[ANN] Apache Archiva 2.2.3 Released

2017-05-17 Thread Martin 
The Apache Archiva team is pleased to announce the release of 
   Archiva 2.2.3. 
Archiva is available for download from the web site.

Archiva is an application for managing one or more remote
repositories, including administration, artifact handling, browsing
and searching.

If you have any questions, please consult:

the web site: http://archiva.apache.org/
the archiva-user mailing list: http://archiva.apache.org/mail-lists.html

Apache Archiva 2.2.3 is a bugs fix release.

Compatibility Changes:
This release contains new security features for the REST API. Depending on 
your hosting environment there may be additional configuration steps 
necessary.

See the release notes for more information:
http://archiva.apache.org/docs/2.2.3/release-notes.html

Improvement

[MRM-1925] - Make User-Agent header configurable for HTTP requests
[MRM-1861], [MRM-1924] - Increasing timeouts for repository check
[MRM-1937] - Prevent creating initial admin user with wrong name.
Adding origin header validation checks for REST requests

Bugs fixed

[MRM-1859] - Error upon viewing 'Artifacts' tab when browsing an artifact
[MRM-1874] - Login Dialog triggers multiple events (+messages)
[MRM-1908] - Logged on users can write any repository
[MRM-1909] - Remote repository check fails for 
   https://repo.maven.apache.org/maven2
[MRM-1923] - Fixing bind issue with certain ldap servers, when user not
  found
[MRM-1926] - Invalid checksum files in Archiva repository after download
   from remote repository
[MRM-1928] - Bad redirect URL when using Archiva through HTTP reverse
   proxy
[MRM-1933] - No message body writer has been found for class
   
org.apache.archiva.rest.services.ArchivaRestError
[MRM-1940] - Slashes appended to remote repo url


Have fun! -- The Apache Archiva Team

[SECURITY] CVE-2017-5657: Apache Archiva CSRF vulnerability for REST endpoints

2017-05-19 Thread Martin 
CVE-2017-5657: Apache Archiva CSRF vulnerabilities for various REST endpoints

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Archiva 2.0.0 - 2.2.1
The unsupported versions 1.x are also affected.  

Several REST service endpoints of Apache Archiva are not protected against 
Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same 
browser as the archiva site, may send HTML response that performs arbitrary 
actions on archiva services, with the same rights as the active archiva 
session (e.g. adminstrator rights).

Mitigation:
  All users are recommended to upgrade to Archiva 2.2.3 or higher, 
  where additional measures are taken to verify the origin of REST requests.

References:
http://archiva.apache.org/security.html#CVE-2017-5657

The newest Archiva version can be downloaded from:
http://archiva.apache.org/download.cgi

[ANN] Apache Archiva 2.2.4 released

2019-05-02 Thread Martin 
The Apache Archiva team is pleased to announce the release of 
   Archiva 2.2.4. 
You can download the new packages from the following URL:
  http://archiva.apache.org/download.cgi

Archiva is an application for managing one or more remote
repositories, including administration, artifact handling, browsing
and searching.

If you have any questions, please consult:

the web site: http://archiva.apache.org/
the archiva-user mailing list: http://archiva.apache.org/mailing-lists.html

Apache Archiva 2.2.4 is a bug fix release.

** As this release contains security fixes, we highly recommend to update to 
the new version. **

See the release notes for more information:
http://archiva.apache.org/docs/2.2.4/release-notes.html

Bugs fixed

[MRM-1972] Stored XSS in Web UI Organization Name

[MRM-1966] Repository-purge not working

[MRM-1958] Purge by retention count deletes files but leaves history on 
website.

[MRM-1929] Repository purge is not reflected in index


Have fun! -- The Apache Archiva Team

[SECURITY] CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server

2019-05-02 Thread Martin 
CVE-2019-0214: Apache Archiva arbitrary file write and delete on the server

Severity: Medium

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Archiva 2.0.0 - 2.2.3
The unsupported versions 1.x are also affected.  

It is possible to write files to the archiva server at arbitrary locations by 
using the artifact upload mechanism. 
Existing files can be overwritten, if the archiva run user has appropriate 
permission on the filesystem for the target file.

Mitigation:
  It is highly recommended to upgrade to Archiva 2.2.4 or higher, where 
additional validations are implemented to prevent such malicious parameter 
values.
  As intermediate action you may reduce the number of users that are allowed to 
upload to archiva and make sure, that the archiva run user may have only 
  write permission to the directories needed.

References:
http://archiva.apache.org/security.html#CVE-2019-0214

The newest Archiva version can be downloaded from:
http://archiva.apache.org/download.cgi

[SECURITY] CVE-2019-0213: Apache Archiva Stored XSS

2019-05-02 Thread Martin 
CVE-2019-0213: Apache Archiva Stored XSS

Severity: Low

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Archiva 2.0.0 - 2.2.3
The unsupported versions 1.x are also affected.  

It may be possible to store malicious XSS code into central configuration 
entries, i.e. the logo URL. 
The vulnerability is considered as minor risk, as only users with admin role 
can change the configuration, or the communication 
between the browser and the Archiva server must be compromised. 

