Category: News
The Apache News Round-up: week ending 8 July 2022
Happy Friday, everyone –let’s review the Apache community’s activities from over the past week:
ApacheCon™ – the ASF’s official global conference series, bringing Tomorrow’s Technology Today since 1998.
– Registrations are open for ApacheCon North America, 2022 https://www.apachecon.com/acna2022/register.html
ASF Board – management and oversight of the business affairs of the corporation in accordance with the Foundation’s bylaws.
– Next Board Meeting: 20 July 2022. Running Board calendar and minutes are available.
ASF Infrastructure – our distributed team on three continents keeps the ASF’s infrastructure running around the clock.
– 7M+ weekly checks yield uptime at 100.00%. Performance checks across 50 different service components spread over more than 250 machines in data centers around the world. View the ASF’s Infrastructure Uptime site to see the most recent averages.
Apache Code Snapshot – Over the past week, 271 Apache Committers and 752 contributors changed 1,776,706 lines of code over 3,430 commits. Top five contributors, in order, are: Jean-Baptiste Onofré, Gary Gregory, Liang Zhang, Jarek Potiuk, and Minghui Liu.
Apache Project Announcements – the latest updates by category.
Attic – provides process and solutions when an Apache project has reached its end of life.
– Apache Chemistry is now retired https://s.apache.org/hqruj
Big Data —
– Apache Flink 1.15.1 released
– Apache Druid CVE-2022-28889: Clickjacking in the web console
– Apache Superset CVE-2021-37839: Improper access to dataset metadata information
– Apache EventMesh (incubating) 1.5.0 released
IoT —
– Apache IoTDB 0.14.0 released
Library —
– Apache Commons CVE-2022-33980: Configuration insecure interpolation defaults
Logging Services —
– Apache Log4j 2.18.0 released
Machine Learning —
– Apache SystemDS 3.0.0 released
Messaging —
– Apache Qpid ProtonJ2 1.0.0-M7 released
– Apache Curator 5.3.0 released
– Apache Pulsar 2.10.1 released
Middleware —
– Apache Linkis 1.1.2-RC2 (incubating) released
Release Auditing —
– Apache Creadur RAT 0.14 released on June 13
Web Frameworks —
– Apache Portals CVE-2022-32533: XSS, CSRF, SSRF, and XXE issues
Workflow —
– Apache DolphinScheduler 3.0.0-beta-2 released
Apache Community Notices
– Apache in 2021 – By The Digits + Video highlights
– Watch “Trillions and Trillions Served“, the documentary on the ASF 1) full feature [49 min] 2) “Apache Everywhere” [6 min] 3) “Why Apache” [2.5 min] 4) “Apache Innovation” [40 min]
– ASF Annual Report: FY2021 (PDF)
– The Apache Way to Sustainable Open Source Success
– Foundation Reports and Statements
– Presentations from 2021’s ApacheCon Asia and ApacheCon@Home are available on the ASF YouTube channel.
– “Success at Apache” focuses on the people and processes behind why the ASF “just works.”
– Follow the ASF on social media: @TheASF on Twitter and The ASF page LinkedIn.
– Follow the Apache Community on Facebook and Twitter.
Stay updated about The ASF
For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, Planet Apache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.
Have an item? Contact us!
We try to catch all the major announcements and goings on at The ASF, but we’re not all-knowing. Have an item you want to see in the weekly round-up? Send it to press@apache.org.
Python 3.11.0b4 is now available
I cannot believe I am writing this, but Python 3.11.b4 is available!
https://www.python.org/downloads/release/python-3110b4/
This is a beta preview of Python 3.11
Python 3.11 is still in development. 3.11.0b2 is the second of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to support the new feature release.
We strongly encourage maintainers of third-party Python projects to test with 3.11 during the beta phase and report issues found to the Python bug tracker as soon as possible. While the release is planned to be feature complete entering the beta phase, it is possible that features may be modified or, in rare cases, deleted up until the start of the release candidate phase (Monday, 2021-08-02). Our goal is have no ABI changes after beta 4 and as few code changes as possible after 3.11.0rc1, the first release candidate. To achieve that, it will be extremely important to get as much exposure for 3.11 as possible during the beta phase.
Please keep in mind that this is a preview release and its use is not recommended for production environments.
Major new features of the 3.11 series, compared to 3.10
Among the new major new features and changes so far:
- PEP 657 – Include Fine-Grained Error Locations in Tracebacks
- PEP 654 – Exception Groups and except*
- PEP 673 – Self Type
- PEP 646 – Variadic Generics
- PEP 680 – tomllib: Support for Parsing TOML in the Standard Library
- PEP 675 – Arbitrary Literal String Type
- PEP 655 – Marking individual TypedDict items as required or potentially-missing
- bpo-46752 – Introduce task groups to asyncio
- PEP 681 – Data Class Transforms
- bpo-433030– Atomic grouping ((?>…)) and possessive quantifiers (
*+, ++, ?+, {m,n}+
) are now supported in regular expressions. - The Faster Cpython Project is already yielding some exciting results. Python 3.11 is up to 10-60% faster than Python 3.10. On average, we measured a 1.22x speedup on the standard benchmark suite. See Faster CPython for details.
