Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:
ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
- Next Board Meeting: 15 December 2021. Board calendar and minutes https://apache.org/foundation/board/calendar.html
ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
- 7M+ weekly checks yield uptime at 99.57%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.
Apache Code Snapshot – Over the past week, 340 Apache Committers changed 4,175,400 lines of code over 3,102 commits. Top 5 contributors, in order, are: Daniel Gruno, Christofer Dutz, Sebastian Rühl, Sebastian Bazley, and Claus Ibsen.
Apache Project Announcements – the latest updates by category.
Big Data --
- Apache Arrow 6.0.1 released
- Apache Ozone 1.2.0 released
-- CVE-2021-36372: Original block tokens are persisted and can be retrieved
-- CVE-2021-39231: Missing authentication/authorization on internal RPC endpoints
-- CVE-2021-39232: Missing admin check for SCM related admin commands
-- CVE-2021-39233: Container-related datanode operations can be called without authorization
-- CVE-2021-39234: Raw block data can be read bypassing ACL/authorization
-- CVE-2021-39235: Access mode of block tokens are not enforced
-- CVE-2021-39236: Owners of the S3 tokens are not validated
-- CVE-2021-41532: Unauthenticated access to Ozone Recon HTTP endpoints
Business Intelligence --
- Apache Superset CVE-2021-42250: Possible log injection
- Apache Tomcat 8.5.73, 9.0.55, 10.0.13, 10.1.0-M7 (alpha) released
- Apache HttpComponents Client 5.1.2 GA released
- Apache Traffic Control: CVE-2021-43350: LDAP filter injection vulnerability in Traffic Ops
Did You Know?
- Did you know that the ASF's Corporate Contribution options include
Employee Giving Programs, Volunteer Grants, and Corporate Matching
Gifts? End-of-year donations are welcome in any amount --thank you in
advance for considering supporting the ASF! https://apache.org/foundation/contributing#support-the-asf-today
- Did you know that Apache Pinot was featured in the Disney comedy film, "Home Sweet Home Alone"? https://twitter.com/ApachePinot/status/1459378780586262528
- Did you know that Apache DolphinScheduler v2.0 is 20x more performant than previous versions? http://dolphinscheduler.apache.org/
Apache Community Notices
- The Apache Way to Sustainable Open Source Success
- Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.
- "Success at Apache" focuses on the people and processes behind why the ASF "just works."
- Inside Infra: the new interview series with members of the ASF infrastructure team --meet
Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
Drew Foulks https://s.apache.org/InsideInf
Greg Stein Part I https://s.apache.org/InsideInfra-Greg
...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
Chris Lambertus Part I https://s.apache.org/InsideInfra-ChrisL and Part II https://s.apache.org/InsideInfra-ChrisL2
Stay updated about The ASF
For real-time updates, sign up for Apache-related news by sending mail to firstname.lastname@example.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.