Articles about apache

Oracle corrals and patches Struts 2 vulnerabilities

Oracle has stepped outside its usual quarterly security fix cycle to address the latest Apache Struts 2 vulnerability. Ever since it emerged at the start of September, CVE-2017-9805 has been (in the words of a former Australian prime minister) “a shiver looking for a spine to crawl up”, because so many vendors use Apache to …
A beaver chewing down a tree

New 'Beaver' web server has exactly ONE user outside China

Netcraft's monthly survey of web-facing computers has turned up an oddity: a new web server called “Beaver” that's used by exactly one web site outside China. “Just over a million sites now exhibit the Beaver Server header, and these make use of more than 110,000 unique domain names – mostly under the .cn top-level domain,” …
Simon Sharwood, 29 May 2017

Apache OpenOffice: Not dead yet, you'll just have to wait until mid-May for mystery security fixes

Apache OpenOffice, sized for euthanasia by one of its own last year, still lives and should see an update before the end of May, allegedly. The open-source productivity suite has been referred to as "a shambling corpse" by those appalled at its languid update schedule and those skeptical that its skeleton crew of volunteers …
Thomas Claburn, 28 Apr 2017

Apache Foundation hails Metron as new top level project for cybersecurity

The Apache Software Foundation (ASF) has announced Metron, a cybersecurity applications framework for centralised monitoring and analysis of network traffic, as its newest top-level project. Metron was born out of Cisco's OpenSoc project in 2014. OpenSoc aimed to provide a scalable security analytics tool based on the Hadoop …

Inside OpenSSL's battle to change its license: Coders' rights, tech giants, patents and more

Analysis The OpenSSL project, possibly the most widely used open-source cryptographic software, has a license to kill – specifically its own. But its effort to obtain permission to rewrite contributors' rights runs the risk of alienating the community that sustains it. The software is licensed under the OpenSSL License, which includes …
Thomas Claburn, 24 Mar 2017
Dudley Do-Right Royal Canadian Mounted Police

Canadians can file online tax returns again after emergency outage

Canada's taxman has restored online services it took down over the weekend to respond to unspecified vulnerabilities. The Canada Revenue Agency (CRA) announced the end of its partial outage at 5:00PM Sunday, Eastern Daylight Time. The agency doesn't stipulate the vulnerability it identified, merely saying it affected “ …

Apache Struts 2 needs patching, without delay. It's under attack now

Infosec researchers have found a “dire” zero-day in Apache Struts 2, and it's under active attack. If you're a sysadmin using the Jakarta-based file upload Multipart parser under Apache Struts 2, Nick Biasini of Cisco's Talos advises applying the latest upgrade immediately. CVE-2017-5638 is documented at Rapid7's Metasploit …

Google must be Beaming as Apache announces its new top-level projects

The Apache Software Foundation has today announced two new top-level projects, Apache Beam and Apache Eagle. Apache Beam is yet another technology birthed by Google's work on data processing, and its roots can be traced back to Google's initial MapReduce system which revolutionised the science of distributed data processing …

Even big data devs make big data security gaffes

Apache Big Data Europe Big data application programmers routinely download and execute unverified code, opening the door to information-stealing hackers, a security researcher has claimed. Olaf Flebbe, chief software architect at European software integrator Science+Computing, is upset that software engineers have got into the habit of insecurely …
John Leyden, 21 Nov 2016
Baby

'Podling' Apache projects are spending longer in the incubator

ApacheCon Stewards of the Apache Software Foundation are mildly concerned that many nascent projects are spending longer in the incubator, putting pressure on limited mentoring resources. In the 12 months up to November 2016, ASF oversaw 30 new "podling" incubator projects, of which four were retired and just seven graduated. Jim …
John Leyden, 17 Nov 2016
Hadoop

Hadoop experiencing growing pains in lamestream businesses

Apache Big Data Fast, unbridled growth has hurt adoption of Hadoop, according to a leading advocate of the technology. John Mertic, director of program management at ODPi, said that work on Hadoop was often relegated to a "skunkworks" project in many mainstream organisations. "It's effectively stuck," he said during a keynote presentation at …
John Leyden, 16 Nov 2016

Is it time to unplug frail OpenOffice's life support? Apache Project asked to mull it over

The Apache OpenOffice project has limited capacity for sustaining itself in an energetic manner. The retirement of the project is a serious possibility. Those are the words of Dennis Hamilton, the volunteer vice-president of OpenOffice who advises the Apache Software Foundation board. Yesterday, he publicly floated the idea of …

Apache, Debian crews patch library with DoS vuln

A file upload library used in Apache Tomcat and various Linux distributions needs patching to plug a denial-of-service vulnerability. Discovered by the TERASOLUNA Framework Development Team, the bug in libcommons-fileupload-java, which sits under Apache Commons FileUpload, has the Common Vulnerabilities and Exposures …
Various types of clouds. Photo by Shutterstock

One place to inhale all cloud: Apache Libcloud 1.0 now available

The Apache Software Foundation has announced that Libcloud 1.0, the cloud service interoperability Python library, is now generally available. Notably, version 1.0 introduces two new driver types, container-as-a-service and backup-as-a-service, with a full changelog available here – though the degree to which it will ease the …

Remote code execution found and fixed in Apache OpenMeetings

Recurity Labs hacker Andreas Lindh has found four vulnerabilities, including a remote code execution hole, in Apache OpenMeetings. The flaws mean attackers could hijack installations of the popular virtual meetings and shared whiteboard application. Lindh reported two critical flaws including a predictable password reset …
Darren Pauli, 7 Apr 2016

Apache Foundation rushes out Arrow as 'Top-Level Project'

The Apache Software Foundation has today announced Apache Arrow, its new project which aims to provide a cross-system data layer for columnar in-memory analytics. While Apache projects normally go through incubation periods, Arrow has been immediately announced as a Top-Level Project, and its code – seeded from the Apache …

Spark man Zaharia on 2.0 and why it's 'not that important' to upstage MapReduce

Interview Spark is the open source cluster computing system started in 2009 by Matei Zaharia, when he was but an 'umble PhD candidate at Berkeley's AMPlab. Some people hope it will become the logical successor to MapReduce. Donated to the Apache Software Foundation in 2013, Spark has been backed by IBM. Proponents of Spark say it is …
Angle grinder image via Shutterstock

MemSQL makes it easier to hook up to Apache Spark

Apache Spark may be the fastest data processing engine around for big data, but unless you are conversant in Scala or Java, this cluster computing framework can be a pain to set up and manage. So here is some help from MemSQL, the in-memory database start-up: a way of letting organisations use Spark without writing code, the …
Drew Cullen, 24 Sep 2015

Create a news alert about apache, or find more stories about apache.

Biting the hand that feeds IT © 1998–2018