Mitigation:
  All users are recommended to upgrade to Archiva 2.2.4 or higher, 

References:
http://archiva.apache.org/security.html#CVE-2019-0213

The newest Archiva version can be downloaded from:
http://archiva.apache.org/download.cgi

[SECURITY] CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection

2020-06-19 Thread Martin 
CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection

Severity: Medium

Vendor:
The Apache Software Foundation

Versions Affected:

Apache Archiva all versions before 2.2.5

By providing special values to the archiva login form a attacker is able to 
retrieve user attribute data from the connected LDAP server. 
With certain characters it is possible to modify the LDAP filter used to query 
the users on the connected LDAP server. 
By measuring the response time, arbitrary attribute data can be retrieved from 
LDAP user objects.

Mitigation:

Upgrade to Apache Archiva 2.2.5 or higher

References:
http://archiva.apache.org/security.html#CVE-2020-9495

The newest Archiva version can be downloaded from:
http://archiva.apache.org/download.cgi

[ANN] Apache Archiva 2.2.5 released

2020-06-19 Thread Martin 
The Apache Archiva team is pleased to announce the release of 
   Archiva 2.2.5 
Archiva is available for download from the web site.
  http://archiva.apache.org/download.cgi


Archiva is an application for managing one or more remote
repositories, including administration, artifact handling, browsing
and searching.

If you have any questions, please consult:
  the web site: http://archiva.apache.org/
  the archiva-user mailing list: http://archiva.apache.org/mailing-lists.html

Apache Archiva 2.2.5 is a bug fix release.

** As this release contains security fixes, we highly recommend to update to 
the new version. **

See the release notes for more information:
http://archiva.apache.org/docs/2.2.5/release-notes.html

And security related information:
http://archiva.apache.org/security.html

[ANN] Apache Archiva 2.2.6 released

2021-12-15 Thread Martin 


The Apache Archiva team is pleased to announce the release of 
   Archiva 2.2.6
Archiva is available for download from the web site.
  http://archiva.apache.org/download.cgi


Archiva is an application for managing one or more remote
repositories, including administration, artifact handling, browsing
and searching.


If you have any questions, please consult:
  the web site: http://archiva.apache.org/
  the archiva-user mailing list: http://archiva.apache.org/mailing-lists.html


Apache Archiva 2.2.6 is a security fix release.


** As this release contains security fixes, we highly recommend to update to 
the new version. **


See the release notes for more information:
http://archiva.apache.org/docs/2.2.6/release-notes.html


And security related information:
http://archiva.apache.org/security.html

[ANN] Apache Archiva 2.2.7 released

2021-12-22 Thread Martin 


The Apache Archiva team is pleased to announce the release of 
   Archiva 2.2.7
Archiva is available for download from the web site.
  http://archiva.apache.org/download.cgi


Archiva is an application for managing one or more remote
repositories, including administration, artifact handling, browsing
and searching.


If you have any questions, please consult:
  the web site: http://archiva.apache.org/
  the archiva-user mailing list: http://archiva.apache.org/mailing-lists.html


Apache Archiva 2.2.7 is a bugfix release and updates to log4j 2.17.0 for 
security reasons


** As this release contains security fixes, we highly recommend to update to 
the new version. **


See the release notes for more information:
http://archiva.apache.org/docs/2.2.7/release-notes.html


And security related information:
http://archiva.apache.org/security.html

[ANNOUNCE] Apache SIS 0.7 Release

2016-05-28 Thread Martin Desruisseaux 
The Apache SIS PMC is pleased to announce the immediate availability of
the SIS 0.7 release.

The release can be obtained from the Apache SIS download page -
http://sis.apache.org/downloads.html

Release notes are available at -
http://sis.apache.org/release-notes/0.7.html

Apache SIS is a spatial framework that enables better representation of
coordinates for searching, data clustering, archiving, or other relevant
spatial needs. SIS provides data structures for geographic data and
associated metadata along with methods to manipulate those data
structures. SIS enables the construction of geodetic data structures for
geospatial referencing and coordinate transformations. The library is an
implementation of GeoAPI 3.0 interfaces and can be used for desktop or
server applications. Some SIS features are:

Geographic metadata (ISO 19115-1:2014)
Read/write ISO 19139 compliant XML documents.
Referencing by coordinates (ISO 19111:2007)
Well Known Text (WKT) version 1 and 2 (ISO 19162:2015).
Geographic Markup Language (GML) version 3.2 (ISO 19136:2007).
Create geodetic objects and operations from EPSG geodetic dataset

For general information on Apache SIS, please visit the project website:
http://sis.apache.org/

[ANNOUNCE] Apache Subversion 1.8.19 released

2017-08-10 Thread Philip Martin 
I'm happy to announce the release of Apache Subversion 1.8.19.
Please choose the mirror closest to you by visiting:


http://subversion.apache.org/download.cgi?update=201708081800#supported-releases

This is a stable bugfix release of the Apache Subversion open source
version control system.

