The Apache Software Foundation Board of Directors Meeting Minutes February 16, 2022 1. Call to order The meeting was scheduled for 22:00 UTC and began at 22:02 when a sufficient attendance to constitute a quorum was recognized by the chair. Other Time Zones: https://timeanddate.com/s/42f1 The meeting was held via teleconference, hosted by the Secretary via Zoom. The #asfboard channel on the-asf.slack.com was used for backup. 2. Roll Call Directors Present: Bertrand Delacretaz Roy T. Fielding Sharan Foga Justin Mclean Sam Ruby Craig L Russell Roman Shaposhnik Sander Striker Sheng Wu Directors Absent: none Executive Officers Present: Mark Cox Craig McClanahan David Nalley - joined 4:15 Matt Sicker Ruth Suehle Executive Officers Absent: none Guests: Daniel Gruno Dave Fisher Greg Stein Joe Brockmeier - joined 4:09 Myrle Krantz - joined 4:10 Sally Khudairi Shane Curcuru Willem Ning Jiang 3. Minutes from previous meetings Published minutes can be found at: http://www.apache.org/foundation/board/calendar.html A. The meeting of January 19, 2022 See: board_minutes_2022_01_19.txt Approved by General Consent. 4. Executive Officer Reports A. Board Chair [Sander] This turns out to be a busy period of the month. We are having our anual members meeting in 2 weeks, which I'm preparing for. I'd like to thank our President, David Nalley, for representing us at the US Senate Committee for Homeland Security & Governmental Affairs hearing "Responding to and Learning from the Log4Shell Vulnerability". B. President [David] This has been an extraordinarily busy month. Mark Cox, Mark Thomas, Joe Brockmeier, and Sam Ruby followed on last months White House meeting around software supply chain and then worked to help respond to the Log4j inquiry from the US Senate's Homeland Security and Governmental Affairs Committee. There was an impressive amount of time invested by those folks in helping craft our message for both the audience and understanding level. In particular, Sam Ruby invested massive amounts of time, and helped meet with Senate staffers on a number of occasions. The hearing ran approximately 90 minutes, but the prep, and pre-hearing briefings ran into the scores of hours. The video of the hearing can be found here: https://www.hsgac.senate.gov/templates/watch.cfm?id=4E30CE08-5056-A066-6025-5E1A1E9EC6F3 Ruth has also helped tremendously by picking up all of the "normal" operations work so that I could focus on the public response to Log4j. Additionally, please see Attachments 1 through 8. C. Treasurer [Craig McClanahan] January marks a transition at the Treasurer position, from Myrle Krantz to Craig McClanahan. Myrle remains as Assistant Treasurer, for which I am very grateful. I'm standing on the shoulders of giants after all that she has accomplished. We also experienced a transition of our primary accounting contact at IgniteSpot (our accounting firm). Our former primary contact chose to leave them, and we have engaged with our new primary contact there, and things are going well. Regarding general financial activities, we are moving forward with several tasks that are not yet complete: * Closing our accounts at Boston Private (as soon as our final CDARS investments mature in February). Funds will be transferred to our TD Bank account. * Closing our account at Citizen's Bank. Funds will be transferred to our TD Bank account. * Funding of the Operating Reserve investment account, per the Investment Policy Statement approved by the Board. As a terminology note, our investment advisor for the Operating Reserve account will be referred to as TD Wealth, to distinguish it from TD Bank that is our bank account. D. Secretary [Matt] In January, the secretary received 43 ICLAs and 2 CCLAs. E. Executive Vice President [Ruth] Highlights generally covered elsewhere. Before proceeding with ACNA plans, I checked in with all of last year's sponsors to see if they're budgeting and planning for in-person events, and all but one replied enthusiastically that they're ready to go. Budgets are coming together for FY23. F. Vice Chair [Shane] Assist Chair with testing data files for upcoming Member's meeting. Executive officer reports approved as submitted by General Consent. 5. Additional Officer Reports A. VP of W3C Relations [Andy Seaborne / Justin] See Attachment 9 B. Apache Legal Affairs Committee [Roman Shaposhnik] See Attachment 10 C. Apache Security Team Project [Mark J. Cox / Sander] See Attachment 11 D. VP of Jakarta EE Relations [Rob Tompkins / Craig] No report was submitted. Additional officer reports approved as submitted by General Consent. 6. Committee Reports Summary of Reports The following reports required further discussion: # Security Team [striker] A. Apache Ant Project [Jan Materne / Roy] See Attachment A B. Apache Bloodhound Project [Gary Martin / Sander] No report was submitted. C. Apache BookKeeper Project [Sijie Guo / Sam] No report was submitted. D. Apache Brooklyn Project [Geoff Macartney / Bertrand] See Attachment D E. Apache Buildr Project [Antoine Toulme / Sheng] See Attachment E F. Apache Cassandra Project [Nate McCall / Roman] See Attachment F G. Apache Celix Project [Pepijn Noltes / Sharan] See Attachment G H. Apache Clerezza Project [Hasan Hasan / Sam] See Attachment H I. Apache Cocoon Project [Cédric Damioli / Sharan] See Attachment I J. Apache Community Development Project [Swapnil Mane / Sander] See Attachment J K. Apache CouchDB Project [Jan Lehnardt / Bertrand] See Attachment K L. Apache Creadur Project [Philipp Ottlinger / Sheng] See Attachment L M. Apache DataSketches Project [Lee Rhodes / Roy] See Attachment M N. Apache DeltaSpike Project [Mark Struberg / Justin] No report was submitted. O. Apache Drill Project [Charles Givre / Craig] See Attachment O P. Apache Druid Project [Gian Merlino / Roman] See Attachment P Q. Apache Empire-db Project [Rainer Döbele / Bertrand] See Attachment Q R. Apache Flume Project [Balázs Donát Bessenyei / Roman] See Attachment R S. Apache FreeMarker Project [Dániel Dékány / Sheng] See Attachment S T. Apache Geode Project [Dan Smith / Justin] See Attachment T U. Apache Giraph Project [Dionysios Logothetis / Sharan] See Attachment U V. Apache Gora Project [Kevin Ratnasekera / Roy] See Attachment V W. Apache Groovy Project [Paul King / Sam] See Attachment W X. Apache Hop Project [Hans Van Akelyen / Craig] See Attachment X Y. Apache HTTP Server Project [Joe Orton / Sander] See Attachment Y Z. Apache HttpComponents Project [Michael Osipov / Roman] See Attachment Z AA. Apache Ignite Project [Dmitry Pavlov / Justin] No report was submitted. AB. Apache Impala Project [Jim Apple / Sander] See Attachment AB AC. Apache Incubator Project [Justin Mclean] No report was submitted. AD. Apache jUDDI Project [Alex O'Ree / Craig] See Attachment AD AE. Apache Juneau Project [James Bognar / Sam] See Attachment AE AF. Apache Kafka Project [Jun Rao / Sharan] See Attachment AF AG. Apache Kibble Project [Sharan Foga] See Attachment AG AH. Apache Knox Project [Larry McCay / Bertrand] See Attachment AH AI. Apache Kylin Project [Shao Feng Shi / Roy] See Attachment AI AJ. Apache Libcloud Project [Tomaž Muraus / Sheng] See Attachment AJ AK. Apache Logging Services Project [Ron Grabowski / Sam] See Attachment AK AL. Apache ManifoldCF Project [Karl Wright / Roy] See Attachment AL AM. Apache OODT Project [Imesha Sudasingha / Sharan] See Attachment AM AN. Apache Oozie Project [Dénes Bodó / Craig] See Attachment AN AO. Apache OpenJPA Project [Mark Struberg / Bertrand] No report was submitted. AP. Apache OpenWhisk Project [Dave Grove / Sheng] See Attachment AP AQ. Apache Ozone Project [Sammi Chen / Sander] No report was submitted. AR. Apache Perl Project [Steve Hay / Justin] See Attachment AR AS. Apache Phoenix Project [Ankit Singhal / Roman] See Attachment AS AT. Apache Pinot Project [Kishore G / Sam] See Attachment AT AU. Apache Pivot Project [Roger Lee Whitcomb / Roman] See Attachment AU AV. Apache POI Project [Dominik Stadler / Bertrand] See Attachment AV AW. Apache Qpid Project [Robbie Gemmell / Sharan] No report was submitted. AX. Apache Ranger Project [Selvamohan Neethiraj / Sheng] See Attachment AX AY. Apache REEF Project [Sergiy Matusevych / Craig] See Attachment AY AZ. Apache River Project [Roy T. Fielding] See Attachment AZ BA. Apache RocketMQ Project [Xiaorui Wang / Justin] See Attachment BA BB. Apache Roller Project [David M. Johnson / Roy] See Attachment BB BC. Apache Samza Project [Yi Pan / Sander] See Attachment BC BD. Apache Santuario Project [Colm O hEigeartaigh / Sheng] See Attachment BD BE. Apache Serf Project [Justin Erenkrantz / Roman] No report was submitted. BF. Apache ServiceComb Project [Willem Ning Jiang / Roy] See Attachment BF BG. Apache ShardingSphere Project [Liang Zhang / Craig] See Attachment BG BH. Apache SIS Project [Martin Desruisseaux / Justin] See Attachment BH BI. Apache Solr Project [Jan Høydahl / Bertrand] See Attachment BI BJ. Apache Spark Project [Matei Alexandru Zaharia / Sam] See Attachment BJ BK. Apache Subversion Project [Nathan Hartman / Sharan] See Attachment BK BL. Apache Superset Project [Maxime Beauchemin / Sander] See Attachment BL BM. Apache Syncope Project [Francesco Chicchiriccò / Sander] See Attachment BM BN. Apache SystemDS Project [Matthias Boehm / Sheng] See Attachment BN BO. Apache TomEE Project [David Blevins / Roman] No report was submitted. BP. Apache Traffic Control Project [Eric Friedrich / Craig] See Attachment BP BQ. Apache Turbine Project [Georg Kallidis / Sharan] See Attachment BQ BR. Apache Velocity Project [Nathan Bubna / Sam] See Attachment BR BS. Apache Whimsy Project [Shane Curcuru / Bertrand] See Attachment BS BT. Apache Xalan Project [Gary D. Gregory / Roy] See Attachment BT BU. Apache Xerces Project [Michael Glavassevich / Justin] See Attachment BU BV. Apache XML Graphics Project [Clay Leeds / Justin] See Attachment BV Committee reports approved as submitted by General Consent. 7. Special Orders A. Terminate the Apache Chemistry Project WHEREAS, the Project Management Committee of the Apache Chemistry project has chosen by vote to recommend moving the project to the Attic; and WHEREAS, the Board of Directors deems it no longer in the best interest of the Foundation to continue the Apache Chemistry project due to inactivity; NOW, THEREFORE, BE IT RESOLVED, that the Apache Chemistry project is hereby terminated; and be it further RESOLVED, that the Attic PMC be and hereby is tasked with oversight over the software developed by the Apache Chemistry Project; and be it further RESOLVED, that the office of "Vice President, Apache Chemistry" is hereby terminated; and be it further RESOLVED, that the Apache Chemistry PMC is hereby terminated. Special Order 7A, Terminate the Apache Chemistry Project, was approved by Unanimous Vote of the directors present. B. Change the Apache Lucene Project Chair WHEREAS, the Board of Directors heretofore appointed Michael Sokolov (sokolov) to the office of Vice President, Apache Lucene, and WHEREAS, the Board of Directors is in receipt of the resignation of Michael Sokolov from the office of Vice President, Apache Lucene, and WHEREAS, the Project Management Committee of the Apache Lucene project has chosen by vote to recommend Bruno Roustant (broustant) as the successor to the post; NOW, THEREFORE, BE IT RESOLVED, that Michael Sokolov is relieved and discharged from the duties and responsibilities of the office of Vice President, Apache Lucene, and BE IT FURTHER RESOLVED, that Bruno Roustant be and hereby is appointed to the office of Vice President, Apache Lucene, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Special Order 7B, Change the Apache Lucene Project Chair, was approved by Unanimous Vote of the directors present. C. Terminate the Apache River Project WHEREAS, the Project Management Committee of the Apache River project has chosen by vote to recommend moving the project to the Attic; and WHEREAS, the Board of Directors deems it no longer in the best interest of the Foundation to continue the Apache River project due to inactivity; NOW, THEREFORE, BE IT RESOLVED, that the Apache River project is hereby terminated; and be it further RESOLVED, that the Attic PMC be and hereby is tasked with oversight over the software developed by the Apache River Project; and be it further RESOLVED, that the office of "Vice President, Apache River" is hereby terminated; and be it further RESOLVED, that the Apache River PMC is hereby terminated. Special Order 7C, Terminate the Apache River Project, was approved by Unanimous Vote of the directors present. 8. Discussion Items A. Executive Session (22:30 UTC) Attendees: Directors, Secretary, Treasurer, President Topic: Discussing Treasurer's feedback The board spoke about institutional memory. No decisions were made at this time. 9. Review Outstanding Action Items * Justin: follow up on BT SIG [ Mynewt 2021-09-15 ] Status: Still in progress * Roman: reach out to ComDev about alternative communication channels for [ President 2021-10-20 ] Status: DONE: email thread started, will report back soon * Sander: follow up with PMCs about the role of the security team [ Security Team 2022-01-19 ] Status: Following up with Security Team * David: what do we do when SHTF? [ Project Support 2022-01-19 ] Status: 10. Unfinished Business 11. New Business 12. Announcements 13. Adjournment Adjourned at 22:28 UTC ============ ATTACHMENTS: ============ ----------------------------------------- Attachment 1: Report from the VP of Brand Management [Mark Thomas] Covering the period January 2022 * ISSUES FOR THE BOARD None. * OPERATIONS Responded to the following queries, liaising with projects as required: - provided advice to LOGGING regarding the use of the org.apache Java package name in forks - approved SEATUNNEL as a suitable name - approved YUNIKORN as a suitable name - provided advice regarding advertising for funding to work on ASF projects - provided advice for published article on LOG4J - responded to an external query regarding retaining the org.apache Java package name in a commercial fork * REGISTRATIONS Allowed registrations for BROOKLYN in class 38 and 42 in the EU and UK were allowed to lapse. We normally only register in class 9. Prompted the MAVEN PMC to consider requesting registration for MAVEN. Worked with counsel to arrange for the renewal of our HADOOP mark. Provided advice to DORIS on how to transfer marks to the ASF. * INFRINGEMENTS The KAFKA PMC continues to work to resolve a number of infringements that were reported previously. Supported CASSANDRA as they handled some minor issues on an external website. Responded to an enquiry regarding potential impersonation of CLOUDSTACK. ----------------------------------------- Attachment 2: Report from the VP of Fundraising [Bob Paulin] 1) ASF Sponsors: we enter 2022 with more than $1.6M in sponsorships closed. We continue our sponsorship activities, including securing new sponsors as well as renewals. Our open invoices include 3 Platinum, 2 Gold, 3 Silver, and 5 Bronze renewals, as well as 1 new Gold and 1 new Bronze Sponsors. We welcomed one new Platinum and one Bronze Sponsor. One Gold Sponsor has chosen not to renew for the 2022 sponsorship year. We received payment from two Platinum, two Gold, one Silver, and one Bronze Sponsors. 2) Targeted Sponsors: we have tightened our processes in response to an increase in the number of organizations seeking to contribute cash and/or services to benefit specific Apache Projects at an outlier level (outside of existing sponsorship tiers or accepted methods). 3) Sponsor Relations: in addition to our standard outreach, we sent New Year greetings to all ASF and Targeted Sponsors. We responded to a Sponsor query regarding the Log4j vulnerability and are working with Marketing & Publicity on a press release for a new sponsor at the Platinum level. We also onboarded/oriented four new Sponsor points-of-contact. 4) Event Sponsorship: an ApacheCon sponsorship remains outstanding since September. 5) Individual Donations and Corporate Giving: we received $1.78K in individual donations in January. 