Apache Month in Review: January 2022

[Sally Khudairi]

[this announcement is available online at https://s.apache.org/January2022 ]

Welcome to the latest monthly overview of events from the Apache community. 
Here's a summary of what happened in January [video highlights available at 
https://youtu.be/goxIRFMIi-w ] :

New This Month --
- Apache in 2021 - By The Digits – a look at the achievements from the Apache 
Community over the past 12 months
   -- Summary and stats at https://s.apache.org/Apache2021Digits
   -- Video highlights https://youtu.be/GU0SV_2tWkU
- Apache Software Foundation statement on White House Open Source Security 
Summit 
https://blogs.apache.org/foundation/entry/apache-software-foundation-statement-on
- Apache Month in Review: December 2021 https://s.apache.org/December2021
- ASF Security Report 2021 – the annual state of security across all Apache 
projects https://s.apache.org/SecurityReport2021 
- The Apache Software Foundation Announces Open Source data orchestration 
platform Apache® Hop™ as a Top-Level Project https://s.apache.org/4s3ci

Important Dates --
- Next Board Meeting: 16 February 2022. Board calendar and minutes 
http://apache.org/foundation/board/calendar.html

Infrastructure --
Our seven-member Infrastructure team on three continents oversees our 
highly-reliable, distributed network under the leadership of VP Infrastructure 
David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure 
supports 300+ Apache projects and their communities across ~200 individual 
machines, 1,400+ repositories, 5-6PB in traffic annually, ~75M downloads per 
month, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly 
checks to ensure services are available around the clock. The average uptime in 
January was 100%. http://www.apache.org/uptime/

Committer Activity --
In January, 672 Apache Committers changed 14,033,278 lines of code over 15,480 
commits. The Committers with the top 5 highest contributions, in order, were: 
Gary Gregory, Claus Ibsen, Mark Thomas, Jarek Potiuk, and Sebastian Bazley.

Project Releases and Updates --
New releases from Apache Airflow (Workflow); APISIX (API); Avro (Big Data); 
Camel (Integration); DolphinScheduler (Workflow); Flink (Big Data); Geode 
(Database); Guacamole (Network Client); Hop (Orchestration); Ignite (Big Data); 
Jackrabbit (Content); James (Mail); Kafka (Big Data); Karaf (Application 
Servers/Middleware); Knox (Big Data); Log4j (Libraries); MINA (Network 
Client/Server); NiFi (Big Data); OFBiz (Enterprise Processes Automation / ERP); 
POI (Content); Portals (Web Frameworks); ShardingSphere (Big Data); ShenYu 
(Incubating; API); Skywalking (Application Performance Management); Struts (Web 
Frameworks); Tomcat (Servers); Tuweni (Incubating; Blockchain); and TVM 
(Machine Learning).

Apache Project Anniversaries in January: Apache Cocoon, James, and Web Services 
(18 years); Lucene (16 years); ActiveMQ (14 years); Hadoop (13 years); River 
(10 years); Empire-db and Gora (9 years); OpenMeetings (8 years); Samza (6 
years); Arrow (5 years); Ranger (2 years); and Gobblin (1 year). Many happy 
returns! https://projects.apache.org/committees.html?date

The Apache Incubator is the primary entry path for projects wishing to become 
an official part of the ASF. More than three dozen projects are currently 
undergoing development in the Apache Incubator. http://incubator.apache.org/

# # #

To see our Weekly News Round-ups (published every Friday), visit 
https://blogs.apache.org/foundation/ and click on the calendar or hop directly 
to https://blogs.apache.org/foundation/category/Newsletter . For real-time 
updates, sign up for Apache-related news by sending mail to 
announce-subscr...@apache.org and follow @TheASF on Twitter. We appreciate your 
support!

= = =
NOTE: you are receiving this message because you are subscribed to the 
announce@apache.org distribution list. To unsubscribe, send email from the 
recipient account to announce-unsubscr...@apache.org with the word 
"Unsubscribe" in the subject line.

[ANNOUNCEMENT] HttpComponents Client 5.1.3 GA Released

[Oleg Kalnichevski]

The Apache HttpComponents project is pleased to announce 5.1.3 GA
release of HttpComponents HttpClient.

This release upgrades HttpCore to the latest 5.1 version and fixes a
number of issues found since release 5.1.2.

Please note that 5.1 is going to be the last release series compatible
with Java 1.7. HttpClient will require Java 8 as of 5.2.


Download - 
Release notes - <
https://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-5.1.x.txt
HttpComponents site - 

About HttpComponents HttpClient

The Hyper-Text Transfer Protocol (HTTP) is perhaps the most
significantprotocol used on the Internet today. Web services, network-
enabled appliances and the growth of network computing continue to
expand the role of the HTTP protocol beyond user-driven web browsers,
while increasing the number of applications that require HTTP support.

Although the java.net package provides basic functionality for
accessing resources via HTTP, it doesn't provide the full flexibility
or functionality needed by many applications. HttpClient seeks to fill
this voidby providing an efficient, up-to-date, and feature-rich
package implementing the client side of the most recent HTTP standards
and recommendations.

Designed for extension while providing robust support for the base HTTP
protocol, HttpClient may be of interest to anyone building HTTP-aware
client applications such as web browsers, web service clients, or
systems that leverage or extend the HTTP protocol for distributed
communication.

CVE-2021-44451: Apache Superset: API sensitive information leak

[Daniel Gaspar]

Description:

Apache Superset up to and including 1.3.2 allowed for registered database 
connections password leak for authenticated users. This information could be 
accessed in a non-trivial way.

Mitigation:

Upgrade to Apache Superset 1.4.0 or higher.

Credit:

Found and reported by Cesar Santos