The Apache Weekly News Round-up: week ending 19 November 2021

Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 December 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield uptime at 99.57%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 340 Apache Committers changed 4,175,400 lines of code over 3,102 commits. Top 5 contributors, in order, are: Daniel Gruno, Christofer Dutz, Sebastian Rühl, Sebastian Bazley, and Claus Ibsen.  

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache Arrow 6.0.1 released
 - Apache Ozone 1.2.0 released
   -- CVE-2021-36372: Original block tokens are persisted and can be retrieved
   -- CVE-2021-39231: Missing authentication/authorization on internal RPC endpoints
   -- CVE-2021-39232: Missing admin check for SCM related admin commands
   -- CVE-2021-39233: Container-related datanode operations can be called without authorization
   -- CVE-2021-39234: Raw block data can be read bypassing ACL/authorization
   -- CVE-2021-39235: Access mode of block tokens are not enforced
   -- CVE-2021-39236: Owners of the S3 tokens are not validated
   -- CVE-2021-41532: Unauthenticated access to Ozone Recon HTTP endpoints 

Business Intelligence --

 - Apache Superset CVE-2021-42250: Possible log injection

Cloud Computing --
 - Apache CloudStack 4.16.0.0 released

Content --

 - Apache Jackrabbit Oak 1.6.22 released

Integration --

 - Apache Camel 3.13.0 released

IoT --

 - Apache IoTDB 0.12.3 released

Observability --

- Apache SkyWalking Infra E2E 1.1.0 released

Programming Languages --

 - Apache Groovy 4.0.0-beta-2 released

Search --

 - Apache Lucene 8.11.0 released

 - Apache Solr 8.11.0 and Operator v0.5.0 released

Servers --

 - Apache Tomcat 8.5.73, 9.0.55, 10.0.13, 10.1.0-M7 (alpha) released
 - Apache HttpComponents Client 5.1.2 GA released
 - Apache Traffic Control: CVE-2021-43350: LDAP filter injection vulnerability in Traffic Ops

Web Frameworks --

 - Apache Struts 2.5.27 released

Did You Know?

 - Did you know that the ASF's Corporate Contribution options include
Employee Giving Programs, Volunteer Grants, and Corporate Matching
Gifts? End-of-year donations are welcome in any amount --thank you in
advance for considering supporting the ASF! https://apache.org/foundation/contributing#support-the-asf-today

 - Did you know that Apache Pinot was featured in the Disney comedy film, "Home Sweet Home Alone"? https://twitter.com/ApachePinot/status/1459378780586262528

 - Did you know that Apache DolphinScheduler v2.0 is 20x more performant than previous versions? http://dolphinscheduler.apache.org/

Apache Community Notices

- The Apache Month in Review: October 2021 and video highlights

- Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn. 

 - Follow the Apache Community on Facebook and Twitter. 

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos.

---

Stay updated about The ASF

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.