[ANNOUNCE] Apache Airflow 2.2.4 Released

[Jedidiah Cunningham]

Dear community,

I'm happy to announce that Airflow 2.2.4 was just released.

The released sources and packages can be downloaded via
https://airflow.apache.org/docs/apache-airflow/stable/installation/installing-from-sources.html

Other installation methods are described in
https://airflow.apache.org/docs/apache-airflow/stable/installation/

We also made this version available on PyPI for convenience:
`pip install apache-airflow`
https://pypi.org/project/apache-airflow/2.2.4/

The documentation is available at:
https://airflow.apache.org/docs/apache-airflow/2.2.4/

Find the CHANGELOG here for more details:
https://airflow.apache.org/docs/apache-airflow/2.2.4/changelog.html

Container images are published at:
https://hub.docker.com/r/apache/airflow/tags/?page=1=2.2.4

Thanks,
Jed

[ANNOUNCE] Apache JSPWiki 2.11.2 released

[Juan Pablo Santos Rodríguez]

The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.2.

This is the third release on the 2.11 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components.

The release is available here:
https://jspwiki-wiki.apache.org/Wiki.jsp?page=Downloads

JSPWiki Maven artifacts are available under org.apache.jspwiki groupId,
version 2.11.2

The full change log is available here:
https://issues.apache.org/jira/browse/JSPWIKI/fixforversion/12351120

A curated change log is also available here:
https://jspwiki-wiki.apache.org/Wiki.jsp?page=NewIn2.11

We welcome your help and feedback. For more information on how to
report problems, and to get involved visit the project website at
http://jspwiki.apache.org/

The Apache JSPWiki Team

CVE-2021-45229: Apache Airflow: Reflected XSS via Origin Query Argument in URL

[Jedidiah Cunningham]

Severity: high

Description:

It was discovered that the "Trigger DAG with config" screen was susceptible to 
XSS attacks via the `origin` query argument.

This issue affects Apache Airflow versions 2.2.3 and below. 

Credit:

The Apache Airflow PMC would like to thank both Bogdan Kurinnoy of the Samsung 
R Institute Ukraine (SRK) and Ali Al-Habsi of Accellion for independently 
discovering and reporting this issue.

The Apache Weekly News Round-up: week ending 25 February 2022

[Swapnil M Mane]

Farewell, February --we're wrapping up the month with another great
week. Here are the latest updates on the Apache community's
activities:

ASF Board – management and oversight of the business affairs of the
corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 16 March 2022. Board calendar and minutes
https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps
the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 100.00%. Performance checks
across 50 different service components spread over more than 250
machines in data centers around the world. View the ASF's
Infrastructure Uptime site to see the most recent averages.
http://www.apache.org/uptime/

Apache Code Snapshot – Over the past week, 323 Apache Committers
changed 1,586,514 lines of code over 3,215 commits. Top 5
contributors, in order, are: Claus Ibsen, Jean-Louis Monteiro, Andrea
Cosentino, Gary Gregory, and Eric Milles.

Apache Project Announcements – the latest updates by category.

Application Servers/Middleware --
 - Apache Karaf Decanter 2.9.0 released https://karaf.apache.org/

Content --
 - Apache Jackrabbit Oak 1.22.11 released http://jackrabbit.apache.org/
 - Apache JSPWiki CVE-2022-24947: CSRF Account Takeover
https://s.apache.org/v3l9f
   -- CVE-2022-24948: Cross-site scripting vulnerability on User
Preferences screen https://s.apache.org/pqdy0

FinTech --
 - Apache Fineract 1.6.0 released http://fineract.apache.org/

Network Client --
 - Apache MINA 2.0.23, 2.1.6 released https://mina.apache.org

Workflow --
 - Apache Airflow CVE-2022-24288: RCE in example DAGs https://s.apache.org/8fsz4


Did You Know?

 - Did you know that Apache Beam helps Palo Alto Networks meet
streaming needs by providing a highly-performant, reliable, and
resilient data processing framework for 10 million security events per
second across 3 petabytes per day? https://beam.apache.org/

 - Did you know that the Australian Department of Transport's Vehicle
Inspection System webapp is powered by Apache Wicket?
https://wicket.apache.org/

 - Did you know that Apache Ignite is a distributed cache, a
distributed database, an in-memory database, and an in-memory data
grid? https://ignite.apache.org/


Apache Community Notices

- Watch "Trillions and Trillions Served", the documentary on the ASF
1) full feature [49 min] https://s.apache.org/Trillions-Feature
2) "Apache Everywhere" [6 min] https://s.apache.org/ApacheEverywhere
3) "Why Apache" [2.5 min] https://s.apache.org/ASF-Trillions-WhyApache
4) “Apache Innovation” [40 min] https://s.apache.org/ApacheInnovation

 - The Apache Way to Sustainable Open Source Success https://s.apache.org/GhnI

 - Foundation Reports and Statements
http://www.apache.org/foundation/reports.html

 - Presentations from select Apache events and 2020's ApacheCon@Home
are available at https://www.youtube.com/c/TheApacheFoundation/

 - "Success at Apache" focuses on the people and processes behind why
the ASF "just works".
https://blogs.apache.org/foundation/category/SuccessAtApache

 - Inside Infra: the new interview series with members of the ASF
infrastructure team --meet
Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
Drew Foulks https://s.apache.org/InsideInfra-Drew
Greg Stein Part I https://s.apache.org/InsideInfra-Greg
  ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III
https://s.apache.org/InsideInfra-Greg3
Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and
Part II https://s.apache.org/InsideInfra-Daniel2
Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and
Part II https://s.apache.org/InsideInfra-Gavin2
Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and
Part II https://s.apache.org/InsideInfra-Andrew2
Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL
and Part II https://s.apache.org/InsideInfra-ChrisL2

- The Apache Software Foundation Operations Summary: Q3 FY2021
(November 2020 - January 2021) https://s.apache.org/Q3FY2021 + Video
highlights https://youtu.be/S6FWqAuA_8M

- The Apache® Software Foundation Celebrates 22 Years of Open Source
Leadership – world’s largest Open Source foundation advances
community-led innovation "The Apache Way"
https://s.apache.org/22ndAnniversay

- Apache in 2020 - By The Digits https://s.apache.org/Apache2020Digits
+ Video highlights https://s.apache.org/Apache2020Digits-vid

- ASF Security Report 2020 https://s.apache.org/SecurityReport2020 +
Video highlights https://youtu.be/Z7yudar_da0

- ASF FY2020 Annual Report https://s.apache.org/FY2020AnnualReport

 - Follow the ASF on social media: @TheASF on Twitter
(https://twitter.com/TheASF) and on LinkedIn at
https://www.linkedin.com/company/the-apache-software-foundation

 - Follow the Apache Community on Facebook
https://www.facebook.com/ApacheSoftwareFoundation/ and Twitter
https://twitter.com/ApacheCommunity

 - Are your