6) Administrivia: we continue to tidy up cross-department workflow/tasks involving the Treasury and Accounting teams. ----------------------------------------- Attachment 3: Report from the VP of Marketing and Publicity [Joe Brockmeier] == Overview Log4j activities continued from last month. Assisted in preparing some materials for the Senate hearing, but fielded far fewer press requests and such since the last board report. We have received a few more requests, and continue to forward those to the PMC and Security as appropriate. Also helped review contract for DEI work where the work touches M&P to ensure we're not promising any publicity we're not comfortable with. Reviewed & responded to a few questions from vendors about releases. == Budget Have submitted a provisional budget. Looks like we were billed for one press release from January via GlobalNewswire. == PMC Communication -- - Worked closely with Apache Hop and Logging Services with day-to-day media response. == Published Published: these items were published on blogs.apache.org: - Apache in 2021 - By The Digits https://s.apache.org/pzc19 - Apache Software Foundation Security Report: 2021 https://s.apache.org/e6fvv - Apache Software Foundation statement on White House Open Source Security Summit https://s.apache.org/gul5c - The Apache Software Foundation Announces Open Source data orchestration platform Apache® Hop™ as a Top-Level Project https://s.apache.org/mmtuz - Apache Month in Review: December 2021 https://s.apache.org/77zvz Press Releases: the following press release was issued on the newswire service - The Apache Software Foundation Announces Open Source data orchestration platform Apache® Hop™ as a Top-Level Project https://s.apache.org/iwift Informal Announcements: we published nine items on the ASF "Foundation" Blog, including five Apache News Round-ups and one monthly overview, totalling 422 news summaries published to date. We tweeted 15 items to 63.1K followers on Twitter, and posted 15 items to 57K followers and generated 853.24K post impressions on LinkedIn. The ASF’s YouTube channel had 17.5K views, and 11.4K subscribers. == Future Announcements: The Q1 and Q2 FY2022 Reports are behind schedule due to missing submitted reports. We will be publishing a press release welcoming a new Platinum Sponsor. == Media Relations: We responded to 14 media queries and continued to provide rapid response crisis communications services for the first three weeks of the month. == Analyst Relations: We responded to one analyst query during this timeframe. Apache was mentioned in a total of 25 reports by Gartner, Forrester, 451 Research, and IDC. Extra Liaison with ASF Executive Spokespeople -- - Coordinated on publishing statements on ASF’s Security position and process == Coordination with ASF Fundraising -- - Advised on promoting Targeted Sponsorship benefits [1] https://s.apache.org/o2dhu ----------------------------------------- Attachment 4: Report from the VP of Infrastructure [David Nalley] General ======= Infrastructure is operating as expected, and has no current issues requiring escalation to the President or the Board. Highlights ========== - Turned off two of our oldest machines: minotaur, and baldr (CMS). These machines chugged away for us, for over a decade. They will be missed. Not really. Finances ======== - A budget has been prepared for FY23, and presented to the President and EVP for presentation to the (new) Board in March. Small refinements are expected when January "actuals" are received. Short Term Priorities ===================== - Spin up "mailgw" ... the mail gateway, to replace the ancient "hermes" machine that routes all the Foundation's email. - Turn off Puppet v3, and decomm our last physical box. Long Range Priorities ===================== - Gitbox v2 is finally "on deck" - Quite long range: the new agenda tool General Activity ================ - Exploring Atlassian Crowd as our password change tooling. - Work has begun on a new Board Agenda tool. - Lots of buildbot work: migration to v3.2 and Windows nodes. - Initial deployment of Jenkins nodes for Apache HBase, using the targeted donation they received. - For spam management reasons, we are testing Apache "inboxes" rather than forwarding. - Word policing: p3 repository: 300+ verboten words removed over 5 years; p6 repository: 225 removed over 2 years; website: from 31 to 13 over the past two years. - Cleaned out Rackspace, as they no longer offer a complementary allocation for F/OSS organizations. - Much work on the backup server. - Atlassian CLI upgrades to improve selfserve. - Finalizing testing plan for moving to mailgw, and decomm of hermes. - mbox-vm has been upgraded/migrated. - Created prototype webapp to help manage ezmlm moderation requests, and managing the set of list moderators. This should obsolete a class of Infra Jira tickets. - More project VM migrations to deal with old Ubuntu and Puppet. ----------------------------------------- Attachment 5: Report from the VP of Conferences [Rich Bowen] We are in discussions to put on an ApacheCon in Moscow, in June or thereabouts. This will be run by a local company, and chaired by Roman Shaposhnik, who is currently living in the area. More details will be discussed on the planners@apachecon.com mailing list as they become available. We have started discussions and tentative plans for ApacheCon North America, in the September/October timeframe. This is still very cautious and tentative, as there are still many unknowns. We hope to have more detail by next month's report. A team is working on an ApacheCon event in Asia, and we expect to have a formal proposal for approval by the next board meeting. Other events in flight include Pulsar Summit (Pulsar Summit Global: May 25-26 and Pulsar Summit Asia: Nov 19-20) and Ignite Summit (June 14, 2022). ----------------------------------------- Attachment 6: Report from the Apache Travel Assistance Committee [Gavin McDonald] Current Events ============== No current events Future Events ============= None Currently Short/Medium Term Priorities ===================== In person events are starting to pop up and TAC is keeping an eye out for suitable events. Still to be discussed are additional questions that could/should be added around Covid Passports etc. Budget ====== Budget has been discussed; and should be in the GSheet shortly. Mailing List Activity ===================== None Membership ========== No changes to the membership this month. ----------------------------------------- Attachment 7: Report from the VP of Diversity and Inclusion [Katia Rojas] ## Description: - The Diversity and Inclusion VP works in collaboration with a team that contributes towards generating a current description of the D&I landscape in the industry and for the foundation. The team also focuses on developing resources the projects can leverage to increase diversity and inclusion in their communities. ## Issues: ## Activity: *** Project: Internships for underrepresented groups (Outreachy) *** We entered week 11 of the round "December 2021 to March 2022" [1]. We will finalize the current round in 3 weeks. New round: "May to August 2022" is opened [2]. We worked with marketing and publicity, sponsor relations, and fundraising on the message to call for mentors and for sponsors. After the final approval, Sally will share the messages via the corresponding MLs. Thank you so much, Bob Paulin, Joe Brockmeier, Sally Khudairi for your active contribution in designing these communications. We should receive at least one sponsorship before February 25, 2022, at 4pm UTC, to be able to participate in the program. If you are interested in the program, check out your inbox; you should receive an email soon. You can start with this page [3]. *** Project: User Experience Research on new contributors *** We had extensive discussions about the Bitergia-contract with marketing and publicity, legal, and fundraising. I sent the final version of the contract, including the recommended changes, to the rest of the team for their approval. Once it is approved it will be signed and sent to Bitergia. Content of the project: The Apache Software Foundation (ASF) will program manage and analyze the status of Diversity & Inclusion within the Foundation and its community of users, members, and committers. The two main tasks are to (i) re-run the contributor survey with minor changes, and (ii) implement an improvement and learn from it using scientific methods. The project plan has been started. *** Project: EDI Website No updates - no volunteers [4] *** Operations no updates. ## Committee members changes: No new members. ## References [1] https://www.outreachy.org/outreachy-december-2021-internship-round/ [2] https://www.outreachy.org/blog/2022-01-10/may-2022-call-for-mentoring-communities/ [3] https://www.outreachy.org/sponsor/ [4] https://issues.apache.org/jira/browse/DI-11 ----------------------------------------- Attachment 8: Report from the VP of Data Privacy [Christian Grobmeier] We have installed Matomo (Google Analytics replacement) on a Privacy maintained VM. Two projects are currently trying out if the software is meeting our requirements (Apache Flink and Apache Shiro). Once we learn more about the system, VP Privacy will send out a first email informing the projects about the upcoming changes to privacy (and asking for feedback). On another note we have received many privacy complaints from users who used the Mine software (saymine.com). This software analyses emails and makes assumption on unused "accounts". Because some users received emails from our email lists, Mine recommended to contact us. These emails mentioned there "is proof". I have looked into Mine and tried the "free account". All emails I found where "false positives" and it looked like people unsubscribed at some point. I contacted Mine so they don't recommend sending us further emails; outcome is still open. Another request to sign a DPA with Warner Bros was rejected; the law firm contacting us where searching for "Apache Solutions Ltd". Apart from that only routine work was done. ----------------------------------------- Attachment 9: Report from the VP of W3C Relations [Andy Seaborne] W3C are considering relicensing many W3C Recommendations using the W3C Software and Document License [1]. This is already the default license for work since about 2015. Many older recommendations are under versions of the non-permissive W3C Document License [2]. [1] https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document [2] https://www.w3.org/Consortium/Legal/2015/doc-license ----------------------------------------- Attachment 10: Report from the Apache Legal Affairs Committee [Roman Shaposhnik] Past month has been pretty calm. Committee members took good care of resolving most issues on time. After resolving a handful of LEGAL issues, we are slightly up to 20 from 17 outstanding issues compared to last month. Committee worked on helping prepare a set of responses to various US government officials and agencies regarding log4j security vulnerability. We have established a formal relationship with Gwyn Firth Murray Matau Legal Group and now have an extra resource to go to in case we need a formal legal opinion or help. We followed a standard ASF engagement model: our contract includes a certain number of pro-bono hours and we have negotiated a very reasonable rate on top of that. We reviewed an SOW agreement from a vendor providing us with D&I services. ----------------------------------------- Attachment 11: Report from the Apache Security Team Project [Mark J. Cox] Continued work on incoming security issues, keeping projects reminded of outstanding issues, and general oversight and advice. The workload remains high as we work through the larger number of issues reported during December-January. We were invited, and attended, a forum to discuss open source software security with the NSC at the White House in January 2022. A summary was posted after the meeting to our public security-discuss@community.apache.org list https://lists.apache.org/thread/7bs1k791b5f0j4vzf0h6lwnv8doyjzck We have been invited to a Senate hearing around log4j. Please see the Presidents remarks for more information. Stats for Jan 2022: 36 [license confusion] 52 [support request/question not security notification] Security reports: 71 (last months: 83, 44, 36) 6 [site], [logging] 4 [pinot] 3 [httpd], [ofbiz], [shiro] 2 [activemq], [airflow], [commons], [jspwiki], [pulsar], [shardingsphere], [solr], [zeppelin] 1 [apisix], [camel], [chemistry], [dolphinscheduler], [doris], [drill], [druid], [dubbo], [felix], [flume], [geode], [hadoop], [infrastructure], [james], [jmeter], [kafka], [karaf], [kylin], [maven], ["multiple"], [openoffice], [rocketmq], [shenyu], [spark], [systemds], [tika], [tomcat], [trafficcontrol], [trafficserver], [xmlgraphics] In total, as of 1st Feb 2022, we're tracking 83 (last month: 107) open issues across 46 projects, median age 55 (last month: 62) days. 47 of those issues have CVE names assigned. 4 (last month: 5, although 1 of them is different) of these issues, across 4 projects, are older than 365 days. ----------------------------------------- Attachment 12: Report from the VP of Jakarta EE Relations [Rob Tompkins] ----------------------------------------- Attachment A: Report from the Apache Ant Project [Jan Materne] ## Description: The mission of Apache Ant is the creation and maintenance of the Ant build system and related software components. It consists of 3 main projects: - Ant - core and libraries (AntLibs) - Ivy - Ant based dependency manager - IvyDE - Eclipse plugin to integrate Ivy into Eclipse Additionally Ant provides several extensions to Ant (antlibs). ## Issues: There are no issues requiring board attention at this time. ## Membership Data: Apache Ant was founded 2002-11-18 (19 years ago) There are currently 29 committers and 22 PMC members in this project. The Committer-to-PMC ratio is roughly 4:3. Community changes, past quarter: - No new PMC members. Last addition was Magesh Umasankar on 2018-07-06. - No new committers. Last addition was Jaikiran Pai on 2017-06-14. ## Project Activity: Recent releases: Ant 1.10.12 was released on 2021-10-19 Ant 1.9.16 was released on 2021-07-13. AntUnit 1.4.1 was released on 2021-07-07. Ivy 2.5.0 was released on 2019-10-24. Log4Shell was a topic for us too - but we had only to answer that Ant wasn't infected. Ant 1.10.12 helps project building on Java18 and Java19 - even if there are bugs reported. ## Community Health: For Ant we feel healthy enough to apply patches, and get a release done. But basically we are in "maintenance mode". There isn't much development. For IvyDE we lack the knowledge of building Eclipse plugins on actual Eclipse versions. We hope to get the build running again so we could update that. As most projects moved to Maven or Gradle, the interest in Ant is decreased and also the will to contribute. Ant is still used in several places, as this "swiss army knife" is a sharp one in some areas. But to sum up: we don't expect to get ----------------------------------------- Attachment B: Report from the Apache Bloodhound Project [Gary Martin] ----------------------------------------- Attachment C: Report from the Apache BookKeeper Project [Sijie Guo] ----------------------------------------- Attachment D: Report from the Apache Brooklyn Project [Geoff Macartney] ## Description: The mission of Apache Brooklyn is the creation and maintenance of software related to a software framework for modeling, monitoring and managing cloud applications through autonomic blueprints. ## Issues: - There are no issues requiring board attention at this time. ## Membership Data: Apache Brooklyn was founded 2015-11-18 (6 years ago) There are currently 19 committers and 19 PMC members in this project. The Committer-to-PMC ratio is 1:1. Community changes, past quarter: - No new PMC members. Last addition was Iuliana Cosmina on 2021-06-04. - No new committers. Last addition was Iuliana Cosmina on 2020-07-03. ## Project Activity: - The last major Brooklyn release was 1.0.0, released on 3rd March 2020. - We made various updates in response to the recent Log4j and other vulnerabilities and hope to make a new release of Brooklyn soon. - There is a steady turnover of commits to the project. The past quarter was actually quite a busy one for the project. ## Community Health: - Discussions about issues and directions for the project continue on the mailing lists. - We are actively considering new committers and I expect to send out a VOTE request to the committee soon proposing an invitation. ----------------------------------------- Attachment E: Report from the Apache Buildr Project [Antoine Toulme] ## Description: Apache Buildr is a build system for Java-based applications, including support for Scala, Groovy and a growing number of JVM languages and tools. We wanted something that’s simple and intuitive to use, so we only need to tell it what to do, and it takes care of the rest. But also something we can easily extend for those one-off tasks, with a language that’s a joy to use. And of course, we wanted it to be fast, reliable and have outstanding dependency management. ## Issues: - There are no issues requiring board attention at this time. ## Activity: - We have released 1.5.8 in July 2019. We haven't had any activity since. This report is essentially the same as what we filed for a while now. ## Health report: - We still have a small PMC presence of 3 active members still able to vote releases. ## PMC changes: - Currently 7 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Peter Donald on Tue Oct 15 2013 ## Committer base changes: - Currently 10 committers. - Olle Jonsson was added as a committer on Wed Dec 12 2018 ## Releases: - Last release was 1.5.8 on July 14th 2019 ----------------------------------------- Attachment F: Report from the Apache Cassandra Project [Nate McCall] ## Description: Apache Cassandra software is a highly scalable second-generation distributed database. ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Cassandra was founded 2010-02-17 (12 years ago) There are currently 66 committers and 36 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Dinesh Joshi on 2021-05-20. - No new committers. Last addition was Sumanth Pasupuleti on 2021-10-27. ## Project Activity: There has been no releases this quarter. Most activity and community focus has been on trunk development which will not see a release until May. Patch releases 4.0.2 and 3.11.12 are quite probable in the near term. A lot of effort is still going into CI and establishing a Stable Trunk development approach. The introduction of https://butler.cassandra.apache.org/ and a rotating build lead role is helping to correlate CI results to trends and to jira tickets. ## Community Health: Community health is strong. Extra effort has been put into regular website content and blogs, and to the twitter account. The twitter account @cassandra is aiming to post twice a day. A quick sample survey showed >20% of our users have upgraded to 4.0 Cassandra project status updates are emailed regularly to dev@, these are worth reading for a more detailed view on current state of affairs in the project. https://lists.apache.org/list?dev@cassandra.apache.org:lte=2y:%22Cassandra%20project%22%20%22status%20update%22 ----------------------------------------- Attachment G: Report from the Apache Celix Project [Pepijn Noltes] ## Description: The mission of Celix is the creation and maintenance of software related to Implementation of the OSGi specification adapted to C and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Celix was founded 2014-07-16 (8 years ago) There are currently 15 committers and 9 PMC members in this project. The Committer-to-PMC ratio is 5:3. Community changes, past quarter: - No new PMC members. Last addition was Erjan Altena on 2018-06-25. - No new committers. Last addition was Rick Stegeman on 2021-09-25. ## Project Activity: - Many small as some bigger stability improvements - The header-only C++ api was updated to support C++17. This change was needed before a new release could be made to prevent future backwards incompatible updates. ## Community Health: Community activity for the last quarter is overall normal, we did see some increase in small commits from new people. ----------------------------------------- Attachment H: Report from the Apache Clerezza Project [Hasan Hasan] ## Description: Apache Clerezza models the RDF abstract syntax in Java and provides supports for serializing, parsing, managing and querying triple collections (graphs). Apache Clerezza modules aim at supporting the development of Semantic Web applications and services. ## Issues: There are no issues requiring board attention at this time. ## Membership Data: Apache Clerezza was founded 2013-02-20 (9 years ago) There are currently 16 committers and 10 PMC members in this project. The Committer-to-PMC ratio is roughly 8:5. Community changes, past quarter: - No new PMC members. Last addition was Furkan Kamaci on 2018-12-27. - No new committers. Last addition was Furkan Kamaci on 2018-12-27. ## Project Activity: The PMC has voted to move Apache Clerezza to the Attic. Hasan is going to initiate that according to the standard procedure in the next quarter after cleaning up the project. Hasan finished the work to upgrade Apache Clerezza to use JUnit 5. The latest release was created on October 22, 2020. There would not be any new release before moving the project to the Attic, although there are commits done in the master branch. ## Community Health: The health of the community has reached the lowest status. It is obvious that the very low activity of the community is the main problem that has triggered the move of this project to the Attic. ----------------------------------------- Attachment I: Report from the Apache Cocoon Project [Cédric Damioli] ## Description: The mission of Cocoon is the creation and maintenance of software related to Web development framework: separation of concerns, component-based ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Cocoon was founded 2003-01-22 (19 years ago) There are currently 79 committers and 32 PMC members in this project. The Committer-to-PMC ratio is roughly 5:2. Community changes, past quarter: - No new PMC members. Last addition was Javier Puerto on 2012-07-06. - No new committers were added. ## Project Activity: 2.1.13 was released on 2020-07-29 2.1.12 was released on 2013-03-14 ## Community Health: There was a XXE security hole reported in January that the PMC decided to actually not consider as an issue. The reporter has yet to be answered. ----------------------------------------- Attachment J: Report from the Apache Community Development Project [Swapnil Mane] ## Description: The mission of Community Development is the creation and maintenance of software related to Resources to help people become involved with Apache projects ## Issues: There are no issues requiring board attention at this time. ## Membership Data: Apache Community Development was founded 2009-11-01 (12 years ago) There are currently 41 committers and 35 PMC members in this project. The Committer-to-PMC ratio is roughly 6:5. Community changes, past quarter: - No new PMC members. Last addition was Ted Liu on 2021-10-18. - No new committers. Last addition was Ted Liu on 2021-10-18. ## Project Activity: ALC We established the ALC Shenzhen (China), and Shenzhen team has had 4 meetings so far to discuss how to spread awareness of ASF in the region and how they can better help the incubating projects in an efficient way. GSoC We started getting a good amount of enquiries from the students for GSoC 2022. Our experience with GSoC has been great so far; we will apply again this year as a mentoring organization for GSoC 2022. Other Logging Services PMC was approached by Tidelift offering to provide monetary support either to the project or individual committers. We had a good discussion on it and community shared some good pointers and options available to proceed with it [1]. Also, we got a proposal to add release requirements check in the reporter tool. Good thoughts have been exchanged on this with the existing available options and on improving the existing tools [2]. ## Community Health: Our dev mailing list had slightly reduced traffic as compared to the past quarter (178 emails compared to 213 in the past quarter) because two of our major events, ApacheCon and GSoC were concluded in the past to past quarter, so we didn't have much discussion around these topics in the past quarter. The new mailing list 'security-discuss@community.apache.org' (established in September 2021) also had good traction in this quarter (46 emails). [1] https://s.apache.org/sqs8s [2] https://s.apache.org/klxch ----------------------------------------- Attachment K: Report from the Apache CouchDB Project [Jan Lehnardt] ## Description: Apache CouchDB software is a document-oriented database that can be queried and indexed in a MapReduce fashion using JavaScript. CouchDB also offers incremental replication with bi-directional conflict detection and resolution. ## Issues: There are no issues requiring board attention. ## Membership Data: Apache CouchDB was founded 2008-11-19 (13 years ago) There are currently 68 committers and 16 PMC members in this project. The Committer-to-PMC ratio is roughly 9:2. Community changes, past quarter: - No new PMC members. Last addition was Jonathan Hall on 2020-02-12. - No new committers. Last addition was Balázs Donát Bessenyei on 2021-01-14. ## Project Activity: - major feature and bugfix work has continued at a regular pace - a new release is on the horizon ## Community Health: - we started attracting a few new contributors to the project who have contributed across the board from big bug fixes, new feature proposals to packaging and release support. ----------------------------------------- Attachment L: Report from the Apache Creadur Project [Philipp Ottlinger] ## Description: The mission of Creadur is the creation and maintenance of software related to Comprehension and auditing of software distributions ## Issues: No issues that require any board attention. ## Membership Data: Apache Creadur was founded 2012-04-18 (10 years ago) There are currently 11 committers and 10 PMC members in this project. The Committer-to-PMC ratio is roughly 6:5. Community changes, past quarter: - No new PMC members. Last addition was Karl Heinz Marbaise on 2016-08-30. - No new committers. Last addition was Karl Heinz Marbaise on 2016-08-30. ## Project Activity: Recent releases: - Apache Rat 0.13 was released on 2018-10-13. - Apache Rat 0.12 was released on 2016-06-09. - 0.11 was released on 2014-08-21. We are planning to release RAT 0.14, but due to lack of time no release date is scheduled yet. ## Community Health: There's interest in a new release of RAT, but no schedule yet. Due to the fact that a release has not been performed for some time now I asked the community for a second pair of eyes as there were so many infrastructure changes after 0.13. Apart from that other Creadur subprojects have been updated in order to fix CVEs in dependencies. - dev@creadur.apache.org had a 115% increase in traffic in the past quarter (196 emails compared to 91) - 10 issues opened in JIRA, past quarter (400% increase) - 9 issues closed in JIRA, past quarter (800% increase) - 98 commits in the past quarter (292% increase) - 3 code contributors in the past quarter (50% increase) - 44 PRs opened on GitHub, past quarter (175% increase) - 59 PRs closed on GitHub, past quarter (5800% increase) ----------------------------------------- Attachment M: Report from the Apache DataSketches Project [Lee Rhodes] ## Description: The mission of Apache DataSketches is the creation and maintenance of software related to an open source, high-performance library of streaming algorithms commonly called "sketches" in the data sciences. Sketches are small, stateful programs that process massive data as a stream and can provide approximate answers, with mathematical guarantees, to computationally difficult queries orders-of-magnitude faster than traditional, exact methods ## Issues: There are no issues requiring board attention at this time. ## Membership Data: Apache DataSketches was founded 2020-12-15 (a year ago) There are currently 15 committers and 13 PMC members in this project. The Committer-to-PMC ratio is roughly 8:7. Community changes, past quarter: - No new PMC members. Last addition was David Cromberge on 2021-09-22. - No new committers. Last addition was Charlie Dickens on 2020-12-18. ## Project Activity: Dec 2021: Released datasketches-cpp 3.3.0 Jan 2022: Released datasketches-java 3.1.0 Considerable work on synchronizing sketch behavior across C++ and Java. Added comprehensive modeling to check corner cases in set operations. This was inspired by a reported bug (datasketches-java issue #368). We subsequently created this comprehensive model to test for all possible combinations of such issues. All of this has now been released in datasketches-java 3.1.0 and -cpp 3.3.0. This is all documented on our website as well. Our research work is in the area of using sketches for differential privacy. We hope the paper will be published soon. ## Community Health: The DataSketches project is healthy. Most of our interactions with users are through GitHub or through Slack, both of which are easier to use and more interactive than the dev@ list. So the decrease in dev@ usage is understandable. But on the whole, the activity on the DataSketches project is growing. ----------------------------------------- Attachment N: Report from the Apache DeltaSpike Project [Mark Struberg] ----------------------------------------- Attachment O: Report from the Apache Drill Project [Charles Givre] ## Description: The mission of Drill is the creation and maintenance of software related to Schema-free SQL Query Engine for Apache Hadoop, NoSQL and Cloud Storage ## Issues: No blocking issues. ## Membership Data: Apache Drill was founded 2014-11-18 (7 years ago) There are currently 60 committers and 27 PMC members in this project. The Committer-to-PMC ratio is roughly 5:3. Community changes, past quarter: - James Turton was added to the PMC on 2022-01-23 - PJ Fanning was added as committer on 2022-01-19 ## Project Activity: The Drill team is preparing to release Drill 1.20. We released RC0 for Drill 1.20 on 5 February. One minor bug was found, so we will likely be putting out RC1 shortly. Drill 1.20 is significant in that in addition to new functionality and bug fixes the new version has backwards compatibility with Hadoop 2. This limitation meant that many organizations could not upgrade past Drill circa 1.17. Some highlights of Drill 1.20 are: * Storage plugin for Apache Phoenix * Format plugin for Apache Iceberg * Upgrade Parquet reader to Parquet v2 * Support for automatic de-pagination for REST plugin * Support for OAuth2.0 for REST queries * Refactoring pushdowns for Mongo much more... The Drill community has been holding monthly hangout meetings which James Turton has organized. We've been discussing building a Drill 2.0 and what that would entail. There are a few key themes of things which we should revise which would necessarily break some existing functionality. * 1.19.0 was released on 2021-06-10. * 1.18.0 was released on 2020-09-04. * 1.17.0 was released on 2019-12-26. ## Community Health: The Drill community is growing and I would say strong. As mentioned above there has been a good conversation for the last few months about Drill 2.0. * dev@drill.apache.org had a 80% increase in traffic in the past quarter (1147 emails compared to 635) * issues@drill.apache.org had a 79% increase in traffic in the past quarter (1033 emails compared to 576) * 83 issues opened in JIRA, past quarter (45% increase) * 82 issues closed in JIRA, past quarter (105% increase) * 135 commits in the past quarter (-18% change) * 21 code contributors in the past quarter (61% increase) * 76 PRs opened on GitHub, past quarter (10% increase) * 82 PRs closed on GitHub, past quarter (22% increase) * 13 issues opened on GitHub, past quarter (-40% change) * 10 issues closed on GitHub, past quarter (-16% change) * 342 members of Drill slack channel. ----------------------------------------- Attachment P: Report from the Apache Druid Project [Gian Merlino] ## Description Apache Druid is a high performance real-time analytics database. It is designed for workflows where low-latency query and ingest are the main requirements. It implements ingestion, storage, and querying subsystems. Users interface with Druid through built-in SQL and JSON APIs, as well as third-party applications. Druid has an extensive web of connections with other Apache projects: Calcite for SQL planning, Curator and ZooKeeper for coordination, Kafka and Hadoop as data sources, Avro, ORC, or Parquet as supported data input formats, and DataSketches for scalable approximate algorithms. Druid can also be used as a data source by Superset. ## Issues There are no issues requiring board attention at this time. ## Activity Our last major release was Druid 0.22.0, which contained 400 new features, bug fixes, performance enhancements, documentation improvements, and additional test coverage from 73 contributors. Before that release, we had hoped to sort out whether or not we need IP clearance for the Druid Helm chart. It was moved to the Apache Druid repo from the Helm Charts repo after the latter was deprecated: https://github.com/helm/charts#%EF%B8%8F-deprecation-and-archive-notice However, we were not able to complete this work, so we excluded the Helm chart from the 0.22.0 release. We hope to be able to sort this out for the next release. Since our last report, there have been 3 community meetups virtually via groups based in The Triangle (NC), Toronto and Sydney. Dev activity appears to be continuing to move from the dev list to GitHub. The busiest issues/PRs are receiving substantially more comments than the busiest dev list threads. We also noticed this pattern in our last report. On January 27 we set up a community Slack workspace at https://apachedruidworkspace.slack.com/. We decided to create this new workspace, instead of using our existing #druid channel on ASF Slack, because the official ASF Slack workspace requires an invitation from an existing