This was extracted (@ 2024-12-18 21:10) from a list of minutes
which have been approved by the Board.
Please Note
The Board typically approves the minutes of the previous meeting at the
beginning of every Board meeting; therefore, the list below does not
normally contain details from the minutes of the most recent Board meeting.
WARNING: these pages may omit some original contents of the minutes.
Meeting times vary, the exact schedule is available to ASF Members and Officers, search for "calendar" in the Foundation's private index page (svn:foundation/private-index.html).
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java ## Project Status: Current project status: The Java project is actively maintained and PRs are getting merged and releases made. Issues for the board: Nothing to report ## Membership Data: Apache Santuario was founded 2006-06-27 (18 years ago) There are currently 18 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Joze Rihtarsic on 2024-05-14. ## Project Activity: Version 4.0.3 and 3.0.5 of the Apache XML Security for Java library were released late in the quarter, containing a mixture of bug fixes and new features. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java ## Project Status: Current project status: The Java project is actively maintained and PRs are getting merged and releases made. The C++ project was retired since the last board report (it was mentioned in the previous report that a vote had passed to retire it). ## Membership Data: Apache Santuario was founded 2006-06-27 (18 years ago) There are currently 18 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Joze Rihtarsic on 2024-05-14. ## Project Activity: It was a quiet quarter for the project, apart from the task of archiving the C++ project. A Java release is almost ready, once some failing tests are fixed in downstream projects. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Project Status: Current project status: The Java project is actively maintained and PRs are getting merged and releases made. Since the previous report, the Santuario PMC voted to retire the C++ project, as it was being maintained only by one person for a long time, and they indicated a preference not to maintain the full project any more. ## Membership Data: Apache Santuario was founded 2006-06-27 (18 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: Apart from archiving the C++ project, we have voted to accept a new committer to the project. We are busy merging PRs and bug fixes and will release these soon in a new release. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Project Status: Current project status: The Java project is actively maintained and PRs are getting merged and releases made. The C++ project is in a dormant state. There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (18 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: There was one release over the last quarter: - Apache Santuario - XML Security for Java 4.0.1 was released on 2023-11-28. This was a bugfix release to fix a single bug with a security provider. Support was added for ECDH-ES support by a contributor and we expect to release that over the next month or so. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Project Status: Current project status: The Java project is actively maintained and PRs are getting merged and releases made. The C++ project is in a dormant state. There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (17 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: Recent releases: Apache Santuario - XML Security for Java 2.2.6 was released on 2023-10-19. Apache Santuario - XML Security for Java 2.3.4 was released on 2023-10-19. Apache Santuario - XML Security for Java 3.0.3 was released on 2023-10-19. Apache Santuario - XML Security for Java 4.0.0 was released on 2023-10-19. We did a bunch of Java releases over the last quarter. A security advisory has been fixed in these releases: CVE-2023-44483: Apache Santuario: Private Key disclosure in debug-log output A new major version of the Java library was also released which featured extensive code refactoring, requiring Java 11, and using the Java System logger. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Project Status: Current project status: The Java project is actively maintained and PRs are getting merged and releases made. The C++ project is in a dormant state. There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (17 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: Two new releases were made over the last quarter: a bugfix release on the 2.2.x branch as well as a milestone release of a new major version. We took action based on the last board report feedback to remove a few people from the private mailing list that weren't on the PMC any more. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC
No report was submitted.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (17 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: Two new releases took place over the last quarter - Apache Santuario, XML Security for Java 3.0.2/2.3.3, which released a new contribution to add support for EdDSA signature algorithms. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (17 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: The last releases were: - Apache Santuario - XML Security C++ 2.0.4 was released on 2021-11-04. - Apache Santuario - XML Security for Java 3.0.1/2.3.2 were released on 2022-09-16. Over the last quarter we put some effort into improving the OpenSSF scorecards score for the (Java) project. We got Jenkins building dependabot PRs with the help of Infra. We also merged a new nice contribution to support EdDSA signature algorithms, that we will release over the next quarter. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (16 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: The last releases were: - Apache Santuario - XML Security C++ 2.0.4 was released on 2021-11-04. - Apache Santuario - XML Security for Java 3.0.1/2.3.2 were released on 2022-09-16. There were two new releases in the last quarter as above. The main feature was to remove Apache Xalan as a dependency as it has been retired. Apart from this some effort has gone into getting builds up and running on Jenkins again after a hiatus, and implementing the OpenSSF Scorecard GitHub Action and trying to fix issues that were identified. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (16 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: The last releases were: Apache Santuario - XML Security C++ 2.0.4 was released on 2021-11-04. Apache Santuario - XML Security for Java 3.0.0/2.3.1/2.2.4/2.1.8 were released on 2022-05-03. It was a quiet quarter, a couple of pull requests were merged and some dependency updates made. We will probably release another minor Java version in the next quarter. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (16 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: The last releases were: Apache Santuario - XML Security C++ 2.0.4 was released on 2021-11-04. Apache Santuario - XML Security for Java 3.0.0/2.3.1/2.2.4/2.1.8 were released on 2022-05-03. A full round of the Java library releases were done in the last quarter. 3.0.0 is a new major release of the library that contains a change to the jakarta JAXB namespace for the streaming library. 2.1.8 is the last planned release of 2.1.x. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