The SHA1 checksums are:

c6c46db4734a075bbfc3ce26dcd6c68d1362e21c subversion-1.8.19.tar.gz
9070d274f8bc0c64b2accf34ffd8a37429cd7daa subversion-1.8.19.zip
51d7e5329ad86a650f8fc806eb68e581055a3fd1 subversion-1.8.19.tar.bz2

SHA-512 checksums are available at:

https://www.apache.org/dist/subversion/subversion-1.8.19.tar.bz2.sha512
https://www.apache.org/dist/subversion/subversion-1.8.19.tar.gz.sha512
https://www.apache.org/dist/subversion/subversion-1.8.19.zip.sha512

PGP Signatures are available at:

http://www.apache.org/dist/subversion/subversion-1.8.19.tar.bz2.asc
http://www.apache.org/dist/subversion/subversion-1.8.19.tar.gz.asc
http://www.apache.org/dist/subversion/subversion-1.8.19.zip.asc

For this release, the following people have provided PGP signatures:

   Johan Corveleyn [4096R/B59CE6D6010C8AAD] with fingerprint:
8AA2 C10E EAAD 44F9 6972  7AEA B59C E6D6 010C 8AAD
   Stefan Sperling [2048R/4F7DBAA99A59B973] with fingerprint:
8BC4 DAE0 C5A4 D65F 4044  0107 4F7D BAA9 9A59 B973
   Evgeny Kotkov [4096R/B64FFF1209F9FA74] with fingerprint:
E7B2 A7F4 EC28 BE9F F8B3  8BA4 B64F FF12 09F9 FA74
   Stefan Hett (CODE SIGNING KEY) [4096R/376A3CFD110B1C95] with fingerprint:
7B8C A7F6 451A D89C 8ADC  077B 376A 3CFD 110B 1C95
   Daniel Shahaf [3072R/A5FEEE3AC7937444] with fingerprint:
E966 46BE 08C0 AF0A A0F9  0788 A5FE EE3A C793 7444
   Philip Martin [2048R/76D788E1ED1A599C] with fingerprint:
A844 790F B574 3606 EE95  9207 76D7 88E1 ED1A 599C

Release notes for the 1.8.x release series may be found at:

http://subversion.apache.org/docs/release-notes/1.8.html

You can find the list of changes between 1.8.19 and earlier versions at:

http://svn.apache.org/repos/asf/subversion/tags/1.8.19/CHANGES

Questions, comments, and bug reports to us...@subversion.apache.org.

Thanks,
- The Subversion Team

[ANNOUNCE] Apache SIS 0.8 Release

2017-11-24 Thread Martin Desruisseaux 
The Apache SIS PMC is pleased to announce the immediate availability of
the SIS 0.8 release.

The release can be obtained from the Apache SIS download page -
http://sis.apache.org/downloads.html

Release notes are available at -
http://sis.apache.org/release-notes/0.8.html

Apache SIS is a Java language library for developing geospatial
applications. SIS provides data structures for geographic features and
associated metadata along with methods to manipulate those data
structures. The library is an implementation of GeoAPI 3.0 interfaces
and can be used for desktop or server applications.

Some Apache SIS features are:

  * Geographic metadata (ISO 19115)
  o Read/write ISO 19139 compliant XML documents
  o Read from netCDF, GeoTIFF, Landsat, GPX and Moving Feature CSV
encoding
  * Referencing by coordinates (ISO 19111) or by identifiers (ISO 19112)
  o Well Known Text (WKT) version 1 and 2 (ISO 19162)
  o Geographic Markup Language (GML) version 3.2 (ISO 19136)
  o Geodetic objects and operations from EPSG geodetic dataset
  o Mercator, Lambert, stereographic and more map projections
  o Geohashes and Military Grid Reference System (MGRS)
  o Optional bridge to Proj.4 as a complement to Apache SIS own
referencing engine
  * Units of measurement
  o JSR-363 with parsing, formating and unit conversion functionalities

For general information on Apache SIS, please visit the project website:
http://sis.apache.org/

[ANNOUNCE] Apache SIS 1.0 Release

2019-10-01 Thread Martin Desruisseaux 
The Apache SIS PMC is pleased to announce the immediate availability of 
the SIS 1.0 release.


The release can be obtained from the Apache SIS download page - 
http://sis.apache.org/downloads.html


Release notes are available at - 
http://sis.apache.org/release-notes/1.0.html


Apache SIS is a Java language library for developing geospatial 
applications. SIS provides data structures for geographic features and 
associated metadata along with methods to manipulate those data 
structures. The library is an implementation of GeoAPI 3.0 interfaces 
and can be used for desktop or server applications.


Some Apache SIS features are:

 * Geographic metadata (ISO 19115)
 o Read/write ISO 19115-3 (new) and ISO 19139 (legacy) compliant
   XML documents
 o Read from netCDF, GeoTIFF, Landsat, GPX and Moving Feature CSV
   encoding
 * Referencing by coordinates (ISO 19111) or by identifiers (ISO 19112)
 o Well Known Text (WKT) version 1 and 2 (ISO 19162)
 o Geographic Markup Language (GML) version 3.2 (ISO 19136)
 o Geodetic objects and operations from EPSG geodetic dataset
 o Mercator, Lambert, stereographic and more map projections
 o Geohashes and Military Grid Reference System (MGRS)
 * Units of measurement
 o JSR-363 with parsing, formating and unit conversion functionalities

For general information on Apache SIS, please visit the project website: 
http://sis.apache.org/

[ANNOUNCE] Call for Participation Geospatial Virtual Code Sprint February 2021

2021-01-12 Thread Martin Desruisseaux 

Hello everyone,

The ASF, in partnership with Open Geospatial Consortium (OGC) and Open 
Source Geospatial Foundation (OSGeo) are planning a joint Virtual Code 
Sprint to be held during the last week of February 2021.


The code sprint will enable software developers to focus on free and 
open source projects that implement open geospatial standards for a 
period of three days. The code sprint will cover multiple ASF and OSGeo 
projects, and OGC standards. This Sprint is open to all participants, 
including those who are not active members or contributors to the 
efforts of the organizers.