member in order to join, which was hampering the ability of members of the public to join up. The new workspace currently has 150 members. ## Recent PMC changes - Currently 32 PMC members. - 1 new PMC member since the last report. - Most recently added PMC members: - Kashif Faraz (Jan 12, 2022) ## Recent committer changes - Currently 51 committers. - No new committers since the last report. - Most recently added committers: - Agustin Gonzalez Tuchmann (Oct 20, 2021) ## Recent releases - 0.22.0, a major release, on 2021-09-22. - 0.21.0, a major release, on 2021-04-26. - 0.20.2, a security patch release, on 2021-03-29. ## Development activity by the numbers In the last quarter: - 515 commits from 60 contributors - 566 pull requests opened - 482 pull requests merged/closed - 160 issues opened - 86 issues closed ----------------------------------------- Attachment Q: Report from the Apache Empire-db Project [Rainer Döbele] ## Description: Empire-db is an object orientated API for dealing with all aspects of storing, manipulating, retrieving and modelling data in relational database management systems. With an SQL centric, no-compromise approach Empire-db attempts to makes the full power of the database system available to applications. In contrast to object-relational-mapping it provides a easy, intuitive and string-free way to create SQL-statements of any complexity in order to query or manipulate data. ## Issues: There are no issues requiring the boards attention at this time. ## Membership Data: Apache Empire-db was founded 2012-01-24 (10 years ago) There are currently 9 committers and 9 PMC members in this project. The Committer-to-PMC ratio is 1:1. Community changes, past quarter: - No new PMC members. Last addition was Jan Glaubitz on 2016-07-10. - No new committers. Last addition was Jan Glaubitz on 2015-10-05. ## Project Activity: The previous quarter has been quite busy as we have completed and published out new release that we have prepared for several months. The release has been approved by our community with 6 votes of which 5 were binding. Even more important though, we have created a new branch for a complete API overhaul that is supposed to lead to a new major version 3.x. This is because over the years the API has suffered from various changes and has now some inconsistencies and irregularities which should be resolved. Also the source level should be raised to Java 8 to allow new features to be added (e.g. java.time). Work on this new version has already begun and will hopefully result in another release later this year. ## Releases empire-db-2.5.1 was released on 2022-01-22. ## Community Health: The community is still active. The increased activity is due to the completion of the current release 2.5.1 and work on the new branch for a complete API overhaul 3.x. 10 issues opened in JIRA, past quarter (150% increase) 21 issues closed in JIRA, past quarter (2000% increase) 118 commits in the past quarter (807% increase) ----------------------------------------- Attachment R: Report from the Apache Flume Project [Balázs Donát Bessenyei] ## Description: The mission of Flume is the creation and maintenance of software related to A reliable service for efficiently collecting, aggregating, and moving large amounts of log data ## Issues: There are no issues requiring board attention at this time. ## Membership Data: Apache Flume was founded 2012-06-20 (10 years ago) There are currently 32 committers and 24 PMC members in this project. The Committer-to-PMC ratio is 4:3. Community changes, past quarter: - No new PMC members. Last addition was Ferenc Szabo on 2019-01-28. - No new committers. Last addition was Tristan Stevens on 2020-01-07. ## Project Activity: The last release was on January 8, 2019, more than three years ago. A new one is being actively worked on. ## Community Health: The community shows low activity, but we still seem to have the necessary number of people around. ----------------------------------------- Attachment S: Report from the Apache FreeMarker Project [Dániel Dékány] ## Description: Apache FreeMarker is a template engine, i.e. a generic tool to generate text output based on templates. Apache FreeMarker is implemented in Java as a class library for programmers. FreeMarker 2 (the current stable line) produces releases since 2002. The FreeMarker project has joined the ASF in 2015, and graduated from the Incubator in early 2018. ## Issues: There are no issues requiring board attention at this time. ## Activity: Activity was low in recent months. ## Health report: Activity is low but steady, as is usual for this project. User questions (mostly on StackOverflow) and new Jira issues are being answered promptly. The short term goal is to develop the next micro version. The long term goal is continuing the ongoing development on the 3.0 branch, so that the project can innovate and the code base can become much cleaner and more attractive for new committers. ## PMC changes: - Currently 7 PMC members. - No changes since the graduation on 2018-03-21 ## Committer base changes: - Currently 8 committers. - Last added: Siegfried Goeschl on 2020-01-07 ## Releases: - 2.3.31 was released on 2021-02-16 ----------------------------------------- Attachment T: Report from the Apache Geode Project [Dan Smith] ## Description: The mission of Apache Geode is the creation and maintenance of software related to a data management platform that provides real-time, consistent access to data-intensive applications throughout widely distributed cloud architectures. ## Issues: There are no Board-level issues at this time. ## Membership Data: Apache Geode was founded 2016-11-15 (5 years ago) There are currently 115 committers and 54 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Donal Evans on 2021-03-22. - No new committers. Last addition was Alberto Bustamante on 2021-05-13. ## Project Activity: We issued 9 releases this quarter, all of which include an updated Log4j2 version to handle the remote code execution CVE. Apache Geode Kafka Connector 1.1.0 was also released this quarter. We have also started the effort to remove the use of deprecated componentsin the project. Recent Releases of Apache Geode: - 1.14.3 was released on 2022-01-25 - 1.13.7 was released on 2022-01-22 - 1.12.8 was released on 2022-01-13 - 1.12.7 was released on 2021-12-17 - 1.13.6 was released on 2021-12-17 - 1.14.2 was released on 2021-12-17 - 1.12.6 was released on 2021-12-11 - 1.13.5 was released on 2021-12-11 - 1.14.1 was released on 2021-12-11 Work on releasing 1.15.0 is progressing as planned. Apache Geode Kafka Connector 1.1.0 was released on 2022-01-18. ## Community Health: - Continuing our monthly video conferences. - Addition of Kafka Connector project to grow the community. - Mailing lists are seeing the usual amount of traffic involving discussions related to improving performance, operation protocols, etc. ----------------------------------------- Attachment U: Report from the Apache Giraph Project [Dionysios Logothetis] ## Description: The mission of Giraph is the creation and maintenance of software related to Iterative graph processing system built for high scalability ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Giraph was founded 2012-05-15 (10 years ago) There are currently 20 committers and 13 PMC members in this project. The Committer-to-PMC ratio is roughly 5:4. Community changes, past quarter: - No new PMC members. Last addition was Dionysios Logothetis on 2018-04-22. - No new committers. Last addition was Dionysios Logothetis on 2018-04-23. ## Project Activity: - Since the last report, there's only been a minor dependency upgrades ## Community Health: - Limited number of contributors that's mainly from Meta developers. At the same time, there's currently lack of resources to devote time in increasing community engagement. ----------------------------------------- Attachment V: Report from the Apache Gora Project [Kevin Ratnasekera] ## Description: - The Apache Gora open source framework provides an in-memory data model and persistence for big data. Gora supports persisting to column stores, key-value stores, document stores, distributed in-memory key-value stores, in-memory data grids, in-memory caches, distributed multi-model stores and hybrid in-memory architectures. Gora also enables analysis of data with extensive Apache Hadoop MapReduce, Apache Spark, Apache Flink, and Apache Pig support. ## Issues: - There are no issues requiring board attention at this time. ## Membership Data: Apache Gora was founded 2012-01-24 (10 years ago) There are currently 31 committers and 31 PMC members in this project. The Committer-to-PMC ratio is 1:1. Community changes, past quarter: - No new PMC members. Last addition was Lahiru Jayasekara on 2020-04-30. - No new committers. Last addition was Lahiru Jayasekara on 2020-04-28. ## Project Activity: - Except for several bug fixes, improvements while considering development work, it has been a fairly quiet quarter for us. - We are reaching the end of Outreachy project timeline, most probably this will be another successful project for us, we will explore the possibilities of expanding our committer capacity once these contributions are reviewed and merged. For past few years, Outreachy and GSoC programmes have been great opportunity for us to gain contributions and attract new community. ## Community Health: - We observed the usual traffic that we get on our mailing lists for the past quarter. So nothing significant compared to previous quarters. Once the contributions in Pull requests are reviewed and merged, we are planning to complete the next release which is pending from us for quite a while now. ----------------------------------------- Attachment W: Report from the Apache Groovy Project [Paul King] ## Description: Apache Groovy is responsible for the evolution and maintenance of the Groovy programming language ## Issues: No issues requiring board attention at this time. ## Membership Data: Apache Groovy was founded 2015-11-18 (6 years ago) There are currently 20 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 5:3. Community changes, past quarter: - No new PMC members. Last addition was Eric Milles on 2020-11-20. - No new committers. Last addition was Mikko Värri on 2020-06-03. ## Project Activity: Our main goal for this quarter was the release of Groovy 4.0. Groovy 4 includes a range of new features including switch expressions, sealed types, records, language integrated query and much more! All up there are about 800 new features, improvements and bug fixes since Groovy 3 which was released just under a year ago. Special thanks go to the 80+ contributors for this release and everyone involved in the Groovy community and broader ecosystem. We will continue to work with the community on any issues with Groovy 4 and any needed bug fixes for earlier Groovy versions. We have yet to give much attention to our roadmap for Groovy 5 but that will get some attention soon once activity around the recent Groovy 4 release has settled down and we complete some backporting of fixes to earlier versions and other housekeeping tasks which were stalled as we prepared for Groovy 4. Recent releases: 4.0.0 was released on 2022-01-28. 4.0.0-rc-2 was released on 2021-12-27. 4.0.0-rc-1 was released on 2021-11-30. 4.0.0-beta-2 was released on 2021-11-09. ## Community Health: Activity on the release has been strong as has mailing list activity. Jira issues and code contributions outside the release were a little quieter than normal. We hope general activity will pick up once we begin Groovy 5 roadmap discussions. This quarter on our main branch (which now corresponds to Groovy 5) of our core repo, 290 commits were contributed from 5 contributors including 2 non-committer contributors (2 new). (459 commits by 9 contributors across all branches/repos.) ----------------------------------------- Attachment X: Report from the Apache Hop Project [Hans Van Akelyen] ## Description: The mission of Apache Hop is the creation and maintenance of software related to a platform for data orchestration ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Hop was founded 2021-12-15 (2 months ago) There are currently 20 committers and 10 PMC members in this project. The Committer-to-PMC ratio is 2:1. Community changes, past quarter: - No new PMC members (project graduated recently). - Ray Chang was added as committer on 2022-01-24 ## Project Activity: Recent releases: 1.1.0 was released on 2022-01-24. - Working on release 1.2.0 - Working on release 2.0.0 (upgrade to java 11) ## Community Health: Since announcement of graduation we are receiving more external interest. We hope to onboard a couple extra committers form the pool of new contributors The community continues to grow on all social media platforms. Since previous report * chat: 282 (up from 256) * LinkedIn: 786 (up from 728) * Twitter: 634 (up from 578) * YouTube: 415 (up from 368) * Meetup: 217 (up from 215) ----------------------------------------- Attachment Y: Report from the Apache HTTP Server Project [Joe Orton] ## Description: The mission of HTTP Server is the creation and maintenance of software related to Apache Web Server (httpd) ## Issues: There are no issues requiring board attention. ## Membership Data: Apache HTTP Server was founded 1995-02-27 (27 years ago) There are currently 127 committers and 55 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Giovanni Bechis on 2021-06-11. - No new committers. ## Project Activity: After the frenetic release activity reported last time, this quarter was quieter. Development and maintenance of the 2.4.x branch continues in parallel with trunk. One release (2.4.52) was shipped in December rolling up bug and security fixes, plus a number of enhancements back-ported from trunk. Committers had just opened discussion of another 2.4.x release at time of writing this report. Of the major changes happening in trunk, "mod_tls" was committed, an alternative implementation of TLS/SSL support based on the Rustls TLS library (written in Rust). Some improvements to the event MPM are also in progress, with some changes moved temporarily to a Github PR after they tripped some failures in Travis. Last, but not least, is an overhaul of the integration of version 2 of the PCRE regex library and discussion around how to bring this to 2.4 (since version 1 is declared end-of-life upstream). ## Community Health: The level of dev@ mailing list activity remained healthy with most discussion this quarter around the release and trunk development activity covered above. The community continues to make good use of Github PRs, partly as a convenient way to trigger CI for work under development, but also for aggregating more complex backports from trunk to 2.4 for review. ----------------------------------------- Attachment Z: Report from the Apache HttpComponents Project [Michael Osipov] ## Description: - The Apache HttpComponents project is responsible for creating and maintaining a toolset of low-level Java components focused on HTTP and associated protocols. ## Issues: - There are no issues requiring board attention at this time. ## Project Activity: - Some work has occured on 4.x branches - 5.x lines gets full attention - Active feature developments happens on master (5.2.x) with Java 8 ## Community Health: - Overall the project remains active. Issues and dicussions are resolved in time. ## Membership Data: - No new PMC members. Last addition was Ryan Schmitt on 2019-08-28. - No new committers. Last addition was Carter Kozak on 2020-08-13. ## Releases: - HttpComponents Client 5.1.2 was released on 2021-11-17 - HttpComponents AsyncClient 4.1.5 was released on 2021-12-13 - HttpComponents Client 5.1.3 was released on 2022-02-01 - HttpComponents Core 4.4.15 was released on 2021-12-08 - HttpComponents Core 5.1.3 was released on 2021-12-23 ----------------------------------------- Attachment AA: Report from the Apache Ignite Project [Dmitry Pavlov] ----------------------------------------- Attachment AB: Report from the Apache Impala Project [Jim Apple] ## Description: The mission of Apache Impala is the creation and maintenance of software related to a high-performance distributed SQL engine. ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Impala was founded 2017-11-14 (4 years ago). There are currently 61 committers and 35 PMC members in this project. The Committer-to-PMC ratio is roughly 8:5. Community changes, past quarter: - Laszlo Gaal was added to the PMC on 2022-01-20. - Amogh Margoor was added as committer on 2021-11-23. - Daniel Becker was added as committer on 2021-12-07. ## Project Activity: - Improved support for compatibility with Apache projects Iceberg, Parquet, Kudu, Hive, DataSketches, ORC, and HBase - Improved support for or compatibility with protobuf, Java UDFs, Boost, glog, gutil, the HTTP/1.1 RFC, and PEP-0503 - Support for multiple resource groups (unfinished) - Fixes for multiple flaky tests - Faster query analysis for queries containing VALUES() - Multiple fixes for more consistent metadata change application - Support for Tencent Cloud Object Storage - Support for zipping when unnesting arrays ## Community Health: reviews@ is the best gauge of Impala community activity. There were 2180 emails to reviews@ in the last three months; Impala remains a busy community. The most recent release was Impala 4.0.0, on 2021-07-12. ----------------------------------------- Attachment AC: Report from the Apache Incubator Project [Justin Mclean] ----------------------------------------- Attachment AD: Report from the Apache jUDDI Project [Alex O'Ree] ## Description: - jUDDI (pronounced "Judy") is an open source Java implementation of the Universal Description, Discovery, and Integration (UDDI v3) specification for (Web) Services. The jUDDI project includes Scout. Scout is an implementation of the JSR 93 - Java API for XML Registries 1.0 (JAXR). ## Issues: - There are no issues that require the board's attention at this time. ## Membership Data: Apache jUDDI was founded 2010-08-21 (11 years ago) There are currently 7 committers and 7 PMC members in this project. The Committer-to-PMC ratio is 1:1. Community changes, past quarter: - No new PMC members. Last addition was Alex O'Ree on 2013-03-17. - No new committers were added. ## Activity: - jUDDI - last release was July 1, 2021 to address a reported security issue. - SCOUT - last release 10 DEC 2018. Resolved several bugs and dependencies. ## Health report: - Low development activity is a factor for low mailing list volume, but in all likelihood, it's from a general lack of interest in the protocol. - Minimal JIRA activity or mailing list activity (aside from spam) is also a factor for low development. - There are enough active PMC members to approve releases and respond to potential security issues. ## Releases: - 3.3.10 was released on 2020-07-01. - SCOUT-1.2.8 was released on Mon Dec 10 2018 ----------------------------------------- Attachment AE: Report from the Apache Juneau Project [James Bognar] ## Description: The mission of Apache Juneau is the creation and maintenance of software related to a toolkit for marshalling POJOs to a wide variety of content types using a common framework, and for creating sophisticated self-documenting REST interfaces and microservices using VERY little code ## Issues: No issues to report. ## Membership Data: Apache Juneau was founded 2017-10-17 (4 years ago) There are currently 12 committers and 12 PMC members in this project. The Committer-to-PMC ratio is 1:1. Community changes, past quarter: - No new PMC members. Last addition was Ayeshmantha Perera on 2019-01-02. - No new committers. Last addition was Ayeshmantha Perera on 2019-01-02. ## Project Activity: Activity is slow. The last release was on 2020-10-14 (v8.2). Work is progressing on a major release (9.0), but that release is likely still a few months away. We're responsive to requests via email and Slack, but those too are generally quiet. The next major release adds much needed modernization and integration with Spring Boot which we hope sparks more interest. ## Community Health: dev@juneau.apache.org had a 85% decrease in traffic in the past quarter (2 emails compared to 13) 69 commits in the past quarter (-67% change) ----------------------------------------- Attachment AF: Report from the Apache Kafka Project [Jun Rao] ## Description: Apache Kafka is a distributed event streaming platform for efficiently storing and processing a large number of records in real time. ## Project Activity: We released 3.1.0. This is a major release that includes many new features, including: * Preview of KRaft, Kafka Raft implementation for replacing ZooKeeper. * Apache Kafka supports Java 17 * The FetchRequest supports Topic IDs (KIP-516) * Extend SASL/OAUTHBEARER with support for OIDC (KIP-768) * Custom partitioners in foreign-key joins (KIP-775) * Fetch/findSessions queries with open endpoints for SessionStore/WindowStore (KIP-766) * Range queries with open endpoints (KIP-763) * Add additional configuration to control MirrorMaker2 internal topics naming convention (KIP-690) We released 2.7.2 and 2.6.3, which fixed 26 and 11 issues, respectively. ## Community Dev mailing list had an 18% decrease in traffic in the past quarter (1336 emails compared to 1621). User mailing list had an 11% increase in traffic in the past quarter (397 emails compared to 355). We added two new PMC members, Tom Bentley on Nov. 17, 2021 and David Jacot on Dec. 16, 2021. We added one new committer José Armando García Sancio on Nov. 11, 2021. ## Releases 3.1.0 was released on 2022-01-24. 2.7.2 was released on 2021-11-22. 2.6.3 was released on 2021-11-22. ## Issues: There are no issues requiring board attention. ----------------------------------------- Attachment AG: Report from the Apache Kibble Project [Sharan Foga] ## Description: The mission of Apache Kibble is the creation and maintenance of software related to an interactive project activity analyzer and aggregator ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Kibble was founded 2017-10-18 (4 years ago) There are currently 15 committers and 13 PMC members in this project. The Committer-to-PMC ratio is roughly 8:7. Community changes, past quarter: - No new PMC members. Last addition was Michał Słowikowski on 2021-05-03. - No new committers. Last addition was Kaxil Naik on 2021-02-21. PLEASE NOTE: The project has not yet made a release. ## Project Activity: There has been pretty much no activity this quarter. We are a small community and had hoped that the New Year would help kick off some activity but it hasn't happened yet. A good place to start some project activity is on tidying up the installation and setup documentation as currently we have two Kibble code repositories [1][2] (Kibble and Kibble-1) and they may be causing confusion to any potential users. ## Community Health: The low email traffic confirms the lack of activity for the quarter. It is getting more important for us to engage with and motivate the community to become more active. We hope that working on the documentation work will trigger some user feedback that will help kick start more activity. [1] https://s.apache.org/4gbje [2] https://s.apache.org/xvqpu ----------------------------------------- Attachment AH: Report from the Apache Knox Project [Larry McCay] ## Description: The mission of Knox is the creation and maintenance of software related to Simplify and normalize the deployment and implementation of secure Hadoop clusters ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Knox was founded 2014-02-18 (8 years ago) There are currently 23 committers and 19 PMC members in this project. The Committer-to-PMC ratio is roughly 6:5. Community changes, past quarter: - Attila Magyar was added to the PMC on 2021-12-12 - Attila Magyar was added as committer on 2021-12-13 ## Project Activity: Apache Knox 1.6.1 was released 01/12/2022. This release contained a fix for a security vulnerability reported through the Apache Security list. Prior to that 1.6.0 was released 11/04/2021. We have branched for a 2.0.0 line in order to switch to log4j-2.x and accommodate the necessary backward incompatible changes on a new release line. This migration is still in discussion given recent issues. We have also created a feature that is targeted to be merged to the 2.0.0 line upon full review of a new large feature that requires detailed security review. We have continued our use of KIP one-pagers for new features and design discussions which work well. ## Community Health: The following metrics more than likely represent a decrease in activity around the holiday season more than anything else. A new committer/PMC member was added this quarter. dev@knox.apache.org had a 29% decrease in traffic in the past quarter (544 emails compared to 759) user@knox.apache.org had a 56% increase in traffic in the past quarter (25 emails compared to 16) 15 issues opened in JIRA, past quarter (-69% change) 17 issues closed in JIRA, past quarter (-66% change) 75 commits in the past quarter (78% increase) 6 code contributors in the past quarter (-33% change) 18 PRs opened on GitHub, past quarter (-50% change) 28 PRs closed on GitHub, past quarter (-20% change) ----------------------------------------- Attachment AI: Report from the Apache Kylin Project [Shao Feng Shi] ## Description: The mission of Apache Kylin is the creation and maintenance of software related to a distributed and scalable OLAP engine. ## Issues: No issue needs the board's attention. ## Membership Data: We need invite more developers into our community. Apache Kylin was founded 2015-11-18 (6 years ago) There are currently 47 committers and 24 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Xiaoxiang Yu on 2020-10-08. - No new committers. Last addition was Shengjun Zheng on 2021-07-07. ## Project Activity: By the end of Jan 2022, Kylin Community released two minor versions 3.1.3 and 4.0.1, which fixed six reported security issues. 3.1.3 was released on 2022-01-05. 4.0.1 was released on 2022-01-05. 4.0.0 was released on 2021-08-31. ## Community Health: Since Nov 2021, Kylin Community has been designing and developing some features including Kylin 4 on AWS, new metadata definition, new semantic layer which supports connecting Kylin via MDX. dev@kylin.apache.org had a 42% decrease in traffic in the past quarter (101 emails compared to 173) issues@kylin.apache.org had a 31% decrease in traffic in the past quarter (790 emails compared to 1130) 41 issues opened in JIRA, past quarter (-31% change) 37 issues closed in JIRA, past quarter (19% increase) 88 commits in the past quarter (-37% change) 38 code contributors in the past quarter (245% increase) 46 PRs opened on GitHub, past quarter (4% increase) 42 PRs closed on GitHub, past quarter (-12% change) ----------------------------------------- Attachment AJ: Report from the Apache Libcloud Project [Tomaž Muraus] ## Description: The mission of Libcloud is the creation and maintenance of software related to Unified interface to the cloud ## Issues: There are no issues which require board attention at this time. ## Membership Data: Apache Libcloud was founded 2011-05-19 (10 years ago) There are currently 24 committers and 16 PMC members in this project. The Committer-to-PMC ratio is 3:2. Community changes, past quarter: - No new PMC members. Last addition was Dimitris Moraitis on 2021-05-07. - No new committers. Last addition was Dimitris Moraitis on 2021-05-02. ## Project Activity: Activity on Github continues to be OK. We had two releases in November 2021 (v3.4.0 and v3.4.1) and we plan to do another release in the near future which will, among other changes, drop support for Python 3.5. ## Community Health: Community health continues to be OK. Most of the activity happens on Github via issues and PRs. ----------------------------------------- Attachment AK: Report from the Apache Logging Services Project [Ron Grabowski] ## Description: The mission of the Apache Logging Services project is to create and maintain software for managing the logging of application behavior and related software components. ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Logging Services was founded 2003-12-16 (18 years ago) There are currently 39 committers and 16 PMC members in this project. The Committer-to-PMC ratio is roughly 5:2. Community changes, past quarter: - Davyd McColl was added to the PMC on 2021-11-09 - No new committers. Last addition was Stephen Webb on 2020-08-08. - Log4j 2 project working on identifying new contributors based on Pull Request activity. ## Project Activity: - Late November through mid December 2021 the following CVEs were created: - CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints. - CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration. - CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations - CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation - Team followed instructions on https://www.apache.org/security/committers.html and expedited fixes were made available for Java 6, 7, 8+. - https://logging.apache.org/log4j/2.x/security.html received frequent updates. - Nearly all members of Logging PMC were involved with triaging and supporting the CVE efforts. - ASF Security and ASF Press teams were very supportive offering guidance, perspective, coordination. - ASF Security/Press were consulted on how to handle inquiries from media outlets and government agencies. - After the CVEs were resolved Logging Services created a new security@ email list to shift security discussions out of private@ - Logging Services team confirmed 2015 End of Life for Log4j 1: https://lists.apache.org/thread/sjog6cmfz9d85n92qovdy0o64bz44kvc - The following CVEs for EOL Log4j 1 were created to further encourage users to upgrade: - CVE-2022-23307: CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. - CVE-2022-23305: By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. - CVE-2022-23302: JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. ## Releases: - log4net-2.0.14 was released on 2021-12-31 - LOG4J-2.12.4 was released on 2021-12-29 - LOG4J-2.3.2 was released on 2021-12-29 - LOG4J-2.17.1 was released on 2021-12-28 ## Community Health: - Mailing lists were active with CVE support questions, discussions around Log4j 1 EOL, voting, and other development topics. - dev@logging.apache.org had a 381% increase in traffic in the past quarter (828 emails compared to 172) - log4j-user@logging.apache.org had a 403% increase in traffic in the past quarter (156 emails compared to 31) - 1398 commits in the past quarter (366% increase) ----------------------------------------- Attachment AL: Report from the Apache ManifoldCF Project [Karl Wright] ## Description: The mission of ManifoldCF is the creation and maintenance of software related to Framework for connecting source content repositories to target repositories or indexes. ## Issues: No issues to report at this time. ## Membership Data: Apache ManifoldCF was founded 2012-05-15 (9 years ago) There are currently 25 committers and 14 PMC members in this project. The Committer-to-PMC ratio is roughly 7:4. Community changes, past quarter: - No new PMC members. Last addition was Markus Schuch on 2018-01-04. - No new committers. Last addition was Cihad Guzel on 2019-08-17. ## Project Activity: ManifoldCF graduated from the Apache Incubator on May 16, 2012. Since then, there have been numerous major releases, including a 2.21 release on January 3, 2022. The next major release, 2.22, is planned for April 30th. This quarter's activities involved some new features, as well as significant contributions by committers and PMC members to the code base. ## Community Health: We nominated and approved Cihad Guzel as committer on 8/16/2019. We nominated and approved Markus Schuch as a PMC member on 12/29/2017. We did not sign up any new PMC members or committers this quarter. We continue to be on the lookout for new PMC members and committers. There has been a considerable burst in development activity this quarter, most of which has been done by community and by existing committers other than myself, which is a very welcome change. ----------------------------------------- Attachment AM: Report from the Apache OODT Project [Imesha Sudasingha] ## Description: Apache OODT is a software framework as well as an architectural style for the rapid construction of scientific data systems. It provides components for data capture, curation, metadata extraction, workflow management, resource management, and data processing. ## Issues: No issues persist that require board's attention. ## Membership Data: Apache OODT was founded 2010-11-17 (11 years ago) There are currently 47 committers and 46 PMC members in this project. The Committer-to-PMC ratio is roughly 1:1. Community changes, past quarter: - No new PMC members. Last addition was Nadeeshan Gimhana on 2021-04-25. - No new committers. Last addition was Nadeeshan Gimhana on 2021-04-06. ## Project Activity: - Last release was in October 2021 As mentioned in the last report (September 2021), we released 1.9.1 patch release. Then we have merged the changes queued for 2.0 that was in the development branch into master branch. Plan is to release 2.0 as soon as several contributors become available. ## Community Health: Community health was low due to no new development being done around OODT. Work for 2.0 has already been completed. Project activity may pickup when we start the discussion around 2.0 release. ----------------------------------------- Attachment AN: Report from the Apache Oozie Project [Dénes Bodó] ## Description: The