Hi all, thanks for the project update notes. Below is the report I submitted to the board. Please let me know of any errors or missing parts.
thanks, bryan ================================================ ## Description: The mission of the Apache DB project is to create and maintain commercial-quality, open-source, database solutions based on software licensed to the Foundation, for distribution at no charge to the public. The Apache DB TLP consists of the following subprojects: o Derby : a relational database implemented entirely in Java. o JDO : focused on building the API and the TCK for compatibility testing of Java Data Object implementations providing data persistence. o Torque : an object-relational mapper for Java. ## Project Status: Current project status: Ongoing, with moderate activity Issues for the board: none ## Membership Data: Apache DB was founded 2002-07-16 (22 years ago) There are currently 48 committers and 45 PMC members in this project. The Committer-to-PMC ratio is roughly 1:1. Community changes, past quarter: - No new PMC members. Last addition was Tobias Bouschen on 2023-08-27. - No new committers. Last addition was Max Philipp Wriedt on 2023-04-14. ## Project Activity: Several security issues were brought to the DB project's attention this quarter, and were addressed by various community members: - JDO community addressed an XSS vulnerability in the project's old archived Javadocs by removing the no-longer-required Javadocs from the project website. - DB community addressed an XSS vulnerability in the (retired) ddlutils Javadocs by removing the no-longer-required Javadocs from the project website. - Derby community examined an arbitrary file write vulnerability in the Derby client libraries and determined that it was best addressed via a combination of - documentation of the requirement for users to use this particular log-tracing feature with care, - and notice to known clients. Apache security team assisted with the resolution of these security issues and we are grateful as always for their prompt and thorough help! Torque team are readying a new release and discussing whether it should be classified as a minor release or a major release based on its changes. It would probably become either release 5.2 or 6.0, depending on the outcome of the discussions. Derby team have been verifying Derby compatibility with JDKs 21 and 22. No new problems have been revealed. JDO team have been investigating several issues uncovered by runs of the TCK. ## Community Health: DB project health was good over the winter. All the project teams were actively discussing development issues and working on fixes and enhancements. --------------------------------------------------------------------- To unsubscribe, e-mail: torque-dev-unsubscr...@db.apache.org For additional commands, e-mail: torque-dev-h...@db.apache.org