Happy Friday, everyone. The Apache community has had another great week. Let's review what we've been up to:

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 19 January 2022. Board calendar and minutes https://apache.org/foundation/board/calendar.html

ASF Infrastructure – our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 -
7M+ weekly checks yield uptime at 99.99%. Performance checks across 50
different service components spread over more than 250 machines in data
centers around the world. View the ASF's Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot 
Over the past week, 317 Apache Committers changed 9,133,089 lines of
code over 3,258 commits. Top 5 contributors, in order, are: Gary Gregory, Harikrishna Patnala, Claus Ibsen, Duo Zhang, and Andi Huber.

Apache Project Announcements – the latest updates by category.

Big Data --
 - Apache NiFi 1.15.2 released
 - Apache HBase 3.0.0-alpha-2 released
 - Apache Parquet 1.11.2 and 1.12.2 released
   -- CVE-2021-41561: Potential DoS in case of malicious Parquet file

Build Management --
 - Apache Archiva 2.2.7 released

Content --
 - Apache JSPWiki 2.11.1 released
 - Apache Traffic Control 6.0.2 released
 - Apache Jackrabbit FileVault 3.5.8  released
 - Apache Tika 1.28 and 2.2.1 released

Databases --

 - Apache Geode 1.12.7, 1.13.6, and 1.14.2 released 

Data Management Platform --

 - Apache Ignite 2.11.1 released

IoT --

 - Apache PLC4X 0.9.1 released
   -- CVE-2021-43083: Buffer overflow in PLC4C via crafted server response 

Enterprise Processes Automation / ERP --

 - Apache OFBiz 18.12.04 released 

Libraries --
 - Apache Log4j 2.3.1, 2.12.3, and 2.17.0 released
   -- CVE-2021-45105: Log4j2 does not always protect from infinite recursion in lookup evaluation
 - Apache MXNet (Incubating) 1.9.0 released
 - Apache Daffodil 3.2.1 released

Mail --
  - Apache James 3.6.1 released 

Messaging -- 
 - Apache Qpid JMS 0.60.1, 0.61.0, 1.4.1, and 1.5.0 released
 - Apache Pulsar 2.9.1 released 

Search --
 - Apache Lucene 8.11.1 released
 - Apache Solr 8.11.1 released
   -- CVE-2021-44548: Apache Solr information disclosure vulnerability through DataImportHandler 

Servers --
 - Apache HTTP Server 2.4.52 released
   -- CVE-2021-44790: Possible buffer overflow when parsing multipart content in mod_lua
   -- CVE-2021-44224: Possible NULL dereference or SSRF in forward proxy configurations
 - Apache HttpComponents Core 5.1.3 GA released

Web Frameworks--
- Apache Struts 2.5.28.1 and 2.5.28.2 released 

Workflow --
 - Apache DolphinScheduler 2.0.1 released
 - Apache Airflow 2.2.3 released


Did You Know?

 - Did you know that ASF Security posted the status of more than three
dozen Apache Projects in relation to the recent Apache Log4j
vulnerability? https://blogs.apache.org/security/entry/cve-2021-44228 (please check individual projects not included in this list for updates)

 - Did you know that Apache Roller (which powers blogs.apache.org)
new v6.1.0 contains upgrades for more than a dozen dependencies
(including Log4j), along with many bug fixes and improvements to the
code base? https://roller.apache.org/

 - Did you know that tax-deductible donations support the ASF's day-to-day
operations that benefit 350+ Apache Projects and their communities?
Donate online using ACH, credit card, PayPal, Apple Pay, Google Pay, and
Microsoft Pay https://donate.apache.org/

Apache Community Notices

 - The Apache Month in Review: November 2021 https://s.apache.org/November2021 and video highlights https://youtu.be/L1qMXw5MxJQ

 - Watch "Trillions and Trillions Served", the documentary on the ASF 1) full feature [49 min] 2) "Apache Everywhere" [6 min] 3) "Why Apache" [2.5 min] 4) “Apache Innovation” [40 min] 

 - ASF Annual Report: FY2021 -- Press release and Report (PDF)

 - The Apache Way to Sustainable Open Source Success 

 - Foundation Reports and Statements

 - Presentations from 2021's ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.

 - "Success at Apache" focuses on the people and processes behind why the ASF "just works." 

 - Inside Infra: the new interview series with members of the ASF infrastructure team --meet 
    Chris Thistlethwaite https://s.apache.org/InsideInfra-Chris
    Drew Foulks https://s.apache.org/InsideInfra-Drew
    Greg Stein Part I https://s.apache.org/InsideInfra-Greg
      ...Part II https://s.apache.org/InsideInfra-Greg2 and Part III https://s.apache.org/InsideInfra-Greg3
    Daniel Gruno Part I https://s.apache.org/InsideInfra-Daniel1 and Part II https://s.apache.org/InsideInfra-Daniel2
    Gavin McDonald Part I https://s.apache.org/InsideInfra-Gavin and Part II https://s.apache.org/InsideInfra-Gavin2
    Andrew Wetmore Part I https://s.apache.org/InsideInfra-Andrew and Part II https://s.apache.org/InsideInfra-Andrew2
    Chris Lambertus Part I  https://s.apache.org/InsideInfra-ChrisL  and Part II https://s.apache.org/InsideInfra-ChrisL2

 - Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn

 - Follow the Apache Community on Facebook and Twitter

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos.

Stay updated about The ASF

For
real-time updates, sign up for Apache-related news by sending mail to
announce-subscribe@apache.org and follow @TheASF on Twitter. For a
broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.