mission of Oozie is the creation and maintenance of software related to A workflow scheduler system to manage Apache Hadoop jobs. ## Issues: The project needs to update its website. ## Membership Data: Apache Oozie was founded 2012-08-28 (9 years ago) There are currently 27 committers and 23 PMC members in this project. The Committer-to-PMC ratio is roughly 7:6. - No new PMC members. Last addition was Dénes Bodó on 2021-04-08. - No new committers. Last addition was Mate Juhasz on 2020-03-28. ## Project Activity: There is slow, but steady development going on after our release of 5.2.1 back in February 2021. There is push to support Hadoop 3 and we might have to drop Pig from the supported actions due to that. There are many contributions recently to upgrade 3rd party versions and stability and usability improvements too. We are on a good path to upgrade Hadoop version. ## Community Health: dev@oozie.apache.org had a 2% increase in traffic in the past quarter (231 emails compared to 225) 16 issues opened in JIRA, past quarter (100% increase) 5 issues closed in JIRA, past quarter (25% increase) 6 commits in the past quarter (500% increase) 3 code contributors in the past quarter (200% increase) 8 PRs opened on GitHub, past quarter (700% increase) 6 PRs closed on GitHub, past quarter (200% increase) ----------------------------------------- Attachment AO: Report from the Apache OpenJPA Project [Mark Struberg] ----------------------------------------- Attachment AP: Report from the Apache OpenWhisk Project [Dave Grove] ## Description: The mission of Apache OpenWhisk is the creation and maintenance of software related to a platform for building serverless applications with functions ## Issues: There are no issues requiring board attention. ## Membership Data: Apache OpenWhisk was founded 2019-07-16 (3 years ago) There are currently 53 committers and 20 PMC members in this project. The Committer-to-PMC ratio is roughly 7:3. Community changes, past quarter: - No new PMC members. Last addition was Rob Allen on 2019-07-16. - No new committers. Last addition was Ning You Gang on 2021-01-19. ## Project Activity: Work on merging PRs to the core OpenWhisk repository related to a new scheduler algorithm resumed in January after several month of inactivity. In the runtimes area, we added support for GoLang 1.17 (minor addition) and there is a PR from a new community member adding support for Java 17 (major addition) being reviewed. Releases: + openwhisk-client-js-3.21.5 was released on 2021-11-08. ## Community Health: All of the development activity metrics (email, commits, issues, etc.) were down in the last quarter. Some of this can be attributed to end of year holidays and vacations, but it is also indicative of a longer term trend of decreased project activity and fewer active committers. There are sufficient numbers of active project members to handle user support and basic project maintenance, but the rate of forward development has slowed significantly. ----------------------------------------- Attachment AQ: Report from the Apache Ozone Project [Sammi Chen] ----------------------------------------- Attachment AR: Report from the Apache Perl Project [Steve Hay] ## Description: The mission of Perl is the creation and maintenance of software related to Dynamic websites using Perl ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Perl was founded 2000-03-10 (22 years ago) There are currently 21 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Steve Hay on 2012-03-01. - No new committers were added. ## Project Activity: The last release was mod_perl-2.0.12 on 2022-01-30. Hopefully we can now revisit a few minor items from the release candidate phase of this and the earlier Apache-Test release which were postponed in order to not delay the releases. ## Community Health: Various responses to requests for testing have left a few loose ends which can now be tidied up, including improvements to the INSTALL document. Some other improvements suggested by community members were incorporated into the release, such as a CONTRIBUTING.md file which causes a page of helpful links to be shown here: https://metacpan.org/dist/mod_perl/contribute, which should encourage more contributions from users in the future. ----------------------------------------- Attachment AS: Report from the Apache Phoenix Project [Ankit Singhal] ## Description: The mission of Phoenix is the creation and maintenance of software related to High performance relational database layer over Apache HBase for low latency applications ## Issues: No issues to report to the board at this time. ## Membership Data: Apache Phoenix was founded 2014-05-20 (8 years ago) There are currently 56 committers and 35 PMC members in this project. The Committer-to-PMC ratio is 8:5. Community changes, past quarter: - No new PMC members. Last addition was Viraj Jasani on 2021-06-16. - Tanuj Khurana was added as committer on 2021-12-07 ## Project Activity: Apache Phoenix had its last release 5.1.2 on 2021-06-07, And we are dedicatedly making progress for our next releases 5.1.3 and 4.16.2 None of our released artifacts were affected by the recent severe log4j2 vulnerability(CVE-2021-44228) as we were using log4j1 in all our repositories except one where we had log4j2 as test dependency for phoenix-hive connector but it has also been taken care of. However, this reminded us that there are still a few critical vulnerabilities with our current log4j1 and we are in process of replacing it with "reload4j" to fix a few of the urgent CVEs. Though the long term plan is to eventually move on to the latest version We will be releasing Phoenix-thirdparty soon to bump the commons-cli and Guava version We reached the consensus of dropping the support of Apache Tephra(a podling adopted 2 years ago ) from Phoenix due to a lack of interest from the community to maintain it. We are seeing interest and receiving code contributions to support spark3 for Phoenix-connector. ## Community Health: The community activities had been declining for the last 3 quarters after our major release 5.1.0, as more efforts are spent on stabilizing the releases, rather than taking up major features. Traffic on dev and user list continues to decline from the last few quarters by 24% and 12% respectively, and the same trend is seen for code commits and new JIRAs. though on a positive note we closed more JIRAs then we opened this quarter and we have a steady rate of code contributors ----------------------------------------- Attachment AT: Report from the Apache Pinot Project [Kishore G] ## Description: The mission of Apache Pinot is the creation and maintenance of software related to the distributed OLAP data store to provide Real-time Analytics to power wide variety of analytical use case. ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Pinot was founded 2021-07-20 (6 months ago) There are currently 29 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 8:3. Community changes, past quarter: - No new PMC members. Last addition was Felix Cheung on 2021-07-20. - Atri Sharma was added as committer on 2021-12-08 - Richard Startin was added as committer on 2022-01-06 - Sajjad Moradi was added as committer on 2021-12-14 ## Project Activity: Software development activity: - We released the 0.9.0 release on 2021-11-17. - We released the 0.9.1 release to address the log4j vulnerability on 2021-12-13. (CVE-2021-45046) - We released the 0.9.2 release to address the swagger-ui vulnerability on 2021-12-15. (CVE-2019-17495) - We released the 0.9.3 release to address the log4j2's improper validation and uncontrolled recursion on 2021-12-24. (CVE-2021-45105) - We are starting to preparing to the 0.10.0 release. Meetups and Conferences: - Pinot Community Meetup is happening monthly basis and we have a lot of PMCs/committers/contributors presenting the project that they work on. https://www.meetup.com/apache-pinot/ https://www.youtube.com/c/StarTree/videos ## Community Health: We see slight decrease in commit activities (-7%). Taking account into the low activity around the holiday in December, we do not need to worry about this slight decrease in activity. Contributor has increased by 6% and we now have 52 active contributors. On the user mailing list side, we don't have notable change. Overall, our community health is good. ----------------------------------------- Attachment AU: Report from the Apache Pivot Project [Roger Lee Whitcomb] ## Description: The mission of Pivot is the creation and maintenance of software related to Rich Internet applications in Java. ## Issues: No Board-level issues at this time. A new PMC member has been chosen (waiting on 72-hour notice period) which will bring us back to at least three voting members. ## Membership Data: Apache Pivot was founded 2009-12-15 (12 years ago) There are currently 9 committers and 8 PMC members in this project. The Committer-to-PMC ratio is 9:8. ## Community changes, past quarter: - One new PMC member appointed. Previous addition was Niclas Hedhman on 2016-01-13 who has subsequently resigned. - No new committers were added. - I believe the PMC / committer lists need to be updated to reflect current reality. ## Project Activity: There continues to be development activity towards a new release. ## Community Health: Nothing new except the above. ----------------------------------------- Attachment AV: Report from the Apache POI Project [Dominik Stadler] ## Description: The mission of POI is the creation and maintenance of software related to Java API for OLE 2 Compound and OOXML Documents ## Issues: - There are no issues requiring board attention at this time ## Membership Data: Apache POI was founded 2007-05-16 (15 years ago) There are currently 41 committers and 34 PMC members in this project. The Committer-to-PMC ratio is roughly 6:5. Community changes, past quarter: - No new PMC members. Last addition was Marius Volkhart on 2020-12-27. - No new committers. Last addition was Marius Volkhart on 2020-12-19. ## Project Activity: - Release 5.2.0 was published recently. With this release we are fully using the Gradle build-system and performed various updates of dependencies, among them log4j-api. - Result from applying fuzzy testing allowed to prevent a number of cases where a broken input file could cause high memory usage or other unexpected behaviour. - A very active committer managed to process many bug-reports and enhancement requests, thus keeping the overall bug-numbers at bay since the last report. - The library was improved in various areas, no single point of focus, but more a continuous stream of bug-fixes and improvements in various parts of the code. - XMLBeans 5.0.3 was released as well with some bug-fixes, mostly reported by users. ## Project Release Activity: 5.2.0 was released on 2022-01-14. XMLBeans-5.0.3 was released on 2021-12-29. 5.1.0 was released on 2021-11-01. ## Community Health: - Some Discussion about various aspects of the two handled projects. - There are questions about features/behaviour which indicates that Apache POI is used by a considerable number of people. Questions via email or on Stackoverflow usually get answers quickly. - We have a fairly constant small number of active committers currently. However we are always looking at ways to broaden the developer base as the code-base is large and so some areas are currently not maintained much at all. - This time the number of bugs increased because there is a constant stream of reports/bugs/patches. Urgent issues and security reports are usually handled quickly. ### XMLBeans - A few issues were reported for XMLBeans combined with some discussions with people still using it for other projects, it seems there are is a small but active set of users of it besides Apache POI itself. - Bug influx for XMLBeans is low in general because it is a stable project in maintenance-mode. ## Bug Statistics: ### Apache POI - 566 bugs are open overall (+5) - Having 138 enhancements (+-0) - Thus having 428 actual bugs (+5) - 107 of these are waiting for feedback (+6) - Thus having 321 actual workable bugs (-1) - 3 of the workable bugs have patches available (+-0) - Distribution of workable bugs across components: {XSSF=89, HSSF=84, SS Common=40, HWPF=35, XWPF=18, XSLF=16, POI Overall=12, SXSSF=8, HPSF=4, HSMF=4, OPC=4, POIFS=4, HPBF=1, HSLF=1, SL Common=1} ### Apache XMLBeans - 160 open issues (-2) - Bug 113 (-7) - Improvement 27 (+4) - New Feature 16 (+-0) - Wish 2 (+-0) - Task 2 (+1) ----------------------------------------- Attachment AW: Report from the Apache Qpid Project [Robbie Gemmell] ----------------------------------------- Attachment AX: Report from the Apache Ranger Project [Selvamohan Neethiraj] ## Description: Apache Ranger is a framework to enable, monitor and manage comprehensive data security - consistently across various data processing services. ## Issues: There are no issues requiring board attention at this time ## Membership Data: Apache Ranger was founded 2017-01-17 (5 years ago) There are currently 30 committers and 20 PMC members in this project. The Committer-to-PMC ratio is 3:2. Community changes, past quarter: - No new PMC members. Last addition was Sailaja Polavarapu on 2019-09-18. - No new committers. Last addition was Dhaval Shah on 2021-01-20. ## Project Activity: - Apache Ranger 3.0.0 has been progressing well within the community - Support for reading audit logs from Amazon Cloud-watch - Support macros to support user/group attribute based row-filtering - Ranger KMS integration with Google Cloud HSM / TencentKMS - Updated to handle log4j2 issues - Apache Ranger 2.3.0 release is being planned for key bug fixes ## Community Health: - as the stats below show, the community is active and continue to improve Apache Ranger is adding more features to support enterprise data security needs - Community is scoping for next minor release (with bug-fixes) - 2.3.0 next major release - 3.0.0 - Stats - dev@ranger.apache.org had a 0% increase in traffic in the past quarter (1089 vs 1083) - user@ranger.apache.org had a 84% decrease in traffic in the past quarter (5 vs 31) - 101 issues opened in JIRA, past quarter (- 28% change) - 113 issues closed in JIRA, past quarter (+ 36% change) - 129 commits in the past quarter (- 12% change) - 23 code contributors in the past quarter (+ 35% change) - 9 PRs opened on GitHub, past quarter (- 18% change) - 5 PRs closed on GitHub, past quarter (+150% change) ----------------------------------------- Attachment AY: Report from the Apache REEF Project [Sergiy Matusevych] ## Description: Apache REEF, or Retainable Evaluator Execution Framework, is a library for developing portable applications for cluster resource managers such as Apache Hadoop YARN or Apache Mesos. For example, Microsoft Azure Stream Analytics is built on REEF and Hadoop. ## Issues: All new development of the project has been stopped and we have decided to sunset the project. I am in the process of signing and publishing a farewell release 0.16.1 now. After that we will start the process of moving the project to the attic. ## Membership Data: Apache REEF was founded 2015-11-17 (6 years ago) There are currently 35 committers and 22 PMC members in this project. The Committer-to-PMC ratio is roughly 3:2. Community changes, past quarter: - No new PMC members. Last addition was Doug Service on 2017-09-28. - No new committers. Last addition was Scott Inglis on 2018-09-27. ## Project Activity: We've just published a new long-term release 0.16.1 on 2022-02-08, and I am finishing the release of maven and nuget artifacts for it now. After that, I will start archiving and sunsetting the project. ## Community Health: We have a great network of REEF alumni, but none of us has been working on REEF in the past year. ----------------------------------------- Attachment AZ: Report from the Apache River Project [Roy T. Fielding] ## Description: Apache River creates and maintains software related to the Jini service-oriented architecture. ## Issues: The PMC has voted unanimously to move Apache River to the Attic. A resolution for terminating the project is in item 7C. ## Membership Data: Apache River was founded 2010-12-31 (11 years ago) There are currently 12 committers and 4 PMC members in this project. The Committer-to-PMC ratio is 3:1. Community changes, past quarter: - No new PMC members. Last addition was Dennis Reedy on 2021-04-30. - No new committers. Last additions were Jeremy R. Easton-Marks, Michael Sobolewski, and Norman Kabir (all added in May 2021). ## Project Activity: Past releases: River-3.0.0 was released on 2016-10-06. river-jtsk-2.2.3 was released on 2016-02-21. river-examples-1.0 was released on 2015-08-10. ## Community Health: The project has decided to move to the Attic due to no activity for the past nine months and expected changes to the Java platform