Apache News Online

07 April 2009 - CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability

CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability

Severity: important

Vendor: The Apache Software Foundation

Versions Affected:
mod_jk 1.2.0 to 1.2.26

Description:
Situations where faulty clients set Content-Length without providing
data, or where a user submits repeated requests very quickly may permit
one user to view the response associated with a different user's request.

Mitigation:
Upgrade to mod_jk 1.2.27 or later

Example:
See description

Credit:
This issue was discovered by the Red Hat Security Response Team

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-jk.html

The Apache Tomcat Security Team

03 April 2009 - Apavhe PyLucene 2.4.1-1 released

The Apache Lucene Project is pleased to announce the availability of Apache PyLucene 2.4.1.

Apache PyLucene, a subproject of Apache Lucene, is a Python extension for accessing Java Lucene. Its goal is to allow you to use Lucene's text indexing and searching capabilities from Python. It is API compatible with the latest version of Java Lucene, 2.4.1.

Apache PyLucene 2.4.1 is the first release of PyLucene since its recent move to the Apache Software Foundation as a Lucene subproject earlier this year.

If contains a number of bug fixes and improvements. Details can be found in the changes files:

http://svn.apache.org/repos/asf/lucene/pylucene/tags/pylucene_2_4_1/CHANGES
http://svn.apache.org/repos/asf/lucene/pylucene/tags/pylucene_2_4_1/jcc/CHANGES

Apache PyLucene 2.4.1 is available from the following download page:
http://www.apache.org/dyn/closer.cgi/lucene/pylucene/pylucene-2.4.1-1-src.tar.gz

When downloading from a mirror site, please remember to verify the downloads using signatures found on the Apache site:
http://www.apache.org/dist/lucene/pylucene/KEYS

For more information on Apache PyLucene, visit the project home page:
http://lucene.apache.org/pylucene

02 April 2009 - Apache Mailet Base 1.0 Released

The Apache James Team is pleased to announce that the Apache Mailet Base 1.0 release is now available.

Apache James Mailets Base collects a number of utilites and lightweight frameworks useful when working with the Apache Mailet API (a framework assisting the rapid development of email processing functionality http://james.apache.org/mailet/api). Mailets base is used as the basis for the email processing functions shipped with the Apache James server (an advanced mail server) but is not dependent on that server.

Version 1.0 is the first independent release of these mature components last shipped with Apache James 2.3.

----

For more information see

http://james.apache.org/mailet/base/release-notes.html

http://james.apache.org/mailet/base/

31 March 2009 - Apache CouchDB 0.9 released

Apache CouchDB 0.9.0 has been released and is available for download:

http://couchdb.apache.org/downloads.html

This is the first release after graduating from the ASF Incubator.

Apache CouchDB is a distributed, fault-tolerant and schema-free
document-oriented database accessible via a RESTful HTTP/JSON API. Among other
features, it provides robust, incremental replication with bi-directional
conflict detection and resolution, and is queryable and indexable using a
table-oriented view engine with JavaScript acting as the default view definition
language.

CouchDB is written in Erlang, but can be easily accessed from any environment
that provides means to make HTTP requests. There are a multitude of third-party
client libraries that make this even easier for a variety of programming
languages and environments.

Version 0.9.0
-------------

* Modular configuration.
* Performance enhancements for document and view access.
* More resilient replication process.
* Replication streams binary attachments.
* Administrator role and basic authentication.
* Document validation functions in design documents.
* Show and list functions for rendering documents and views as developer
controlled content-types.
* External process server module.
* Attachment uploading from Futon.
* Etags for views, lists, shows, document and attachment requests.
* Miscellaneous improvements to build, system integration, and portability.

This release contains backwards incompatible changes, please see:

http://wiki.apache.org/couchdb/BreakingChanges

Apache CouchDB is alpha software and still under heavy development. Please be
aware that important areas such as the public API or internal database format
may see backwards incompatible changes between versions.

