make all transitive 
dependencies versions consistent
* [ISSUE-4072] Parallel insert records in Session
* Print the file path while meeting error in case of reading chunk

## Bug Fixes

* [IOTDB-1275] Fix backgroup exec for cli -e function causes an infinite lo=
op
* [IOTDB-1287] Fix C++ class Session has 2 useless sort()
* [IOTDB-1289] fix CPP mem-leak in SessionExample.cpp insertRecords()
* [IOTDB-1484] fix auto create schema in cluster
* [IOTDB-1578] Set unsequnce when loading TsFile with the same establish time
* [IOTDB-1619] Fix an error msg when restart iotdb-cluster
* [IOTDB-1629] fix the NPE when using value fill in cluster mode
* [IOTDB-1632] Fix Value fill function fills even when the data exists
* [IOTDB-1651] add reconnect to solve out of sequence in sync module
* [IOTDB-1659] Fix Windows CLI cannot set maxPRC less than or equal to 0
* [IOTDB-1670] Fix cli -e mode didn't fetch timestamp_precision from server
* [IOTDB-1674] Fix command interpret error causing somaxconn warning failed
* [IOTDB-1677] Fix not generate file 
apache-iotdb-0.x.x-client-cpp-linux-x86_64-bin.zip.sha512
* [IOTDB-1678] Fix client-cpp session bug: can cause connection leak.
* [IOTDB-1679] client-cpp: Session descontruction need release server resource
* [IOTDB-1690] Fix align by device type cast error
* [IOTDB-1693] fix IoTDB restart does not truncate broken ChunkGroup bug
* [IOTDB-1703] Fix MManager slow recover with tag
* [IOTDB-1714] fix Could not find or load main class when start with jmx on=
win
* [IOTDB-1723] Fix concurrency issue in compaction selection
* [IOTDB-1726] Wrong hashCode() and equals() method in ChunkMetadata
* [IOTDB-1727] Fix Slow creation of timeseries with tag
* [IOTDB-1731] Fix sync error between different os
* [IOTDB-1733] Fix dropping built-in function
* [IOTDB-1741] Avoid double close in level compaction execution
* [IOTDB-1785] Fix Illegal String ending with . being parsed to PartialPath
* [IOTDB-1836] Fix Query Exception Bug after deleting all sgs
* [IOTDB-1837] Fix tagIndex rebuild failure after upgrade mlog from mlog.txt to 
mlog.bin
* [IOTDB-1838] The compacting status in SGP is always false
* [IOTDB-1846] Fix the error when count the total number of devices in cluster 
mode
* [IoTDB-1847] Not throw excpetion when pulling non--existent time series
* [IOTDB-1850] Fix deserialize page merge rate limiter
* [IoTDB-1865] Compaction is blocking when removing old files in Cluster
* [IOTDB-1868] Use RwLock to reduce the lock time for nodeRing
* [IOTDB-1872] Fix data increases abnormally after IoTDB restarts
* [IOTDB-1877] Fix Sync recovery and reconnection bugs in both sender and 
receiver
* [IOTDB-1879] Fix some Unsequence files never be merged to higher level or 
Sequence folder
* [IOTDB-1887] Fix importing csv data containing null throws exception
* [IOTDB-1893] Fix Can not release file lock in sync verify singleton
* [IOTDB-1895] Cache leader optimization for batch write interfaces on multiple 
devices
* [IOTDB-1903] Fix IndexOutOfRangeException when starting IoTDB
* [IoTDB-1913] Fix When exporting a amount of data from csv, it will report 
network error or OOM
* [IOTDB-1925] Fix the modification of 
max_select_unseq_file_num_in_each_compaction parameter does not take effect
* [IOTDB-1958] Add storage group not ready exception
* [IOTDB-1961] Cluster query memory leak
* [IOTDB-1975] OOM caused by that MaxQueryDeduplicatedPathNum doesn't take 
effect
* [IOTDB-1983] Fix DescReadWriteBatchData serializing bug
* [IOTDB-1990] Fix unchecked null result by calling 
IReaderByTimestamp.getValuesInTimestamps()
* [ISSUE-3945] Fix Fuzzy query not support multiDevices and alignByDevice 
Dataset
* [ISSUE-4288] Fix CI issue caused by the invalid pentaho download url
* [ISSUE-4293] SessionPool: InterruptedException is not properly handled 
insynchronized wait()
* [ISSUE-4308] READ_TIMESERIES privilege granted to users and roles can not 
take effect when quering by UDFs
* fix merge ClassCastException: MeasurementMNode
* change sync version check to major version
* init dummyIndex after restart cluster


