The Apache Software Foundation

The Apache Software Foundation and the Apache Portable Runtime Project are proud to announce the General Availability of version 1.3.6 of the APR Apache Portable Runtime library, and version 1.3.8 of the companion APR-util Apache Portable Utility library.

  The corresponding version 1.2.1 of the companion APR-iconv library, an alternative portable implementation of the 'iconv' library, remains current.

  APR is available for download from:

    http://apr.apache.org/download.cgi

  This version of APR is a primarily a bug fix release, including fixes for specific platforms' configuration, feature detection, and run time behavior.  Most developers and users are encouraged to adopt the latest APR 1.x version to ensure the most comprehensive support and access to the latest features and enhancements.

  Note that the APR-util library release 1.3.7 introduced security fixes, users of prior versions are strongly cautioned to upgrade to a later release.

  The mission of the Apache Portable Runtime Project is to create and maintain software libraries that provide a predictable and consistent interface to underlying platform-specific implementations. The primary goal is to provide an API to which software developers may code and be assured of predictable if not identical behavior regardless of the platform on which their software is built, relieving them of the need to code special-case conditions to work around or take advantage of platform-specific deficiencies or features.

  APR and its companion libraries are implemented entirely in C and provide a common programming interface across a wide variety of operating system platforms without sacrificing performance.
  Currently supported platforms include:

    UNIX variants
    Windows
    Netware
    Mac OS X
    OS/2

  To give a brief overview, the primary core subsystems of APR 1.3 include the following:

    Atomic operations
    Dynamic Shared Object loading
    File I/O
    Locks (mutexes, condition variables, etc)
    Memory management (high performance allocators)
    Memory-mapped files
    Multicast Sockets
    Network I/O
    Shared memory
    Thread and Process management
    Various data structures (tables, hashes, priority queues, etc)

  For a more complete list, please refer to the following URLs:

    http://apr.apache.org/docs/apr/modules.html
    http://apr.apache.org/docs/apr-util/modules.html

  Users of APR 0.9 should be aware that migrating to the APR 1.x programming interfaces may require some adjustments; APR 1.x is neither source nor binary compatible with earlier APR 0.9 releases.
  Users of APR 1.x can expect consistent interfaces and binary backwards compatibility throughout the entire APR 1.x release cycle, as defined in our versioning rules:

    http://apr.apache.org/versioning.html

  APR is already used extensively by the Apache HTTP Server version 2 and the Subversion revision control system, to name but a few.  We list all known projects using APR at   http://apr.apache.org/projects.html -- so please let us know
  if you find our libraries useful in your own projects!

Maven팀에서 Maven 2.2.0을 릴리즈 하였습니다.

Maven은 소프트웨어 프로젝트 관리를 포괄적으로 할 수 있는 툴로써, 사용자들에게 프로젝트 바이너리를 빌드할 수 있도록 해주며, 프로젝트 웹사이트 등도 생성할 수 있도록 해줍니다.

릴리즈 노트 - Maven 2 - Version 2.2.0

[서브테스크]

• document escape character for curly braces in clear-text passwords for settings.xml password security
• switch to released versions of plexus-sec-dispatcher (and by ext. plexus-cipher) once they're available

[버그]

• Wrong execution order of plugins in same phase
• Plugin parameters must be specified outside an execution block when they are invoked from the command line
• cannot resolve dependency with scope import
• Namespace misspelled in settings.xml
• cyclic reference with 2.1.0-RC1 that doesn't occur with 2.0.10
• Encryption is triggered if passwords merely contain curly braces
• [regression] Properties defined in profiles.xml of parent are not inherited during multimodule build
• NPE in DefaultLIfecycleExecutor when run from within Hudson builds
• Properties incorrectly replaced in pom
• password security doesn't work with custom password providers
• very long passwords cause LightweightHTTP wagon to line-wrap the Base64-encoded Authorization header
• http session cookies rejected with non-lightweight http wagon (maybe with lightweight one too)
• Problem parsing command-line options in release:perform
• version-expression transformation interferes with plugins like GPG
• String index out of range: 43807
• [regression] Artifact download hangs upon transfer failure
• [regression] maven2.1 fails with cyclic dependency in case of extension/dependency for report-plugin to reactor-project
• Plugins that use ArtifactResolver with http repositories AND depend on log4j run into ExceptionInInitializerError
• preemptive auth in non-lightweight http wagon causes Unauthorized responses from some servers
• update plexus-utils to avoid leaking processes in CommandLineUtils.getSystemEnvars()

[개선]

• Cross module dependencies for multi-module site
• maven should execute compiler:compile and:test-compile in separate executions, to allow separate configuration
• Improve error message when dependency with classifier is missing version
• Remove log4j configuration warning

[태스크]

• Update Java requirement to 1.5
• Remove invocation of maven-plugin-plugin:updatePluginRegistry from default lifecycle bindings

[희망사항]

• avoid the schema location in generated maven-metadata*.xml

감사합니다.