28 March 2009 - Apache Tomcat JK 1.2.28 Web Server Connector released

The Apache Tomcat team is pleased to announce the immediate availability of version 1.2.28 of the Apache Tomcat Connectors.

It contains connectors, which allow a web server such as the Apache HTTP Server, Microsoft IIS and Sun Web Server to act as a front end to the Tomcat web application server.

This version contains mainly some bug fixes and small improvements.

See http://tomcat.apache.org/connectors-doc/news/20090301.html#22%20March%20-%20JK-1.2.28%20released

for an overview and

http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html

for a complete list of changes.

Source distribtions can be downloaded from an Apache Software Foundation mirror at:

http://tomcat.apache.org/download-connectors.cgi

Binary distributions for a number of different operating systems and web servers can be downloaded from an Apache Software Foundation mirror at:

http://tomcat.apache.org/download-connectors.cgi

Documentation for using Apache Tomcat Connectors can be found at:

http://tomcat.apache.org/connectors-doc/

Thank you,

-- The Apache Tomcat Team

27 March 2009 - Apache ZooKeeper 3.1.1 released

The Apache ZooKeeper team is proud to announce Apache ZooKeeper version 3.1.1.

ZooKeeper is a high-performance coordination service for distributed applications. It exposes common services - such as naming, configuration management, synchronization, and group services - in a simple interface so you don't have to write them from scratch. You can use it off-the-shelf to implement consensus, group management, leader election,
and presence protocols. And you can build on it for your own, specific needs.

If you are upgrading from version 2.2.1 on SourceForge be sure to review the 3.0.1 release notes for migration instructions.

For ZooKeeper release details and downloads, visit: http://hadoop.apache.org/zookeeper/releases.html

ZooKeeper 3.1.1 Release Notes are at: http://hadoop.apache.org/zookeeper/docs/r3.1.1/releasenotes.html

Regards,

The Apache ZooKeeper Team

26 March 2009 - Apache ServiceMix 4.0.0 released

The Apache ServiceMix team is pleased to annouce the release of Apache ServiceMix 4.0. Download links and detailed release notes are available at http://servicemix.apache.org/smx4/servicemix-400.html

Apache ServiceMix 4.0 is the first release of our OSGi based integration platform. It includes two major components:

* Apache ServiceMix Kernel 1.1.0:
an OSGi runtime with a lot of extra features (SSH connectivity, provisioning enhancements, Spring integration, ...)
* Apache ServiceMix NMR 1.0.0:
an OSGi based NMR and JBI container, which also comes with a new clustering engine ready for enterprise deployment

In addition, ServiceMix 4.0 also ships with enhanced ActiveMQ, Camel and CXF integration as well as a whole set of examples to let you leverage this functionality. We also have out-of-the-box support for deploying and running web applications, so they can run together with everything else in the same container.

26 March 2009 - Apache Archiva 1.2 released

The Apache Archiva team is pleased to announce the release of Archiva 1.2

Apache Archiva is an extensible repository management software that helps taking care of your own personal or enterprise-wide build artifact repository. It is the perfect companion for build tools such as Maven, Continuum, and ANT.

Archiva offers several capabilities, amongst which remote repository proxying, security access management, build artifact storage, delivery, browsing, indexing and usage reporting, extensible scanning functionality... and many more!

The latest release is now available here:
http://archiva.apache.org/download.html

If you have any questions, please consult:
- the web site: http://archiva.apache.org
- the archiva-user mailing list: http://archiva.apache.org/mail-lists.html

24 March 2009 - Apache Maven 2.1.0 Released

The Apache Maven team is pleased to announce the release of Maven 2.1.0.

Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information.