No report was submitted.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (16 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: The last releases were: Apache Santuario - XML Security C++ 2.0.4 was released on 2021-11-04. Apache Santuario - XML Security for Java 2.3.0 was released on 2021-11-01. There was little project activity since the last report. We plan to get a new major release of the Java library out over the next quarter, due to the demand for switching to the Jakarta JAXB package names. We worked with INFRA to make our confluence-based website work, following the shutdown of the old service. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (15 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: It was a busy quarter for the project in terms of releases. Versions 2.2.3 and 2.1.7 of the Java library were released in September, which contained a fix for a CVE (CVE-2021-40690). A new major version of the Java library (2.3.0) was released in November containing some enhancements as well as making some of the settings more secure by default. There was some discussion on the mailing list about getting a 2.4.0 release out early next year, due to the demand for switching to the Jakarta JAXB package names. Versions 2.0.3 and 2.0.4 of the C++ library were also released, which added support for OpenSSL 3.0.0. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
No report was submitted.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (15 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: It was a very quiet quarter with no new releases and little project activity. We anticipate a release of the Java library next quarter to fix some bugs. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (15 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: There was one new release over the last quarter - Apache Santuario - XML Security for Java 2.2.2. This was a bug-fix release. Apart from this it was a quiet quarter. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (15 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: There were two new bug-fix releases of the Apache Santuario - XML Security for Java library over the last quarter - 2.2.1 + 2.1.6. We have a few issues fixed for a 2.3.0 release which we will release later in 2021. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (14 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: There were no releases over the last quarter. We anticipate releasing version 2.2.1 of the Java library before the end of the year. We integrating Google code scanning over the last quarter and fixed a few issues it showed. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (14 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: There was one release over the previous quarter - version 2.2.0 of the Apache Santuario - XML Security for Java library. This was a new major release that was some time in the making. Since then we have had fixes for three issues applied that were contributed to the project. A 2.2.1 release will probably happen before the end of the year. The Java project has completed a move to GIT, the C++ project remains on SVN. We have also migrated our build jobs to the new Jenkins instance. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (14 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. Some discussion is taking place about adding a new contributor. ## Project Activity: There was one new release over the last quarter - version 2.1.5 of the Java library was released. This was a minor bug fix release, which included some contributions from the community, which was very welcome. Work has continued on a new major Java library release, this will be released over the next month or so. Work is ongoing on refactoring and adding test cases to improve code coverage. There are also some contributions coming in for new features from the community. We have filed a JIRA with INFRA to migrate the Java project to git, so hopefully this will happen soon. Recent releases: Apache Santuario - XML Security for Java 2.1.5 was released on 2019-03-13. Apache Santuario XML-Security C++ 2.0.2 was released on 2018-11-02. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (14 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: There were no releases over the last quarter. A new contributor has raised several issues and submitted pull requests, so we anticipate geting a new minor Java release out within a month for these fixes. Work continued on a new major Java release. We also anticipate this over the next quarter. We discussed again the possibility of moving to GIT - there were no objections, so we anticipate doing this over the next quarter. Recent releases: Apache Santuario - XML Security for Java 2.1.4 was released on 2019-07-20. Apache Santuario - XML Security for Java 2.1.3 was released on 2019-03-29. Apache Santuario XML-Security C++ 2.0.2 was released on 2018-11-02. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (13 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: There were no releases over the last quarter. 4 JIRA issues were resolved for the next minor Java release, so we will probably get this release done over the next quarter. There was some initial discussion on the project about moving to git. We will revive this discussion shortly, and anticipate making the switch over the next quarter. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: The mission of Santuario is the creation and maintenance of software related to XML Security in Java and C++ ## Issues: There are no issues requiring board attention. ## Membership Data: Apache Santuario was founded 2006-06-27 (13 years ago) There are currently 17 committers and 7 PMC members in this project. The Committer-to-PMC ratio is roughly 9:4. Community changes, past quarter: - No new PMC members. Last addition was Daniel Kulp on 2018-10-01. - No new committers. Last addition was Daniel Kulp on 2018-10-01. ## Project Activity: There was one new release over the last quarter - Apache Santuario - XML Security for Java 2.1.4 was released on 2019-07-20. This release fixed a few bugs and included a fix for a security issue which will be published shortly. ## Community Health: Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC.
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification. ## Issues: - There are no issues requiring board attention at this time. ## Activity: - There was one new release over the last quarter - Apache Santuario XML Security for Java 2.1.3. This was our first Java release in 9 months, and so it contained a number of bug fixes. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. ## PMC changes: - Currently 7 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Daniel Kulp on Mon Oct 01 2018 ## Committer base changes: - Currently 17 committers. - No new committers added in the last 3 months - Last committer addition was Daniel Kulp at Mon Oct 01 2018 ## Releases: - Apache Santuario - XML Security for Java 2.1.3 was released on Fri Mar 29 2019 ## JIRA activity: - 3 JIRA tickets created in the last 3 months - 6 JIRA tickets closed/resolved in the last 3 months
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification. ## Issues: - There are no issues requiring board attention at this time. ## Activity: - There were no releases over the last quarter. Some ongoing work is taking place on a new major release for the Java library. We expect to get some releases done over the next quarter. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. ## PMC changes: - Currently 7 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Daniel Kulp on Mon Oct 01 2018 ## Committer base changes: - Currently 17 committers. - No new committers added in the last 3 months - Last committer addition was Daniel Kulp at Mon Oct 01 2018 ## Releases: - Last release was Apache Santuario XML-Security C++ 2.0.2 on Fri Nov 02 2018 ## JIRA activity: - 3 JIRA tickets created in the last 3 months - 2 JIRA tickets closed/resolved in the last 3 months
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification. ## Issues: - There are no issues requiring board attention at this time. ## Activity: - There was one new release over the last quarter. Version 2.0.2 of the XML Security for C++ project was released. This patch corrects a bug that can cause crashes in upstream applications. Some ongoing work has also taken place on a new major release of the Java library, which is expected in a few weeks. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. We added the first new committer and PMC member in many years over the last quarter (Dan Kulp). ## PMC changes: - Currently 7 PMC members. - Daniel Kulp was added to the PMC on Mon Oct 01 2018 ## Committer base changes: - Currently 17 committers. - Daniel Kulp was added as a committer on Mon Oct 01 2018 ## Releases: - Apache Santuario XML-Security C++ 2.0.2 was released on Fri Nov 02 2018 ## JIRA activity: - 6 JIRA tickets created in the last 3 months - 5 JIRA tickets closed/resolved in the last 3 months