The exact date of the Code Sprint will be confirmed by January 21st, 
2021. In the meantime, ASF projects and their communities are invited to 
express an interest in participating in the Code Sprint by sending an 
e-mail to Gobe Hobona 


The ASF is a Community Partner with OGC and OSGeo in this event.

OGC is an international consortium of more than 500 businesses, 
government agencies, research organizations, and universities driven to 
make geospatial (location) information and services FAIR - Findable, 
Accessible, Interoperable, and Reusable. https://www.ogc.org/


OSGeo is a not-for-profit organization whose mission is to foster global 
adoption of open geospatial technology by being an inclusive software 
foundation devoted to an open philosophy and participatory community 
driven development. https://www.osgeo.org/


On behalf of the ASF Geospatial community,
Martin Desruisseaux
PMC Chair of Apache SIS

2021 Joint ASF – OGC – OSGeo Geospatial Code Sprint

2021-01-28 Thread Martin Desruisseaux 
/We are pleased to announce that the 2021 Joint ASF – OGC – OSGeo Code 
Sprint will be taking place online 17-19 February. //

/
/
/
/All those interested in Geospatial data and standards --including 
Apache SIS, Apache Sedona (incubating), and many others-- are invited to 
participate. Registration is FREE for all attendees. Sponsorship 
opportunities are available. For more information, visit 
//https://www.ogc.org/pressroom/pressreleases/4397/ 
<https://www.ogc.org/pressroom/pressreleases/4397>/

/

On behalf of the ASF Geospatial community,
Martin Desruisseaux
PMC Chair of Apache SIS

[ANNOUNCE] Apache 1.3.19 Released

2001-03-12 Thread Martin Kraemer 
[Sorry for the late announcement. The package is already available since 
01-Mar-2001. Martin]

Apache 1.3.19 Released
   
   The Apache Software Foundation and The Apache Server Project are
   pleased to announce the release of version 1.3.19 of the Apache HTTP
   server. (Version 1.3.18 was not released due to an incorrect fix
   addressing hostnames with url-escaped characters. A corrected fix will
   be included in the next release)
   
   This version of Apache is primarily a security fix release
   addressing a problem which could lead to a directory listing being
   displayed in place of an error message. Also, it fixes
   some broken functionality present in the 1.3.17 release and
   various Win32 issues.
   A summary of the new features is given at the end of this document.
   
   We consider Apache 1.3.19 to be the best version of Apache available
   and we strongly recommend that users of older versions, especially of
   the 1.1.x and 1.2.x family, upgrade as soon as possible. No further
   releases will be made in the 1.2.x family.
   
   Apache 1.3.19 is available for download from
   
 http://httpd.apache.org/dist/
 
   Please see the CHANGES_1.3 file in the same directory for a full list
   of changes.
   
   Binary distributions are available from
   
 http://httpd.apache.org/dist/binaries/
 
   The source and binary distributions are also available via any of the
   mirrors listed at
   
 http://www.apache.org/mirrors/
 
   As of Apache 1.3.12 binary distributions contain all standard Apache
   modules as shared objects (if supported by the platform) and include
   full source code. Installation is easily done by executing the
   included install script. See the README.bindist and INSTALL.bindist
   files for a complete explanation. Please note that the binary
   distributions are only provided for your convenience and current
   distributions for specific platforms are not always available.
   
   As of Apache 1.3.17 the Win32 binary distribution is now based on the
   Microsoft Installer (.MSI) technology.  This change occured in order
   to resolve the many problems WinME and Win2K users experienced with
   the older InstallShield-based installer .exe file.  Development
   continues to make this new installation method more robust, questions
   should be directed at the news:comp.infosystems.www.servers.ms-windows
   news group.  Apache 1.3.17 for Win32 also marked the first 'initial 
   release quality' version available for Win32, and users are strongly
   discouraged from using the older 'beta quality releases'.
   
   For an overview of new features introduced after 1.2 please see
   
 http://httpd.apache.org/docs/new_features_1_3.html
 
   In general, Apache 1.3 offers several substantial improvements over
   version 1.2, including better performance, reliability and a wider
   range of supported platforms, including Windows 95/98 and NT (which
   fall under the "Win32" label).
   
   Apache is the most popular web server in the known universe; over half
   of the servers on the Internet are running Apache or one of its
   variants.
   
   IMPORTANT NOTE FOR WIN32 USERS: Over the years, many users have come
   to trust Apache as a secure and stable server. It must be realized
   that the current Win32 code has not yet reached the levels of the Unix
   version, but is of acceptable quality. Any Win32 stability or security
   problems do not impact, in any way, Apache on other platforms.
   
 Apache 1.3.19  Major changes

   The primary security fix is:
 * The default installation could lead mod_negotiation and mod_dir or
   mod_autoindex to display a directory listing instead of the 
   multiview'ed index.html.* files, if a very long path was created 
   artificially by using many slashes.  Now 403 FORBIDDEN is returned.

   The bug fixes are:
 * The ServerRoot directive now removes trailing slashes.
 * Restore functionality broken by the mod_rewrite security fix:
   The mod_rewrite string arithmetic is corrected for rewrite map.
 * Some possible segfault conditions have been fixed.
 * Under certain circumstances, Apache did not supply the
   right response headers when requiring authentication.
   
   The main new features include:
 * New configuration error reporting if the UserDir argument is set
   to a relative path on Win32 or Netware [which do not support home
   directories], or a relative path on any platform if that path
   includes the '*' username substitution.

