[ANNOUNCE] Apache Qpid Broker-J 8.0.0 released
The Apache Qpid (http://qpid.apache.org) community is pleased to announce the immediate availability of Apache Qpid Broker-J 8.0.0. This is the latest release of pure java implementation of messaging broker supporting the Advanced Message Queuing Protocol 1.0 (AMQP 1.0, ISO/IEC 19464, http://www.amqp.org) and legacy AMQP protocols 0-10, 0-91, 0-9 and 0-8. Please visit Qpid project site for more details: http://qpid.apache.org/components/broker-j/index.html The release is available now from our website: http://qpid.apache.org/download.html The new version brings a number of improvements and bug fixes including support for trusted CA revocation list and changes to ACL limiting the number of connections per user. The release notes can be found at: http://qpid.apache.org/releases/qpid-broker-j-8.0.0/release-notes.html Thanks to all involved, Qpid Team - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[ANNOUNCE] Apache Kafka 2.4.1
The Apache Kafka community is pleased to announce the release for Apache Kafka 2.4.1 This is a bug fix release and it includes fixes and improvements from 39 JIRAs, including a few critical bugs. All of the changes in this release can be found in the release notes: https://www.apache.org/dist/kafka/2.4.1/RELEASE_NOTES.html You can download the source and binary release (Scala 2.11, 2.12, and 2.13) from: https://kafka.apache.org/downloads#2.4.1 --- Apache Kafka is a distributed streaming platform with four core APIs: ** The Producer API allows an application to publish a stream records to one or more Kafka topics. ** The Consumer API allows an application to subscribe to one or more topics and process the stream of records produced to them. ** The Streams API allows an application to act as a stream processor, consuming an input stream from one or more topics and producing an output stream to one or more output topics, effectively transforming the input streams to output streams. ** The Connector API allows building and running reusable producers or consumers that connect Kafka topics to existing applications or data systems. For example, a connector to a relational database might capture every change to a table. With these APIs, Kafka can be used for two broad classes of application: ** Building real-time streaming data pipelines that reliably get data between systems or applications. ** Building real-time streaming applications that transform or react to the streams of data. Apache Kafka is in use at large and small companies worldwide, including Capital One, Goldman Sachs, ING, LinkedIn, Netflix, Pinterest, Rabobank, Target, The New York Times, Uber, Yelp, and Zalando, among others. A big thank you for the following 35 contributors to this release! A. Sophie Blee-Goldman, Alex Kokachev, bill, Bill Bejeck, Boyang Chen, Brian Bushree, Brian Byrne, Bruno Cadonna, Chia-Ping Tsai, Chris Egerton, Colin Patrick McCabe, David Jacot, David Kim, David Mao, Dhruvil Shah, Gunnar Morling, Guozhang Wang, huxi, Ismael Juma, Ivan Yurchenko, Jason Gustafson, John Roesler, Konstantine Karantasis, Lev Zemlyanov, Manikumar Reddy, Matthew Wong, Matthias J. Sax, Michael Gyarmathy, Michael Viamari, Nigel Liang, Rajini Sivaram, Randall Hauch, Tomislav, Vikas Singh, Xin Wang We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at https://kafka.apache.org/ Thank you! Regards, Bill Bejeck
[CVE-2020-1953] Uncontrolled class instantiation when loading YAML files in Apache Commons Configuration
CVE-2020-1953: Uncontrolled class instantiation when loading YAML files in Apache Commons Configuration Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: 2.2 to 2.6 Description: Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. If a YAML file is from an untrusted source, it can therefore load and execute code out of the control of the host application. Mitigation: Users should upgrade to to 2.7, which prevents class instantiation by the YAML processor. Credit: This issue was discovered by Daniel Kalinowski of ISEC.pl Research Team Oliver Heger on behalf of the Apache Commons PMC
[ANNOUNCEMENT] Apache Commons Configuration Version 2.7 Released.
The Apache Commons team is pleased to announce the release of Apache Commons Configuration Version 2.7. Release Notes 2020-03-11 INTRODUCTION: = This document contains the release notes for this version of the Commons Configuration component. It describes the changes since the previous version. The Commons Configuration software library provides a generic configuration interface which enables an application to read configuration data from a variety of sources. Tools to assist in the reading of configuration/preferences files in various formats Minor release with new features and updated dependencies. Changes in this version include: New features: o CONFIGURATION-765: Refactor XMLConfiguration.write(Writer) to add XMLConfiguration.write(Writer, Transformer). Thanks to Gary Gregory. Fixed Bugs: o CONFIGURATION-761: Single argument DataConfiguration APIs always create empty arrays. Thanks to Gary Gregory. o CONFIGURATION-767: NullPointerException in XMLConfiguration#createTransformer() when no FileLocator is set. Thanks to Gary Gregory. o CONFIGURATION-768: XMLConfiguration#write does not indent XML elements. Thanks to Gary Gregory. o CONFIGURATION-771: Update com.fasterxml.jackson.core:jackson-databind 2.10.0 -> 2.10.1. Thanks to Gary Gregory. o CONFIGURATION-773: User's Guide > Properties files > Saving - small documentation bugs #41. Thanks to Dan Dragut. Changes: o CONFIGURATION-762: Use variable arguments. Thanks to Gary Gregory. o Update ]com.puppycrawl.tools:checkstyle from 8.24 to 8.25. Thanks to Gary Gregory. o CONFIGURATION-763: Update com.fasterxml.jackson.core:jackson-databind from 2.9.9 to 2.10.0. Thanks to Gary Gregory. o [test] org.easymock:easymock 4.0.2 -> 4.1. Thanks to Gary Gregory. o CONFIGURATION-775: Update Apache Commons VFS from 2.4.1 to 2.5.0. Thanks to Gary Gregory. o CONFIGURATION-777: Update Apache Commons VFS from 2.5.0 to 2.6.0. Thanks to Gary Gregory. o CONFIGURATION-778: Update optional Apache Commons Codec from 1.13 to 1.14. Thanks to Gary Gregory. o Update tests from JUnit 4.12 to 4.13. Thanks to Gary Gregory. o CONFIGURATION-779: Update optional jackson-databind from 2.10.1 to 2.10.2. Thanks to Gary Gregory. o CONFIGURATION-783: Update com.fasterxml.jackson.core:jackson-databind from 2.10.2 to 2.10.3. Thanks to Gary Gregory. o CONFIGURATION-784: Update org.yaml:snakeyaml from 1.25 to 1.26 and tweak parser configuration. Thanks to Gary Gregory. o CONFIGURATION-785: Update org.springframework:spring-* from 4.3.25.RELEASE to 4.3.26.RELEASE. Thanks to Gary Gregory. o Update org.apache.commons:commons-parent from 48 to 50 Thanks to Rob Tompkins. Historical list of changes: https://commons.apache.org/proper/commons-configuration/changes-report.html For complete information on Apache Commons Configuration, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Apache Commons Configuration website: https://commons.apache.org/proper/commons-configuration/ Download it from https://commons.apache.org/proper/commons-configuration/download_configuration.cgi Best regards, Rob Tompkins, On behalf of the Apache Commons Team