You can download the new version at:

http://maven.apache.org/download.html

You can find release notes for this version below, or at:

http://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=10500&styleName=Html&version=14587

Enjoy,

-The Apache Maven team

Free Live Video from ApacheCon Europe 2009

Can't make it to ApacheCon Europe 2009 in Amsterdam?
Don't miss our live video streaming 25-27 March.

http://www.eu.apachecon.com/c/aceu2009/about/videoStreaming

You can watch the following videos free of charge:

* Wednesday, 8:00 UTC: Jim Jagielski, State of the Feather
* Wednesday, 8:30 UTC: Raghu Ramakrishnan,
Data Management in the Cloud
* Wednesday, 12:00 UTC: Lars Eilebrecht, Behind the Scenes of
The Apache Software Foundation
* Thursday, 12:00 UTC: Jim Jagielski, Sponsoring the ASF
the Corporate and Individual Level
* Thursday, 16:30 UTC: James Governor, Open sourcing the
analyst business...
* Friday, 10:30 UTC: Apache Pioneer's Panel, 10 years of
The Apache Software Foundation
* Friday, 12:00 UTC: J Aaron Farr, The Apache Way

The following select technical tracks are available for a fee:

* Wednesday, 9:30-17:00 UTC: Hadoop Geeks for Geeks track
* Thursday, 8:00-16:00 UTC: Tomcat for Developers and Administrators
* Friday, 8:00-16:00 UTC: HTTP Server Administration

And join our ApacheCon social network at http://aceu2009.crowdvine.com
to discuss the sessions and to get in contact with other attendees of
ApacheCon Europe 2009.
--
ApacheCon Europe 2009 Team
info@apachecon.com

Free Live Video Streaming from ApacheCon Europe 2009

Free Live Video Streaming from ApacheCon Europe 2009 -- See the top page of the Apache Software Foundation for more details.

20 March 2009 - ApacheCon Europe 2009 - Watch live video for free, download the Program Guide, and Save the Dates

ApacheCon Europe 2009 publishes our downloadable Program Guide;
provides live Video Streams; has free signups available for MeetUps and
the BarCamp; and announces Save-the-Date for upcoming conferences and
events. Everything you need to know: http://www.eu.apachecon.com

Can't Attend? Live Video Streams Of Keynotes Free
-------------------------------------------------
Watch our keynotes and lunchtime sessions for free with live streaming
video from Linux New Media. Full session tracks are available for a
fee. Free and paid tracks are available in an archive later.
http://xrl.us/aceu09vid

Special Events: MeetUps, BarCampApache - Free
---------------------------------------------
It's free to attend BarCampApache on Monday, 23 March during the day.
http://barcamp.org/BarCampApache Add your name to participate

MeetUps on Monday and Tuesday evening are also free.
Monday at 19:00: join the Maven and Portals communities.
Tuesday at 19:00: join Wicket, Lucene, and JCR/Jackrabbit/Sling.
http://xrl.us/aceu09mc MeetUp schedule and sign up to participate

Download the ApacheCon Program Guide
------------------------------------
The listing of everything at the conference downloadable as PDF:
http://www.eu.apachecon.com/c/aceu2009/about/conference-resources

Save The Dates! ApacheCon and More
-----------------------------------
BarCampApacheOxford
4-5 April 2009 - Oxford, England
http://barcamp.org/BarCampApacheOxford

ApacheCon US 2009 - Celebrating the 10th Anniversary of The ASF!
2-6 November 2009 - Oakland, CA
http://www.us.apachecon.com

ApacheCon Europe 2010
Spring 2010

ApacheCon US 2010
1-5 November 2010 - Atlanta, GA

ApacheCon North America 2011
7–11 November 2011 - Vancouver BC, Canada

Interested in sponsoring ApacheCon?
----------------------------------_
Contact Delia Frees at delia@apachecon.com for further information.
http://xrl.us/aceu09ss Our current sponsor list

--
ApacheCon Europe 2009 Team
planners-2009-eu@apachecon.com
http://www.eu.apachecon.com

19 March 2009 - Apache CXF 2.2 released

The Apache CXF team is proud to announce the availability of the 2.2 release.