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification. ## Issues: - There are no issues requiring board attention at this time. ## Activity: - There were three new releases over the last quarter. Version 2.1.2 of the XML Security for Java project was released. This contained a number of bug fixes as well as some enhancements to get the streaming XML Security code working with MTOM. There were two new releases of the XML Security for C++ project. Version 2.0.0 was a new major version of the library. A user reported a potential denial of service attack which was then fixed and released as version 2.0.1. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. Some discussion has taken place on the private mailing list to bring some new members onto the PMC. We expect further action on this over the coming quarter. ## PMC changes: - Currently 6 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Marc Giger on Wed Apr 03 2013 ## Committer base changes: - Currently 16 committers. - No new changes to the committer base since last report. - Last committer addition was Marc Giger in July 2012. ## Releases: - Apache Santuario - XML Security for Java 2.1.2 was released on Tue Jun 12 2018 - Apache Santuario XML-Security C++ 2.0.0 was released on Tue Jun 26 2018 - Apache Santuario XML-Security C++ 2.0.1 was released on Thu Aug 02 2018 ## JIRA activity: - 6 JIRA tickets created in the last 3 months - 7 JIRA tickets closed/resolved in the last 3 months
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification. ## Issues: - There are no issues requiring board attention at this time. ## Activity: - Work continued on a few issues for the XML Security for Java project. A performance issue spotted by a user was fixed. An issue with including newline characters in BASE-64 encoded output was also fixed, which was causing interop problems with other stacks. The single biggest chunk of work was in modifying the StAX-based XML Security implementation to work with MTOM-enabled web services. Finally, some work was done to get the current trunk code working with Java 10. A new 2.1.2 release with these fixes is expected in the next quarter. The XML Security for C++ library was also under active development over the last quarter. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. Right now there are no obvious potential new committers for the project. ## PMC changes: - Currently 6 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Marc Giger on Wed Apr 03 2013 ## Committer base changes: - Currently 16 committers. - No new changes to the committer base since last report. - Last committer addition was Marc Giger in July 2012. ## Releases: - Last release was Apache Santuario XML Security for Java 2.0.10 on Fri Jan 26 2018 ## JIRA activity: - 4 JIRA tickets created in the last 3 months - 3 JIRA tickets closed/resolved in the last 3 months
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification. ## Issues: - There are no issues requiring board attention at this time ## Activity: - There were two new releases over the last quarter of the Apache Santuario XML Security for Java project, 2.0.10 and 2.1.1. These were both minor bug fix releases with some additional support for some new signing algorithms. There were a number of commits for the C++ library in preparation of a new release. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. Right now there are no obvious potential new committers for the project. ## PMC changes: - Currently 6 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Marc Giger on Wed Apr 03 2013 ## Committer base changes: - Currently 16 committers. - No new changes to the committer base since last report. - Last committer addition was Marc Giger in July 2012. ## Releases: - Apache Santuario XML Security for Java 2.0.10 was released on Fri Jan 26 2018 - Apache Santuario XML Security for Java 2.1.1 was released on Fri Jan 26 2018 ## JIRA activity: - 1 JIRA tickets created in the last 3 months - 5 JIRA tickets closed/resolved in the last 3 months
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification ## Issues: - There are no issues requiring board attention at this time ## Activity: - There were two new releases over the last quarter of the Apache Santuario XML Security for Java project. 2.0.9 was a minor bug fix release, albeit with an important bug fix when deploying the library in the Google App Engine. 2.1.0 was a new major release with support for JDK 9. A new release of the C++ library is expected in the next quarter. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. Right now there are no obvious potential new committers for the project. ## PMC changes: - Currently 6 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Marc Giger on Wed Apr 03 2013 ## Committer base changes: - Currently 16 committers. - No new changes to the committer base since last report. - Last committer addition was Marc Giger in July 2012 ## Releases: - Apache Santuario XML Security for Java 2.0.9 was released on Mon Aug 28 2017 - Apache Santuario XML Security for Java 2.1.0 was released on Mon Aug 28 2017 ## JIRA activity: - 14 JIRA tickets created in the last 3 months - 18 JIRA tickets closed/resolved in the last 3 months
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification ## Issues: - There are no issues requiring board attention at this time ## Activity: - It was a quiet quarter for the project with no new releases. A couple of user bugs were reported and fixed. More work was done to get the Java library working with Java 9. A discussion was initiated on the mailing list to release a new major release (2.1.0) supporting Java 9 - work on getting this release out will start shortly. Over the next quarter it is planned to release V1.8 of the C++ library to add OpenSSL 1.1 support. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. Right now there are no obvious potential new committers for the project. ## PMC changes: - Currently 6 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Marc Giger on Wed Apr 03 2013 ## Committer base changes: - Currently 16 committers. - No new changes to the committer base since last report. - Last committer addition was Marc Giger in July 2012 ## Releases: - Last release was Apache Santuario XML Security for Java 2.0.8 on Mon Dec 05 2016 ## JIRA activity: - 3 JIRA tickets created in the last 3 months - 2 JIRA tickets closed/resolved in the last 3 months
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification ## Issues: - There are no issues requiring board attention at this time ## Activity: - There were no new releases over the last quarter. A user reported a documentation issue relating to thread safety that was fixed. As part of this some code refactoring was done to remove duplicate code from an area of the project. Some work was also done on getting the forthcoming 2.1.0 release of the Java library ready to work with Java 9. It is anticipated that 2.1.0 might be released over the next quarter, or possibly the quarter after that. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. Right now there are no obvious potential new committers for the project. We had a discussion on the private list about the future of the project. For now it appears the forthcoming Java 2.1.0 release might be the last major release in the foreseeable future, unless new contributions are made. We anticipate several more years at least of bug fixing maintenance however. ## PMC changes: - Currently 6 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Marc Giger on Wed Apr 03 2013 ## Committer base changes: - Currently 16 committers. - No new changes to the committer base since last report. - Last committer addition was Marc Giger in July 2012 ## Releases: - Last release was Apache Santuario XML Security for Java 2.0.8 on Mon Dec 05 2016 ## JIRA activity: - 2 JIRA tickets created in the last 3 months - 2 JIRA tickets closed/resolved in the last 3 months
