This was extracted (@ 2024-12-18 22:10) from a list of minutes
which have been approved by the Board.
Please Note
The Board typically approves the minutes of the previous meeting at the
beginning of every Board meeting; therefore, the list below does not
normally contain details from the minutes of the most recent Board meeting.
WARNING: these pages may omit some original contents of the minutes.
Meeting times vary, the exact schedule is available to ASF Members and Officers, search for "calendar" in the Foundation's private index page (svn:foundation/private-index.html).
Report was filed, but display is awaiting the approval of the Board minutes.
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Project Status: Current project status: Ongoing with low activity Issues for the board: The statistics available on https://reporter.apache.org/wizard/statistics?shiro Seems to be decreasing over time. Is this expected. Are there recommendations on where to gather relevant metrics? ## Membership Data: Apache Shiro was founded 2010-09-21 (14 years ago) There are currently 14 committers and 12 PMC members in this project. The Committer-to-PMC ratio is 7:6. Community changes, past quarter: - No new PMC members. Last addition was Lenny Primak on 2022-12-04. - No new committers. Last addition was Lenny Primak on 2022-11-02. ## Project Activity: The Shiro team is in the planning stages for 3.0 which aims to cut some tech debt and help move the project forward (and by dropping deprecated functionality). New functionality and fixes are still accepted in 2.x, 1.x is security fix only. Last release was: - 2.0.1: 2024-05-25 ## Community Health: The user mailing list traffic continues to be low. Dev lists and Slack discussions are now focused on planning for 3.x
@Justin: Discuss reporter tooling requirements
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Project Status: Current project status: Ongoing with low activity Issues for the board: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-21 (14 years ago) There are currently 14 committers and 12 PMC members in this project. The Committer-to-PMC ratio is 7:6. Community changes, past quarter: - No new PMC members. Last addition was Lenny Primak on 2022-12-04. - No new committers. Last addition was Lenny Primak on 2022-11-02. ## Project Activity: The Shiro team is actively working on 2.0, and 1.x is in maintenance mode. 2.0 is now GA and we are in the process of figuring out a End-of-life plan for 1.x - 2.0.1: 2024-05-25 ## Community Health: Mailing list traffic is up a bit in general as issues and questions about the major release are raised.
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Project Status: Current project status: Ongoing with low activity Issues for the board: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-21 (13 years ago) There are currently 14 committers and 12 PMC members in this project. The Committer-to-PMC ratio is 7:6. Community changes, past quarter: - No new PMC members. Last addition was Lenny Primak on 2022-12-04. - No new committers. Last addition was Lenny Primak on 2022-11-02. ## Project Activity: The Shiro team is actively working on 2.0, and 1.x is in maintenance mode. 2.0 is now GA and we are in the process of figuring out a End-of-life plan for 1.x - 2.0.0: 2024-02-20 ## Community Health: The GitHub related community health reporting seems broken, all values are zero
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Project Status: Current project status: Ongoing with low activity Issues for the board: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-21 (13 years ago) There are currently 14 committers and 12 PMC members in this project. The Committer-to-PMC ratio is 7:6. Community changes, past quarter: - No new PMC members. Last addition was Lenny Primak on 2022-12-04. - No new committers. Last addition was Lenny Primak on 2022-11-02. ## Project Activity: The Shiro team is actively working on 2.0, and 1.x is in maintenance mode. - 2.0.0-alpha-4 was released on 2023-11-07 - 1.13.0 was released on 2023-11-03 ## Community Health: Shiro's activity dipped a little this quarter, with most of the development going into maintenance releases.
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Project Status: Current project status: Ongoing with low activity. Issues for the board: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-21 (13 years ago) There are currently 14 committers and 12 PMC members in this project. The Committer-to-PMC ratio is 7:6. Community changes, past quarter: - No new PMC members. Last addition was Lenny Primak on 2022-12-04. - No new committers. Last addition was Lenny Primak on 2022-11-02. ## Project Activity: The Shiro team is actively working on 2.0, and 1.x is in maintenance mode. - 2.0.0-alpha-3 was released on 2023-07-25. - 1.12.0 was released on 2023-07-11. - patch releases for v1 and v2 are expected shortly ## Community Health: GitHub pull requests (by humans) have double this quarter. NOTE: It's hard to parse the stats for a couple reasons: - Last quarter we moved to GH issues, diffs are skewed - The generated stats don't filter bots (COMDEV-536)
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Project Status: Current project status: Ongoing with low activity. Issues for the board: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-21 (13 years ago) There are currently 14 committers and 12 PMC members in this project. The Committer-to-PMC ratio is 7:6. Community changes, past quarter: - No new PMC members. Last addition was Lenny Primak on 2022-12-04. - No new committers. Last addition was Lenny Primak on 2022-11-02. ## Project Activity: The Shiro team is actively working on 2.0, and 1.x is in maintenance mode. - 2.0.0-alpha-2 was released on 2023-05-04 - patch releases for v1 and v2 are expected shortly ## Community Health: - Mailing list traffic is down a bit this quarter. - Shiro recently started using GitHub Issues. Hopefully, this makes it easier for folks to report issues (or otherwise contribute).
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Issues: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-21 (12 years ago) There are currently 14 committers and 12 PMC members in this project. The Committer-to-PMC ratio is 7:6. Community changes, past quarter: - No new PMC members. Last addition was Lenny Primak on 2022-12-04. - No new committers. Last addition was Lenny Primak on 2022-11-02. ## Project Activity: The Shiro team is actively working on 2.0 and 1.x is in maintance mode. - 2.0.0-alpha-1 was released on 2023-02-28 - 1.11.0 was released on 2023-01-07 ## Community Health: Excluding automated emails, mailing list traffic is up. Mostly related to conversations around Shiro 2.0 and dropping support for Java 8 (and supporting Jakarta packages).
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Issues: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded on 2010-09-21 (12 years ago) There are currently 14 committers and 12 PMC members in this project. The Committer-to-PMC ratio is 7:6. Community changes, past quarter: - Lenny Primak was added to the PMC on 2022-12-04 - Lenny Primak was added as a committer on 2022-11-02 ## Project Activity: - The team is currently working on a 1.11 maintenance release which will contain support for Jakarta packages - An alpha release of Shiro v2 is planned for the near future - 1.10.1 was released on 2022-11-14. - 1.10.0 was released on 2022-10-07. ## Community Health: Overall, Shiro has seen an uptick in activity, this is due to: - Focus on Jakarta packages (both on v1 and v2 branches) - A couple of patch releases - An active new PMC member Lenny NOTE: It doesn't look like the "community health" stats are reported correctly. I'm unsure if the stats (percentages) filter out automated emails, but the charts are not.
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Issues: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-21 (12 years ago) There are currently 13 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 7:6. Community changes, past quarter: - No new PMC members. Last addition was Benjamin Marwell on 2020-12-13. - No new committers. Last addition was Benjamin Marwell on 2020-04-23. ## Project Activity: - The team is currently working on a 1.10 maintenance release - Work is underway to support jakarta packages - Planning around Shiro v2 is still being discussed - Last release: v1.9.1 - 2022-06-22 ## Community Health: - Mailing list traffic is down, but PRs/commits are up This may indicate that more converstion is happening on GitHub - The project recieved a couple pull requests from community members
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Issues: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-21 (12 years ago) There are currently 13 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 7:6. Community changes, past quarter: - No new PMC members. Last addition was Benjamin Marwell on 2020-12-13. - No new committers. Last addition was Benjamin Marwell on 2020-04-23. ## Project Activity: - We have seen recent community interest in moving from "javax" packages to "jakarta", work is underway - Last release: v1.9.0 - 2022-03-22. ## Community Health: Overall, community traffic is down. We'd like to take this opportunity to ask the board or others reading this report for guidance on reaching a wider group of developers.
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Issues: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-21 (11 years ago) There are currently 13 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 7:6. Community changes, past quarter: - No new PMC members. Last addition was Benjamin Marwell on 2020-12-13. - No new committers. Last addition was Benjamin Marwell on 2020-04-23. ## Project Activity: - The project's website and tooling have been updated to an OSS static site generator (which will make updates on the site easier) - The team is currently working on a 1.9 maintenance release - Last release: v1.8.0 - 2021-08-26. ## Community Health: - The project recently changed how automated messages are delivered, which I suspect is why both the number of emails to issues@shiro are down, and the number of JIRA opened and closed are up. - A large chunk of work just wrapped up on the `shiro-site` repo (which is not reflected in the automated report)
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Issues: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-22 (11 years ago) There are currently 13 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 7:6. Community changes, past quarter: - No new PMC members. Last addition was Benjamin Marwell on 2020-12-14. - No new committers. Last addition was Benjamin Marwell on 2020-04-23. ## Project Activity: - Shiro released v1.8.0 last quarter (2021-08-26), no release this quarter. - Work is close to finished moving the project's site to an OSS static site generator. - Recent changes include generating more secure hashes as required by the infra team. We had interesting discussions started in slack, e.g. if Apache Shiro should support the Jakarta Security API. Since only little interest was shown by Jakarta core committers and there has not been any user demand, the topic was not brought up on the mailing list. ## Community Health: The overall community health is steady. We observed less issues, probably due to a mature codebase. This resulted in less emails on the dev and user lists. There were also no urgent security issues to solve. Issue notifications had been moved to their own mailing list, which is why we see a further decrease on the dev mailing list. There were occasional questions on the user list which were answered by the PMC members.
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Issues: We have no issues that require Board assistance at this time ## Membership Data: Apache Shiro was founded 2010-09-21 (11 years ago) There are currently 13 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 7:6. Community changes, past quarter: - No new PMC members. Last addition was Benjamin Marwell on 2020-12-13. - No new committers. Last addition was Benjamin Marwell on 2020-04-23. ## Project Activity: - Shiro released v1.8.0 this quarter (2021-08-26). - Work is underway to move the project's site build more maintainable by migrating from custom tooling to an existing OSS static site generator. - Work continues on 2.x, removing code and reducing module/build complexity Releases: - 1.8.0 was released on 2021-08-26. - 1.7.1 was released on 2021-01-31. - 1.7.0 was released on 2020-10-29. ## Community Health: - JIRA messages have been moved to issues@shiro.a.o, this will shift reported numbers around a little this quarter and likely next. - The ASF Slack is often where dev chatter starts, (and then followed up with a message to dev@shiro.a.o as needed) - Happy 11th Birthday Apache Shiro!
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Issues: We have no issues that require Board assistance at this time ## Membership Data: Apache Shiro was founded 2010-09-21 (11 years ago) There are currently 13 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 7:6. Community changes, past quarter: - No new PMC members. Last addition was Benjamin Marwell on 2020-12-13. - No new committers. Last addition was Benjamin Marwell on 2020-04-23. ## Project Activity: - The project is prepping a 1.8 release with bug fixes - Work on 2.x has picked up again, though much of that has been related to stabling builds and build infra Releases: - 1.7.1 was released on 2021-01-31. - 1.7.0 was released on 2020-10-29. - 1.6.0 was released on 2020-08-17. ## Community Health: All of the stats are up this quarter, partially because there is development on two different branches.
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Issues: We have no issues that require Board assistance at this time ## Membership Data: Apache Shiro was founded 2010-09-21 (10 years ago) There are currently 13 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 7:6. Community changes, past quarter: - Benjamin Marwell was added to the PMC on 2020-12-13 - No new committers. Last addition was Benjamin Marwell on 2020-04-23. ## Project Activity: - The project is maintaining a 1.x branch for bug fixes and security updates - Work on 2.x has stalled a bit due to the increased focus on 1.x Releases: - 1.7.1 was released on 2021-01-31. - 1.7.0 was released on 2020-10-29. - 1.6.0 was released on 2020-08-17. ## Community Health: Mailing list traffic is down over the past quarter, this is partially because we had a busy November in the previous quarter.
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Issues: We have no issues that require Board assistance at this time ## Membership Data: Apache Shiro was founded 2010-09-21 (10 years ago) There are currently 13 committers and 10 PMC members in this project. The Committer-to-PMC ratio is roughly 7:5. Community changes, past quarter: - No new PMC members. Last addition was Colm O hEigeartaigh on 2019-10-08. - No new committers. Last addition was Benjamin Marwell on 2020-04-23. ## Project Activity: - The project is maintaining a 1.x branch for bug fixes and security updates - Work on 2.x has stalled a bit due to the increased focus on 1.x Releases: - 1.7.0 was released on 2020-10-29. - 1.6.0 was released on 2020-08-17. - 1.5.3 was released on 2020-05-03. ## Community Health: Mailing list traffic is about the same - slight decrease in the dev list, but an increase in the user list There has also been an uptick in the number of commits in the last quarter.
## Description: The mission of Shiro is the creation and maintenance of software related to Powerful and easy-to-use application security framework ## Issues: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-21 (10 years ago) There are currently 13 committers and 10 PMC members in this project. The Committer-to-PMC ratio is roughly 7:5. Community changes, past quarter: - No new PMC members. Last addition was Colm O hEigeartaigh on 2019-10-08. - No new committers. Last addition was Benjamin Marwell on 2020-04-23. ## Project Activity: - New PMC Chair (bdemers) voted in on 2020-0-17 - The project is maintaining a 1.x branch for bug fixes and security updates - Also continuing to move forward with 2.x on master Releases: - 1.6.0 was released on 2020-08-17. - 1.5.3 was released on 2020-05-03. - 1.5.2 was released on 2020-03-23. ## Community Health: The overall mailing list and commit counts are down from the previous quarter, we should see another bump in activity shortly as as prepare for the next minor release. Of note the number of code contributors did go up (10% increase)
WHEREAS, the Board of Directors heretofore appointed Les Hazlewood (lhazlewood) to the office of Vice President, Apache Shiro, and WHEREAS, the Board of Directors is in receipt of the resignation of Les Hazlewood from the office of Vice President, Apache Shiro, and WHEREAS, the Project Management Committee of the Apache Shiro project has chosen by vote to recommend Brian Demers (bdemers) as the successor to the post; NOW, THEREFORE, BE IT RESOLVED, that Les Hazlewood is relieved and discharged from the duties and responsibilities of the office of Vice President, Apache Shiro, and BE IT FURTHER RESOLVED, that Brian Demers be and hereby is appointed to the office of Vice President, Apache Shiro, to serve in accordance with and subject to the direction of the Board of Directors and the Bylaws of the Foundation until death, resignation, retirement, removal or disqualification, or until a successor is appointed. Special Order 7B, Change the Apache Shiro Project Chair, was approved by Unanimous Vote of the directors present.