The full release note is available at:
https://raw.githubusercontent.com/apache/iotdb/v0.12.3/RELEASE_NOTES.md

The release is available for download at:
http://iotdb.apache.org/Download

Maven artifacts for JDBC driver, session SDK, TsFile SDK, Spark-connector,
Hadoop-connector, Hive-connector and Flink-connector can be found at:
https://search.maven.org/search?q=3Dg:org.apache.iotdb


Docker image of IoTDB server can be 

Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops

[Zach Hoffman]

CORRECTION:
This issue was discovered by Apache Traffic Control user 
zhouxuf...@bytedance.com.

On Thu, 2021-11-11 at 20:53 +, Zach Hoffman wrote:
> Severity: critical
> 
> Description:
> 
> An unauthenticated Apache Traffic Control Traffic Ops user can send a request 
> with a specially-crafted username to the POST /login endpoint of any API 
> version to inject unsanitized content into the LDAP filter.
> 
> Mitigation:
> 
> 6.0.x users should upgrade to 6.0.1.
> 5.1.x users should upgrade to 5.1.4.
> 
> Credit:
> 
> This issue was discovered by Apache Traffic Control user pupiles.
> 
> References:
> 
> https://trafficcontrol.apache.org/security/
> 

[ANNOUNCE] Apache Arrow 6.0.1 released

[Sutou Kouhei]

The Apache Arrow community is pleased to announce the 6.0.1 release.
The release includes 29 resolved issues ([1]) since the 6.0.0 release.

The release is available now from our website, [2] and [3]:
https://arrow.apache.org/install/

Release notes are available at:
https://arrow.apache.org/release/6.0.1.html

What is Apache Arrow?
-

Apache Arrow is a columnar in-memory analytics layer designed to accelerate big
data. It houses a set of canonical in-memory representations of flat and
hierarchical data along with multiple language-bindings for structure
manipulation. It also provides low-overhead streaming and batch messaging,
zero-copy interprocess communication (IPC), and vectorized in-memory analytics
libraries.
Languages currently supported include C, C++, C#, Go, Java, JavaScript, Julia,
MATLAB, Python, R, Ruby, and Rust.

Please report any feedback to the mailing lists ([4], [5])

Regards,
The Apache Arrow community


[1]: 
https://issues.apache.org/jira/issues/?jql=project%20%3D%20ARROW%20AND%20status%20%3D%20Resolved%20AND%20fixVersion%20%3D%206.0.1
[2]: https://www.apache.org/dyn/closer.cgi/arrow/arrow-6.0.1/
[3]: https://apache.jfrog.io/artifactory/arrow/
[4]: https://lists.apache.org/list.html?u...@arrow.apache.org
[5]: https://lists.apache.org/list.html?d...@arrow.apache.org

[ANN] Apache Tomcat 8.5.73 available

[Christopher Schultz]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.73.

Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers technologies.

Apache Tomcat 8.5.73 is a bugfix and feature release. The notable 
changes compared to 8.5.72 include:


- Improvements to native/APR including avoiding a JVM crash if APR fails
to properly initialize and improving error handling.

- Improve robustness of JNDIRealm for exceptions occurring when getting
the connection.

Along with lots of other bug fixes and improvements.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 7.x and 8.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[ANNOUNCE] Apache Solr Operator v0.5.0 released

[Houston Putman]

The Apache Solr PMC is pleased to announce the release of the Apache Solr 
Operator v0.5.0.