   Selected new features that relate to Windows platforms:
 * Apache on Win9x now ensures the service is stopped before removal.
 * Test httpd.conf (-t) now holds the console open on "SYNTAX OK".
 * Apache/Win32 no long

Apache C++ Standard Library 4.2.1 released

2008-05-02 Thread Martin Sebor 

May 1, 2008

The Apache C++ Standard Library project is pleased to announce
the release of stdcxx 4.2.1. The distribution can be downloaded
from the following location:
  http://archive.apache.org/dist/stdcxx/

or from the many mirrors listed on this page:
  http://www.apache.org/mirrors/

For additional details see the stdcxx Download page:
  http://stdcxx.apache.org/download.html#releases

Apache C++ Standard Library is a complete implementation of
the C++ Standard Library conforming to the ISO/IEC 14882:2003
International Standard for the Programming Language C++.

4.2.1 is a "bugfix" release of the library that is source and
both backward and forward binary compatible with stdcxx 4.2.0.
Programs linked with previous versions of stdcxx 4.x can safely
upgrade to 4.2.1 without needing to be recompiled. New programs
linked with stdcxx 4.2.1 can be deployed in environments with
only stdcxx 4.2.0 installed. Forward compatibility with stdcxx
4.1.x is not guaranteed.

This release of stdcxx supports a number of new platforms (for
a full list see the project's README file) and contains many
bug fixes and a number of improvements. For a complete list of
issues resolved in this release of the project see:
http://issues.apache.org/jira/secure/IssueNavigator.jspa?fixfor=12312690

Thanks to everyone who contributed to this release!

[ANNOUNCE] Apache Qpid 0.5 Released

2009-05-27 Thread Martin Ritchie 
The Apache Qpid community is pleased to announce the release of Apache Qpid 0.5

Apache Qpid (http://qpid.apache.org) is a cross platform enterprise messaging
solution which implements the Advanced Message Queueing Protocol
(http://www.amqp.org). It provides brokers written in C++ and Java and clients
in C++, Java (including a JMS implementation), .Net, Python, and Ruby.

New features included in this release are:

[C++ Broker]
 * [QPID-1567] - Queue replication (asynchronous) between two sites
 * [QPID-1669] - Client connection management in the qpid-cluster CLI utility
 * [QPID-1673] - Dynamic Library Build on Windows (DLL)

[Java Broker]
  * [QPID-1583] - IP White/Black lists for virtual hosts
  * [QPID-1648] - Enable live reconfiguration of Log4J settings for
the Java broker via JMX
  * [QPID-1699] - Reload security section in configuration files through JMX

[C++ Client]
 * [QPID-1673] - Dynamic Library Build on Windows (DLL)

[Java Client]
 * [QPID-1649] - FailoverExchange support

[Ruby Client]
 * [QPID-1602] - SASL Support

[Java Management : JMX Console]
 * [QPID-1500] - Mac OS X Build
 * [QPID-1648] - Enable live reconfiguration of Log4J settings for
the Java broker via JMX
 * [QPID-1691] - Linux x86-64 and Solaris builds

[Java Management : QMan]
 * [QPID-1574] - QMan WS-DM Adapter

It is available to download from:

http://qpid.apache.org/download.html

Complete release notes are available here:

https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310520&styleName=Html&version=12313597

[ANNOUNCE] Apache Bloodhound 0.1.0 incubating Released

2012-09-14 Thread Gary Martin 
The Apache Bloodhound (Incubating) team is pleased to announce the 
availability of the Apache Bloodhound 0.1.0-incubating release.


Apache Bloodhound is a project to provide a tool to track progress and 
defects in projects, with a primary focus on software projects. Standing 
on the shoulders of the well-known Trac project, it will provide issue 
tracking, repository browsing and a simple wiki syntax for easy 
reference. On top of this Bloodhound aims to provide intuitive support 
for managing multiple software projects, an advanced user-friendly 
interface and simple installation with some of the most important 
plugins for Trac available by default.


The release can be downloaded from 
http://www.apache.org/dist/incubator/bloodhound/apache-bloodhound-incubating-0.1.0-RC1.tar.gz 



For further information on Apache Bloodhound, please visit the project 
website at http://incubator.apache.org/bloodhound/


The Apache Bloodhound Team.

Disclaimer:
 Apache Bloodhound is an effort undergoing incubation at The Apache 
Software
 Foundation (ASF), sponsored by the Apache Incubator. Incubation is 
required

 of all newly accepted projects until a further review indicates that the
 infrastructure, communications, and decision making process have 
stabilized
 in a manner consistent with other successful ASF projects.  While 
incubation
 status is not necessarily a reflection of the completeness or 
stability of
 the code, it does indicate that the project has yet to be fully 
endorsed by

 the ASF.

[ANNOUNCE] Apache SIS 0.3 Release

2013-08-20 Thread Martin Desruisseaux 
The Apache SIS PMC is pleased to announce the immediate availability of 
the SIS 0.3 release.


The release can be obtained from the Apache SIS download page - 
http://sis.apache.org/downloads.html


Release notes are available at - 
http://sis.apache.org/release-notes/0.3.html


Apache SIS is a spatial framework that enables better representation of 
coordinates for searching, data clustering, archiving, or any other 
relevant spatial needs. SIS provides data structures for geographic data 
and associated metadata along with methods to manipulate those data 
structures. The SIS metadata module forms the base of the library and 
enables the creation of metadata objects which comply with the ISO 19115 
metadata model and which can be read from or written to ISO 19139 
compliant XML documents.