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification ## Issues: - There are no issues requiring board attention at this time ## Activity: - There was one release over the last quarter - Apache Santuario XML Security for Java 2.0.8. This was a minor bug fix release. We have only had one issue fixed since the last release, so at this point we don't anticipate another release in the next quarter. An image was added to the Santuario web page pointing to the Apache "current event" to help promote ApacheCon. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. Right now there are no obvious potential new committers for the project. ## PMC changes: - Currently 6 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Marc Giger on Wed Apr 03 2013 ## Committer base changes: - Currently 16 committers. - No new changes to the committer base since last report. - Last committer addition was Marc Giger in July 2012 ## Releases: - Apache Santuario XML Security for Java 2.0.8 was released on Mon Dec 05 2016
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification ## Issues: - There are no issues requiring board attention at this time ## Activity: - The project team discussed the merits of a new major release for the Java project, namely so that we can introduce Java 7/8 features in the code (current release requires JDK 6). A consensus was reached that this would be a good idea, and so the master branch has been updated to 2.1.0-SNAPSHOT. Apart from this, a handful of user bugs were reported, some of which have been fixed at this point. A new minor release of the Java library will probably happen over the next quarter to include these fixes. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. Right now there are no obvious potential new committers for the project. ## PMC changes: - Currently 6 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Marc Giger on Wed Apr 03 2013 ## Committer base changes: - Currently 16 committers. - No new changes to the committer base since last report. - Last committer addition was Marc Giger in July 2012 ## Releases: - Last release was Apache Santuario XML Security for Java 2.0.7 on Fri Jun 17 2016 ## JIRA activity: - 8 JIRA tickets created in the last 3 months - 4 JIRA tickets closed/resolved in the last 3 months
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification ## Issues: - There are no issues requiring board attention at this time ## Activity: - There was one release of the Java library over the last quarter. It fixed some backwards compatiblity regressions, a BASE-64 encoding issue as well as another couple of minor issues. No other issues have cropped up since then, so no release is expected in the next quarter. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. Right now there are no obvious potential new committers for the project. ## PMC changes: - Currently 6 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Marc Giger on Wed Apr 03 2013 ## Committer base changes: - Currently 16 committers. - No new changes to the committer base since last report. - Last committer addition was Marc Giger in July 2012 ## Releases: - Apache Santuario XML Security for Java 2.0.7 was released on Fri Jun 17 2016. ## JIRA activity: - 9 JIRA tickets created in the last 3 months - 9 JIRA tickets closed/resolved in the last 3 months
## Description: - Library implementing XML Digital Signature Specification & XML Encryption Specification ## Issues: - There are no issues requiring board attention at this time ## Activity: - The C++ library remains in maintenance mode, but a Ubuntu packager provided a preliminary security review that resulted in some changes. The PMC is awaiting any further results from a fuzzing exercise that may result in more changes. In addition, solution files for Visual Studio 2014 have been provided and official support for that compiler is forthcoming. On the Java side, a user reported concerns about some backwards compatibility issues with recent releases. These issues have been substantively fixed and Clirr has been integrated into the project build cycle to avoid these kinds of problems cropping up again. A release will likely take place next quarter to address these issues. ## Health report: - Apache Santuario is a mature and stable project that has reached a point where not too many fixes are required, as it is a set of implementations of some specifications that are quite old now. It is actively managed by the PMC. Right now there are no obvious potential new committers for the project. ## PMC changes: - Currently 6 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Marc Giger on Wed Apr 03 2013 ## Committer base changes: - Currently 16 committers. - No new changes to the committer base since last report. - Last committer addition was Marc Giger in July 2012 ## Releases: - Last release was Apache XML Security for Java 2.0.6 on Mon Dec 07 2015 ## JIRA activity: - 4 JIRA tickets created in the last 3 months - 3 JIRA tickets closed/resolved in the last 3 months
## Description:
- Library implementing XML Digital Signature Specification & XML Encryption
Specification
## Issues:
- There are no issues requiring board attention at this time
## Activity:
- We had one new release over the last quarter - Apache Santuario XML Security
for Java 2.0.6. This was a minor bug fix release, primarily done to fix
some issues raised by a new user of the library.
## Health report:
- Apache Santuario is a mature and stable project that has reached a point
where not too many fixes are required, as it is a set of implementations of
some specifications that are quite old now. It is actively managed by the
PMC.
## PMC changes:
- Currently 6 PMC members.
- No new PMC members added in the last 3 months
- Last PMC addition was Marc Giger on Wed Apr 03 2013
## Committer base changes:
- Currently 16 committers.
- No new changes to the committer base since last report.
- Last committer addition was Marc Giger in July 2012
## Releases:
- Apache XML Security for Java 2.0.6 was released on Mon Dec 07 2015
## Mailing list activity:
- dev@santuario.apache.org:
- 250 subscribers (up 0 in the last 3 months):
- 23 emails sent to list (5 in previous quarter)
## JIRA activity:
- 5 JIRA tickets created in the last 3 months
- 6 JIRA tickets closed/resolved in the last 3 months
## Description:
Library implementing XML Digital Signature Specification & XML Encryption
Specification
## Issues:
There are no issues requiring board attention at this time
## Activity:
Project activity is very quiet. A few bugs have been fixed over the last
quarter that were reported by users. We will likely get a release out next
quarter to get these fixes out, plus anything else that is logged in the
meantime.
## Health report:
Apache Santuario is a mature and stable project that has reached a point
where not too many fixes are required, as it is a set of implementations of
some specifications that are quite old now. It is actively managed by the
PMC.
## PMC changes:
- Currently 6 PMC members.
- No new PMC members added in the last 3 months
- Last PMC addition was Marc Giger on Wed Apr 03 2013
## Committer base changes:
- Currently 16 committers.
- No new changes to the committer base since last report.
## Releases:
- Last release was Apache XML Security for Java 2.0.5 on Mon Jul 13 2015
## Mailing list activity:
- dev@santuario.apache.org:
- 250 subscribers (up 2 in the last 3 months):
- 6 emails sent to list (26 in previous quarter)
## Description:
Library implementing XML Digital Signature Specification & XML Encryption
Specification
## Activity:
- Version 2.0.5 of the Java library was released over the last quarter,
containing a few bug fixes. Following some discussion, we agreed to continue
to support the 1.5.x branch of the Java library until next year.
## Health report:
- Apache Santuario is a stable and mature project that is actively managed by
the PMC. However, project activity is rather quiet.
## Issues:
- There are no issues requiring board attention at this time
## LDAP committee group/Committership changes:
- Currently 16 committers and 6 LDAP committee group members.
- No new changes to the LDAP committee group or committership since last
report.
## Releases:
- Apache XML Security for Java 2.0.5 was released on Mon Jul 13 2015
## Mailing list activity:
- dev@santuario.apache.org:
- 248 subscribers (up 1 in the last 3 months):
- 23 emails sent to list (52 in previous quarter)
## Description:
Library implementing XML Digital Signature Specification & XML Encryption
Specification
## Activity:
- Over the last quarter, version 1.7.3 of the Apache XML Security for C++
library was released, fixing a number of bugs, including a major issue
involving ECDSA signature generation. Version 2.0.4 of the Java library was
also released. Project activity remains low but consistent.
## Issues:
- There are no issues requiring board attention at this time
## PMC/Committership changes:
- Currently 16 committers and 6 PMC members in the project.
- No new changes to the PMC or committership since last report.
## Releases:
- Apache XML Security for Java 2.0.4 was released on Mon Apr 20 2015
- Apache XML-Security C++ 1.7.3 was released on Sun Mar 15 2015
## Mailing list activity:
- dev@santuario.apache.org:
- 248 subscribers (up 2 in the last 3 months):
- 60 emails sent to list (37 in previous quarter)
@David: follow up with last PMC and committer additions.
The Apache Santuario project is aimed at providing implementation of security standards for XML. The PMC continues to actively manage the project, and there are no issues or concerns to report to the board at this time. There were two new bug-fix releases of the Apache XML Security for Java project over the last quarter, 2.0.3 and 1.5.8. There were 25 commits to the trunk branch of the Java project over the last quarter. Development on a patch release for the C++ library addressing a number of accumulated bug reports over the last year or two is complete, and the release should be completed some time in March. Last committer addition: Marc Giger, July 2012. Last PMC addition: Marc Giger, April 2013.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There was one new release of the Apache XML Security for Java project over the last quarter, 2.0.2. This was a minor release that fixes a couple of bugs with the streaming XML security code introduced in 2.0.0, and contains a few dependency upgrades. There were 21 commits to the trunk branch of the Java project in the last quarter - so fairly quiet, but issues continue to be logged + fixed. There are no issues or concerns to report to the board. Last committer addition: Marc Giger, July 2012. Last PMC addition: Marc Giger, April 2013.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There have been two new releases of the Apache XML Security for Java project over the last quarter, 2.0.1 and 1.5.7. These releases contained support for some new signature algorithms, performance fixes, a race condition fix along with various other minor fixes and improvements. Project activity is quiet but development is continuing all the time - there were 45 commits to the trunk branch of the Java project in the last quarter. The PMC remains active and engaged with the project, and so there are no issues or concerns to report to the board at this time. Last committer addition: Marc Giger, July 2012. Last PMC addition: Marc Giger, April 2013.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There was one new release in the last quarter. A new major version (2.0.0) of the Apache XML Security for Java project was released, after many months of development work. Nothing else to report, project activity remains quiet. Last committer addition: Marc Giger, July 2012. Last PMC addition: Marc Giger, April 2013.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There were three new releases of the Apache XML Security for Java project in the last quarter. Version 1.5.6 contained a minor bug fix, as well as a fix for security advisory CVE-2013-4517. In addition, there were two "beta" releases for the forthcoming 2.0.0 version of the Java project, 2_0_0-beta and 2_0_0-rc1. Release of the final version is anticipated in the next month. Last committer addition: Marc Giger, July 2012. Last PMC addition: Marc Giger, April 2013.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There were no new releases in the last quarter. However a new release of the Apache XML Security for Java project (1.5.6) is currently under vote and should be released shortly. This release contains a minor bug fix as well as a fix for security advisory, which will be released in due course. Last committer addition: Marc Giger, July 2012. Last PMC addition: Marc Giger, April 2013.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There were several new releases in the last quarter due to multiple security advisories. Security advisory CVE-2013-2172 has been issued for the Apache XML Security for Java project. Versions 1.4.8 and 1.5.5 (20th June) have been released, fixing this issue. Security advisories CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, and CVE-2013-2156 were fixed in Apache XML-Security for C++ 1.7.1 (18th June). Another vulnerability CVE-2013-2210 was subsequently found, and fixed in a 1.7.2 (26th June) release of the C++ library. Last committer addition: Marc Giger, July 2012. Last PMC addition: Marc Giger, April 2013.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There was one new release in the last quarter - version 1.5.4 of the XML Security for Java project was released on the 18th of March. This release was a minor bug fix release. Overall project activity was quiet, with some ongoing work on a new major 2.0 release of the XML Security for Java project. The svnpubsub migration was also completed during the last quarter. Santuario has added a new PMC member in the last quarter - Marc Giger.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There were no new releases during the last quarter. Overall project activity was quiet. The main development activity was focused on the forthcoming 2.0 release of the Java library, which will support a new streaming XML Security model. This work is mostly complete, and a release is expected in the next few months. The svnpubsub migration is not finished yet, but is almost complete. We are working with INFRA on finishing this task. No changes to the PMC or new committers in this quarter.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There was one new release during the last quarter. Version 1.5.3 of the Apache XML Security for Java library was released. This release featured some new development work to support XML Signature 1.1 KeyInfo extensions, as well as a number of bug fixes. Work has continued apace on introducing a new streaming XML Security model in the forthcoming 2.0 release of the Java library. This work is mostly complete, and may be released in the next quarter. No changes to the PMC or new committers in this quarter.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There were two new releases during the last quarter. Version 1.5.2 of the Apache XML Security for Java library was released. A new canonicalization algorithm for encryption was introduced that fixes a problem where an element might be decrypted to the wrong namespace. Version 1.7.0 of the Apache XML Security for C++ library was also released. This release provides a few bug fixes and a partial implementation of XML Encryption 1.1 features, including AES-GCM encryption and some support for newer RSA-OAEP variants. Work has started on a 2.0 release for the Java library which focuses on introducing a streaming XML Security model to complement the existing DOM model. This work is based on a code contribution to the Apache WSS4J project for WS-Security, the XML Security specific portions of which were moved to Santuario. The author of this work was voted in as a new committer to the Apache Santuario project.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There was one new release during the last quarter - version 1.5.1 of the Apache XML Security for Java library. This release fixes two important bugs in the 1.5.0 release, as well as containing performance improvements for encryption and decryption. A steady stream of user bugs was reported against 1.5.1 of the Apache XML Security for Java library, and a vote on 1.5.2 is anticipated in the near future. A vote on version 1.4.7 of the Apache XML Security for Java library is currently under way. There were no new committers or changes to the PMC in the last quarter. The project activity remains low in general.
