You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lh...@apache.org on 2010/11/03 22:43:26 UTC
svn commit: r1030706 - /shiro/board/2010-11.txt
Author: lhazlewood
Date: Wed Nov 3 21:43:26 2010
New Revision: 1030706
URL: http://svn.apache.org/viewvc?rev=1030706&view=rev
Log:
Initial draft for 2010 November board report
Added:
shiro/board/2010-11.txt
Added: shiro/board/2010-11.txt
URL: http://svn.apache.org/viewvc/shiro/board/2010-11.txt?rev=1030706&view=auto
==============================================================================
--- shiro/board/2010-11.txt (added)
+++ shiro/board/2010-11.txt Wed Nov 3 21:43:26 2010
@@ -0,0 +1,31 @@
+2010 November - Board report for Apache Shiro
+
+Shiro is a powerful and flexible open-source application security framework
+that cleanly handles authentication, authorization, enterprise session
+management and cryptography.
+
+We have no issues that require Board assistance at this time.
+
+Releases:
+- We are proud to announce that we have made our first release as a
+ TLP, Apache Shiro version 1.1.0 on November 1st, 2010.
+
+Community & Project:
+ - No new committers or PMC members
+ - Community interaction and user list traffic has grown significantly
+ since becoming a TLP, with over 400 emails on the user and dev
+ mailing lists last month. This is more than double the average
+ monthly traffic we had while in incubation, showing
+ continued growth and a healthy community as a TLP.
+ - We experienced our first security vulnerability CVE issue. It wasn't
+ handled as appropriately as it should have, with the issue becoming
+ public (in a roundabout way) before it should have been made known.
+ We dealt with the issue, fixed the source code, and very shortly
+ thereafter released version 1.1.0. This was a bit difficult as this
+ CVE issue overlapped with the other issues required for 1.1 and because
+ we had not yet released a TLP version, we couldn't simply create a
+ point release and just 'get it out the door' quickly. Instead we
+ needed to coordinate the fix in the context of our first TLP
+ release, which was a little more challenging. In any event,
+ it was a great learning experience, and we are confident any
+ further CVE issues will be handled appropriately.
\ No newline at end of file