(Hey, fellow core developer, if a feature you find important is missing from this list, let Pablo know.)
The next pre-release of Python 3.11 will be 3.11.0b5, currently scheduled for Monday, 2022-07-25.
More resources
- PEP 664, 3.11 Release Schedule
- Report bugs at https://bugs.python.org.
And now for something completely different
The Planck temperature is 1.416784×10**32 K. At this temperature, the wavelength of light emitted by thermal radiation reaches the Planck length. There are no known physical models able to describe temperatures greater than the Planck temperature and a quantum theory of gravity would be required to model the extreme energies attained. Hypothetically, a system in thermal equilibrium at the Planck temperature might contain Planck-scale black holes, constantly being formed from thermal radiation and decaying via Hawking evaporation; adding energy to such a system might decrease its temperature by creating larger black holes, whose Hawking temperature is lower.
Rumours say the Planck temperature can be reached in some of the hottest parts of Spain in summer.
We hope you enjoy the new releases!
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.
Your friendly release team,
Ned Deily @nad
Steve Dower @steve.dower
Pablo Galindo Salgado @pablogsal
Hendrick and Jarvis Talk Software Security
Stephen Hendrick and Matt Jarvis discuss the new report, Addressing Cybersecurity Challenges in Open Source Software.
The post Hendrick and Jarvis Talk Software Security appeared first on Linux Foundation.
The post Hendrick and Jarvis Talk Software Security appeared first on Linux.com.
Atari open-source Linux DRM graphics driver being worked on in 2022
Moodle 4.0.2 and other minor versions released today
Hello everyone,
Moodle 4.0.2, 3.11.8, and 3.9.15 were released today.
As usual, you can find the releases via our download channels (https://download.moodle.org or Git).
We recommend you upgrade your Moodle sites where possible, to benefit from the bug-fixes and security improvements.
We have been migrating over to a new documentation system and so we will be linking to those from now on.
The release notes for each version can be found on the following pages:
Please see the releases page for more details.
Version | Release status | Initial release | General support ends | Security support ends |
---|---|---|---|---|
3.9 (LTS) | Current security | 15 June 2020 | 10 May 2021 | 13 November 2023 (ext 6M) |
3.11 | Current stable | 17 May 2021 | 14 Nov 2022 (ext 6M) | 13 Nov 2023 (ext 12M) |
4.0 | Current stable | 19 April 2022 | 8 May 2023 | 13 November 2023 |
4.1 (LTS) | Future stable | 14 November 2022 | 13 November 2023 | 10 November 2025 |
#! code: Drupal 9: Using The Private Temporary Store Service
The Drupal tempstore.private service is used to allow temporary user data that is available from one web request to the next. It is intended to be used for non-cache data that cannot easily be rebuild. This includes work in progress data that isn’t in the position to be saved permanently.
The temporary store is a key value/store and cam therefore store anything from a single vale to a serialised object.
The tempstore.private service is really a factory (called PrivateTempStoreFactory) that will allow you to create instance of a PrivateTempStore object. It’s this object that van be used to manage the data in the store. If you are familiar with the way that configuration factories work then this will seem familiar.
Using the temporary storage is quite straightforward, the service has a get() method that takes the name of the temporary store you want to use. What you call it is up to you, but it is best to namespace this so that you can easily tell where the temporary store came from. You can also add information like whatsort of temporay store you are using, but don’t add any user identifyable information for the key.
Once the PrivateTempStore object has been created you can then use it to set whatever data you might want to set.
/** @var DrupalCoreTempStorePrivateTempStore $store */
$store = Drupal::service('tempstore.private')->get('mymodule');
$store->set('var_name', $data);
To get the data back again just use the get() method.
FOSS Contributor Survey
If you contribute to Free/Open Source Software,
please take the
FOSS Contributor Survey!
This survey is a collaboration between the Linux Foundation’s Core
Infrastructure Initiative and the Laboratory for Innovation Science
at Harvard. Some of the questions are specific to those who write
software; if you contribute, but don’t write software, just skip
those questions.
The goal is to get a better understanding about its development so that
we can best work out how to improve its security and sustainability.
Also: please tell others who develop this software about the survey!
One interesting complication about this survey is that it’s difficult to
get the word out about such a general survey.
People talk about the “open source software community”, but in practice
there isn’t one such community, there are many communities
with some overlap.
I don’t want to spam people who have never expressed any interest
in information like this.
I’m currently talking with some folks in the Linux Foundatinon leadership
about sending a one-time email only to developers who are
already signed up for Linux Foundation mailing lists
that are focused on developing open source software.
We don’t want to spam people, but I think it’s reasonable to believe
that people on those mailing lists are interestd in information
related to the development of open source software.
One problem with sending to multiple mailing lists is that we don’t want
to annoy people by having them receive multiple copies, so we want
to work out a way so an individual only gets one copy.
I’ve never done this before, and I hate spam myself.
So I’m first checking with Linux Foundation leaders and program
managers to see if they think this is reasonable.
I think it is, but it’s easy to justify anything to yourself, so
I’m waiting to hear from others about what they think.
So getting back to the point –
if you contribute to Free/Open Source Software,
please take the
FOSS Contributor Survey!