[ANNOUNCE] Apache Arrow 15.0.1 released

[Raúl Cumplido]

The Apache Arrow community is pleased to announce the 15.0.1 release.
It includes 42 resolved issues ([1]) since the 15.0.0 release.

The release is available now from our website and [2]:
http://arrow.apache.org/install/

Read about what's new in the release
https://arrow.apache.org/blog/2024/03/07/15.0.1-release/

Changelog
https://arrow.apache.org/release/15.0.1.html

What is Apache Arrow?
-

Apache Arrow is a columnar in-memory analytics layer designed to accelerate big
data. It houses a set of canonical in-memory representations of flat and
hierarchical data along with multiple language-bindings for structure
manipulation. It also provides low-overhead streaming and batch messaging,
zero-copy interprocess communication (IPC), and vectorized in-memory analytics
libraries.

Please report any feedback to the mailing lists ([3])

Regards,
The Apache Arrow community

[1]: https://github.com/apache/arrow/milestone/60?closed=1
[2]: https://www.apache.org/dyn/closer.cgi/arrow/arrow-15.0.1/
[3]: https://lists.apache.org/list.html?d...@arrow.apache.org

[ANNOUNCE] Apache Airflow 2.8.3 Released

[Ephraim Anierobi]

Dear community,

I'm happy to announce that Airflow 2.8.3 was just released.

The released sources and packages can be downloaded via 
https://airflow.apache.org/docs/apache-airflow/stable/installation/installing-from-sources.html

Other installation methods are described in 
https://airflow.apache.org/docs/apache-airflow/stable/installation/

We also made this version available on PyPI for convenience:
`pip install apache-airflow`
https://pypi.org/project/apache-airflow/2.8.3/

The documentation is available at:
https://airflow.apache.org/docs/apache-airflow/2.8.3/

Find the release notes here for more details:
https://airflow.apache.org/docs/apache-airflow/2.8.3/release_notes.html

Container images are published at:
https://hub.docker.com/r/apache/airflow/tags/?page=1=2.8.3

Cheers,
Ephraim

[ANNOUNCEMENT] HttpComponents Client 5.4-alpha2 Released

[Oleg Kalnichevski]

The Apache HttpComponents project is pleased to announce 5.4-alpha2
release of HttpComponents HttpClient.

This is the second and likely the last ALPHA release in the 5.3 release
series. It finalizes the new Cache API introduced in the previous ALPHA
release and also improves TLS customization for the classic transport,
SNI and endpoint identification support, authentication data caching,
and HTTP context performance. It also introduces support for optional
TLS upgrades for HTTP/1.1 connections.


IMPORTANT! Please note the new cache entry serialization format is
incompatible with earlier versions of HttpClient Cache. Persistent
caches (file system based, Memcached, EhCAche with object
serialization) created with any earlier version MUST be flushed and re-
populated or the cache backend MUST be configured to use the old
deprecated cache entry serializer.


Notable changes and features included in the 5.4 series:

* Improved conformance to RFC 9110 (HTTP Semantics), RFC 7616 (HTTP
Digest Access Authentication), RFC 2617 (’Basic’ HTTP Authentication
Scheme).

* UTF-8 encoding to be used by default for text where appropriate.

* Compatibility with Java Virtual Threads and Java 21 Runtime.

* Redesign and rewrite of the HTTP caching protocol layer for better
efficiency and improved conformance to RFC 9111 (HTTP Caching).

* Cache control and context APIs.

* ETag APIs.

* TLS SNI and endpoint identification improvements.

* Support for RFC 2817 (Upgrading to TLS Within HTTP/1.1).

* Auth cache no longer makes use of Java serialization.

* Deprecation of ConnectionSocketFactory and
LayeredConnectionSocketFactory.

* HttpContext optimization and performance improvement.

  
Download - 
Release notes -

  

About HttpComponents HttpClient

The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant
protocol used on the Internet today. Web services, network-enabled
appliances and the growth of network computing continue to expand the
role of the HTTP protocol beyond user-driven web browsers, while
increasing the number of applications that require HTTP support.

Designed for extension while providing robust support for the base HTTP
protocol, HttpClient may be of interest to anyone building HTTP-aware
client applications such as web browsers, web service clients, or
systems that leverage or extend the HTTP protocol for distributed
communication.

[ANNOUNCE] Apache Doris 2.1.0 & 2.0.5 & 1.2.8 release

[ChenMingyu]

Hi All,

We are pleased to announce the release of Apache Doris 1.2.8, 2.0.5 and 2.1.0

Apache Doris is a new-generation open-source real-time data warehouse based on 
MPP architecture, with easier use and higher performance for big data analytics.

The release is available at:
https://doris.apache.org/download/

Thanks to everyone who has contributed to this release, and the release note 
can be found here:
1.2.8:  https://github.com/apache/doris/issues/31673
2.0.5:  https://github.com/apache/doris/issues/31356
2.1.0: https://github.com/apache/doris/issues/31770

Best Regards,

On behalf of the Doris team,
Mingyu Chen

Email:
morning...@apache.org

[ANNOUNCE] Apache Pulsar 3.0.3 released

[Heesung Sohn]

The Apache Pulsar team is proud to announce Apache Pulsar version 3.0.3.

Pulsar is a highly scalable, low latency messaging platform running on
commodity hardware. It provides simple pub-sub semantics over topics,
guaranteed at-least-once delivery of messages, automatic cursor management
for subscribers, and cross-datacenter replication.

For Pulsar release details and downloads, visit:
https://pulsar.apache.org/download

Release Notes are at:
https://pulsar.apache.org/release-notes

We would like to thank the contributors that made the release possible.

Regards,

The Pulsar Team

CVE-2023-41313: Apache Doris: Timing Attack weakness

[Mingyu Chen]

Severity: important

Affected versions:

- Apache Doris before 1.2.8

Description:

The authentication method in Apache Doris versions before 2.0.0 was vulnerable 
to timing attacks.
Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this 
issue.

Credit:

Andrea Cosentino from  Apache Software Foundation  (reporter)

References:

https://doris.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-41313