[ANNOUNCE] Apache Jackrabbit 1.5.4 released
The Apache Jackrabbit community is pleased to announce the release of Apache Jackrabbit version 1.5.4. The release is available for download at: http://jackrabbit.apache.org/downloads.html See the full release notes below for details about this release. Release Notes -- Apache Jackrabbit -- Version 1.5.4 Introduction Apache Jackrabbit is a fully conforming implementation of the Content Repository for Java Technology API (JCR). A content repository is a hierarchical content store with support for structured and unstructured content, full text search, versioning, transactions, observation, and more. See the Jackrabbit web site at http://jackrabbit.apache.org/ for more information. Apache Jackrabbit 1.5.4 is a bug fix release that fixes issues reported against previous releases. This release is fully compatible with the earlier 1.5.x releases. See below for a full listing of fixes included in this release. Changes in this release --- All the fixes in this release are listed below per affected component. The modified components have had their version numbers upgraded to 1.5.4; other components are still at their previous 1.5.x versions. jackrabbit-core Bug fixes [JCR-2000] Deadlock on concurrent commits [JCR-2008] System search manager uses a SessionItemStateManager [JCR-2023] WorkspaceInfo.dispose() does not deregister ... [JCR-2024] Bundle cache is not cleared when *BundlePersistenceManager ... You can look up individual issues for more details in the Jackrabbit issue tracker at https://issues.apache.org/jira/browse/JCR. Contributors The following people have contributed to this release by submitting bug reports or by participating in the issue resolution process. Jukka Zitting Marcel Reutegger Przemo Pakulski Thank you to everyone involved! Release Contents This release consists of a single source archive (jackrabbit-1.5.4-src.jar) that contains all the Apache Jackrabbit components. Use the following commands (or the equivalent in your system) to build the release with Maven 2 and Java 1.4 or higher: jar xf jackrabbit-1.5.4-src.jar cd jackrabbit-1.5.4-src mvn install Note that the OCM components require Java 5 or higher, and are not included in the build when using Java 1.4. The source archive is accompanied by SHA1 and MD5 checksums and a PGP signature that you can use to verify the authenticity of your download. The public key used for the PGP signature can be found at https://svn.apache.org/repos/asf/jackrabbit/dist/KEYS. The build will result in the following components (with artifactIds in parenthesis) being built and installed in your local Maven repository. Pre-built binary artifacts of these components are also available on the on the central Maven repository. * Jackrabbit Parent POM (jackrabbit-parent) The Maven parent POM for all Jackrabbit components. * Jackrabbit API (jackrabbit-api) Interface extensions that Apache Jackrabbit supports in addition to the standard JCR API. * Jackrabbit JCR Commons (jackrabbit-jcr-commons) General-purpose classes for use with the JCR API. * Jackrabbit JCR Tests (jackrabbit-jcr-tests) Set of JCR API test cases designed for testing the compliance of an implementation. Note that this is not the official JCR TCK! * Jackrabbit JCR Benchmarks (jackrabbit-jcr-benchmark) Framework for JCR performance tests. * Jackrabbit Core (jackrabbit-core) Core of the Apache Jackrabbit content repository implementation. * Jackrabbit Text Extractors (jackrabbit-text-extractors) Text extractor classes that allow Jackrabbit to extract text content from binary properties for full text indexing. * Jackrabbit JCR-RMI (jackrabbit-jcr-rmi) RMI remoting layer for the JCR API. * Jackrabbit WebDAV Library (jackrabbit-webdav) Interfaces and common utility classes used for building a WebDAV server or client. * Jackrabbit JCR Server (jackrabbit-jcr-server) WebDAV servlet implementations based on JCR. * Jackrabbit JCR Servlets (jackrabbit-jcr-servlet) Set of servlets and other classes designed to make it easier to use Jackrabbit and other JCR content repositories in web applications. * Jackrabbit Repository Classloader (jackrabbit-classloader) Java classloader for loading classes from JCR content repositories. * Jackrabbit Web Application (jackrabbit-webapp) Deployable Jackrabbit installation with WebDAV support for JCR. * Jackrabbit JCA Resource Adapter (jackrabbit-jca) J2EE Connector Architecture (JCA) resource adapter for Jackrabbit. * Jackrabbit SPI (jackrabbit-spi) The SPI defines a layer within a JSR-170 implementation that separates the transient space from the persistent layer. * Jackrabbit SPI Commons (jackrabbit-spi-commons) This component contains generic utility classes that might be used to build an SPI implementation.
[ANNOUNCE] Apache Mahout 0.1 Released
The Apache Lucene project is pleased to announce the release of Apache Mahout 0.1. Apache Mahout is a subproject of Apache Lucene with the goal of delivering scalable machine learning algorithm implementations under the Apache license. The first public release includes implementations for clustering, classification, collaborative filtering and evolutionary programming. Highlights include: 1. Taste Collaborative Filtering 2. Several distributed clustering implementations: k-Means, Fuzzy k- Means, Dirchlet, Mean-Shift and Canopy 3. Distributed Naive Bayes and Complementary Naive Bayes classification implementations 4. Distributed fitness function implementation for the Watchmaker evolutionary programming library 5. Most implementations are built on top of Apache Hadoop (http://hadoop.apache.org ) for scalability The release contents have been pushed out to the main Apache release site and the m2 ibiblio sync repository. Apache Mahout 0.1 is the project's first release and is focused on establishing a baseline release while attracting more contributors. Details can be found in JIRA: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310751styleName=Htmlversion=12312976 Apache Mahout is available in source form from the following download page: http://www.apache.org/dyn/closer.cgi/lucene/mahout/0.1/mahout-0.1-project.tar.gz Apache Mahout is also available for Maven 2 users via the Central Maven Repositories: http://repo1.maven.org/maven2/org/apache/mahout/ http://mirrors.ibiblio.org/pub/mirrors/maven2/org/apache/mahout/ When downloading from a mirror site, please remember to verify the downloads using signatures found on the Apache site: http://www.apache.org/dist/lucene/mahout/KEYS For more information on Apache Mahout, visit the project home page: http://lucene.apache.org/mahout
[SECURITY] CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vulnerability announcement: CVE-2008-5519: Apache Tomcat mod_jk information disclosure vulnerability Severity: important Vendor: The Apache Software Foundation Versions Affected: mod_jk 1.2.0 to 1.2.26 Description: Situations where faulty clients set Content-Length without providing data, or where a user submits repeated requests very quickly may permit one user to view the response associated with a different user's request. Mitigation: Upgrade to mod_jk 1.2.27 or later Example: See description Credit: This issue was discovered by the Red Hat Security Response Team References: http://tomcat.apache.org/security.html http://tomcat.apache.org/security-jk.html The Apache Tomcat Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ27rAb7IeiTPGAkMRAlsDAJ9qqKPiFnh+rxaxzMZmKIFA5Q5r5QCg2N84 OzL54gpA6e272kokWjK4wZU= =GKVO -END PGP SIGNATURE-