## Description: Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. ## Issues: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-21 (10 years ago) There are currently 13 committers and 10 PMC members in this project. The Committer-to-PMC ratio is roughly 7:5. Community changes, past quarter: - No new PMC members. Last addition was Colm O hEigeartaigh on 2019-10-08. - Benjamin Marwell was added as committer on 2020-04-23 ## Project Activity: - General project activity (commits and dev related discussion) has been up this quarter - The project's master branch has officially moved to 2.0 development Releases: - Last release was 1.5.3 on 2020-05-03 ## Community Health: Mailing list (user and dev) have seen a bump in activity this quarter. Full metrics: https://reporter.apache.org/wizard/statistics?shiro
## Description: Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. ## Issues: We have no issues that require Board assistance at this time. ## Membership Data: Apache Shiro was founded 2010-09-21 (9 years ago) There are currently 13 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 7:6. Community changes, past quarter: - No new PMC members. Last addition was Colm O hEigeartaigh on 2019-10-08. - No new committers. Last addition was Colm O hEigeartaigh on 2019-10-09. ## Project Activity: - As of the 1.5, Shiro requires Java 8+ - Feature development on master is going strong and helping modernize the project. ## Community Health: dev and user list activity has gone up this quarter Our latest committers / PMC members have been helping bring some new life to the project
## Description: Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. ## Issues: There are no issues requiring board attention at this time ## Membership Data: Apache Shiro was founded 2010-09-21 (9 years ago) There are currently 13 committers and 11 PMC members in this project. The Committer-to-PMC ratio is roughly 7:6. Community changes, past quarter: - Colm O hEigeartaigh was added to the PMC on 2019-10-08 - Jean-Baptiste Onofré was added to the PMC on 2019-10-07 - Colm O hEigeartaigh was added as committer on 2019-10-09 - Jean-Baptiste Onofré was added as committer on 2019-10-08 ## Project Activity: We are still working towards the next 1.5.0 release, which has taken a little longer than expected. Last release was 1.4.1 on 2019-05-01. ## Community Health: - dev@shiro.apache.org had a 2% increase in traffic in the past quarter (291 emails compared to 284) - user@shiro.apache.org had a 35% increase in traffic in the past quarter (42 emails compared to 31) - 10 issues opened in JIRA, past quarter (-44% decrease) - 17 issues closed in JIRA, past quarter (no change) - 28 commits in the past quarter (-3% decrease) - 8 code contributors in the past quarter (no change) - 23 PRs opened on GitHub, past quarter (no change) - 30 PRs closed on GitHub, past quarter (20% increase)
## Description: Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. ## Issues: There are no issues requiring board attention at this time ## Membership Data: Apache Shiro was founded 2010-09-22 (9 years ago) There are currently 11 committers and 9 PMC members in this project. The Committer-to-PMC ratio is roughly 6:5. Community changes, past quarter: - No new PMC members. Last addition was Francois Papon on 2018-12-20. - No new committers. Last addition was Francois Papon on 2018-12-20. ## Project Activity: We are continuing hard work on the preparing of the next 1.5.0 release with: - upgrade min version of JDK to 8 - better OSGi support - upgrading dependencies We want to released the 1.5.0 in next month We added a new maven-plugin (japicmp) to enforced Shiro api backward compatibility Recent releases: 1.4.1 was released on 2019-05-01. ## Community Health: We have new contributors showing thier interest in the project by making some PRs dev@shiro.apache.org had a 24% increase in traffic in the past quarter (286 emails compared to 230) user@shiro.apache.org had a 433% increase in traffic in the past quarter (32 emails compared to 6) 17 issues opened in JIRA, past quarter (-26% decrease) 15 issues closed in JIRA, past quarter (-42% decrease) 28 commits in the past quarter (-22% decrease) 7 code contributors in the past quarter (no change) 22 PRs opened on GitHub, past quarter (-8% decrease) 24 PRs closed on GitHub, past quarter (-20% decrease)
## Description: Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. ## Issues: - We have no issues that require Board assistance at this time. ## Activity: - Project commits and message on the dev list has gone up since the start of the year - Outdated dependencies have been updated/removed from the project ## Health report: - Our latest committer / PMC member has been helping bring some new life to the project - Feature development on master is going strong and helping modernize the project. ## PMC changes: - Currently 9 PMC members. - No new PMC members added in the last 3 months - Last PMC addition was Francois Papon on Wed Dec 19 2018 ## Committer base changes: - Currently 11 committers. - No new committers added in the last 3 months - Last committer addition was Francois Papon at Thu Dec 20 2018 ## Releases: - 1.4.1 was released on Tue Apr 30 2019 ## JIRA activity: - 21 JIRA tickets created in the last 3 months - 24 JIRA tickets closed/resolved in the last 3 months
2019 March - Board report for Apache Shiro Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - Last release was 1.4.0 on 05-May-2017 Community & Project: - Our latest committer / PMC member has been helping bring some new life to the project - Project commits and message on the dev list has gone up since the start of the year - Feature development is planned to continue against master. - The 1.4.0 Release has been a step toward modernizing Shiro as well as retain backwards compatibility Last committer voted in: Francois Papon on 10 Dec 2018 Last PMC Member voted in: Francois Papon on 10 Dec 2018
2019 January - Board report for Apache Shiro Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - Last release was 1.4.0 on 05-May-2017 Community & Project: - We have a new committer and PMC member! François Papon was voted in on 10 Dec 2018. - Mailing list traffic has dipped slightly in the last quarter - Feature development is planned to continue against master. - The 1.4.0 Release has been a step toward modernizing Shiro as well as retain backwards compatibility - Discussion has resumed for Shiro 2.0 development Last committer voted in: François Papon on 10 Dec 2018 Last PMC Member voted in: François Papon on 10 Dec 2018
No report was submitted.