that would require extensive rewrites for any future release. ----------------------------------------- Attachment BA: Report from the Apache RocketMQ Project [Xiaorui Wang] Dear board, Here is the Apache RocketMQ Board Report - February 2022, and thanks for your review, ## Description: The mission of Apache RocketMQ is the creation and maintenance of software related to a fast, low latency, reliable, scalable, distributed, easy to use message-oriented middleware, especially for processing large amounts of streaming data ## Issues: There are no issues requiring board attention at this time. ## Membership Data: Apache RocketMQ was founded 2017-09-20 (4 years ago) There are currently 48 committers and 14 PMC members in this project. The Committer-to-PMC ratio is roughly 3:1. Community changes, past quarter: - No new PMC members. Last addition was Rongtong Jin on 2020-03-30. - Yang Zhang was added as committer on 2021-11-30 ## Project Activity: - ROCKETMQ-STREAMS-1.0.0-PREVIEW was released on 2022-01-26. - ROCKETMQ-4.9.2 was released on 2021-10-26. - ROCKETMQ-DASHBOARD-1.0.0 was released on 2021-10-08. ## Community Health: The RocketMQ community has remained very healthy in the latest quarter, with more and more developers participating and being more active. ROCKETMQ-STREAMS-1.0.0-PREVIEW is used by more and more users, and the first preview version is released. ROCKETMQ-4.9.2 also arrived as promised and ROCKETMQ-4.9.3 will be released soon. - dev@rocketmq.apache.org had a 21% decrease in traffic in the past quarter (3011 emails compared to 3777) - users@rocketmq.apache.org had a 86% increase in traffic in the past quarter (43 emails compared to 23) - 285 commits in the past quarter (-12% decrease) - 79 code contributors in the past quarter (33% increase) - 210 PRs opened on GitHub, past quarter (3% increase) - 230 PRs closed on GitHub, past quarter (25% increase) - 268 issues opened on GitHub, past quarter (12% increase) - 178 issues closed on GitHub, past quarter (-22% change) ----------------------------------------- Attachment BB: Report from the Apache Roller Project [David M. Johnson] ## Description: Apache Roller is a full-featured, Java-based blog server that works well on Tomcat and MySQL, and is known to run on other Java servers and relational databases. The ASF blog site at blogs.apache.org runs on Roller version 6.0.1. ## Issues: No issues require board attention. ## Membership Data: Apache Roller was founded 2007-02-20 (15 years ago) There are currently 12 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 3:2. Community changes, past quarter: - No new PMC members. Last addition was Michael Bien on 2021-05-24. - No new committers. Last addition was Yash Maheshwari on 2021-09-01. ## Project Activity: Most project activity has been around minor improvements, bug fixes and dependency updates. The most recent release is Roller 6.1.0, which was release in part due to address the recent Log4J vulnerability. ## Community Health: The community is healthy and well able to review, test and vote out new releases in a reasonable time-frame. ----------------------------------------- Attachment BC: Report from the Apache Samza Project [Yi Pan] ## Description: The mission of Samza is the creation and maintenance of software related to distributed stream processing framework ## Issues: - There are no issues requiring board attention. ## Membership Data: Apache Samza was founded 2015-01-22 (7 years ago) There are currently 29 committers and 17 PMC members in this project. The Committer-to-PMC ratio is roughly 8:5. Community changes, past quarter: - No new PMC members. Last addition was Bharath Kumarasubramanian on 2020-02-13. - No new committers. Last addition was Daniel Chen on 2021-09-17. ## Project Activity: - Samza 1.7.x release is in DISCUSSION to include the following major features - [SAMZA-2591] Introduce Async State Backup API (SEP-28) - [SAMZA-2657] Blob store backed state backup and restore (SEP-29) - [SAMZA-2709] Adding partial updates to Samza Table API (SEP-30) - [SAMZA-2716] Upgrade to Kafka 2.4 - Samza auto-scaling presented in Stream Processing Meetup@LinkedIn on Dec 1 ## Community Health: JIRA - 11 issues opened in JIRA, past quarter (-72% change) - 24 issues closed in JIRA, past quarter (166% increase) COMMITS - 28 commits in the past quarter (-15% decrease) - 15 code contributors in the past quarter (87% increase) - 24 PRs opened on GitHub, past quarter (-42% change) - 25 PRs closed on GitHub, past quarter (-30% change) ----------------------------------------- Attachment BD: Report from the Apache Santuario Project [Colm O hEigeartaigh] ## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (16 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: The last releases were: Apache Santuario - XML Security C++ 2.0.4 was released on 2021-11-04. Apache Santuario - XML Security for Java 2.3.0 was released on 2021-11-01. There was little project activity since the last report. We plan to get a new major release of the Java library out over the next quarter, due to the demand for switching to the Jakarta JAXB package names. We worked with INFRA to make our confluence-based website work, following the shutdown of the old service. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. ----------------------------------------- Attachment BE: Report from the Apache Serf Project [Justin Erenkrantz] ----------------------------------------- Attachment BF: Report from the Apache ServiceComb Project [Willem Ning Jiang] ## Description: The mission of Apache ServiceComb is the creation and maintenance of software related to a microservice framework that provides a set of tools and components to make development and deployment of cloud applications easier. ## Issues: No issues ## Membership Data: Apache ServiceComb was founded 2018-10-17 (3 years ago) There are currently 28 committers and 20 PMC members in this project. The Committer-to-PMC ratio is 7:5. Community changes, past quarter: - No new PMC members. Last addition was MabinGo on 2019-10-09. - No new committers. Last addition was Yulin Zhu on 2021-10-01. ## Project Activity: Java Chassis is in active development status, we just did a major version release this quarter: - ServiceComb Java Chassis 2.6.0 was released on 2021-12-02. We are planing to do the Service Center release next month. ## Community Health: Due to some sub projects being in maintenance status there are some decreases in development. - There are 15 active code contributors (about 7% increase) during this quarter. - The commits and PRs had a slight drop (about 6-10% decrease) - The discussion and issues had a big drop (about 49-70% decrease) due to the community development. ----------------------------------------- Attachment BG: Report from the Apache ShardingSphere Project [Liang Zhang] ## Description: Apache ShardingSphere’s mission is the creation and maintenance of database clustering system software providing data sharding, distributed transactions, and distributed database management. ## Issues: None. There are no Apache ShardingSphere related issues. ## Membership Data: Apache ShardingSphere was founded 2020-04-15 (2 years ago) There are currently 38 committers and 16 PMC members in this project. The Committer-to-PMC ratio is roughly 5:2. Community changes, past quarter: - No new PMC members. Last addition was Haoran Meng on 2021-10-18. - Chengxiang Lan was added as committer on 2022-01-19 - Thanoshan MV was added as committer on 2021-11-17 - Guocheng Tang was added as committer on 2022-01-25 - Xiao Yang was added as committer on 2022-01-19 ## Project Activity: Software development activity: - Released Apache ShardingSphere 5.0.0. - Voting for Apache ShardingSphere 5.1.0 release. - Released ElasticJob UI 3.0.1. Meetups and Conferences: Attended the following conferences to give talks on Apache ShardingSphere: - Apache ShardingSphere Dev Meetup on December 11, 2021. - PGConf Asia, to deliver two talks on “Empowering PGSQL” and “Building a Distributed Database with PGSQL” on December 14-17, 2021. - Apache ShardingSphere, Apache SkyWalking and Apache APISIX co-meetup on January 15, 2022. - Apache ShardingSphere and Silicon Valley Tech Club meetup on January 21, 2022. - FOSDEM 2022 on February 6, 2022. Gave a talk titled “PostgreSQL Distributed & Secure Database Ecosystem Building”. ## Community Health: The overall community health is good. More meetups, conference participations, podcast participations and blog articles have allowed us to attract more contributors to enhance our community building efforts and speed. ----------------------------------------- Attachment BH: Report from the Apache SIS Project [Martin Desruisseaux] ## Description: The mission of Apache SIS is the creation and maintenance of software providing data structures for developing geospatial applications compliant with the model of OGC/ISO international standards. ## Issues: There are no issues requiring board attention. ## Membership Data: Apache SIS was founded 2012-09-19 (9 years ago) There are currently 23 committers and 18 PMC members in this project. The Committer-to-PMC ratio is roughly 6:5. Community changes, past quarter: - No new PMC members. Last addition was Alexís Manin on 2021-05-27. - No new committers. Last addition was Bruno P. Kinoshita on 2021-06-23. ## Project Activity: The Open Geospatial Consortium (OGC) conducted various test beds this summer, with two of them that included development works in Apache SIS. This work has been reported in two OGC engineering reports published last December [1][2]. A joint OGC/OSGeo/ASF code sprint will happen in March [3]. We have submitted a few ideas for eventual contributors to Apache SIS [4]. We are also involved in proposals of more general interest than SIS only (related to OGC standards). Code development is continuing steadily with bug fixes (especially around GeoTIFF) and a few new features. There is probably enough material for a 1.2 release, but discussion didn't started yet (having a release before the code sprint would be nice). [1] https://docs.ogc.org/per/21-032.html [2] https://docs.ogc.org/per/21-036.html [3] https://www.ogc.org/pressroom/pressreleases/4659 [4] https://s.apache.org/ogw26 ## Community Health: The community health is stable, with the same situation than the one described in previous report. We had a slight increase in the diversity of commits thanks to a few relatively large merge requests. ----------------------------------------- Attachment BI: Report from the Apache Solr Project [Jan Høydahl] ## Description: The mission of Apache Solr is the creation and maintenance of software related to highly scalable distributed document search and analytics. ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Solr was founded 2021-02-17 (a year ago), after 15 years as a Lucene sub project. There are currently 89 committers and 61 PMC members in this project. The Committer-to-PMC ratio is roughly 3:2. Community changes, past quarter: - No new PMC members. Last addition was Ilan Ginzburg on 2021-09-21. - No new committers. Last addition was Michael Gibney on 2021-10-06. ## Project Activity: We did two 8.x releases (joint with Lucene) * 8.11.0 was released on 2021-11-16. * 8.11.1 was released on 2021-12-16. The 8.11.1 release was mainly to upgrade Log4j. The solr-operator-v0.5.0 was released on 2021-11-16. The major 9.0 release is being prepared as we speak, which will be the first release as a separate TLP, using Lucene 9.0 as a dependency. The committers are extremely active, both in landing some major re-structurings and fixing the last blockers. The release will feature a new exciting Neural Search feature, and increased modularization, hoping to slim down the core of Solr in future releases. Several features have also been removed from Solr 9, including Data Import Handler and Velocity Response Writer. We aim to have the first RC for Solr 9.0.0 out for voting in February. ## Community Health: Lists, JIRA and GitHub activity has seen dramatic increase since December when the 9.0 release planning started. We had a committer's video meeting on January 20th, and have agreed on scheduling these quarterly, since we see great value from face-to-face meetings. At the end of the meeting we give time for individuals to encourage another committer for something they achieved or simply for being a good community member. ----------------------------------------- Attachment BJ: Report from the Apache Spark Project [Matei Alexandru Zaharia] Description: Apache Spark is a fast and general purpose engine for large-scale data processing. It offers high-level APIs in Java, Scala, Python, R and SQL as well as a rich set of libraries including stream processing, machine learning, and graph analytics. Issues for the board: - None Project status: - We released Apache Spark 3.2.1, a bug fix release for the 3.2 line, in January. - Two Spark Project Improvement Proposals (SPIPs) were recently accepted by the community: Support for Customized Kubernetes Schedulers (https://issues.apache.org/jira/browse/SPARK-36057) and Storage Partitioned Join for Data Source V2 (https://issues.apache.org/jira/browse/SPARK-37375). - We've migrated away from Spark’s original Jenkins CI/CD infrastructure, which was graciously hosted by UC Berkeley on their clusters since 2013, to GitHub Actions. Thanks to the Berkeley EECS department for hosting this for so long! - We added a new committer, Yuanjian Li, in December 2021. - We added a new PMC member, Maciej Szymkiewicz, in January 2022. Trademarks: - No changes since the last report. Latest releases: - Spark 3.2.1 was released on January 26, 2022. - Spark 3.2.0 was released on October 13, 2021. - Spark 3.1.2 was released on June 23rd, 2021. Committers and PMC: - The latest committer was added on Dec 20th, 2021 (Yuanjian Li). - The latest PMC member was added on Jan 19th, 2022 (Maciej Szymkiewicz). ----------------------------------------- Attachment BK: Report from the Apache Subversion Project [Nathan Hartman] ## Description: The Apache Subversion® version control system exists to be universally recognized and adopted as an open-source, centralized version control solution characterized by its reliability as a safe haven for valuable data; the simplicity of its model and usage; and its ability to support the needs of a wide variety of users and projects, from individuals to large-scale enterprise operations. ## Issues: There are no Board-level issues at this time. ## Membership Data: Our developer and user community is all-volunteer and we'd like to begin by thanking everyone for their support. Subversion was founded in February 2000 (22 years ago) and joined the ASF to become Apache Subversion on 2010-02-16 (12 years ago). There are currently 88 committers and 50 PMC members in this project. The Committer-to-PMC ratio is roughly 3:2. No new committers or PMC members have been added since the last report. Our most recently added PMC member, Daniel Sahlberg (dsahlberg@) joined the PMC in August 2021. ## Project Activity: Our previous report mentioned a proof-of-concept called "Pristines On Demand" which explores a long standing feature request known in our issue tracker as Issue #525: https://subversion.apache.org/issue/525 This quarter, development has begun on an initial production-ready version of the feature. Once implemented and when activated at the user's option, this new feature could cut in half the amount of storage space required to hold a Subversion working copy, at the tradeoff of requiring additional network communication with the repository server. This tradeoff makes sense in a number of situations, such as when version controlling very large files that change infrequently, or where network bandwidth is much cheaper than storage space. The feature is being developed in our "pristines-on-demand" branch and an ongoing discussion is taking place our dev@ mailing list topic "A two-part vision for Subversion and large binary objects," archived at https://lists.apache.org/thread/ncs7y5j7zf7oxfjo7crl2nwcf1188brd and other places. As always, interested parties are encouraged to join our mailing lists and participate in discussions and development activities. Other improvements this quarter include fixes to Python bindings, work on logging in XML format, improvements to the documentation, web site, and Subversion client's built-in help text, new regression tests, improvements to the regression testing infrastructure, fixed compiler warnings, general cleanups, and triaging and closing of obsolete and fixed issues in our issue tracker. For all of these unglamorous but important efforts, we owe a big debt of gratitude to all of our volunteers. ## Community Health: Our biggest challenge is to secure a volunteer for Release Manager, causing a delay in making the next release. In the