For general information on Apache SIS, please visit the project website: 
http://sis.apache.org/

[Announce] Apache Etch 1.4.0 released

2014-08-07 Thread Martin Veith 
The Apache Etch team is pleased to announce the release of Apache Etch
1.4.0.

Etch is a cross-platform, language- and transport-independent framework for
building and consuming network services. The Etch toolset includes a
network service description language, a compiler, and binding libraries for
a variety of programming languages. Etch is also transport-independent,
allowing for a variety of different transports to be used based on need and
circumstance.


New features:
This release includes the new C++ binding which should be considered as
beta.

Please refer to the change log for the complete list of changes:
https://svn.apache.org/repos/asf/etch/releases/release-1.4.0/ChangeLog.txt


Downloads:
http://etch.apache.org/downloads.html

[ANNOUNCE] Apache SIS 0.5 Release

2015-02-12 Thread Martin Desruisseaux 
The Apache SIS PMC is pleased to announce the immediate availability of
the SIS 0.5 release.

The release can be obtained from the Apache SIS download page -
http://sis.apache.org/downloads.html

Release notes are available at -
http://sis.apache.org/release-notes/0.5.html

Apache SIS is a spatial framework that enables better representation of
coordinates for searching, data clustering, archiving, or any other
relevant spatial needs. SIS provides data structures for geographic data
and associated metadata along with methods to manipulate those data
structures. The SIS metadata module forms the base of the library and
enables the creation of metadata objects which comply with the ISO 19115
metadata model and which can be read from or written to ISO 19139
compliant XML documents.

For general information on Apache SIS, please visit the project website:
http://sis.apache.org/

[ANNOUNCE] Apache SIS 0.6 Release

2015-09-17 Thread Martin Desruisseaux 
The Apache SIS PMC is pleased to announce the immediate availability of
the SIS 0.6 release.

The release can be obtained from the Apache SIS download page -
http://sis.apache.org/downloads.html

Release notes are available at -
http://sis.apache.org/release-notes/0.6.html

Apache SIS is a spatial framework that enables better representation of
coordinates for searching, data clustering, archiving, or other relevant
spatial needs. SIS provides data structures for geographic data and
associated metadata along with methods to manipulate those data
structures. The library is an implementation of GeoAPI 3.0 interfaces
and can be used for desktop or server applications. Some SIS features are:

  * Geographic metadata (ISO 19115-1:2014)
  o Read/write ISO 19139 compliant XML documents.
  * Referencing by coordinates (ISO 19111:2007)
  o Well Known Text (WKT) version 1 and 2 (ISO 19162:2015).
  o Geographic Markup Language (GML) version 3.2 (ISO 19136:2007).

For general information on Apache SIS, please visit the project website:
http://sis.apache.org/

[ANNOUNCE] Apache SIS 1.1 Release

2021-10-12 Thread Martin Desruisseaux 
The Apache SIS PMC is pleased to announce the immediate availability of 
the SIS 1.1 release.


The release can be obtained from the Apache SIS download page - 
http://sis.apache.org/downloads.html


Release notes are available at - 
http://sis.apache.org/release-notes/1.1.html


Apache SIS is a Java language library for developing geospatial 
applications. SIS provides data structures for geographic features and 
associated metadata along with methods to manipulate those data 
structures. The library is an implementation of GeoAPI 3.0 interfaces 
and can be used for desktop or server applications.


Some Apache SIS features are:

 * Read/write ISO 19115-3 metadata and legacy ISO 19139 compliant XML
   documents
 * Read netCDF-3, GeoTIFF, Landsat, GPX and Moving Feature CSV data
 * Referencing by coordinates (ISO 19111) or by identifiers (ISO 19112)
 o Well Known Text (WKT) version 1 and 2 (ISO 19162)
 o Geographic Markup Language (GML) version 3.2 (ISO 19136)
 o Geodetic objects and operations from EPSG geodetic dataset
 o Mercator, Lambert, stereographic and more map projections
 o Geohashes and Military Grid Reference System (MGRS)
 * Units of measurement
 o JSR-363 with parsing, formating and unit conversion functionalities
 * Processing
 o Multi-threaded raster reprojection
 o Multi-threaded isolines computation from raster data
 o Filtering of features (ISO 19143 conceptual model)

For general information on Apache SIS, please visit the project website: 
http://sis.apache.org/

[ANNOUNCE] Apache SIS 1.2 Release

2022-05-20 Thread Martin Desruisseaux 
The Apache SIS PMC is pleased to announce the immediate availability of 
the SIS 1.2 release.


The release can be obtained from the Apache SIS download page - 
https://sis.apache.org/downloads.html


Release notes are available at - 
https://sis.apache.org/release-notes/1.2.html


Apache SIS is a Java language library for developing geospatial 
applications. SIS provides data structures for geographic features and 
associated metadata along with methods to manipulate those data 
structures. The library is an implementation of GeoAPI 3.0 interfaces 
and can be used for desktop or server applications.


