We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.

The Apache Software Foundation provides support for the Apache community of open-source software projects, which provide software products for the public good.

The Apache projects are defined by collaborative consensus based processes, an open, pragmatic software license and a desire to create high quality software that leads the way in its field.

Latest News

If you would like to keep up with news and announcements from the foundation and all its projects, you can subscribe to the Apache Announcements List or follow the Foundation Blog.

[ANN] Struts 2 up to 2.3.16.1: Zero-Day Exploit Mitigation (security | critical)

In Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters was supposed to be resolved. Unfortunately, the correction wasn't sufficient.
 
A security fix release fully addressing this issue is in preparation and will be released as soon as possible.
 
Once the release is available, all Struts 2...

[ANNOUNCE] Apache Curator 2.4.2 released

Hello,
 
The Apache Curator team is pleased to announce the release of version 2.4.2. The Apache Curator Java libraries make using Apache ZooKeeper much easier and more reliable.
 
Link to release notes: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12314425&version=12326537
 
The most recent source release can be obtained from an Apache Mirror: http://www.apache.org/dyn/closer.cgi/curator/ (mirror...

[ANNOUNCE] Apache Knox 0.4.0 Released!

The Apache Knox team is proud to announce the release of Apache Knox 0.4.0 - our first release as an Apache TLP!
 
Apache Knox is a REST API Gateway for providing secure access to the data and processing resources of Hadoop clusters. More details on Apache Knox can be...

Latest Activity

This is an overview of activity going on with our projects. SVN commits, bug reports, tweets, you name it.

@TheASF: The Apache Software Foundation Announces 100 Million Downloads of #Apache™ #OpenOffice™ http://t.co/p32S39IJks #OpenSource #achievement
@TheASF: Following the success of this past week's ApacheCon NA, CFP for #ApacheCon Europe now open! Budapest 17-21 November http://t.co/DnSA0nHUOh
@TheASF: RT @infrabot: NOTICE regarding heartbleed: https://t.co/DJhkX0sIlX -- <joes4>
r1589948 CMS commit to ace by jawi (ace) — jawi
r1589947 Use latest servlets get and post bundles (sling) — cziegeler
r1589946 SLING-3517 : SlingPostServlet catches all throwables and logs them at debug level (sling) — cziegeler
r1589945 SLING-3513 : Framework update not correctly detected (sling) — cziegeler
r1589944 SLING-3513 : Framework update not correctly detected (sling) — cziegeler
[SOLR-4478] Allow cores to specify a named config set in non-SolrCloud mode

Part of moving forward to "the new way", after SOLR-4196 etc... I propose an additional parameter specified on the <core>...

[DERBY-6547] testDERBY5120NumRowsInSydependsForTrigger fails when the starting version of the upgrade trajectory is 10.10.2.0

When I run the upgrade tests with 10.10.2.0 as the starting point, I see the following error. I don't see...

[WW-4332] refine excludeParams of ParametersInterceptor to improve security 
(.*\.|^)class\..*

should be 

(.*\.|^)class(\.|\[).*,.*\['class'\](\.|\[).*,.*\["class"\](\.|\[).*

it will block such as

class['classLoader']  , model['class'].classLoader , model["class"].classLoader

I think...

[SPARK-1604] Couldn't run spark-submit with yarn cluster mode when built with assemble-deps
SPARK_JAR=./assembly/target/scala-2.10/spark-assembly-1.0.0-SNAPSHOT-hadoop2.3.0-deps.jar ./bin/spark-submit ./examples/target/scala-2.10/spark-examples_2.10-1.0.0-SNAPSHOT.jar --master yarn --deploy-mode cluster --class org.apache.spark.examples.sql.JavaSparkSQL 
Exception in thread "main" java.lang.ClassNotFoundException: org.apache.spark.deploy.yarn.Client
	at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
	at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
	at...
[ZOOKEEPER-1695] Inconsistent error code and type for new errors introduced by dynamic reconfiguration

From KeeperException.Code, RECONFIGINPROGRESS and NEWCONFIGNOQUORUM are declared as system errors. However, their error code suggested that they are API errors....