The Apache Solr Operator is a safe and easy way of managing a Solr ecosystem in 
Kubernetes.

This release contains numerous bug fixes, optimizations, and improvements, some 
of which are highlighted below. The release is available for immediate download 
at:

  >

Solr Operator v0.5.0 Release Highlights:

Support for Kubernetes v1.22+ (including the new Ingress APIs)
Support for cloud-native backups, and multiple backup repositories per-SolrCloud
GCS and S3 Backup Repositories are now fully supported (require Solr 8.9 and 
Solr 8.10 respectively)
SolrCloud Backup option has been removed from 
SolrCloud.spec.dataStorage.backupRestoreOptions, please use 
SolrCloud.spec.backupRepositories instead
When upgrading, the Solr Operator will automatically migrate the information to 
the new location
SolrBackup Persistence has been removed
Please keep the data in the shared volume, or use a cloud-native backup 
repository instead (e.g. GCS, S3)
Any persistence options provided will be removed and ignored
Introducing recurring/scheduled backup support in SolrBackup resource
Ability to bootstrap a custom Solr security.xml from a Secret
Fix for managed SolrCloud upgrades across multiple SolrCloud resources (with a 
shared zookeeper connection string)
Easy enablement of Solr Modules and additional libraries for SolrCloud
Pod Lifecycle is now customizable for SolrCloud and SolrPrometheusExporter
SolrCloud can now be run across availability zones with support for 
PodSpreadTopologyConstraints
Augment the available Pod customization options for provided Zookeeper Clusters
The Solr Operator now runs with liveness and readiness probes by default
The Solr Operator now provides a metrics endpoint, that is enabled by default 
when using the Solr Operator Helm chart
Leader election is now enabled for the Solr Operator by default, and supports 
multiple namespace watching

A summary of important changes is published in the documentation at:

  >

For the most exhaustive list, see the change log on ArtifactHub or view the git 
history in the solr-operator repo.

  
>

  >


signature.asc
Description: Message signed with OpenPGP

[ANNOUNCEMENT] HttpComponents Client 5.1.2 GA Released

[Oleg Kalnichevski]

The Apache HttpComponents project is pleased to announce 5.1.2 GA
release of HttpComponents HttpClient.

This is an emergency release that fixes a regression introduced in the
previous release that can lead to a connection leak when executing
requests with a non-repeatable streaming entity with the classic
(blocking) HttpClient. Async and minimal HttpClient implementations are
not affected by the regression.

Please note that 5.1 is going to be the last release series compatible
with Java 1.7. HttpClient will require Java 8 as of 5.2.


Download - 
Release notes - <
https://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-5.1.x.txt
HttpComponents site - 

About HttpComponents HttpClient

The Hyper-Text Transfer Protocol (HTTP) is perhaps the most
significantprotocol used on the Internet today. Web services, network-
enabled appliances and the growth of network computing continue to
expand the role of the HTTP protocol beyond user-driven web browsers,
while increasing the number of applications that require HTTP support.

Although the java.net package provides basic functionality for
accessing resources via HTTP, it doesn't provide the full flexibility
or functionality needed by many applications. HttpClient seeks to fill
this voidby providing an efficient, up-to-date, and feature-rich
package implementing the client side of the most recent HTTP standards
and recommendations.

Designed for extension while providing robust support for the base HTTP
protocol, HttpClient may be of interest to anyone building HTTP-aware
client applications such as web browsers, web service clients, or
systems that leverage or extend the HTTP protocol for distributed
communication.

CVE-2021-42250: Apache Superset: Possible log injection

[Daniel Gaspar]

Description:

Improper output neutralization for Logs. A specific Apache Superset HTTP 
endpoint allowed for an authenticated user to forge log entries or inject 
malicious content into logs.

Mitigation:

Upgrade to Apache Superset 1.3.2 or higher

Credit:

Found and reported by Duxiaoman Financial Security Team