CVE-2021-44228 log4j vulnerability
Hi I am using svn, version 1.6.11 (r934486) on rhel 1.6 could you kindly help me understand if this is vulnerable to the latest java vulnaribility Httpd version im using is 2.2.15 Looking for your help
Re: ASF Subversion version
On Sat, Dec 11, 2021 at 06:59:31AM -0600, Luke Mauldin wrote: > Does the subversion project receive any funding from the ASF to hire > professional developers to complete more complex tasks or is development 100% > community driven and supported? The ASF does not pay anyone for development. I think this is an unfortunate situation because many ASF projects slowly die off as funding dries up. I believe the ASF is unlikely to change this long-standing practice, even though there are other open source foundations which fund developers. The FreeBSD and OpenBSD foundations pay some development (see their financial reports), and apparently a new PHP foundataion is starting up with the sole purpose of funding PHP developers. In the past many SVN developers were employed by companies who ran with business models related to Subversion. This is the funding model the ASF is promoting. However, as of a few years ago most such companies changed direction and are no longer employing any SVN developers. Many people have moved on as a result and are no longer active. (Disclaimer: I still receive a small amount of indirect SVN-related funding via elego's SVN customer support. I occasionally use some of this time to work on various things in Subversion, even though this budget is not intended to fund development beyond customer-specific issues which can only be fixed in the code base. And it is not enough to cover complex tasks.)
Re: ASF Subversion version
Does the subversion project receive any funding from the ASF to hire professional developers to complete more complex tasks or is development 100% community driven and supported? > On Dec 11, 2021, at 4:10 AM, Daniel Sahlberg > wrote: > > > > > Den lör 11 dec. 2021 10:54Bo Berglund skrev: >> On Fri, 10 Dec 2021 07:59:02 -0600, Luke Mauldin >> wrote: >> >> >Gotcha, thank you. >> > >> >> On Dec 10, 2021, at 7:14 AM, Mark Phippard wrote: >> >> >> >> ?On Fri, Dec 10, 2021 at 8:12 AM Luke Mauldin >> >> wrote: >> >>> >> >>> I noticed that the ASF is still running Subversion 1.9.x which was >> >>> released quite a few years ago. Does anyone know why they haven’t at >> >>> least upgraded to the 10.x LTS release which itself is over 2 years old >> >>> at this point? >> >> >> >> ASF Infra uses the package provided by the Linux distro they are using >> >> rather than building and maintaining their own package. >> >> >> >> Why is a constrruction company involved in Subversion? >> >> http://www.asfinfrastructure.com/about-us.php >> >> Strange > > > ASF Infra is the group within Apache Software Foundation that is managing the > infrastructure, ie servers and network. > > Kind regards > Daniel
Re: ASF Subversion version
Den lör 11 dec. 2021 10:54Bo Berglund skrev: > On Fri, 10 Dec 2021 07:59:02 -0600, Luke Mauldin > wrote: > > >Gotcha, thank you. > > > >> On Dec 10, 2021, at 7:14 AM, Mark Phippard wrote: > >> > >> ?On Fri, Dec 10, 2021 at 8:12 AM Luke Mauldin > wrote: > >>> > >>> I noticed that the ASF is still running Subversion 1.9.x which was > released quite a few years ago. Does anyone know why they haven’t at least > upgraded to the 10.x LTS release which itself is over 2 years old at this > point? > >> > >> ASF Infra uses the package provided by the Linux distro they are using > >> rather than building and maintaining their own package. > >> > > Why is a constrruction company involved in Subversion? > > http://www.asfinfrastructure.com/about-us.php > > Strange > ASF Infra is the group within Apache Software Foundation that is managing the infrastructure, ie servers and network. Kind regards Daniel
Re: ASF Subversion version
On Fri, 10 Dec 2021 07:59:02 -0600, Luke Mauldin wrote: >Gotcha, thank you. > >> On Dec 10, 2021, at 7:14 AM, Mark Phippard wrote: >> >> ?On Fri, Dec 10, 2021 at 8:12 AM Luke Mauldin wrote: >>> >>> I noticed that the ASF is still running Subversion 1.9.x which was released >>> quite a few years ago. Does anyone know why they havent at least upgraded >>> to the 10.x LTS release which itself is over 2 years old at this point? >> >> ASF Infra uses the package provided by the Linux distro they are using >> rather than building and maintaining their own package. >> Why is a constrruction company involved in Subversion? http://www.asfinfrastructure.com/about-us.php Strange -- Bo Berglund Developer in Sweden