Apache CXF is an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, JMS or JBI. CXF includes a broad feature set, but it is primarily focused on the following
areas:

* Web Services Standards Support: CXF supports a variety of web service standards including SOAP, the WSI Basic Profile, WSDL, WS-Addressing, WS-Policy, WS-ReliableMessaging, and WS-Security.

* REST based service creation based on JAX-RS standard API's.

* Frontends: CXF supports a variety of "frontend" programming models. CXF provides a JAX-WS 2.1 Compliant frontend. It also includes a "simple frontend"which allows creation of clients and endpoints without annotations. CXF supports both contract first development with WSDL and code first development starting from Java.

* Ease of use: CXF is designed to be intuitive and easy to use. There are simple APIs to quickly build code-first services, Maven plug-ins to make tooling integration easy, JAX-WS API support, Spring 2.0 XML support to make configuration a snap, and much more.

What's new in CXF 2.2:
* WS-SecurityPolicy support
* WS-SecureConversation
* Some WS-Trust support (client side)
* JAX-RS 1.0 (not TCK compliant yet)
* MANY MANY bugfixes, performance enhancements, etc... Too numerous to list individually.

As always, we welcome feedback on our mailing lists:
http://cxf.apache.org/mailing-lists.html

Downloads are available from:
http://cxf.apache.org/download.html

----

-- The Apache CXF Team

[FROM EDITOR] Sponsorship Program with FaceBook

Did you know that

when you post (compose) a message at Facebook to your friends or someone,
Including -- http://apache.org/foundation/thanks.html as URL -- will show the banner of current Sponsors with "Attach:"?? -- Google, Yahoo, Microsoft, HP, Covalent. IONA, and OSL.

Try it and let people know the Apache Software Foundation Sponsorship Program!

18 March 2009 - Apache ServiceMix Kernel 1.1.0 Released

The Apache ServiceMix Team is pleased to announce the release of Apache ServiceMix Kernel 1.1.0.

Apache ServiceMix Kernel is a small OSGi based runtime which provides a
lightweight container onto which various components and applications can
be deployed.
* Hot deployment: ServiceMix Kernel supports hot deployment of OSGi
bundles by monitoring jar files inside the [home]/deploy directory.
Each time a jar is copied in this folder, it will be installed
inside the runtime. You can then update or delete it and changes
will be handled automatically. In addition, the Kernel also supports
exploded bundles and custom deployers (a spring one is included by
default).
* Dynamic configuration: Services are usually configured through the
ConfigurationAdmin OSGi service. Such configuration can be defined
in ServiceMix Kernel using property files inside the [home]/etc
directory. These configurations are monitored and changes on the
properties files will be propagated to the services.
* Logging System: using a centralized logging back end supported by
Log4J, ServiceMix Kernel supports a number of different APIs (JDK 1.4,
JCL, SLF4J, Avalon, Tomcat, OSGi)
* Provisioning: Provisioning of libraries or applications can be done
through a number of different ways, by which they will be downloaded
locally, installed and started.
* Native OS integration: ServiceMix Kernel can be integrated into your
own Operating System as a service so that the lifecycle will be bound
to your Operating System.
* Extensible Shell console: ServiceMix features a nice text console where
you can manage the services, install new applications or libraries and
manage their state. This shell is easily extensible by deploying new
commands dynamically along with new features or applications.
* Remote access: use any SSH client to connect to the kernel and issue
commands in the console
* Security framework based on JAAS
* Managing instances: ServiceMix Kernel provides simple commands for
managing instances of ServiceMix Kernel. You can easily create, delete,
start and stop instances of ServiceMix Kernel through the console.

