Welcome, September –we’re opening the month with another great week. Here’s what the Apache community has been up to:

ApacheCon™ – the ASF’s official global conference series, bringing Tomorrow’s Technology Today since 1998.

• Registrations are open for ApacheCon North America, 2022 https://www.apachecon.com/acna2022/register.html

ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation’s bylaws.

• Next Board Meeting: 21 September 2022. Running Board calendar and minutes are available.

ASF Infrastructure – our distributed team on three continents keeps the ASF’s infrastructure running around the clock.

• 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF’s Infrastructure Uptime site to see the most recent averages.

Apache Code Snapshot – Over the past week, 277 Apache Committers and 809 contributors changed 8,094,967 lines of code over 4,075 commits. Top five contributors, in order, are: Robbie Gemmell, Gary Gregory, Jean-Baptiste Onofré, Claus Ibsen, and Andi Huber.

Apache Project Announcements – the latest updates by category.

Attic – provides process and solutions when an Apache project has reached its end of life.

• Apache Buildr is now retired
• Apache REEF is now retired

APIs –

• Apache APISIX 2.13.3 released
• Apache ShenYu CVE-2022-37435: Admin Improper Privilege Management

Big Data –

• Apache XMLBeans 5.1.1 released

Enterprise Processes Automation / ERP –

• Apache OFBiz 18.12.06 released
  • CVE-2022-25813: Server-Side Template Injection
  • CVE-2022-29158: Regular Expression Denial of Service (ReDoS)
  • CVE-2022-29063: Java Deserialization via RMI Connection
  • CVE-2022-25370: Unauth Stored XSS
  • Apache OFBiz 18.12 End-Of-Life (EOL) announcement https://s.apache.org/zkc1x

Eventing –

• Apache EventMesh (incubating) 1.6.0 released

Databases –

• Apache Geode
  • CVE-2022-37021: Deserialization of untrusted data flaw when using JMX over RMI on Java 8.
  • CVE-2022-37022: Deserialization of untrusted data flaw when using JMX over RMI on Java 11
  • CVE-2022-37023: Deserialization of untrusted data flaw when using REST API on Java 8 or Java 11

FinTech –

• Apache Fineract 1.8.0 released

Messaging –

• Apache Qpid ProtonJ2 1.0.0-M8 released

Observability –

• Apache SkyWalking 9.2.0 released

Apache Community Notices

• Apache in 2021 – By The Digits + Video highlights
• The Apache Way to Sustainable Open Source Success
• Foundation Reports and Statements
• Presentations from 2021’s ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.
• “Success at Apache” focuses on the people and processes behind why the ASF “just works.”
• Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn.
• Follow the Apache Community on Facebook and Twitter.
• Are your software solutions Powered by Apache? Download & use our “Powered By” logos.

Stay updated about The ASF

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, Planet Apache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

Have an item? Contact us!

We try to catch all the major announcements and goings on at The ASF, but we’re not all-knowing. Have an item you want to see in the weekly round-up? Send it to press@apache.org.