[ANNOUNCE] Apache Geode 1.13.2

2021-03-30 Thread Dick Cavender
The Apache Geode community is pleased to announce the availability of
Apache Geode 1.13.2.

Apache Geode is a data management platform that provides a
database-like consistency model, reliable transaction processing and a
shared-nothing architecture to maintain very low latency performance
with high concurrency processing.

Geode 1.13.2 contains a number of improvements and bug fixes. This
patch release includes critical fixes if upgrading from an earlier
version of Geode. It also provides the ability to configure Geode
appenders in log4j2.xml. Localizes dates in Pulse queries.
Improvements to startup/shutdown. Performance improvements. Change
apachegeode dockerhub image to be based on BellSoft's Liberica JDK.
Users are encouraged to upgrade to this latest release.

For the full list of changes please review the release notes:
https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-1.13.2

The release artifacts can be downloaded from the project website:
http://geode.apache.org/releases/

The release documentation is available at:
https://geode.apache.org/docs/guide/113/about_geode.html

Thanks to all the contributors that made the release possible.

Regards,

Dick Cavender on behalf of the Apache Geode team


[ANNOUNCE] Apache Wicket 9.3.0 released

2021-03-30 Thread Andrea Del Bene

The Apache Wicket PMC is proud to announce Apache Wicket 9.3.0!

Apache Wicket is an open source Java component oriented web application
framework that powers thousands of web applications and web sites for
governments, stores, universities, cities, banks, email providers, and
more. You can find more about Apache Wicket at https://wicket.apache.org

This release marks another minor release of Wicket 9. We
use semantic versioning for the development of Wicket, and as such no
API breaks are present breaks are present in this release compared to
9.0.0.

Using this release
--

With Apache Maven update your dependency to (and don't forget to
update any other dependencies on Wicket projects to the same version):


    org.apache.wicket
    wicket-core
    9.3.0


Or download and build the distribution yourself, or use our
convenience binary package you can find here:

 * Download: http://wicket.apache.org/start/wicket-9.x.html#manually

Upgrading from earlier versions
---

If you upgrade from 9.y.z this release is a drop in replacement. If
you come from a version prior to 9.0.0, please read our Wicket 9
migration guide found at

 * http://s.apache.org/wicket9migrate

Have fun!

— The Wicket team




    The signatures for the source release artefacts:


Signature for apache-wicket-9.3.0.zip:

    -BEGIN PGP SIGNATURE-

iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAmBc1JIACgkQh48B+qjT
VuFAVA//Uj2TQfwKohsUKnOra/1/rkTf/t9vFfnoriBU7R1k/OxAqbzt2h9TGS6D
lAdmnxY0+CkZGjytje/AbkW5AKxv1Hdc7eLjucIqrOicGhIamTafRcwYHTAbEgj3
ZvuM7zDnU+8iQJiDm3QQ3pUwrSLWNXdGR7w0UKYmoxyg7fsLoghlDZ82ng2Kx+Bz
XjZGh6CgyRZ4JOYodcr8GWdMHKMEepkgrEogZEjL0ZvyQQArVknSNFiNu1UWA6jz
6D+l5XUXEZON/ZRFo/1eC4JWnDy1rBvmClIpZMuwJuO7xJTBSugfhLHbUEIl38E7
edIATFJ+CGtpbJqzg6Twui/fRotYmX3RifhZlwlCGw2f1SrM9bstLm1EBvYSnwCf
Xy1fA+TlYq8hjFSg4Y/JLKcZU+ruL2jJIf1ldGpQYXMuNclRlDu+6F7QjOIG1Qn/
IobQMJ5/FwY42CVDRzJL2EO67yrn3F6ya6uDLjfTZk0/05168JxXW1wUEUwxPPIN
NvVOOr4+ICvaq/3HpHe6ZktTxesfKCl79I+QC5waNh3DYA1SZkX8KOf+ywdw1aQ7
SUNufqaEmMC6VgAeoF8khst403DeuAv4PQLubeKCUx1KT7ebcR3yB3aHgsz/ercm
RP486mJNS/xboHamtnswQryUbKpS67cd/KSZsgqgtq/q05q8hzg=
=mGww
-END PGP SIGNATURE-

