The Apache News Round-up: week ending 19 June 2020

2020-06-19 Thread Swapnil M Mane
[this newsletter is available online at ]

Happy Friday! Let's take a look at what the Apache community has been
up to over the past week:

ASF Board – management and oversight of the business affairs of the
corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 July 2020. Board calendar and minutes

ApacheCon™ – the ASF's official global conference series, bringing
Tomorrow's Technology Today since 1998.
 - Notice on Apache 2020 Conferences

ASF Infrastructure – our distributed team on three continents keeps
the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.72%. Performance checks across
50 different service components spread over more than 250 machines in
data centers around the world.

Apache Code Snapshot – this week, 902 Apache contributors changed
5,499,342 lines of code over 3,942 commits. Top 5 contributors, in
order, are: Chunen Ni, Sebastian Bazley, Rupeng Wang, Gary Gregory,
and Andrea Cosentino.

Apache Project Announcements – the latest updates by category.

Cloud Computing --
 - Apache Libcloud 3.1.0 released

Servers --
 - Apache HttpComponents Client 5.0.1 GA released
 - Apache Traffic Control 4.1.0 released

Did You Know?

 - Did you know that you can NEW: meet Apache APISIX (Incubating),
catch up with Apache CloudStack, see what’s next with Apache HBaseas
the project celebrates its 10th Anniversary, and more? Only on
Feathercast --the voice of the ASF

 - Did you know that Tencent uses Apache Pulsar to process tens of
billions of dollars in financial transactions each day?

 - Did you know that Apache Cordova has a major release for iOS?

Apache Community Notices

 - "Trillions and Trillions Served" – the feature documentary on the
ASF filmed onsite at ApacheCon Las Vegas and Berlin in 2019

 - The Apache Software Foundation Statement on the COVID-19
Coronavirus Outbreak

 - The Apache Software Foundation Celebrates 21 Years of Open Source

 - Apache Month In Review: May 2020 – overview of events that have
taken place within the Apache community

 - The Apache Software Foundation Operations Summary: Q3 FY2020
(November 2019 - January 2020)

 - "Trillions and Trillions Served", the documentary on the ASF, is in
post-production. Catch the teaser at and "Apache Everywhere", the first
"Trillions" "short" filmed onsite at ApacheCon Las Vegas and Berlin
this past year

 - Apache in 2019 - By The Digits

 - The Apache Way to Sustainable Open Source Success

 - ASF Operations Summary: Q2 FY2020 (August - October 2019)

 - ASF Founders look back on 20 Years of the ASF

 - Foundation Reports and Statements

 - ApacheCon: Tomorrow's Technology Today since 1998

 - "Success at Apache" focuses on the people and processes behind why
the ASF "just works".

 - Inside Infra: the new interview series with members of the ASF
infrastructure team --meet Drew Foulks

- Did you know that Airflow Summit 2020 will be held 6-17 July online?

- Did you know that Beam Summit 2020 will be held 24-28 August online
and free of charge?

 - Please follow/like/re-tweet the ASF on social media: @TheASF on
Twitter ( and on LinkedIn at

 - Do friend and follow us on the Apache Community Facebook page and Twitter account

 - Find out how you can participate with Apache
community/projects/activities --opportunities open with Apache Camel,
Apache HTTP Server, and more!

 - Are your software solutions Powered by Apache? Download & use our
"Powered By" logos

= = =

For real-time updates, sign up for Apache-related news by sending mail
to and follow @TheASF on Twitter. For a
broader spectrum from the Apache community, provides an aggregate of Project
activities as well as the personal blogs and tweets of select ASF

# # 

[ANNOUNCE] Apache Pulsar 2.6.0 released

2020-06-19 Thread PengHui Li
The Apache Pulsar team is proud to announce Apache Pulsar version 2.6.0.

Pulsar is a highly scalable, low latency messaging platform running on
commodity hardware. It provides simple pub-sub semantics over topics,
guaranteed at-least-once delivery of messages, automatic cursor management
subscribers, and cross-datacenter replication.

For Pulsar release details and downloads, visit:

Release Notes are at:

We would like to thank the contributors that made the release possible.


The Pulsar Team

[SECURITY] CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection

2020-06-19 Thread Martin
CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection

Severity: Medium

The Apache Software Foundation

Versions Affected:

Apache Archiva all versions before 2.2.5

By providing special values to the archiva login form a attacker is able to 
retrieve user attribute data from the connected LDAP server. 
With certain characters it is possible to modify the LDAP filter used to query 
the users on the connected LDAP server. 
By measuring the response time, arbitrary attribute data can be retrieved from 
LDAP user objects.


Upgrade to Apache Archiva 2.2.5 or higher


The newest Archiva version can be downloaded from:

[ANN] Apache Archiva 2.2.5 released

2020-06-19 Thread Martin
The Apache Archiva team is pleased to announce the release of 
   Archiva 2.2.5 
Archiva is available for download from the web site.

Archiva is an application for managing one or more remote
repositories, including administration, artifact handling, browsing
and searching.

If you have any questions, please consult:
  the web site:
  the archiva-user mailing list:

Apache Archiva 2.2.5 is a bug fix release.

** As this release contains security fixes, we highly recommend to update to 
the new version. **

See the release notes for more information:

And security related information: