commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bode...@apache.org
Subject [commons-compress] branch master updated: release notes for 1.20
Date Sun, 02 Feb 2020 15:05:54 GMT
This is an automated email from the ASF dual-hosted git repository.

bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git


The following commit(s) were added to refs/heads/master by this push:
     new 633f9dd  release notes for 1.20
633f9dd is described below

commit 633f9dd82313c7292db530ff720a77109b63f47b
Author: Stefan Bodewig <bodewig@apache.org>
AuthorDate: Sun Feb 2 16:05:36 2020 +0100

    release notes for 1.20
---
 RELEASE-NOTES.txt | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt
index a1ddfe9..0ee5d5f 100644
--- a/RELEASE-NOTES.txt
+++ b/RELEASE-NOTES.txt
@@ -5,6 +5,61 @@ compression and archive formats.  These include: bzip2, gzip, pack200,
 lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
 Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
 
+Release 1.20
+------------
+
+Commons Compress 1.20 like any version of Commons Compress since 1.3
+can not be built from sources using Java 14 as Java 14 removes
+support for the Pack200 format. We will address this issue with the
+next release.
+
+Fixed Bugs:
+o SevenZFile could throw NullPointerException rather than
+  IOException for certain archives. In addition it now handles
+  certain empty archives more gracefully.
+  Issue: COMPRESS-492.
+o Deflate64CompressorInputStream.read would return 0 for some
+  inputs in violation of the InputStream.read contract.
+  Issue: COMPRESS-491.
+o SeekableInMemoryByteChannel's truncate didn't set position
+  according to the spec in an edge case.
+  Issue: COMPRESS-499.
+o BZip2CompressorInputStream now incorporates a similar patch as
+  the one that fixed CVE-2019-12900 in libbzip2.
+
+  Commons Compress has not been vulnerable to this CVE as it
+  would have rejected a file with too many selectors. With this
+  patch Commons Compress will be able to read certain archives
+  that would have caused errors in Compress 1.19. Thanks to Joseph Allemandou.
+
+Changes:
+o Update optional library com.github.luben:zstd-jni from
+  1.4.0-1 to 1.4.4-7.
+  Issue: COMPRESS-493.
+o Update tests from org.apache.felix:org.apache.felix.framework
+  6.0.2 to 6.0.3.
+o SevenZFile can now recover from a certain corruption that
+  seems to happen occasionally when split archives are created.
+  Issue: COMPRESS-497.
+  Thanks to Stefan Schlott.
+o Added random access support to SevenZFile.
+  Issue: COMPRESS-342.
+  Thanks to Peter Alfred Lee.
+o Added support for split ZIP archives.
+  Issue: COMPRESS-477.
+  Thanks to Peter Alfred Lee.
+o Added support for reading sparse entries to the TAR package.
+  Issue: COMPRESS-124.
+  Thanks to Peter Alfred Lee.
+o Update JUnit from 4.12 to 4.13.
+
+Removed:
+o Removed the extraction code from the example CLI class inside
+  of the SevenZ package. Not only is it superseeded by the
+  examples package, its implementation was vulnerable to the
+  ZipSlip attack.
+  Issue: COMPRESS-495.
+
 Release 1.19
 ------------
 


Mime
View raw message