Signature for apache-wicket-9.3.0.tar.gz:

    -BEGIN PGP SIGNATURE-

iQIzBAABCgAdFiEE0a6YZHC1pJw+aieyh48B+qjTVuEFAmBc1JIACgkQh48B+qjT
VuFyLw//XysBtHbBORK68rl2Hwm5UXui4IsUUfYdbFHchMNWlX9TV5SJJlvHjXIS
N3HutbWWMDiQ8wjwvCYfD8dpYxXyv797MZpHH97Sz/cN7HKxS8WKgfjejBtZuONS
x8zP+uMfqn0BRP7OXVnlcNeimG+I2cPHDwjqvDQPLCfjH2cGWJjr45MOk16YhRUB
ZfVVUGm/hBiquYjGMwriwaDWWiN9RQoAYnysAOBZauVREkMIVeLdTs7wYwWvAQSK
uMD+dCPa1RpbDXaMwQOxusqDEfXEThu4501Xhd/TUVe3J08YH+DeM3IOxVQ9ApLM
alQ7n+PbeKmlrN31ZxwRYjgwwsyEBq45KqXFGgBSDOsHzY1jaRZ9+LtKlzpTwaiP
M6B3XSkk3thSsW/J/Dx0YqX2ZJISGdZVoq0N/0xD64LpF3s36l64zGtPGq5tgaKc
8rqyu8nj0BWhnoKBSBVkMZiSw7iwbdUiKtbEJUrz8eU9RcdV8cIVUfBgcmUkT/8E
YDMZeyWrPLISl3ADGhwt7WNMpQHtmK8W2Yus00PxQGLg7OLaKWurSu+ynNvgz6y8
GAPX62dLVv5Rc9YD8eedh85Mg0Dzq7mcinBpHmlFPsy3wQXASx3tWkRkj3F1qTDq
Qjx/KPqkVMGB+AdSvqfFV5Aearlo/UEFP0YpQgqhbtiG9hS6JeA=
=2xPv
-END PGP SIGNATURE-



    CHANGELOG for 9.3.0:


** Bug

    * [WICKET-6815] - Incorrect parsing of html attributes
    * [WICKET-6858] - Do not lower case the session cookie name
    * [WICKET-6860] - ConcatBundleResource double scope processing when 
CssUrlReplacer is used
    * [WICKET-6863] - Method Component.setVisibilityAllowed should call 
onVisibleStateChanged()

    * [WICKET-6865] - JS Error on keyup in AutoCompleteTextField
    * [WICKET-6867] - AutoComplete list don't choose any item, if click 
took more then 500 ms
    * [WICKET-6868] - UploadProcessBar doesn't work anymore with 
AjaxFormSubmitBehaviour("change") out of the box

    * [WICKET-6869] - StalePageException does not refresh page
    * [WICKET-6871] - Exception with nested AjaxLazyLoadPanel
    * [WICKET-6872] - CSPDirective is missing worker-src

** Improvement

    * [WICKET-6859] - Deprecate 
WebSocketAwareCsrfPreventionRequestCycleListener
    * [WICKET-6864] - Avoid hardcoded salt and insuffcient interation 
length in creating PBE


** Task

    * [WICKET-6873] - Upgrade jQuery to 3.6.0



CVE-2021-28657: Infinite loop in Apache Tika's MP3 parser

2021-03-30 Thread Tim Allison
Description:

A carefully crafted or corrupt file may trigger an infinite loop in
Tika's MP3Parser up to and including Tika 1.25. Apache Tika users
should upgrade to 1.26 or later.

Mitigation:

Users should upgrade to 1.26 or later.

Credit:

Apache Tika would like to thank Khaled Nassar for reporting this issue.