Hi! A tad late, but please find below the draft report for the next Board meeting.
As usual, comments, edits, etc. are more than welcome. Best regards, juan pablo ---------- Forwarded message --------- De: <juanpa...@apache.org> Date: mié, 10 jul 2024, 11:53 Subject: (jspwiki-asf-docs) branch master updated: DRAFT for 2024-07 board report To: comm...@jspwiki.apache.org <comm...@jspwiki.apache.org> This is an automated email from the ASF dual-hosted git repository. juanpablo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki-asf-docs.git The following commit(s) were added to refs/heads/master by this push: new f1c906c DRAFT for 2024-07 board report f1c906c is described below commit f1c906cb1b5e9bd16e71d51962a1b24f5e3ab339 Author: Juan Pablo Santos Rodríguez <juanpa...@apache.org> AuthorDate: Wed Jul 10 11:52:41 2024 +0200 DRAFT for 2024-07 board report --- board-reports/2024-07.txt | 60 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/board-reports/2024-07.txt b/board-reports/2024-07.txt new file mode 100644 index 0000000..cbed940 --- /dev/null +++ b/board-reports/2024-07.txt @@ -0,0 +1,60 @@ +## Description: +The mission of JSPWiki is the creation and maintenance of software related to +Leading open source WikiWiki engine, feature-rich and built around standard +JEE components (Java, servlets, JSP). + +## Project Status: +Current project status: Ongoing, with low activity. +Issues for the board: There are no issues requiring board attention. + +## Membership Data: +Apache JSPWiki was founded 2013-07-17 (11 years ago) +There are currently 15 committers and 9 PMC members in this project. +The Committer-to-PMC ratio is 5:3. + +Community changes, past quarter: +- Arturo Bernal was added to the PMC on 2023-06-21 +- Arturo Bernal was added as committer on 2023-06-21 + +## Project Activity: +2.12.2 was finally released on 2024/06/17 and the pending CVE fixed by this +version was also published. We got an additional vulnerability report which is +now under discussion at private@j.a.o. + +Activity this quarter has been focused on preparing the code for the release, +fixing some small issues and requests for the release. Also, we merged a +contributor's PR right after that. + +The refactor, referenced on previouse reports, to benefit from virtual threads +under JDK-21, is not complete yet and was parked to focus on the release. + +There've been some discussion to switch to JDK-17 / Jakarta 10, so next release +most probably will be 3.0.0 to reflect this change. + +## Community Health: +Work on latest master shows commits from 2 commiters, which contains among +other things the aforementioned PR from a contributor. + +No questions unanswered on MLs, although they continue to have little traffic. + +Board comment on previous report: + +``` +cdutz: +Left a comment on the private list as the project was approving jira accounts +from obvious spammers such as pharmacyusa10 Also did I read the report +correctly: There was an attack using all attack vectors known to the project +already. From the fact that they were successful I would guess that they are +known and no new ones were added, but they were not fixed, right? +``` + +Sorry I missed the e-mail with the comment, so didn't see it. Regarding the +jira accounts, as noted on list, we're truly sorry about that and we'll look +more closely next time. In fact, we've denied the last request, redirecting +to the ML, as it appeared to be another spammer. + +As for the attack vector's question, they were known and fixed vectors, so +nothing really happened, excepting having to restore pages to remove the +dirt. The attacks consisted on trying to edit pages, users, groups, etc. in +order to try XSS, SQL Injection and privilege escalation; none of them were +successful.