past, release managers often volunteered for this role for many releases in a row. While this substantial investment of effort and time is greatly appreciated by the community, it is unfair to the volunteer and causes a vacuum that is difficult to fill when the release manager is no longer able to volunteer for that role. We had a recent discussion about the need for more rotation of the Release Manager role within the project, with encouragement for a release manager to step aside after managing the last minor release or approximately two patch releases. Hopefully we will overcome this challenge soon and be a healthier community as a result. ----------------------------------------- Attachment BL: Report from the Apache Superset Project [Maxime Beauchemin] ## Description: The mission of Apache Superset is the creation and maintenance of software related to data exploration, analysis, visualization, and dashboarding ## Issues: Currently no issues ## Membership Data: Apache Superset was founded 2020-11-17 (a year ago) There are currently 53 committers and 29 PMC members in this project. The Committer-to-PMC ratio is roughly 7:4. Community changes, past quarter: - Srini Kadamati was added to the PMC on 2021-12-14 - AAfghahi was added as committer on 2021-12-07 - Jinghua Yao was added as committer on 2021-12-09 - Lyndsi Kay Williams was added as committer on 2021-11-03 - Mayur Newase was added as committer on 2021-11-09 ## Project Activity: Major: Superset v1.4 was just released a few weeks ago. Minor: In Q4 2021, minor versions 1.3.0, 1.3.1, and 1.3.2 were released. ## Community Health: Sharp rise in commits can be probably ascribed to the large volume of bug fixes that came in the lead up to v1.4. Superset is definitely stabilizing more and more. In our open Slack community for Superset, weekly active members crossed 1,000 for the first time last quarter! Membership overall grew from ~4800 to ~5500 in Q4. We were excited to see a nice rise in diversity of contributors to the Superset code base, and we hope this continues. ----------------------------------------- Attachment BM: Report from the Apache Syncope Project [Francesco Chicchiriccò] ## Description: The mission of Syncope is the creation and maintenance of software related to Managing digital identities in enterprise environments ## Issues: There are no issues requiring board attention at this time. ## Membership Data: Apache Syncope was founded 2012-11-21 (9 years ago) There are currently 24 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 2:1. Community changes, past quarter: - No new PMC members. Last addition was Matteo Alessandroni on 2017-12-22. - No new committers. Last addition was Misagh Moayyed on 2019-10-04. ## Project Activity: After long work, we are approaching the first 3.0.0 milestone release, even though a few tasks are still pending. We remark that the work towards Syncope 3.0.0 has led to cooperation with Open Source projects external to the ASF as Apereo CAS and Pac4j. Bugfix and refinements keep occurring on branch 2_1_X, a maintenance release 2.1.11 is likely to happen in the next future. Recent releases: * 2.1.10 was released on 2021-10-08. ## Community Health: Discussions about new features and improvements keep appearing and being followed up in dev@. Newcomers approach user@ and are getting supported by the community. GitHub's Pull Requests are confirmed to be the main contribution path, from both first-time contributors and committers. ----------------------------------------- Attachment BN: Report from the Apache SystemDS Project [Matthias Boehm] ## Description: Apache SystemDS is a machine learning (ML) system for the end-to-end data science lifecycle from data preparation and cleaning, over efficient ML model training, to scoring and debugging. ML algorithms or pipelines are specified in a high-level language with R-like syntax, or related Python and Java APIs, and the system automatically generates hybrid runtime plans of local, in-memory operations and distributed operations on Apache Spark. ## Issues for the Board: - None ## Project Status: - We recently released Apache SystemDS 2.2 and switched the main branch to Java 11, Spark 3, and Hadoop 3. - We are currently working on the next feature release including federated learning and federated data cleaning/preparation, data cleaning pipelines, task-parallel feature transformations, as well as lossless compression, reuse, and memory management. ## Membership Data: - Apache SystemDS was founded 2017-05-16 (incubator process entered 2015-11-02) - Last PMC members added 2021-10-18 (Janardhan Pulivarthi) - Last committer added 2021-09-23 (David Weissteiner) - There are currently 34 committers and 25 PMC members in the project. ## Activity and Health: - Code activity is healthy with 147 commits (+6%) in the last 3 months. - Community growth is healthy with 20 active contributors (+18%) in the last 3 months - Communication is healthy, mailing list activity is improving, additional work on better documentation. ## Releases: - Apache SystemDS 2.2.0 was released on 2021-10-30. - Apache SystemDS 2.1.0 was released on 2021-06-28. - Apache SystemDS 2.0.0 was released on 2020-10-14. - Apache SystemML 1.2.0 was released on 2018-08-24. ----------------------------------------- Attachment BO: Report from the Apache TomEE Project [David Blevins] ----------------------------------------- Attachment BP: Report from the Apache Traffic Control Project [Eric Friedrich] ## Description: The mission of Apache Traffic Control is the creation and maintenance of software related to building, monitoring, configuring, and provisioning a large scale content delivery network (CDN) ## Issues: There are no issues requiring the board's attention. ## Membership Data: Apache Traffic Control was founded 2018-05-15 (3 years ago) There are currently 28 committers and 18 PMC members in this project. The Committer-to-PMC ratio is roughly 1.6:1. Community changes, past quarter: - One new PMC members. Last addition was Zach Hoffman on 2021-11-19. - One new committer. Last addition was Srijeet Chatterjee on 2022-01-03. ## Project Activity: The community shipped a new minor release, ATC 6.1, on February 4. In this, we addressed CVE-2022-23206. This CVE was also back ported to our previous major version and ATC 5.1.4 was also Prior to the minor release, we also published security fixes for log4j related issues. New features included in 6.1 are: - Purge/Refetch based content invalidation - Improved handling of TLS certificates on Traffic Ops - Introduction of permission based roles for access control - Support for Java 11 in Traffic Router - Traffic Router performance improvements There is also one currently outstanding security issue that will be addressed in an upcoming patch. Work towards the next release is in progress, with a look towards Q2 2022 as the target date. ## Community Health: Community health is currently good. New users are regularly coming into the Slack instance and participating in discussions. We have also received and addressed 1 CVE in the past quarter, which was reported by a non-committer. Several additional security reports were received, but were not deemed to be valid security issues. ----------------------------------------- Attachment BQ: Report from the Apache Turbine Project [Georg Kallidis] ## Description: The mission of Turbine is the creation and maintenance of software related to A Java Servlet Web Application Framework and associated component library ## Issues: No issues currently open with INFRA. ## Membership Data: Apache Turbine was founded 2007-05-16 (15 years ago) There are currently 12 committers and 9 PMC members in this project. The Committer-to-PMC ratio is 4:3. Community changes, past quarter: - No new PMC members. Last addition was Jeffery Painter on 2017-11-12. - Youngho Cho was added as committer on 2021-12-06 ## Project Activity: Component Releases in this quarter: - Turbine-Parent-POM-11 was released on 2022-01-10. - Turbine Core 5.1 was released on 2021-12-13. The relevant Log4J2 fixes were done in Turbine-Parent-POM v11, which is the parent of all Turbine/Fulcrum components (in development). Structural changes due to the GIT migration are becoming more complete including site building with Jenkinsfile and more documented. Find a summary in the mailing lists: https://lists.apache.org/thread/1jdhmx34hgg995fsm7f4bpl4ncdyx4ol. ## Community Health: We are happy Youngho Cho accepted the invitation to become part of Turbine project as a committer. We prospectively have to do still more documentation and probably automatic testing to keep the code stable and running on one side and to open up the component structure and provide more elaborated working bundles to start coding more easily. ----------------------------------------- Attachment BR: Report from the Apache Velocity Project [Nathan Bubna] ## Description: The mission of Velocity is the creation and maintenance of software related to A Java Templating Engine ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Velocity was founded 2006-10-24 (15 years ago) There are currently 15 committers and 9 PMC members in this project. The Committer-to-PMC ratio is 5:3. Community changes, past quarter: - No new PMC members. Last addition was Michael Osipov on 2017-07-27. - No new committers. Last addition was Thomas Mortagne on 2020-03-09. ## Project Activity: The last quarter was quiet, as seems typical for us this time of year. Only a little activity on one PR and a few user questions. ## Community Health: We were slow to respond to one user question, but otherwise the community seems like its usual sedate, largely dormant self. ----------------------------------------- Attachment BS: Report from the Apache Whimsy Project [Shane Curcuru] ## Description: The mission of Apache Whimsy is the creation and maintenance of software related to tools that help automate various administrative tasks or information lookup activities ## Issues: No issues for the board. ## Membership Data: Apache Whimsy was founded 2015-05-19 (7 years ago) There are currently 13 committers and 10 PMC members in this project. The Committer-to-PMC ratio is roughly 7:5. Community changes, past quarter: - No new PMC members. Last addition was Matt Sicker on 2020-04-11. - No new committers. Last addition was Matt Sicker on 2020-04-09. ## Project Activity: Updates have been made to track www site/data changes, as well as accounting for decommissioning the Minotaur host. Updates were made to various tools related to the Member's meeting. Several apparently bogus drive-by PRs were submitted and rejected. No major updates on the long-term infra effort for new Agenda tool. ## Community Health: While the project continues to be fairly quiet, issues are addressed and server maintenance continues apace with our few regular contributors. ----------------------------------------- Attachment BT: Report from the Apache Xalan Project [Gary D. Gregory] ## Description: Apache Xalan exists to promote the use of XSLT. We view XSLT (Extensible Stylesheet Language Transformations) as a compelling paradigm that transforms XML documents, thereby facilitating the exchange, transformation, and presentation of knowledge. The ability to transform XML documents into usable information has great potential to improve the functionality and use of information systems. We intend to build freely available XSLT processing components in order to engender such improvements. ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Xalan was founded 2004-09-30 (17 years ago) There are currently 57 committers and 5 PMC members in this project. The Committer-to-PMC ratio is roughly 8:1. Community changes, past quarter: - No new PMC members. Last addition was Bill Blough on 2019-02-19. - No new committers. Last addition was Bill Blough on 2019-03-20. ## Project Activity: In this reporting period, we have not released new software and have not added new features. There has been a recent flare up of interest in reviving Xalan-J development to bring it in line with newer versions of W3C specifications. The last Xalan-J release was July 24 2014. The last Xalan-C++ release was October 22 2005. ## Community Health: I would describe the health or the Xalan project as poor with little activity with a chance of improvement due to recent interest in Xalan-J. ----------------------------------------- Attachment BU: Report from the Apache Xerces Project [Michael Glavassevich] Xerces-J Xerces-J 2.12.2 was released in January in order to address a security issue (CVE-2022-23437) and to roll up other fixes and enhancements that had been made in the last few years. The community has already helped with getting this release published to Maven central. Mailing list traffic has been increasing; roughly 100+ posts on the j-dev and j-users lists since the beginning of December 2021. No new releases since the previous report. The latest release is Xerces-J 2.12.2 (January 24th, 2022). Xerces-C The activity in the last few months has mostly been focused on reviewing and commenting on a few pull requests from the community. Mailing list traffic has been decreasing; roughly 35+ posts on the c-dev and c-users lists since the beginning of December 2021. No new releases since the previous report. The latest release is Xerces-C 3.2.3 (April 10th, 2020). Xerces-P Nothing in particular to report. There was no development activity over the reporting period. XML Commons The minimum source level was recently increased to Java 7 to match a similar change to Xerces-J. Otherwise there was no other activity. Committer / PMC Changes The most recent committers were added in April 2017 (Xerces-C) and May 2017 (Xerces-J). No new PMC members since the last report. The most recent addition to the PMC was in June 2016. Two committers have committed changes to SVN since December 2021. ----------------------------------------- Attachment BV: Report from the Apache XML Graphics Project [Clay Leeds] Apache XML Graphics Project Board Report for February 2022 ========================================================== The Apache XML Graphics Project is responsible for software intended for the creation & maintenance of the conversion of XML formats to graphical output & related software components. Issues for the Board ==================== Apache FOP 2.7 and Apache XML Graphics Commons 2.7 were both released with bug fixes in the last quarter. Activity ======== * Apache Batik 1.14 released 2021-01-21 * Apache FOP 2.7 released 2022-01-20 * Apache XML Graphics Commons 2.7 released 2022-01-20 Project Health Report ===================== The level of community and developer activity remains at a consistent, moderate, level with respect to the previous reporting period. Recent PMC Changes ================== Currently 11 PMC members. * Simon Steiner was added to the PMC on Tue Jan 19 2016 * Clay Leeds was approved for XML Graphics PMC Chair position on March 26, 2018. Community ========= Currently 21 committers. * No new committers added in the last 3 months * Last committer added was Matthias Reischenbacher at Wed May 13 2015 Most Recent Releases ==================== * Apache Batik 1.14 was released January 21, 2021 * Apache FOP 2.7 was released January 20, 2022 * Apache XML Graphics Commons 2.7 was released January 20, 2022 = SUB PROJECTS = ================ APACHE BATIK ============ Batik is a Java-based toolkit for applications or applets that want to use images in the Scalable Vector Graphics (SVG) format for various purposes, such as display, generation or manipulation. Latest Release ------------ Apache XML Graphics Apache Batik 1.14 was released on January 21, 2021 * BATIK-1292: Useless console message "About to transcoder source of type: ..." * BATIK-1297: Dependency Convergence issue with xml-apis APACHE FOP ========== Apache FOP (Formatting Objects Processor) is a print formatter driven by XSL formatting objects (XSL-FO) and an output independent formatter. It is a Java application that reads a formatting object (FO) tree and renders the resulting pages to a specified output. Output formats currently supported include PDF, PS, PCL, AFP, XML (area tree representation), Print, AWT and PNG, and to a lesser extent, RTF and TXT. The primary output target is PDF. Latest Release -------------- Apache XML Graphics Apache FOP 2.7 was released on January 20, 2022 * Bug fixes XML GRAPHICS COMMONS ==================== Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO. You will find components such as a PDF library, an RTF library, Graphics2D implementations that let you generate PDF & PostScript files, and much more. Latest Release ------------ Apache XML Graphics Commons 2.7 was released January 20, 2022 * Bug fixes ------------------------------------------------------ End of minutes for the February 16, 2022 board meeting.