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - Last release was 1.4.0 on 05-May-2017 Community & Project: - Mailing list traffic has dipped slightly in the last quarter - Feature development is planned to continue against master. - OSGI support is a popular feature, we get an occasional one-liner patch. However, we do NOT have a committer with sufficient experience, which makes supporting it difficult. - The 1.4.0 Release has been a step toward modernizing Shiro as well as retain backwards compatibility Last committer voted in: Andreas Kohn on 15 Jul 2016 Last PMC Member voted in: Andreas Kohn on 26 Jul 2016
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - Last release was 1.4.0 on 05-May-2017 Community & Project: - Mailing list traffic has dipped slightly in the last quarter - There is more interesting in translating shiro.apache.org to Chinese, but nothing concrete yet. - Feature development is planned to continue against master. - OSGI support is a popular feature, we get an occasional one-liner patch. However, we do NOT have a committer with sufficient experience, which makes supporting it difficult. - The 1.4.0 Release has been a step toward modernizing Shiro as well as retain backwards compatibility Last committer voted in: Andreas Kohn on 15 Jul 2016 Last PMC Member voted in: Andreas Kohn on 26 Jul 2016
2018 March - Board report for Apache Shiro Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - Last release was 1.4.0 on 05-May-2017 Community & Project: - Mailing list traffic has returned to normal (after a lull around the holidays last quarter). StackOverflow remains a popular alternative for the user list. - Feature development is planned to continue against master. - OSGI support is a popular feature, we get an occasional one-liner patch. However, we do NOT have a committer with sufficient experience, which makes supporting it difficult. - The 1.4.0 Release has been a step toward modernizing Shiro as well as retain backwards compatibility Last committer voted in: Andreas Kohn on 15 Jul 2016 Last PMC Member voted in: Andreas Kohn on 26 Jul 2016
2017 December - Board report for Apache Shiro Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - Last release was 1.4.0 on 05-May-2017 Community & Project: - Mailing list traffic has dipped a little, Stack Overflow has been becoming the preferred place to ask questions. - There has been some community interest in translating the Shiro site into Chinese. (This also lines up with a perceived increased number of questions/forum posts seen from Chinese speaking users) - Feature development is planned to continue against master. - The 1.4.0 Release has been a step toward modernizing Shiro as well as retain backwards compatibility Last committer voted in: Andreas Kohn on 15 Jul 2016 Last PMC Member voted in: Andreas Kohn on 26 Jul 2016
2017 September - Board report for Apache Shiro Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - Last release was 1.4.0 on 05-May-2017 - We encountered a few permission issues during post release tasks. A different team member lead the release (which is great), we are working on fixing this for the next release. Community & Project: - Mailing list traffic has dipped a little, Stack Overflow has been becoming the preferred place to ask questions. - Community pull requests to the Shiro doc site continue to roll in, now that pages includes an 'Edit in Github' link. - Feature development is planned to continue against master. - The 1.4.0 Release has been a step toward modernizing Shiro as well as retain backwards compatibility Last committer voted in: Andreas Kohn on 15 Jul 2016 Last PMC Member voted in: Andreas Kohn on 26 Jul 2016
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - Last release was 1.4.0 on 05-May-2017 Community & Project: - Mailing list traffic has remained the same. - Community pull requests to the Shiro doc site continue to roll in, now that pages includes an 'Edit in Github' link. - Feature development is planned to continue against master. - The 1.4.0 Release has been a step toward modernizing Shiro as well as retain backwards compatibility Last committer voted in: Andreas Kohn on 15 Jul 2016 Last PMC Member voted in: Andreas Kohn on 26 Jul 2016
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - None since last report Community & Project: - Mailing list traffic has remained the same. - Community pull requests to the Shiro doc site have increased, now that pages includes an 'Edit in Github' link. - Feature development is planned to continue against master. - The 1.4.0 Release has been a step toward modernizing Shiro as well as retain backwards compatibility Last committer voted in: Andreas Kohn on 15 Jul 2016 Last PMC Member voted in: Andreas Kohn on 26 Jul 2016
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - 1.4.0-RC2 was released on Wed Nov 09 2016 Community & Project: - Mailing list traffic has remained the same. - Most of the 2.x changes have been included in the 1.4.0-RC2 release. 1.4.0 is now on master. Development will continue on master. - Feature development is planned to continue against master. - The 1.4.0 Release has been a step toward modernizing Shiro as well as retain backwards compatibility. Last committer voted in: Andreas Kohn on 15 Jul 2016 Last PMC Member voted in: Andreas Kohn on 26 Jul 2016
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - 1.3.1 was released on Tue Aug 30 2016 - 1.3.2 was released on Tue Sep 12 2016 Community & Project: - The 1.3.2 contained fix for CVE-2016-6802 - Mailing list traffic has remained the same. - New committer/PMC member Andreas Kohn - The 2.x release has been postponed in favor of a 1.3.x release in order to consume various community patch submissions. - Project is mostly stable and in maintenance/bugfix mode until a 2.0 release can be made. Only minor feature development is planned on 1.x. Last committer voted in: Andreas Kohn on 15 Jul 2016 Last PMC Member voted in: Andreas Kohn on 26 Jul 2016
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - 1.2.5 was released on Tue May 24 2016 - 1.2.6 was released on Tue Jun 28 2016 Community & Project: - Mailing list traffic has remained the same, with a slight raise on dev@ due to the increase number of commits. - The 2.x release has been postponed in favor of a 1.3.x release in order to consume various community patch submissions. - Release 1.2.5 contained a fix for CVE-2016-4437 - Project is mostly stable and in maintenance/bugfix mode until a 2.0 release can be made. Only minor feature development is planned on 1.x. Last committer voted in: Jerome LELEU on 4 Aug 2015 Last PMC Member voted in: Brian Demers on 20 May 2013
No report was submitted.
