Apache Month in Review: April 2020
[this announcement is available online at https://s.apache.org/Apr2020 ] Welcome to the latest monthly overview of events from the Apache community. Here's a summary of what happened in April: New this month -- - Announcing New ASF Board of Directors https://s.apache.org/Board2020 - ASF Statement on the COVID-19 Coronavirus Outbreak https://s.apache.org/COVID-19 - Notice on Apache 2020 Conferences https://s.apache.org/zgm8m - Success at Apache: Welcoming Communities Strengthens the Apache Way https://s.apache.org/tcs0m - Apache Month in Review: March 2020 https://s.apache.org/Mar2020 Important Dates -- - Next Board Meeting: 20 May 2020. Board calendar and minutes http://apache.org/foundation/board/calendar.html - CFP EXTENDED for ApacheCon North America: submissions due 1 June https://www.apachecon.com/ Infrastructure -- Our seven-member Infrastructure team on three continents oversees our highly-reliable, distributed network under the leadership of VP Infrastructure David Nalley and Infrastructure Administrator Greg Stein. ASF Infrastructure supports 300+ Apache projects and their communities across ~200 individual machines, 1,400+ repositories, more than half a petabyte of software source releases, and 2-3M daily emails on 2,000+ lists. ASF Infra performs 7M+ weekly checks to ensure services are available around the clock. The average uptime in April was 99.94%. Committer Activity -- In April, 783 Apache Committers changed 4,753,944 lines of code over 14,634 commits. The Committers with the top 5 highest contributions, in order, were: Hervé Boutemy, Andrea Cosentino, Tellier Benoit, Mark Thomas, and Alex Herbert. Project Releases and Updates -- New releases from Apache Apache Arrow (Big Data); Commons Lang and Numbers (Libraries); Directory (Servers); Druid (Big Data); Flagon (Incubating; Libraries); Flink (Big Data); Groovy (Programming Languages); HBase (Big Data); HTTP Server (Servers); Jackrabbit (Content); Kafka (Big Data); Libcloud (Cloud Computing); Lucene (Search); MyNewt (Embedded OS); NiFi (Big Data); Qpid (Messaging); Pulsar (Messaging); SAMOA (Big Data); Skywalking (Application Performance Management); Subversion (Version Control); Tika (Big Data); Tomcat (Servers); Traffic Control (Servers); Traffic Server (Servers); Tuweni (Blockchain); Wicket (Web Frameworks). The Apache Incubator is the primary entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. Congratulations to Apache ShardingSphere for graduating as a Top-Level Project https://s.apache.org/315iv . No new podlings have entered the Incubator over the past month, but we invite you to review the many projects currently in development in the Apache Incubator http://incubator.apache.org/ # # # To see our Weekly News Round-ups, visit https://blogs.apache.org/foundation/ and click on the calendar in the upper-right side (published every Friday) or hop directly to https://blogs.apache.org/foundation/category/Newsletter . For real-time updates, sign up for Apache-related news by sending mail to announce-subscr...@apache.org and follow @TheASF on Twitter. We appreciate your support! = = = NOTE: you are receiving this message because you are subscribed to the announce@apache.org distribution list. To unsubscribe, send email from the recipient account to announce-unsubscr...@apache.org with the word "Unsubscribe" in the subject line.
[CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to CSRF attacks Mitigation: Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470 Credit: Initially known by the OFBiz security team (OFBIZ-10427), also reported later by Man Yue Mo via RT Shuibo Ye Vikash Patnaik Sonali Agrahari Girish Vasmatkar Dinesh Kumar Mohanty Jason Nordenstam Pradeep Jairamani Faiz Zaidi References: https://ofbiz.apache.org/security.html
[CVE-2019-12425] Apache OFBiz Host Header Injection
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts Mitigation: Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583 Credit: Pradeep Jairamani References: https://ofbiz.apache.org/security.html
[CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to CSRF attacks Mitigation: Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470 Credit: Initially known by the OFBiz security team (OFBIZ-10427), also reported later by Man Yue Mo via RT Shuibo Ye Vikash Patnaik Sonali Agrahari Girish Vasmatkar Dinesh Kumar Mohanty Jason Nordenstam Pradeep Jairamani Faiz Zaidi References: https://ofbiz.apache.org/security.html
[ANN] Apache Tomcat Native 1.2.24 released
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.24 stable. The key features of this release are: - Improvements to the build system - Update Windows binaries to APR 1.7.0 and OpenSSL 1.1.1g Please refer to the change log for the complete list of changes: http://tomcat.apache.org/native-doc/miscellaneous/changelog.html Downloads: http://tomcat.apache.org/download-native.cgi The Apache Tomcat Native Library provides portable API for features not found in contemporary JDK's. It uses Apache Portable Runtime as operating system abstraction layer and OpenSSL for SSL networking and allows optimal performance in production environments.
The Apache Software Foundation Welcomes 34 New Members
[this announcement is available online at https://s.apache.org/q14mx ] The Apache Software Foundation (ASF) welcomes the following new Members who were elected during the annual ASF Members' Meeting on 31 March - 2 April 2020: John Andrunas, Paul Angus, Zaheda Bhorat, Timothy Chen, Andrea Cosentino, Adina Crainiceanu, Griselda Cuevas, Fokko Driesprong, PJ Fanning, Julian Feinauer, Drew Foulks, Von Gosling, Susan Hinrich, Clay Leeds, Swapnil M Mane, Frank McQuillan, Gian Merlino, Andrew Musselman, François Papon, Jerry Shao, Shao Feng Shi, Mohammad Asif Siddiqui, Neil Smith, Casey Stella, Jincheng Sun, Wangda Tan, Luca Toscano, Xiaorui Wang, Geertjan Wielenga, Sheng Wu, Kete Yang, Awasum Yannick, Duo Zhang, and Zhe Zhang. The ASF incorporated in 1999 with a core membership of 21 individuals who oversaw the progress of the Apache HTTP Server. This group grew with Committers —developers who contributed code, patches, documentation, and other contributions, and were subsequently granted access by the Membership: - to "commit" or "write" (contribute) directly to the code repository; - the right to vote on community-related decisions; and - the ability propose an active user for Committership. Those Committers who demonstrate merit in the Foundation's growth, evolution, and progress are nominated for ASF Membership by existing Members. This election brings the total number of ASF Members to 813 today. Individuals elected as ASF Members legally serve as the "shareholders" of the Foundation https://www.apache.org/foundation/governance/members.html For more information on how the ASF works, visit http://www.apache.org/foundation/how-it-works.html , Apache Is Open https://blogs.apache.org/foundation/entry/apache-is-open , and Briefing: The Apache Way http://apache.org/theapacheway/ # # # NOTE: you are receiving this message because you are subscribed to the announce@apache.org distribution list. To unsubscribe, send email from the recipient account to announce-unsubscr...@apache.org with the word "Unsubscribe" in the subject line.
[ANNOUNCE] Apache OFBiz 17.12.03 release
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 17.12.03". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 17.12.03" is the third release of the 17.12 series (the release 17.12.02 was never announced because it had a build issue); for more details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-17.12.03.html The release file can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html The OFBiz community.