The Apache ServiceMix Kernel 1.1.0 release brings a lot of new features
enhancements and bug fixes:
* remote connection using SSH protocol
* provisioning enhancements: versioning / hot deployment of features
* new commands, including OSGi related commands for the Configuration
Admin and Package Admin services
* improved spring integration: upgrade to spring 2.5.6 and spring-dm
1.2.0-m2, the osgi/list command now displays spring applications status
* container level locking for master / slave deployments
* support for JAXP 1.4 on all platforms
* improved JMX support for managing the OSGi framework and features

Note that the commands syntax has changed due to the upgrade to the
latest gshell version.

This release, with the detailed release notes, is available at:
http://servicemix.apache.org/kernel/servicemix-kernel-110.html

If you have any questions, you may find some informations at:
http://servicemix.apache.org/kernel/index.html
http://servicemix.apache.org/kernel/users-guide.html
or browse the forums and send your question at:
http://servicemix.apache.org/SM/discussion-forums.html

----

-- The Apache ServiceMix Team

[FROM EDITOR] Celebration of Anniversaries

Apache Software Foundation has celebrated its anniversary -- 10th anniversary.

and Linux, 15th anniversary -- w3c, 20th anniversary.

Thanks to all of the foundations and contributers.

10 March 2009 - The Apache Software Foundation Names Qpid a Top-Level Project

The Apache Software Foundation (ASF) today announced the graduation of the Qpid project from the Apache Incubator as a Top-Level Project (TLP), signifying that the Project’s community and products have been well-governed under the ASF’s meritocratic process and principles.... see more

10 March 2009 - Press Conference for the Tenth Anniversary of The Apache Software Foundation

Globally Recognized Open Source Organization Celebrates a Decade of Leadership ... see more

10 March 2009 - Apache Mime4J (JAMES) 0.6 released

Apache Mime4J is a flexible MIME parsing library written in Java. SAX, DOM and pull parsing styles are supported.

The 0.6 release brings another round of API enhancements and performance optimizations. There has been a number of notable improvements in the DOM support. MIME stream parser is expected to be 50% faster when line counting is disabled. Please also note that as of this release Mime4j requires a Java 1.5 compatible runtime

Detailed change log can be found here:

https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310521&styleName=Html&version=12313434

Notes
-----
* Mime4j API is still considered unstable and is likely to change in future releases
* DOM support has known limitations and some roundtrip issues remain to be resolved
* Some low level functions are available only in the pull parser (recommended for advanced users)

----

-- The Apache James Project

10 March 2009 - Apache Lucene Java 2.4.1 Released

Release 2.4.1 of Apache Lucene (Java) is now available.

This release fixes bugs from 2.4.0, including one data loss bug where
in certain situations binary fields would be truncated to 0 bytes.
2.4.1 has no new features, nor API changes or changes to file formats,
so it's fully compatible with 2.4.0.

See changes at http://lucene.apache.org/java/2_4_1/changes/Changes.html

Binary and source distributions are available at
http://www.apache.org/dyn/closer.cgi/lucene/java/

Lucene artifacts are also available in the Maven2 repository at
http://repo1.maven.org/maven2/org/apache/lucene/

[FROM EDITOR] TWITTER - TheASF

If you want to catch up with the official products announcements (OFFICIAL PRODUCTS do not include Release Candidates, Beta versions, alpha versions, incubated-ones.) of the products from the Apache Software Foundation,

Following

http://twitter.com/TheASF

would be one of the best alternative ways.

Hope your wonderful networking life!

----

P.S.

TO @APACHE.ORG COMMITTERS, PMC Folks:

Release Candidates, Beta versions, alpha versions, incubated-ones -- if you want to spread the annoucements of such products, use announce@apachenews.org, not announce@apache.org.
ByLaws mentions that such products should not be recommended to use in the ASF and ASF can not take responsibilities in legally speaking on the happenings derived from such products. -- so, use annouce@apachenews.org. Apache News Online was originally intended to gather trivial but meaningful information related the Apache Software Foundation. -- Unaffiliated by the ASF

[FROM EDITOR] TWITTER - INFRABOT

ASF Infrastructure Issue: would you like to follow?

http://twitter.com/infrabot