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - We released the 1.2.4 bugfix/point release on July 7th. Community & Project: - 2.x work has slowed as of late. The hope is to resume significant work when possible. Cleanup needs to occur before final release candidates can go out. - It was a priority since the last board report to move to Git. This has been completed. - Project is mostly stable and in maintenance/bugfix mode until a 2.0 release can be made. No significant feature development is planned on 1.x. Last committer voted in: Jérôme LELEU on 4 Aug 2015 Last PMC Member voted in: Brian Demers on 20 May 2013
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - We released the 1.2.4 bugfix/point release on July 7th. Community & Project: - 2.x work has slowed as of late. The hope is to resume significant work this month and into January. Cleanup needs to occur before final release candidates can go out. - Mostly everyone wants to move the project to ASF Git. We'll hopefully do this before the next board report! - Project is mostly stable and in maintenance/bugfix mode until a 2.0 release can be made. No significant feature development is planned on 1.x. Last committer voted in: Jérôme LELEU on 4 Aug 2015 Last PMC Member voted in: Brian Demers on 20 May 2013
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - We released the 1.2.4 bugfix/point release 2 months ago on July 7th. Community & Project: - We have a new committer! Jerome LELEU, a long time community member and friend of the Shiro community accepted our invitation and became a committer last month on August 4th, 2015. - We are still working on 2.x and active discussion has resumed towards this effort. - Project is mostly stable and in maintenance/bugfix mode until a 2.0 release can be made. No significant feature development is planned on 1.x. Last committer voted in: Jerome LELEU on 4 Aug 2015 Last PMC Member voted in: Brian Demers on 20 May 2013
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - No new releases since our previous 1.2.3 bugfix release on 25 February 2014. 2.0 development work is still in progress, but the team has not indicated a concrete release date. There are some backwards incompatible changes that need to be vetted before a release is feasible. Community & Project: - Mailing list traffic remains steady compared to last quarter. - Efforts towards a 2.0 distribution remain active on a separate dev branch. - Project is mostly stable and in maintenance/bugfix mode until a 2.0 release can be made. No significant feature development is planned on 1.x. Last PMC Member voted in: Brian Demers on 20 May 2013 Last committer voted in: Jared Bunting on 29 Jul 2012
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - No new releases since our previous 1.2.3 bugfix release on 25 February 2014. A 1.3 release may be possible as an interim before 2.0, but development work last quarter has targeted the 2.0 branch. Community & Project: - Mailing list traffic remains steady compared to last quarter. - Efforts towards a 2.0 distribution remain active on a separate dev branch. Changes are ongoing, and we hope to make a 2.0 release soon! - One of the PMC members, Les Hazlewood, joined the JEE Application Security expert group (JSR 375) where hopefully some security ideas from Shiro will influence the specification as well as benefit Shiro by ideas discussed in the expert group. Last PMC Member voted in: Brian Demers on 20 May 2013 Last committer voted in: Jared Bunting on 29 Jul 2012
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - No new releases since our previous 1.2.3 bugfix release on 25 February 2014. A 1.3 release may be possible as an interim before 2.0, but development work last quarter has targeted the 2.0 branch. Community & Project: - Mailing list traffic remains steady compared to last quarter. - Efforts towards a 2.0 distribution remain active on a separate dev branch. Changes are ongoing, and we hope to make a 2.0 release Q1 2015. Last PMC Member voted in: Brian Demers on 20 May 2013 Last committer voted in: Jared Bunting on 29 Jul 2012
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - No new releases since our previous 1.2.3 bugfix release on 25 February 2014. A 1.3 release may be on the horizon as an interim before 2.0, but most recent development work has targeted the 2.0 branch. Community & Project: - Mailing list traffic remains steady compared to last quarter. - Efforts towards a 2.0 distribution remain active on a separate dev branch. Changes are nearly complete, and we hope to make a 2.0 release this quarter or early next. Last PMC Member voted in: Brian Demers on 20 May 2013 Last committer voted in: Jared Bunting on 29 Jul 2012
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - No new releases since our previous 1.2.3 bugfix release last quarter on 25 February 2014. A 1.3 release still appears to be on the the horizon as an interim before 2.0. Community & Project: - Mailing list traffic remains steady compared to last quarter. - The Shiro plugin for Apache ActiveMQ has been accepted by the ActiveMQ project and has been released in their v. 5.10 distribution! This allows all aspects of ActiveMQ to be secured by Shiro - a nice addition! - Efforts towards a 2.0 distribution remain active on a separate dev branch. Changes made this past week make it ready for full dev team review and discussion. An actual 2.0 release date has not been planned yet. Last PMC Member voted in: Brian Demers on 20 May 2013 Last committer voted in: Jared Bunting on 29 Jul 2012
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - We published a 1.2.3 bugfix release on 25 February 2014, 7 days ago. A 1.3 release is still on the horizon as an interim before 2.0. Community & Project: - Brian Demers graciously fixed the user-reported CVE-2014-0074 and pushed out the 1.2.3 hotfix. - A new Shiro plugin for Apache ActiveMQ has been contributed to (and accepted by) the Apache ActiveMQ team. This allows all aspects of ActiveMQ to be secured by Shiro - a nice addition! The plugin is scheduled to be available in the upcoming ActiveMQ 5.10 release. - Efforts towards a 2.0 distribution have picked up on a new dev branch. We will still likely need a 1.3 interim release, but that has been slow-going as of late. Hopefully we can release 1.3 next month. - User mailing list continues to be quite active. Last PMC Member voted in: Brian Demers on 20 May 2013 Last committer voted in: Jared Bunting on 29 Jul 2012
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - No new releases since our May 30 2013 1.2.2 bugfix release. A 1.3 release is still on the horizon as an interim before 2.0. Community & Project: - Brian Demers accepted his nomination to the Shiro PMC. We're happy to have him aboard! - Efforts towards a 2.0 distribution are slow going, as the last quarter has been particularly busy for the entire Shiro team. The community is advocating a few issues that probably should be represented in a 1.3 interim release, so they don't have to wait for 2.0 (JSF release + bug fixes). - User mailing list has been quite active the last month. We're grateful for a community that helps each other out a lot without as much guidance by the core shiro team as might have been necessary earlier in the project's history. Last PMC Member voted in: Brian Demers on 20 May 2013 Last committer voted in: Jared Bunting on 29 Jul 2012
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - No new releases since our May 30 2013 1.2.2 bugfix release. A 1.3 release may be on the horizon as an interim before 2.0. Community & Project: - Initial efforts towards a 2.0 distribution are still under way. It is still quite early, and a new release is probably still at least 6 months away. - It might be possible to have a 1.3 interim release before 2.0, adding in official JSF support + a few minor bug fixes. - User mailing list is still active, with questions (more than usual) picking up over the last month. Last PMC Member voted in: Brian Demers on 20 May 2013 Last committer voted in: Jared Bunting on 29 Jul 2012
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - We released a new 1.2.2 bugfix release on May 30th encompassing 18 bug fixes. Community & Project: - We have finally moved over to Apache Infra's svnpubsub mechanism for publishing website updates. This is working really well so far. We are still flushing out the best authoring system to use - we are currently using a custom file-based CMS, but recently found Octopress, which looks much more feature rich and powerful. - Initial efforts towards a 2.0 distribution have started in the svn trunk. It is still quite early, and a new release is probably at least 6 months away. - Outside of the Shiro codebase, there is a significant effort to secure Apache ActiveMQ with Shiro located here: https://github.com/lhazlewood/activemq/tree/trunk/activemq-shiro Once complete, the ActiveMQ development team has indicated they will be happy to include it in ActiveMQ's distribution. - Les presented at the 2013 Cassandra Summit showing how to use Cassandra as a distributed data store for clustering Shiro sessions: https://github.com/lhazlewood/shiro-cassandra-sample
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - We have not released anything since our previous 1.2.1 bugfix release. However, enough community desire has surfaced for a 1.2.2 patch release as well as a 1.3.0 release. We are making strong efforts this and next week to accomplish this. - After these next 1.2.1 and 1.3.0 releases, we might start targeting a 2.0 distribution, which would incorporate a lot of desired changes. We have been careful about this because this would very likely introduce backwards incompatible changes that we can't do on minor or patch releases as we follow the APR versioning guidelines. Community & Project: - Les presented Intro to Apache Shiro at ApacheCon this year - it was a good experience to see so many Apache folks. - We still haven't had the time/volunteers to convert over to infra@'s CMS system for our public website, even though we're well past the deadline. This means that our public website can't be updated with new content until this occurs since (as we understand it) the confluence wiki is no longer supported. - The Shiro community remains helpful, with steady month-after-month mailing list traffic. No noticeable changes here. - Everyone on the Shiro dev team has been quite busy w/ their respective full time jobs. Coupled with the holidays, not much development was accomplished last quarter, but efforts are ramping up significantly for a 1.2.2 and 1.3.0 release.