-The Maven팀

--
John Casey
Developer, PMC Member - Apache Maven (http://maven.apache.org)
Blog: http://www.ejlife.net/blogs/buildchimp/

Maven팀에서 Maven Wagon 버전 1.0-beta-6을 릴리즈 하였습니다.

Wagon은 프락시와 인증 등을 원하는 리모트 소스의 various 타입의 파일을 검색하기위한 API입니다.

릴리즈노트 - Maven Wagon - 버전 1.0-beta-6

[버그]

• Wagon HTTP Deadlocks under high load
• preemptive auth in non-lightweight http wagon causes Unauthorized responses from some servers

[개선]

• compressed tarball download problems
• Allow configuration of httpclient to change cookie policy, other options
• Provide configurability of httpclient parameters to allow user to tell Maven to ignore cookies

감사합니다.

-The Maven team

--
John Casey
Developer, PMC Member - Apache Maven (http://maven.apache.org)
Blog: http://www.ejlife.net/blogs/buildchimp/

Apache Tomcat팀에서 Tomcat 4.1.40 안정화(stable) 빌드를 발표했습니다.
이 빌드는 중요한 2가지, 3가지의 낮은 심각성을 가진 보안 수정과 약간의 버그 수정을 포함하고 있습니다.
자세한 변경 사항은 릴리즈 노트를 참조하시기 바랍니다.

Apache Tomcat 4은 Java Server Pages 1.2와 Java Servlet 2.3 규약을 지원합니다.
하지만 Apache Tomcat 4.1.40은 4.1.x 시리즈의 마지막 릴리즈가 될 공산이 큽니다. 그러므로 앞으로 보안상 문제가 있는 Apache Tomcat이 보고되면, 4.1.x 시리즈에서 이 문제가 발생하더라도 업그레이드가 되지 않을 것입니다. 
따라서, 사용자들께서 현재 4.1.x 시리즈를 사용하고 계신다면, 안정적인 릴리즈인 6.0.x시리즈나 6.0.20릴리즈로 업그레이드 하시길 강력하게 권고합니다.

모든 Apache Tomcat 릴리즈는 Apache archives에서 항상 다운로드 받으실 수 있습니다.
다운로드: http://tomcat.apache.org/download-41.cgi
보안정보 : http://tomcat.apache.org/security-4.html

Apache Tomcat 팀

Cryptographic software notice
=============================

This distribution includes cryptographic software.  The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software.  BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.  See <http://www.wassenaar.org/> for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms.  The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

The following provides more details on the included cryptographic software:
 - Tomcat includes code designed to work with JSSE
 - Tomcat includes code designed to work with OpenSSL

Apache JAMES 팀에서 Apache jSPF version 0.9.7을 릴리즈하였습니다.
Apache jSPF는 순수 Java로 구현된 발신자 정책 프레임웍 (SPF, Sender Policy Framework)입니다.
Apache jSPF 0.9.7은 아래와 같이 버그수정/변경이 되었습니다.


버그

• Race condition in dnsjnio require upgrade as soon as it will be available
• Possible racing issue in StagedMultipleSPFExecutor or dnsjnio
• Incorrect macro explansion for %- and %_
• $ in mail address causes java.lang.IllegalArgumentException: Illegal group reference
• Parsing errors for TXT records

개선

• Build Improvements
• Tester Packaging
• OGSi Enable

새로운 기능

• Allow use of costum Resolver

태스크

• Update dnsjava to 2.0.6
• mvn package should also create the src distribution including the whole source tree.
• Upgrade dnsjnio to 1.0.2

희망사항

• Make jSPF a multimodule project

이 배포본은 아래의 다운로드 페이지에서 받으실 수 있습니다.
- http://james.apache.org/download.cgi

자세한 Apache jSP관련 정보를 알고싶으시면, Apache JAMES 홈페이지를 방문하세요.
project site: http://james.apache.org/jspf

감사합니다.
Norman