The Apache Santuario project is aimed at providing implementation of security standards for XML. A major new release of the Apache XML Security for Java library (1.5.0) was achieved in the last quarter. This release features support for GCM algorithms, support for RSA-OAEP key transport algorithms with strong digests, startup performance improvements, better protection against various attacks when validating signatures, amongst many other issues. There were no new committers or changes to the PMC in the last quarter.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There was one new release in the last quarter, version 1.4.6 of the Apache XML Security for Java library. This release fixes a thread safety issue with XML Signature, a bug fix for the Canonical XML 1.1 algorithm, as well as a number of other bug fixes. Overall it was a quiet quarter for the project with few bugs submitted. Work has recommenced on the next major java release, 1.5.0, with only a few items remaining before release. There were no new committers or changes to the PMC in the last quarter.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There was one new release in the last quarter. Version 1.6.1 of the Apache XML Security for C++ library was released in July, comprising of bug fixes and a fix for the security advisory CVE-2011-2516. Several bug fixes were made to the Java project. It is anticipated that a 1.4.6 release will take place in the next quarter. Work on the next major release 1.5 slowed down a bit in the last quarter, but it is still expected to be released in the next quarter.
Please include a community section in the board report.
The Apache Santuario project is aimed at providing implementation of security standards for XML. There were no new releases in the last quarter. A new release of the Java library (1.4.5) is almost complete, and will be released shortly. The main features of this release are a fix for a thread safety issue in the 1.4.4 release, as well as a fix for a regression that was introduced in the Canonical XML 1.1 algorithm. Work on a new major Java release (1.5) is proceeding at a steady pace. It is anticipated that this release will happen in the next quarter, or possibly the quarter after that. Several bugs have been fixed in the C++ library in the last quarter. On a project level note, we have had some discussion with the Santuario Genxdm project, which is hosted on Apache Extras. This project is a port of Apache Santuario (for Java), where the DOM API is replaced by an abstraction called Genxdm, which allows for different underlying implementations to be plugged in (such as Apache Axiom). The Santuario Genxdm folk expressed an interest in potentially merging the codebase with Apache Santuario some time in the future, if Genxdm is adopted as an Apache project.
The Apache Santuario project is aimed at providing implementation of security standards for XML. The last quarter saw two new releases from the Apache Santuario team. Version 1.4.4 of the Java XML Security library was released in November. This release contains some enhancements to the resolver API's. It also fixes some longstanding issues with interned Strings, as well as a number of bug fixes. Version 1.6.0 of the C++ XML Security library was released in December. This release provides many bug fixes and a partial implementation of draft XML Signature 1.1 features, including ECDSA signatures. In addition to the two new releases, the old Forrest-based Santuario website was ported to confluence and redesigned and updated. We believe the new website meets all of the Apache branding requirements. As part of the rebranding exercise, the two libraries will now be refered to as "Apache XML Security for Java", and "Apache XML Security for C++". There has been active development on a new Java 1.5 release, which is targetted at Q2 of this year. The main features of this release are an upgrade to JDK 1.5, extensive source cleanup and optimisation work, a move to maven as a release artifact, OSGi support, and dropping Xalan as a compile time dependency of the project. It will also feature more complete XML Signature 1.1 support. In the last quarter there were no new committers or PMC members. Davanum Srinivas became an emeritus member of the PMC on his own request. In response to a query from the board about how many members of the PMC are active in the project, three PMC members (out of 5) actively contribute at a coding level. The other two are sporadically active in terms of the overseeing the project. Please note that the recent PMC emeritus departures were all inactive for a number of years on the project.
The Apache Santuario project is aimed at providing implementation of security standards for XML. It has been a reasonably busy quarter for the project. Since the last board report, Werner Dittman and Axl Mattheus have left the project PMC (gone emeritus). A large number of website fixes were reported and fixed in the last quarter. Several bug fixes were made for the Java project in the last quarter, including several important issues such as a JSR 105 classloading issue, a concurrency problem on some static initialization code, and a fix for a long-standing problem with DOM parsers that don't intern Strings. A vote was called to release 1.4.4, but later withdrawn, as a critical issue was reported and it was decided to address this issue in 1.4.4 rather than wait until the next release. A new vote has been called to release 1.4.4 and it is anticipated that it will be released in the next few days. There has been some discussion on the desired features of a new Java 1.5 release planned for next year. Two significant features would be more complete support for XML Signature 1.1 and dropping support for JDK 1.4, which would allow us to take advantage of JDK 1.5 language features and new APIs, such as the JCE ECC APIs. We intend to continue this discussion and to capture the requirements for this release in an issue tracking system next quarter. The C++ project added an additional XML Sig 1.1 extension (X509Digest), added support for removing References after signature creation and did some work on the build system. The first Release Candidate for 1.6.0 was released.
Concerns about the size of the PMC.
AI: Jim follow up with PMC chair.
