commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Neidhart <thomas.neidh...@gmail.com>
Subject Re: [VOTE] Release Commons Collections 4.1 Based on RC1
Date Tue, 24 Nov 2015 21:09:42 GMT
On 11/22/2015 11:26 PM, Thomas Neidhart wrote:
> Hi all,
> 
> we have accumulated enough changes since the last 4.0 release as well as
> we need to provide a fix for the known remote code exploit via java
> de-serialization. Therefore, I would like to start a vote to release
> Commons Collections 4.1 based on RC1.
> 
> Note:
> 
> The fix for the security related issue results in Clirr errors as unsafe
> classes in the functor package do not implement the Serializable
> interface anymore. This is mentioned in the release notes.
> 
> 
> Collections 4.1 RC1 is available for review here:
>     https://dist.apache.org/repos/dist/dev/commons/collections/
>     (svn revision 11263)
> 
> Maven artifacts are here:
> 
> 
> https://repository.apache.org/content/repositories/orgapachecommons-1122/org/apache/commons/commons-collections4/4.1/
> 
> Details of changes since 4.0 are in the release notes:
> 
> 
> https://dist.apache.org/repos/dist/dev/commons/collections/RELEASE-NOTES.txt
> 
> 
> http://people.apache.org/builds/commons/collections/4.1/RC1/changes-report.html
> 
> The tag is here:
> 
> 
> https://svn.apache.org/repos/asf/commons/proper/collections/tags/COLLECTIONS_4_1_RC1
>     (svn revision 1715703)
> 
> Site:
>     http://people.apache.org/builds/commons/collections/4.1/RC1/
> 
> Clirr Report (compared to 4.0):
> 
> 
> http://people.apache.org/builds/commons/collections/4.1/RC1/clirr-report.html
> 
> RAT Report:
> 
> 
> http://people.apache.org/builds/commons/collections/4.1/RC1/rat-report.html
> 
> KEYS:
>     https://www.apache.org/dist/commons/KEYS
> 
> Please review the release candidate and vote.
> 
> This vote will close no sooner that 72 hours from now, i.e. after 2400
> GMT 25-November 2015
> 
>   [ ] +1 Release these artifacts
>   [ ] +0 OK, but...
>   [ ] -0 OK, but really should fix...
>   [ ] -1 I oppose this release because...

I would like to remind all PMC members that this is also a security
related release that several people have requested.

If someone is not happy with the release as is, please speak up and vote
so that we at least can move forward.

Thomas

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message