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - We have not released anything since our previous 1.2.1 bugfix release. Current trunk development is targeted at a 1.3.0 release (time frame not yet determined). Community & Project: - Les presented 3 presentations on various Apache Shiro topics at this year's Rich Web Experience conference in Fort Lauderdale at the end of November. - We have yet to convert over to infra@'s CMS system for our public website. That work will probably be completed over the holidays in time for infra's Jan 1 deadline. - The Shiro community remains helpful, with steady month-after-month mailing list traffic. No noticeable changes here. - The Shiro site and distribution continues to experience good growth, with the site averaging around 10,000 visitors per month and 8,700 downloads a month from Maven Central (a 25% increase from the last report).
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - We released a 1.2.1 bugfix release on 28 July 2012. Current trunk development is targeted at a 1.3.0 release (time frame not yet determined). Community & Project: - The Shiro community remains helpful, with steady month-after-month mailing list traffic. No noticeable changes here. - The Shiro site and distribution continues to experience good growth, with the site averaging around 10,000 visitors per month and 7,000 downloads a month from Maven Central, and that number is steadily increasing each month.
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - We released Shiro 1.2 last quarter and we are currently planning on releasing a 1.2.1 bug fix release hopefully sometime this or next week. Community & Project: - Shiro continues to grow, both in the number of downloads and the size of its community. We've received a lot of feedback lately on integration with other protocols like OAuth, OpenID and open-source frameworks like Scribe (for OAuth). The development team will continue to work with the community to provide the best Java security experience possible. - We're excited to represent Shiro at OSCON this year with the rest of the ASF team. One of our team members, Les Hazlewood, will be at the Apache hackathon helping anyone wishing to use or integrate with Shiro.
(Shiro)
No report was submitted.
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - We are very happy to announce that we have released Apache Shiro 1.2 on Tuesday, January 24 2012, after our last report. While 'just' a point release, this effort constituted over a year's worth of work. We are very excited for the community to have this release. Community & Project: - We are happy to report that Jared Bunting has become our newest PMC member. He has been a valuable member of the team overall, and especially helpful with Shiro's Guice integration. - More articles, blog posts, tweets and tutorials are being written about Apache Shiro every day. Google Analytics shows almost 100,000 page views and 10,000 unique visitors per month, showing significant continued project interest and community growth after leaving the Incubator a little over a year ago.
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - No new releases. Community & Project: - In our last report, we were considering voting on 1.2 as soon as possible. Instead, we delayed the vote to allow finishing a number of issues related to making password hashing much easier for applications. That work is 95% complete and it is expected that a 1.2 vote will happen within a week or two. - The community continues to grow, with new articles being written by the community. We appreciated and were excited to see an extremely thorough article written by Meri covering Shiro cryptography: http://meri-stuff.blogspot.com/2011/12/apache-shiro-part-3-cryptography.html - The mailing lists remain healthy. Much of the community is awaiting the 1.2 release, and this has become our highest priority.
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - No new releases. Community & Project: - The Apache Shiro team is excited to report that we have added Jared Bunting as our second new committer after becoming a TLP. Jared has been a great help to the project and he is a welcome addition to the team. - The team has decided to release Shiro 1.2 as soon as possible. A release vote is likely this week. - Significant effort has gone into improving Shiro's reference manual the last three months. It is much better than before and continues to grow as new features are added. Some talk was discussed about finding a new authoring format beyond using Confluence, but no changes have been implemented as of yet.
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - No releases since our first 1 Nov 2010 1.1.0 release Community & Project: This last quarter has been focused more on community building than coding, with great success. The Shiro average website visitor traffic has increased more than half (59%) in only 3 months! We continue to grow and help the JVM security community. Following are the most important points from the last quarter. - The Apache Shiro team is excited to report that we have added Brian Demers as our first new committer after becoming a TLP. We're excited that our community continues to grow with quality folks like Brian. - There has been minor discussion of creating a 1.2 release soon. A few minor issues need to be resolved, and hopefully this will be done before our next board report. - While Shiro doesn't receive many complaints, the most frequent one has been that non-JavaDoc documentation has been lacking. Significant work has gone into improving Shiro's documentation over the last month, and we believe this will serve the community much better. - To improve project publicity, Les Hazlewood wrote an intro article on Apache Shiro published on InfoQ: http://www.infoq.com/articles/apache-shiro This has contributed to site traffic and community adoption significantly.
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - No releases since our first 1 Nov 2010 1.1.0 release Community & Project: - No new committers or PMC members - The project team is discussing the possibility of releasing a 1.1.1 bug fix point release or moving directly to a 1.2 release. - Documentation efforts have increased significantly the last two months, with new Authentication and Authorization guides being written with many cleanup edits of the existing framework documentation. February (last month) represented the highest traffic volume to date for the Apache Shiro website (just shy of 10k site visits), indicating these edits are paying off. - Some new integration efforts by both committers and end-users for integrating with third party authentication systems seems to have picked up lately, with discussions about supporting OpenId, OAuth, and maybe Oracle SSO - In the last three months, the community has indicated areas for significant improvement in the codebase which will probably make their way into a 2.0 release. There is currently no timeline for 2.0, but ideas are being tracked at https://cwiki.apache.org/confluence/display/SHIRO/Version+2+Brainstorming. Most notable of the improvements are the continued migration to favoring architecture that emphasizes OO composition over inheritance, affording our end-users an even more pluggable approach to application security.
Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - No releases since our first 1 Nov 1.1.0 release as a TLP Community & Project: - No new committers or PMC members - Continued user participation on the mailing lists. This last month probably represents the highest user activity with regards to opening Jira issues and providing patches, a healthy sign that our project continues to grow as a new TLP. - The development team is discussing as to when our next release might be, whether it will be before or after the holidays. It is not currently decided if it will be a 1.1.1 point release or a 1.2 minor release. - There has been a lot of discussion in the last month by both users and developers as to the best way to support Shiro integration with 3rd-party (ASF compatible) frameworks and libraries - either include the code as 'support modules' within Shiro's codebase, or to have the code reside somewhere else, like a 'shiro-extras' project, similar in concept to Apache Wicket's 'Wicket Stuff' project. The difficulty in deciding is based on 1) the likelihood of the dev team supporting an increasing number of integration modules directly at the level of quality we wish to maintain and 2) whether or not a security framework like Shiro should support frameworks (like Wicket and Struts2) that sit 'higher' in the application stack. Ideally we'd like the respective web communities to support Shiro since we believe it is in their scope to do so, rather than Shiro (a security framework) writing integration for multiple web frameworks. This is an ongoing discussion and we've yet to come to a decision.
Suggest that apache-extras.org might be a good place to host third-party integrations. Check it out.
Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - We are proud to announce that we have made our first release as a TLP, Apache Shiro version 1.1.0 on November 1st, 2010. Community & Project: - No new committers or PMC members - Community interaction and user list traffic has grown significantly since becoming a TLP, with over 400 emails on the user and dev mailing lists last month. This is more than double the average monthly traffic we had while in incubation, showing continued growth and a healthy community as a TLP. - We experienced our first security vulnerability CVE issue. It wasn't handled as appropriately as it should have, with the issue becoming public (in a roundabout way) before it should have been made known. We dealt with the issue, fixed the source code, and very shortly thereafter released version 1.1.0. This was a bit difficult as this CVE issue overlapped with the other issues required for 1.1 and because we had not yet released a TLP version, we couldn't simply create a point release and just 'get it out the door' quickly. Instead we needed to coordinate the fix in the context of our first TLP release, which was a little more challenging. In any event, it was a great learning experience, and we are confident any further CVE issues will be handled appropriately.
Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. We have no issues that require Board assistance at this time. Releases: - In the few weeks since graduating from the Incubator, we haven't yet released a new version, although we plan on making our first TLP release (version 1.0.1 or 1.1) in the next month. Community & Project: - No new committers or PMC members - All project migration issues are complete and http://shiro.apache.org is up and running. - Community interaction and user list traffic is growing steadily after graduating from the Incubator. Google Analytics reports that our web site has received about a 40% average increase in site visitors after going TLP. - Significant new features are slated for 1.1 later this month, notably improved salting support for authentication tokens and a much-improved JNDI-based LDAP realm for using LDAP for authentication and authorization
Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. Shiro has been incubating since June 2008. The team is pleased to report the the Apache Software Foundation Board of Directors has accepted Shiro's Top Level Project graduation proposal during their Wednesday, September 22nd 2010 board meeting. Apache Shiro has officially graduated from the Incubator to become an Apache Top Level project! This will be the last Incubator board report made by the Apache Shiro team to the Apache Incubator PMC. The process to remove Shiro from the reporting schedule will be complete by the time the Incubator reviews this report. The status is being maintained at http://svn.apache.org/repos/asf/incubator/shiro/STATUS
WHEREAS, the Board of Directors deems it to be in the best
interests of the Foundation and consistent with the Foundation's
purpose to establish a Project Management Committee charged with
the creation and maintenance of open-source software related to
application security, for distribution at no charge to the
public.
NOW, THEREFORE, BE IT RESOLVED, that a Project Management
Committee (PMC), to be known as the "Apache Shiro Project",
be and hereby is established pursuant to Bylaws of the
Foundation; and be it further
RESOLVED, that the Apache Shiro Project be and hereby is
responsible for the creation and maintenance of a software
project related to application security; and be it further
RESOLVED, that the office of "Vice President, Apache Shiro" be and
hereby is created, the person holding such office to serve at the
direction of the Board of Directors as the chair of the Apache
Shiro Project, and to have primary responsibility for management
of the projects within the scope of responsibility of
the Apache Shiro Project; and be it further
RESOLVED, that the persons listed immediately below be and
hereby are appointed to serve as the initial members of the
Apache Shiro Project:
* Les Hazlewood (lhazlewood@apache.org)
* Kalle Korhonen (kaosko@apache.org)
* Peter Ledbrook (pledbrook@apache.org)
* Jeremy Haile (jhaile@apache.org)
* Craig L Russell (clr@apache.org)
NOW, THEREFORE, BE IT FURTHER RESOLVED, that Les Hazlewood
be and hereby is appointed to the office of Vice
President, Apache Shiro, to serve in accordance with and subject to
the direction of the Board of Directors and the Bylaws of the
Foundation until death, resignation, retirement, removal or
disqualification, or until a successor is appointed; and be it
further
RESOLVED, that the Apache Shiro Project be and hereby
is tasked with the migration and rationalization of the Apache
Incubator Shiro podling; and be it further
RESOLVED, that all responsibility pertaining to the Apache
Incubator Shiro podling encumbered upon the Apache Incubator
PMC are hereafter discharged.
This resolution was passed unanimously by roll call vote.
It was noted that the PMC includes an Apache Member (Craig).
Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. Shiro has been incubating since June 2008. The team is pleased to report the project made its first incubation release, version 1.0.0-incubating. The release was made following the best practices of an Apache release process. The team encountered only minor issues during the process and the release vote demonstrated strong support from the community. Prior to the release, the team made a concentrated effort to clean up the codebase, updated the Javadocs and close out any remaining JIRA issues. The project website and wiki-based user documentation was greatly improved. The project also designed new logos and chose a new one for the project in a community vote that was met with enthusiasm. Kalle Korhonen was voted in to join the PPMC. Existing PPMC members identified a new potential committer and discussed the matter but no vote was held yet. Some concern was expressed about the small number of active committers. The team feels confident about the mid-term roadmap. Progress is made towards making a 1.0.1 maintenance release as well as a new 1.1.0 minor release. The project is targeting graduation by October. The status is being maintained at http://svn.apache.org/repos/asf/incubator/shiro/STATUS
Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. Shiro has been incubating since June 2008. The project is just about ready for its first 1.0 release. Cryptography API and implementation adjustments had to be made prior to the 1.0 release, delaying the 'code complete' stage before incubator vote by 2 weeks. That effort is being finished this week. As soon as this code is complete, and we resolve 4 outstanding Jira bugs, we will go immediately initiate the voting process to clear our first 1.0 release (hopefully next week). The project team is not considering graduation at this point, but after the first release, the team will decide on a roadmap targeting graduation. The status is being maintained at http://svn.apache.org/repos/asf/incubator/shiro/STATUS
Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. Shiro has been incubating since June 2008. During the period, the project has made steady progress towards releasing the first 1.0.0 release as part of Apache incubator. All IP clearance issues have been resolved and the team has verified there are no known remaining issues open. Previous issues related to project's name change have been largely resolved. Community involvement remains high and many users are eagerly waiting for the first official release. The team is planning on making the release during the next period. There's been an on-going effort to clean up the codebase and prioritize open JIRA issues before the release. Project's API documentation (javadoc) is in a fairly good state, but the remaining issue is where and how to automatically publish the javadoc for general consumption. In addition, a wiki-based documentation effort for creating a reference guide was launched. The project team is not considering graduation at this point, but after the first release, the team will decide on a roadmap targeting graduation. The status is being maintained at http://svn.apache.org/repos/asf/incubator/shiro/STATUS Signed off by mentor: Craig L Russell
Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. Shiro has been incubating since June 2008. We are very excited to report we have added Kalle Korhonen as our first new committer since joining the incubator. This marks a big project milestone for us as we continue to grow our community. There remain a few project infrastructure inconsistencies resulting from our previous name change as described in this email thread: http://tinyurl.com/yznnogv Resolving these inconsistencies are a high priority and should be resolved as soon as possible. An issue of how Shiro is configured was the largest issue impeding our first Apache release. That issue has been largely resolved and once finalized, we should be able to focus on our first Apache release. The project team is not considering graduation at this point, as the code is not ready for an Apache release. Once IP clearance is complete, we'll attempt our first incubator release. The status is being maintained at http://svn.apache.org/repos/asf/incubator/shiro/STATUS
Previously JSecurity/Ki. Apache Shiro is a powerful and flexible open-source application security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. Apache Shiro has been incubating since June 2008. * Due to potential naming conflicts with the previously chosen name of 'Ki', the ASF community at large helped us change our name to 'Shiro'. This was a large collaborative effort that really showed the power of the Apache Way and resulted in a name with which a large majority of people were content. * Project infrastructure has been switched over to support this name change and all seems to be running well. We have yet to properly configure Hudson for continuous integration builds, but that should be done shortly. The new CWIKI space is available here: http://cwiki.apache.org/confluence/display/SHIRO * The name change also affords us to start publishing incubator Maven snapshot builds which will help foster adoption to all Maven end-users (which there are many). * We're very happy to report that the the name change and community support resulting from it have allowed the development team to return focus to developing the framework and resolving issues rather than spending time on name-related administrative issues. The project team is not considering graduation at this point, as the code is not ready for an Apache release. Once IP clearance is complete, and Maven snapshots are working, we'll attempt our first incubator release. The status is being maintained at http://svn.apache.org/repos/asf/incubator/shiro/STATUS
Ki (previously JSecurity) is a powerful and flexible open-source Java security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. Ki has been incubating since June 2008. The project team voted at the end of February to change the project name from JSecurity (its previous name prior to entry into the ASF Incubator) to 'Apache Ki' for a number of reasons, which are documented in full detail here: http://markmail.org/thread/zcmi4pjv2bbf4574 Project infrastructure is being changed to match this name change, but is not yet fully complete. Mailing lists are pending still. There was a post on the old jsecurity.org website by an individual stating that they would appreciate if we used a different name other than Ki, posted here: http://www.jsecurity.org/node/1081#comment-289. One of our project members responded and have not received any responses further. The project team is now internally debating whether we need to change the project name yet again. The old jsecurity.org project website has entered an archival state, clearly pointing that all users should be redirected to the new Incubator ki site. A crontab entry has been created to auto-export the cwiki to here: http://incubator.apache.org/ki We're happy to report that development and user list activity has steadily increased since we started incubation last year, with March (last month) being the most active month to date. The project team is not considering graduation at this point, as the code is not ready for an Apache release. Once IP clearance is complete, we'll attempt our first incubator release. One mentor, Emmanuel Lecharny, decided to step down from the project. The number of mentors is now down to three, which is the quorum. Finding a few more mentors should be a good idea at this point. The status is being maintained at http://svn.apache.org/repos/asf/incubator/jsecurity/STATUS
JSecurity is a powerful and flexible open-source Java security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. JSecurity has been incubating since June 2008. At the end of November, the JSecurity team released a final external (non-Apache) release: 0.9.0 final. All modifications after the release were made under the assumption that the next release will be an Apache incubating release. After the November final release, there has been lengthy discussion for the month and half following about JSecurity's name and whether or not it should be changed to something else. 3 mentors voted in favor of chainging the name to something else, 1 voted against, and 1 abstained. Those voting in favor cited concerns of a few external (3rd party) products that might cause a name conflict. Concensus was not reached, resulting in the vote. However, it is considered still an open issue with continued discussion as other IPMC members are contributing to the discussion. More recently, the team has debated about how the source tree should be configured to allow easy modular builds and to clearly delineate the differnece of JSecurity core versus web support and 3rd party support. The team came to concensus about an initial directory organization and the ant build files were modified to reflect the new structure. It was also discussed that two build systems, both Ant+Ivy and Maven, could be used to build the framework, allowing the one building to choose based on their preference. Infrastructure migration (noted in our STATUS file) is almost complete - all that needs to be done is migration of the jsecurity.org website into our incubator snapshot. A volunteer is currently in the process of enabling the existing JSecurity theme in the ASF's Confluence export mechanism. Low-hanging fruit to be cleared hopefully by the next board report is all IP clearance: the Copyright & Licensing and Distribution Rights sections of the STATUS file should be able to be completed in their entirety. The biggest exit criteria remaining is Team Collaboration. Although the team is satisfying all collaboration directives and has a good community, we need to attract new committers. Hopefully that will be a significant difference in the upcoming months and throughout 2009. Finally, one of our mentors, Alex Karasulu, had to step down and remove himself as a mentor, citing busy schedules and not enough time to dedicate (http://markmail.org/message/hkh6pjwjlnmtkrjp). We are very grateful for the time he was able to contribute! The project team is not considering graduation at this point, as the code is not ready for an Apache release. Once IP clearance is complete, we'll attempt our first incubator release. The status is being maintained in SVN (http://svn.apache.org/repos/asf/incubator/jsecurity/STATUS)
We just have to report that the code base has been imported into the ASF repository, and as it was a long waited move, it's good to have it announced in this monthly report !
JSecurity is a powerful and flexible open-source Java security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. JSecurity has been incubating since June 2008. Last month, a new external release was issued (0.9.0-RC2). After this, a single bug fix has been implemented and committed to the external SourceForge SVN repository. Many other commits have been made, but all were nonfunctional and were made to round out the project's JavaDoc. The JavaDoc is already quite good, but not 100%. The team has discussed on the development list that it would be a good idea to get the JavaDoc completed at 100% before releasing 0.9 final, with 0.9 final being the last external release. After this point, we wanted to inject the code source into the Apache repository as a 'clean slate' initiative. The idea is that perhaps 0.9.1 would be an Apache release, allowing that release to focus only on adherence to Apache policy and not dependent on code or documentation. Then all subsequent releases could benefit from the experience of this 'first run', continuing to maintain Apache policy. The JavaDoc is currently being updated intermittently, as the development team has the opportunity to update it in their spare time. It is certainly desirable to finish this effort soon, hopefully no more than a week or two. But this time frame is ultimately dependent upon the number of contributors. The project team is not considering graduation at this point, as the code is not ready for an Apache release. The community is working well, with decisions being made in public. The status is being maintained at http://svn.apache.org/repos/asf/incubator/jsecurity/STATUS
JSecurity is a powerful and flexible open-source Java security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. JSecurity has been incubating since June 2008. Since last month, a new external release has been issued (0.9.0-RC2), and some bug fixes, and discussion about the configuration format. The code source should be injected to the Apache repository soon, when the external 0.9.0 release will be out. It's a matter of days, may be a week, accordingly to the latest discussion on the mailing list. JIRA is set up, but it should be used. The status is being maintained at http://svn.apache.org/repos/asf/incubator/jsecurity/STATUS
JSecurity is a powerful and flexible open-source Java security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. JSecurity has been incubating since June 2008. The project has been very active, with plenty of discussion around features, implementation, and strategy, on both user and dev lists. The code is still at codehaus, with the plan to migrate the code base with all history to the apache repository once a release has been made. Once the code is in the apache repository, additional releases of the org.jsecurity code may be published via codehaus, while the packages are renamed to org.apache.jsecurity. Mailing lists have been set up, and most email traffic has been migrated from the previous lists at codehaus. The JIRA project is set up and is tracking new issues. Issues will be migrated from the existing bug tracking system in due time. The status is being maintained at http://svn.apache.org/repos/asf/incubator/jsecurity/STATUS
JSecurity is a powerful and flexible open-source Java security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. JSecurity has been incubating since June 2008. The project has kicked off with some basic infrastructure now in place. Mailing lists have been set up. The svn repository is ready for code. The JIRA project is set up. The initial committers have sent ICLA's and all accounts have been created. Discussion is underway as to migration of the existing code into the Apache repository. There is an existing code base with users that will need to have releases and maintenance while the project is incubating. PMC comments: * jukka: JSecurity status page is missing