It's been a busy month for the Santuario project since the last report. We initiated a PMC discussion on the board's request to fully complete the transition to a TLP (thanks to Dan Kulp for advice on this issue). The result of this discussion is the Infrastructure JIRA (INFRA-2924). We have also agreed to get a cwiki up and running, to possibly replace the Santuario website in the future, and have asked the infrastructure folks for advice on the best way to transition from Bugzilla to JIRA. The active PMC members are also in the process of contacting some dormant members to query whether they are still interested in being PMC members or whether they wish to go emeritus. Chad La Joie was voted in as a new committer to the project. On the Java side, some work was done on the build system to make the project more portable. An interop bug with XMLBeans was also fixed. Hopefully we will get a 1.4.4 release out the door before the next report, as there are only a few more outstanding bugs remaining. The big work item this last month was to add support for the XML Signature 1.1 ECDSA algorithms to the Java implementation of Santuario. The work is currently being done on a private branch and will not be merged back to the mainline until more testing is done and further progress on XML Signature 1.1 is made. As it has an API dependency on Java SE 1.5, it will form part of a future 1.5 release. On the C++ side, work was completed on adding openssl-based EC key support to the library, and added ECDSA signing/verification support. Some simple interop testing with a limited set of test inputs was completed, but there is more testing planned. A handful of additional XML Signature 1.1 extensions were also added to the code. An additional work item before 1.6 is done appears to be to implement full configure-time support for building the library against NSS, which was left undone by the original author.
This report was received well, project seems to be on the right track. Suggest releasing "now" instead of waiting for remaining bugs.
Approved by general consent.
WHEREAS, the Board of Directors heretofore appointed Raul Benito to the office of Vice President, Apache Santuario, and WHEREAS, the Board of Directors is in receipt of the resignation of Raul Benito from the office of Vice President, Apache Santuario, and WHEREAS, the Project Management Committee of the Apache Santuario project has chosen by vote to recommend Colm O Heigeartaigh as the successor to the post; NOW, THEREFORE, BE IT RESOLVED, that Raul Benito is relieved and discharged from the duties and responsibilities of the office of Vice President, Apache Santuario, and BE IT FURTHER RESOLVED, that Colm O Heigeartaigh be and hereby is appointed to the office of Vice President, Apache Santuario, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Special Order 7F, Resolution to Change the Apache Santuario Project Chair, was approved by Unanimous Vote of the directors present.
A number of bugs were reported by a new user of the C++ library, and were fixed. A couple of outstanding C++ bugs include some larger library changes, and it is planned to do that work before releasing v1.6. There is no planned release schedule for 1.6 as of now, although a tentative release date is in the fall. An additional work item that may be undertaken before 1.6 is the addition of some support for XML Signature 1.1 constructs, including some API additions to handle Elliptic Curve keys and algorithms. A project-level decision which is under discussion is whether to maintain support for non-OpenSSL crypto (WinCAPI / NSS). A new release of the Java library, 1.4.4, is planned for late summer or the fall. The 1.4.3 release was last summer, and a number of bugs have been fixed since then. A triage is planned of new reported bugs to fix for 1.4.4. In particular, it is planned to make 1.4.4 an osgi bundle. This would avoid dependent projects having to maintain their own bundles. It is also planned to add support for the XML Digital Signature 1.1 spec. Two new members have been voted on to the PMC, namely Colm O hEigeartaigh and Scott Cantor. A vote was taken, and passed, to nominate Colm as the new PMC chairperson to the Apache board. [report by Colm]
Doug to communicate the need to address the question of xml-security vs Santuario for all the resources, and the fact that board reports are public.
Santuario is in the process of writing up a resolution naming a new chair. Jim proposes that we give them one more month. Jim to follow up. = = =
No report. Deferred to the discussion items
Jim to inform the project that unless there is a new chair and monthly reports for three months that next months board agenda will have a resolution moving the project to the attic.
Jim's action item remains open: at this point the project needs either an adequate report or to go to the attic.
No report received.
Jim to relay to the project that a new chair resolution and report is expected next month.
Just normal bug fixing. Quiet quarter.
Geir to follow up and get a proper report, and this supersedes Brian and Doug's action items. The board is discussing naming a new chair, citing the precedent with naming Ken as chair for Geronimo.
No report received.
Doug to pursue; message to private at santuario already sent.
No report provided.
Brian to seek a report.
During this period we have release the version a bug fixing and security release of the java library ( changelog ) Thanks Sean Mullan and Colm O hEigeartaigh for his work. Also in June but after the last report, we have Vote Colm O hEigeartaigh as new committer for the java library, his bug fixing submission are very appreciated. And a new bug fixing report of C++ library was released. A good month of work.
WHEREAS, the Board of Directors heretofore appointed Berin Lautenbach to the office of Vice President, Apache Santuario, and WHEREAS, the Board of Directors is in receipt of the resignation of Berin Lautenbach from the office of Vice President, Apache Santuario; NOW, THEREFORE, BE IT RESOLVED, that Berin Lautenbach is relieved and discharged from the duties and responsibilities of the office of Vice President, Apache Santuario, and BE IT FURTHER RESOLVED, that Raul Benito be and hereby is appointed to the office of Vice President, Apache Santuario, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Special Order 7D, Appoint Raul Benito as Apache Santuario chairman, was approved by Unanimous Vote of the directors present.
Berin Lautenbach says: Well it's been a long time since I did a report which is clearly an indication it is time for me to move on. With this report I therefore wish to resign from the Chair position in Apache Santuario. A vote within the project has endorsed Raul Benito as our recommendation to step into the chair position, and I have attached a draft resolution at the base of this email. In terms of activity in the project, we have seen a number of bug fixes in both versions of the library and work has commenced on version 1.5 of the C++ version. No changes in the committer base, but we are expecting an additional committer by the time we next report.
Bill sent a reminder and updated Marvin.
Jim notes that Berin is looking for a replacement chair. Jim to pursue a report for Santuario.
No major activity this quarter - the dev list has focused on helping users with bugs and questions for both the Java and C++ libraries. I have asked for volunteers for the chair role for the project moving forward. My involvement has been almost non-existent for a relatively long period of time and I do not feel this is appropriate for the person in this role.
The 1.4.2 release for the Java library was performed. Otherwise the major activity in the lists has been around user queries and bug fixes. In addition, there has been some initial conversation with IBM around the reference implementation of JSR 106 (XML Encryption) being donated to the ASF for inclusion in the current Java libarary. IBM have told us that the code is based on existing library, so this would work well. We will of course need to go through the appropriate process to accept the code into the project.
