You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lh...@apache.org on 2010/11/03 22:43:26 UTC

svn commit: r1030706 - /shiro/board/2010-11.txt

Author: lhazlewood
Date: Wed Nov  3 21:43:26 2010
New Revision: 1030706

URL: http://svn.apache.org/viewvc?rev=1030706&view=rev
Log:
Initial draft for 2010 November board report

Added:
    shiro/board/2010-11.txt

Added: shiro/board/2010-11.txt
URL: http://svn.apache.org/viewvc/shiro/board/2010-11.txt?rev=1030706&view=auto
==============================================================================
--- shiro/board/2010-11.txt (added)
+++ shiro/board/2010-11.txt Wed Nov  3 21:43:26 2010
@@ -0,0 +1,31 @@
+2010 November - Board report for Apache Shiro
+
+Shiro is a powerful and flexible open-source application security framework
+that cleanly handles authentication, authorization, enterprise session
+management and cryptography.
+
+We have no issues that require Board assistance at this time.
+
+Releases:
+- We are proud to announce that we have made our first release as a
+  TLP, Apache Shiro version 1.1.0 on November 1st, 2010.
+
+Community & Project:
+ - No new committers or PMC members
+ - Community interaction and user list traffic has grown significantly
+   since becoming a TLP, with over 400 emails on the user and dev
+   mailing lists last month.  This is more than double the average
+   monthly traffic we had while in incubation, showing
+   continued growth and a healthy community as a TLP.
+ - We experienced our first security vulnerability CVE issue.  It wasn't
+   handled as appropriately as it should have, with the issue becoming
+   public (in a roundabout way) before it should have been made known.
+   We dealt with the issue, fixed the source code, and very shortly
+   thereafter released version 1.1.0.  This was a bit difficult as this
+   CVE issue overlapped with the other issues required for 1.1 and because
+   we had not yet released a TLP version, we couldn't simply create a
+   point release and just 'get it out the door' quickly.  Instead we
+   needed to coordinate the fix in the context of our first TLP
+   release, which was a little more challenging.  In any event,
+   it was a great learning experience, and we are confident any
+   further CVE issues will be handled appropriately.
\ No newline at end of file