Some Apache SIS features are:

 * Read netCDF-3, GeoTIFF, GPX, Moving Feature CSV, ASCII Grid, World
   Files and more data formats
 * Read/write ISO 19115-3 metadata and legacy ISO 19139 compliant XML
   documents
 * Referencing by coordinates (ISO 19111) or by identifiers (ISO 19112)
 o Well Known Text (WKT) version 1 and 2 (ISO 19162)
 o Geographic Markup Language (GML) version 3.2 (ISO 19136)
 o Geodetic objects and operations from EPSG geodetic dataset
 o Mercator, Lambert, stereographic and more map projections
 o Geohashes and Military Grid Reference System (MGRS)
 * Units of measurement
 o JSR-363 with parsing, formating and unit conversion functionalities
 * Processing
 o Multi-threaded raster reprojection
 o Multi-threaded isolines computation from raster data
 o Filtering of features (ISO 19143 conceptual model)

For general information on Apache SIS, please visit the project website: 
https://sis.apache.org/

[ANNOUNCE] Apache NiFi MiNiFi C++ 0.12.0 release

2022-06-01 Thread Martin Zink 
Hello

The Apache NiFi team would like to announce the release of Apache NiFi
MiNiFi C++ 0.12.0.

New features in this release:

   - new processors:
  - DeleteAzureBlobStorage
  

  - FetchAzureBlobStorage
  

  - FetchAzureDataLakeStorage
  

  - ListAzureBlobStorage
  

  - ListAzureDataLakeStorage
  

  - DeleteGCSObject
  

  - FetchGCSObject
  

  - ListGCSBucket
  

  - PutGCSObject
  

  - ProcFsMonitor
  

  - PutUDP
  
  - FetchFile
  

  - ListFile
  

  - PutSplunkHTTP
  

  - QuerySplunkIndexingStatus
  


- Log collection from Kubernetes
- improved support for Lua processors
- platform independent ListenSyslog

- property update over C2 protocol

MiNiFi—a subproject of Apache NiFi—is a complementary data collection
approach that supplements the core tenets of NiFi in dataflow management,
focusing on the collection of data at the source of its creation.

Specific goals for the initial thrust of the MiNiFi effort comprise:

   - Small size and low resource consumption
   - Central management of agents
   - Generation of data provenance (full chain of custody of information)
   - Integration with NiFi for follow-on dataflow management


More details on Apache NiFi MiNiFi can be found here:
https://nifi.apache.org/minifi

The release artifacts can be downloaded from here:
https://nifi.apache.org/minifi/download.html

Issues closed/resolved for this list can be found here:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12321520&version=12351052

Release note highlights can be found here:
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=65145325#ReleaseNotesMiNiFi(C++)-Versioncpp-0.12.0

Thank you
The Apache NiFi team

[ANNOUNCE] Apache SIS 1.3 Release

2022-12-26 Thread Martin Desruisseaux 
The Apache SIS PMC is pleased to announce the immediate availability of 
the SIS 1.3 release.


The release can be obtained from the Apache SIS download page - 
https://sis.apache.org/downloads.html


Release notes are available at - 
https://sis.apache.org/release-notes/1.3.html


Apache SIS is a Java language library for developing geospatial 
applications. SIS provides data structures for geographic features and 
associated metadata along with methods to manipulate those data 
structures. The library is an implementation of GeoAPI 3.0 interfaces 
and can be used for desktop or server applications. A JavaFX application 
is provided for demonstration purposes.


Some Apache SIS features are:

 * Read netCDF-3, GeoTIFF and Moving Feature CSV data formats
 * Read/write GPX, ASCII Grid, World File, ISO 19115-3 metadata and
   legacy ISO 19139 compliant XML documents
 * Referencing by coordinates (ISO 19111) or by identifiers (ISO 19112)
 o Well Known Text (WKT) version 1 and 2 (ISO 19162)
 o Geographic Markup Language (GML) version 3.2 (ISO 19136)
 o Geodetic objects and operations from EPSG geodetic dataset
 o Mercator, Lambert, stereographic and more map projections
 o Geohashes and Military Grid Reference System (MGRS)
 * Units of measurement
 o JSR-363 with parsing, formating and unit conversion functionalities
 * Processing
 o Multi-threaded raster reprojection
 o Multi-threaded isolines computation from raster data
 o Filtering of features (ISO 19143 conceptual model)

For general information on Apache SIS, please visit the project website: 
https://sis.apache.org/

[ANNOUNCE] Apache NiFi MiNiFi C++ 0.15.0 release

2023-09-03 Thread Martin Zink 
Hello

The Apache NiFi team would like to announce the release of Apache NiFi
MiNiFi C++ 0.15.0.

New features in this release:

-ConsumeWindowsEventLog can work from log files
-ConsumeWindowsEventLog resolve Security/UserID attribute
-TLS v1.3 support
-PutS3Object multipart upload support
-Use systemd service management on Linux
-Add ProcessContext::getStateManager to Lua/Python
-Reworked GetTCP to be more inline with ListenTCP
-SSL support for Prometheus reporter
-Documentation improvements
-Multiarch docker support
-RFC3339 parsing with expression language
-Reworked Minifi controller
-gcc-13 support

-Fix for waking up prematurely after processor yields
-Fix system certificate store usage in SSLContextService on Linux
-Fix inconsistent naming in C2 machineArch
-Fix default CA path for S3 on CentOS
-Removed CronScheduler locale requirements


We've upgraded our third party dependencies (notable mentions)

-Replaced LibreSSL with OpenSSL 3.1.1
-Upgraded RocksDB to v8.1.1
-Upgraded LibCurl to v8.1.0
-Upgraded CivetWeb to v1.16
-Upgraded OpenCV to v4.7.0
-Upgraded GoogleCloud SDK to v2.10.1
-Upgraded Azure SDK to v12.7.0



MiNiFi—a subproject of Apache NiFi—is a complementary data collection
approach that supplements the core tenets of NiFi in dataflow management,
focusing on the collection of data at the source of its creation.