Bill to obtain clarification as to which library this report was referring to and as to whether they are following the process for IP clearance.
Activity this quarter restricted to the Java library around bug fixes and user queries. In addition, a 1.4.2 beta release has been created incorporating the bug fixes plus an implementation of C14n 1.1. No other items of note - another quiet quarter.
Report not submitted in time. Henning has requested that Berin resubmit the report for June. Sam to follow up.
Very little activity this quarter. Mostly relating to the Java library around bug fixes and user queries. No activity on the C++ library front. For crypto policy, work needs to be done to bring both libraries into full compliance. However notification was sent (for both libraries) to the appropriate authorities in 2004, so we should be covered. (Of course this does not obviate the requirement to uplift to full policy compliance.)
It was noted that there was no notice requirements on each release if the crypto status did not change.
Approved by General Consent.
Most of the activity on the mailing lists has been around some bugs in the libraries and helping people with various applications that use them. On the C++ front, version 1.4.0 was released with some bug fixes and an update to the package building process.
Aaron to request that board reports contain community status / input
Approved by General Consent.
Another very quiet quarter in the Santuario project. The Java library has worked through a number of bugfixes and issues on the list. The C++ library has been very quiet with almost no activity. The Apache JuiCE podling has also been put into a dormant state due to the lack of bandwidth from committers.
Approved by General Consent.
The java xml-security team have just released version 1.4.1 incorporating a number of bug fixes. On the C++ side, Scott Cantor was voted in as a new committer. Otherwise quiet for the C++ library.
Approved by General Consent.
Other than work on the actual libraries, a very quiet quarter. Version 1.4 of the Java library xml security library has now been released, incorporating the code for the JSR 105 API together with some extensive work on optimising various types of transformations. The C++ library released version 1.3.1 with an updated build system and some minor bug fixes. I will be looking to move the chair responsibilities to another person over the coming quarter due to lack of time to be able to spend on the project.
Approved by General Consent.
Work for the past quarter has been concentrated on the two libraries rather than any infrastructure level stuff. The C++ library had a 1.3 release and is now looking to release 1.3.1 with an updated build system and some minor bug fixes. The Java library is very close to a 1.4 release, having cut a set of release candidates. Some last minute API compatibility issues have held up the release, but it is now expected in the next week or so. On the JuiCE project (within the Incubator), nobody has had any time to focus on it, so we are considering "hibernating" it until such time as somebody has the required bandwidth.
Jim noted, regarding JuiCE project and others, that they refer to some sort of "hibernation" option for podlings even though we have no such thing. Justin noted that basically hibernation is the same as retiring, or, at least, should be. Henri repeated the board's position that several podlings appear to be "hibernating" already, by being very dormant. Sam will talk to Berin and suggest he go to general@incubator to discuss the next phase for the podling.
Approved by General Consent.
Version 1.3 of the C++ library has now been released. The focus from here will move to supporting the new version of Xerces and refactoring the build process under *NIX. A release candidate for version 1.4 of the Java library was released, and has lead to some discussion on changes in the API. All changes on the web site are now being replicated on the santuario web site, and we will soon move to that as the main site and update it to reflect the name change. Development and user discussion is still occuring on the "old" xml mailing lists - and there are no plans to change this at any time soon. If it ain't broke - don't fix it!
Sam volunteered to help the project with moving the lists, since the board's opinion is that it would be in the best interest of the PMC.
Approved by General Consent
Real Life took over this month for a number of people, so not much in the way of action. Some preparations for the Java 1.4 and C++ 1.3 releases of the XML security library. Now that the infrastructure basics are in place, we need to focus some time on revamping the web site and agreeing some project guidelines and approaches.
Dirk suggested that we should have them report back next month; the project as reported no action while established 2 months ago.
Approved by General Consent
Initial activities for setting up the project have commenced, with initial mailing lists and web site being created. Discussions are yet to take place around what to do with existing mailing lists. In terms of development activities, the Java xml-security library is preparing for a 1.4 release and the C++ library is on final RC for a 1.3 release.
Approved by General Consent
WHEREAS, the Board of Directors deems it to be in the best interests of the Foundation and consistent with the Foundation's purpose to establish a Project Management Committee charged with the creation and maintenance of open-source software related to XML security technologies, for distribution at no charge to the public. NOW, THEREFORE, BE IT RESOLVED, that a Project Management Committee (PMC), to be known as the "Apache Santuario PMC", be and hereby is established pursuant to Bylaws of the Foundation; and be it further RESOLVED, that the Apache Santuario PMC be and hereby is responsible for the creation and maintenance of software related to XML security technologies, based on software licensed to the Foundation; and be it further RESOLVED, that the office of "Vice President, Apache Santuario" be and hereby is created, the person holding such office to serve at the direction of the Board of Directors as the chair of the Apache Santuario PMC, and to have primary responsibility for management of the projects within the scope of responsibility of the Apache Santuario PMC; and be it further RESOLVED, that the persons listed immediately below be and hereby are appointed to serve as the initial members of the Apache Santuario PMC: * Axl Mattheus <amattheu@apache.org> * Berin Lautenbach <blautenb@apache.org> * Davanum Srinivas <dims@apache.org> * Raul Benito <raul@apache.org> * Sean Mullan <mullan@apache.org> * Werner Dittman <werner@apache.org> NOW, THEREFORE, BE IT FURTHER RESOLVED, that Berin Lautenbach <blautenb@apache.org> is appointed to the office of Vice President, Apache Santuario, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed; and be it further RESOLVED, that the initial Apache Santuario PMC be and hereby is tasked with the creation of a set of bylaws intended to encourage open development and increased participation in the Apache Santuario Project; and be it further RESOLVED, that the initial Apache Santuario PMC be and hereby is tasked with the migration and rationalization of the Apache XML PMC, XML Security subproject; and be it further RESOLVED, that all responsibility pertaining to the Apache XML, XML Security sub-project and encumbered upon the Apache XML PMC are hereafter discharged. By Unanimous Vote, Special Order 6D, Establish the Apache Santuario Project, was Approved.