You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Les Hazlewood <lh...@apache.org> on 2010/11/03 22:45:08 UTC
November Board Report
Hi team,
During our first 3 months as a TLP, we are required to report to the
board monthly. The board has called for November reports. I've
committed a draft to SVN and included it here for your review. Please
recommend any adjustments as necessary. If I don't hear of any edits,
I'll submit it to the board sometime this weekend (to allow time for
review)
Thanks,
Les
------
2010 November - Board report for Apache Shiro
Shiro is a powerful and flexible open-source application security framework
that cleanly handles authentication, authorization, enterprise session
management and cryptography.
We have no issues that require Board assistance at this time.
Releases:
- We are proud to announce that we have made our first release as a
TLP, Apache Shiro version 1.1.0 on November 1st, 2010.
Community & Project:
- No new committers or PMC members
- Community interaction and user list traffic has grown significantly
since becoming a TLP, with over 400 emails on the user and dev
mailing lists last month. This is more than double the average
monthly traffic we had while in incubation, showing
continued growth and a healthy community as a TLP.
- We experienced our first security vulnerability CVE issue. It wasn't
handled as appropriately as it should have, with the issue becoming
public (in a roundabout way) before it should have been made known.
We dealt with the issue, fixed the source code, and very shortly
thereafter released version 1.1.0. This was a bit difficult as this
CVE issue overlapped with the other issues required for 1.1 and because
we had not yet released a TLP version, we couldn't simply create a
point release and just 'get it out the door' quickly. Instead we
needed to coordinate the fix in the context of our first TLP
release, which was a little more challenging. In any event,
it was a great learning experience, and we are confident any
further CVE issues will be handled appropriately.