You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@river.apache.org by Peter <ji...@zeus.net.au> on 2017/12/01 05:42:51 UTC

[Report] Apache River - Draft

Hi River folks,

Draft board report for November, postponed until December.

Regards,

Peter.

<===========================================================>

## Description:

  - Apache River provides a platform for dynamic discovery and lookup 
search of network services.  Services may be implemented in a number of 
languages, while clients are required to be jvm based, to allow proxy 
jvm byte code to be provisioned dynamically.

## Issues:

  No significant issues requiring board attention at this time.

## Activity:

  Minimal activity at present.

- Planned relase map:

Release roadmap:
>
>  River 3.0.1 - thread leak fix
>  River 3.1 - Modular build restructure (&  binary release)
>  River 3.2 - Input validation 4 Serialization, delayed unmarshalling&  safe ServiceRegistrar  lookup service.
>  River 3.3 - OSGi support

## Health report:

  - Minimal activity at present on dev.
  - No recent commit activity, but there are plans for more work in near 
future.

  - Future Direction:

    * Target IOT space with support for OSGi and IPv6 (security fixes 
required prior to announcement)
    * Input validation for java deserialization - prevents DOS and
      Gadget attacks.
    * IPv6 Multicast Service Discovery (River currently only support
      IPv4 multicast discovery).
    * Delayed unmarshalling for Service Lookup and Discovery (includes
      SafeServiceRegistrar mentioned in release roadmap), so
      authentication can occur prior to downloading service proxy's,
      this addresses a long standing security issue with service lookup
      while significantly improving performance under some use cases.
    * Security fixes for SSL endpoints, updated to TLS v1.2 with removal
      of support for insecure cyphers.
    * Maven build to replace existing ant built that uses
      classdepandjar, a bytecode dependency analysis build tool.

## PMC changes:

  - Currently 12 PMC members.
  - One new PMC members added in the last 3 months
  - Last PMC addition was Dan Rollo on Fri 1st December 2017

## Committer base changes:

  - Currently 16 committers.

## Releases:

  - River-3.0.0 was released on Wed Oct 05 2016

## Mailing list activity:

  - Relatively quiet in comparison to recent months, however this 
appears as a result of reaching concensus after a period of discussion.

## JIRA activity:

- Nil Activity this period.