Success at Apache: Welcoming Communities Strengthens the Apache Way

2020-04-06 Thread Sally Khudairi
[this announcement. including embedded links and images, is available at ]

by Jarek Potiuk

During my career, I have been a software engineer, Tech Lead Manager at Google, 
a robotics engineer at an AI and robotics startup, and am currently the CTO of 
a software house, Polidea, which I helped grow from 6 to 60 people within 6 

Over the past year and a half I was a user, then contributor, then committer, 
and now a Project Management Committee (PMC) member of Apache Airflow.

Although I took on many roles through the years, including being the main 
organizer of the international tech conference (MCE), deep in my heart I was 
always a software engineer. It took me many years to find a place where I could 
explore my true potential. Then I became part of the Apache community. I first 
learned about the Apache Software Foundation (ASF) 20 years ago when I used the 
Apache HTTP server at the beginning of my career. I had only made small 
contributions to OSS projects up to that point, and becoming involved with 
Apache Airflow was the first time I contributed seriously to one. As a 
Principal Software Engineer at Polidea, several of our customers were using 
Apache Airflow and wanted to contribute back to the project to help other 
users. Better integrations of services with Airflow would significantly improve 
future releases of the software. 

The needs of our customers made me and my team go from users of the project to 
contributors and more. We have people in our software house who understand open 
source, know how to follow the OSS rules, and contribute changes from customers 
to help other people in the community. We know how to communicate well, we can 
also represent a vendor-neutral point of view because we represent the view of 
several customers and collaborate with all the stakeholders in the project. 
People in our company also contribute to other OSS projects, such as Apache 
Beam and Flink. 

We also discovered a great model where our customers wanted us to contribute to 
an open-source project to make it better because they were using it and wanted 
to improve it for future users. This allowed us to do it full time (or even 
150% of the time if you add all the out-of-hours contributions). I invite you 
to read about it in my blog post The evolution of Open Source - standing on the 
shoulders of giants.

Committing to Apache 

I found exactly what I was looking for in the Apache Software Foundation. It’s 
a great organization for people like me: individual contributors who are also 
good at working with others, the ones who don’t shy away from organizing and 
making things happen, who thrive when they can do meaningful work with others. 

This made me think: since the ASF is so great, how come for 20 years I was not 
contributing to OSS projects more? And since so many software engineers use 
Apache technology, why is participation not more common? I got lucky because I 
was in a position that allowed and supported my contributions to an open-source 
project. For me, it’s a dream-come-true. But what about others? There must be 
more people willing to contribute and get involved in the OSS community, they 
probably just don’t know how to go about it yet or did not like the experience.

So here I am, sharing my thoughts on what can be done to help others to get to 
know ASF sooner and get involved.

Apache Airflow and the initial experience 

Apache Airflow is an exciting project. It is a platform created by the 
community to programmatically author, schedule and monitor workflows. It 
started in AirBnB in 2014, was submitted to the ASF incubator in March 2016 and 
it graduated to a top-level project in January 2019.

When I started working with the Apache Airflow project, I quickly realized that 
it was hard for me to contribute to. It was not clear how to develop and debug 
Airflow, how to start, and how to communicate. The project had a number of 
channels for communication including a developer list, a Slack channel, issues 
and pull requests alongside the code. As a newcomer, it was not easy to 
understand which channel is used for what and whether it’s OK to raise certain 
issues using those channels. It was not clear what were the common protocols: 
for example how to see that one thread is a discussion and one is voting on an 
already discussed topic. 

Is our community welcoming enough?

At a party after a conference where I spoke about Apache Airflow, I had a long 
discussion with a young engineer who was new to the field, Fabian. Fabian told 
me that often OSS projects create some invisible barriers around communication 
and onboarding. I explained to him the “Apache Way” and how transparency and 
openness help with those barriers, fiercely protecting the fact that “we are 
open”. We carried on with our friendly discussion and it was really eye-opening.

That conversation stayed with me for a while. After some time, I realized that 
maybe our 

[ANNOUNCE] Apache Jackrabbit Oak 1.10 retired

2020-04-06 Thread Julian Reschke

Dear users of Apache Jackrabbit,

the Apache Jackrabbit Team has decided to drop support and deprecate the 
1.10 branch of Apache Jackrabbit Oak. Branch, tags and releases will 
still be available for future references, but will not show up on the 
download page anymore. Users are encouraged to upgrade to the latest 
release of the newest maintenance branch (1.22.2).

See , 
 for further information.

Best regards, Julian

[ANNOUNCE] Apache Wicket 9.0.0-M5 released

2020-04-06 Thread Andrea Del Bene

The Apache Wicket PMC is proud to announce Apache Wicket 9.0.0-M5!

Apache Wicket is an open source Java component oriented web application
framework that powers thousands of web applications and web sites for
governments, stores, universities, cities, banks, email providers, and
more. You can find more about Apache Wicket at

This release marks another minor release of Wicket 9. We
use semantic versioning for the development of Wicket, and as such no
API breaks are present breaks are present in this release compared to

New and noteworthy


With this milestone Wicket introduces support for content security 
policy (CSP) which
is active by default and prevents inline JavaScript and CSS code from 
been executed.
For more details about CSP support see Wicket 9 migration guide linked 

Using this release


With Apache Maven update your dependency to (and don't forget to
update any other dependencies on Wicket projects to the same version):


Or download and build the distribution yourself, or use our
convenience binary package you can find here:

 * Download:

Upgrading from earlier versions

If you upgrade from 9.y.z this release is a drop in replacement. If
you come from a version prior to 9.0.0, please read our Wicket 9
migration guide found at


Have fun!

— The Wicket team

    The signatures for the source release artefacts:

Signature for



Signature for apache-wicket-9.0.0-M5.tar.gz:



    CHANGELOG for 9.0.0-M5:

** Bug

    * [WICKET-6715] - FileUpload class should not  implement IClusterable
    * [WICKET-6745] - CSP: inline JS in server and client time response 
    * [WICKET-6746] - HttpsMapper cannot deal with resources over 

    * [WICKET-6752] - Some dependencies contain CVEs
    * [WICKET-6753] - res/modal.js using aria-labelledby where it 
should be using aria-label

    * [WICKET-6754] - Iteration stops with nested containers
    * [WICKET-6755] - MockServletContext does not decode real path
    * [WICKET-6756] - Avoid URL.getFile() when actually expecting paths.
    * [WICKET-6757] - Avoid URL.getFile during mime type detection.
    * [WICKET-6758] - NPE in AbstractWebSocketProcessor after session 
times out

** New Feature

    * [WICKET-6727] - Configurable CSP
    * [WICKET-6729] - allow adding IHeaderResponseDecorator without 
replacing all others

    * [WICKET-6730] - Global access to secure random data

** Improvement

    * [WICKET-6724] - CSP: Inline Javascript in AjaxLink
    * [WICKET-6725] - CSP: display:none in Component.renderPlaceholderTag
    * [WICKET-6726] - CSP: inline styling and js in Form submitbutton 

    * [WICKET-6731] - CSP: inline JS in SubmitLink
    * [WICKET-6732] - CSP: inline JS in Link and ExternalLink
    * [WICKET-6733] - CSP: enable by default
    * [WICKET-6735] - CSP: inline styling in 

    * [WICKET-6736] -