Specific goals for the initial thrust of the MiNiFi effort comprise:

   - Small size and low resource consumption
   - Central management of agents
   - Generation of data provenance (full chain of custody of information)
   - Integration with NiFi for follow-on dataflow management

More details on Apache NiFi MiNiFi can be found here:
https://nifi.apache.org/minifi

The release artifacts can be downloaded from here:
https://nifi.apache.org/minifi/download.html

Issues closed/resolved for this list can be found here:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12321520&version=12353155

Release note highlights can be found here:
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=65145325#ReleaseNotesMiNiFi(C++)-Versioncpp-0.15.0

Thank you
The Apache NiFi team

[ANNOUNCE] Apache SIS 1.4 Release

2023-10-13 Thread Martin Desruisseaux 

The Apache SIS PMC is pleased to announce the immediate availability of
the SIS 1.4 release.

The release can be obtained from the Apache SIS download page -
https://sis.apache.org/downloads.html

Release notes are available at -
https://sis.apache.org/release-notes/1.4.html

Apache SIS is a Java language library for developing geospatial
applications. SIS provides data structures for geographic features and
associated metadata along with methods to manipulate those data
structures, such as map projections. The library is an implementation of
GeoAPI 3.0 interfaces and can be used for desktop or server
applications. A JavaFX application is provided for demonstration purposes.

Some Apache SIS features are:

 * Read netCDF-3, Cloud Optimized GeoTIFF (including BigTIFF) and
   Moving Feature CSV data formats
 * Read/write GPX, ASCII Grid, World File, ISO 19115-3 metadata and
   legacy ISO 19139 compliant XML documents
 * Referencing by coordinates (ISO 19111) or by identifiers (ISO 19112)
 o Well Known Text (WKT) version 1 and 2 (ISO 19162)
 o Geographic Markup Language (GML) version 3.2 (ISO 19136)
 o Geodetic objects and operations from EPSG geodetic dataset
 o Mercator, Lambert, stereographic and more map projections
 o Geohashes and Military Grid Reference System (MGRS)
 * Units of measurement
 o JSR-363 with parsing, formating and unit conversion functionalities
 * Processing
 o Multi-threaded raster reprojection
 o Multi-threaded isolines computation from raster data
 o Filtering of features (ISO 19143 conceptual model)

For general information on Apache SIS, please visit the project website:
https://sis.apache.org/

[ANNOUNCE] OpenNLP 2.3.1 released

2023-11-27 Thread Martin Wiesner 
The Apache OpenNLP team is pleased to announce the release of version 2.3.1 of 
Apache OpenNLP. The Apache OpenNLP library is a machine learning based toolkit 
for the processing of natural language text. It supports the most common NLP 
tasks, such as tokenization, sentence segmentation, part-of-speech tagging, 
named entity extraction, chunking, and parsing.

The OpenNLP 2.3.1 binary and source distributions are available for download 
from our download page: https://opennlp.apache.org/download.html
The OpenNLP library is distributed by Maven Central as well. See the Maven 
Dependency page for more details: 
https://opennlp.apache.org/maven-dependency.html

Changes in this version:
- It is a maintenance release which mainly provides enhancements.
- Some of these are related to sentence models and the use of abbreviations. 
- Moreover, with this release the ONNX runtime for the 'opennlp-dl' component 
is switched from the GPU to the CPU-based variant. 
- Several other (cleanup) tasks have also been completed.

For a full list of improvements, please see the list of items addressed in 
Jira: 
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311215&version=12353478

The Apache OpenNLP Team

[ANNOUNCE] OpenNLP 2.3.3 released

2024-04-25 Thread Martin Wiesner 
The Apache OpenNLP team is pleased to announce the release of version 2.3.3 of 
Apache OpenNLP. 

The Apache OpenNLP library is a machine learning based toolkit for the 
processing of natural language text. It supports the most common NLP tasks, 
such as tokenization, sentence segmentation, part-of-speech tagging, named 
entity extraction, chunking, and parsing.

The OpenNLP 2.3.3 binary and source distributions are available for download 
from our download page: https://opennlp.apache.org/download.html
The OpenNLP library is distributed by Maven Central as well. See the Maven 
Dependency page for more details:  
https://opennlp.apache.org/maven-dependency.html


Changes in this version:

This release brings four dependency updates, two bug fixes, minor corrections 
in the manual, and working integration tests (IT) again! The ITs were not 
executed for quite some time, but are now executed for every regular Maven 
build.

The OpenNLP manual’s CSS got modernized. Moreover, this release will ship an 
abbreviation dictionary for the Dutch language.


For a full list of improvements, please see the list of items addressed
in Jira: 
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12354199&projectId=12311215

The Apache OpenNLP Team

CVE-2024-36522: Apache Wicket: Remote code execution via XSLT injection

2024-07-12 Thread Martin Tzvetanov Grigorov 
Severity: moderate

Affected versions:

- Apache Wicket 10.0.0-M1 through 10.0.0
- Apache Wicket 9.0.0 through 9.17.0
- Apache Wicket 8.0.0 through 8.15.0

Description:

The default configuration of XSLTResourceStream.java is vulnerable to remote 
code execution via XSLT injection when processing input from an untrusted 
source without validation.
Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which 
fix this issue.

Credit:

cigar (finder)

References:

https://wicket.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-36522