Return-Path: <users-return-21410-archive-asf-public=cust-asf.ponee.io@jackrabbit.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 71CAE200D21
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon, 16 Oct 2017 18:47:21 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 0D4391609EF; Mon, 16 Oct 2017 16:47:21 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 5358D1609E3
	for <archive-asf-public@cust-asf.ponee.io>; Mon, 16 Oct 2017 18:47:20 +0200 (CEST)
Received: (qmail 81019 invoked by uid 500); 16 Oct 2017 16:47:19 -0000
Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@jackrabbit.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@jackrabbit.apache.org>
List-Post: <mailto:users@jackrabbit.apache.org>
List-Id: <users.jackrabbit.apache.org>
Reply-To: users@jackrabbit.apache.org
Delivered-To: mailing list users@jackrabbit.apache.org
Received: (qmail 81007 invoked by uid 99); 16 Oct 2017 16:47:19 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Oct 2017 16:47:19 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 513E1CBC9A
	for <users@jackrabbit.apache.org>; Mon, 16 Oct 2017 16:47:18 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -2.501
X-Spam-Level: 
X-Spam-Status: No, score=-2.501 tagged_above=-999 required=6.31
	tests=[KAM_NUMSUBJECT=0.5, RCVD_IN_DNSWL_LOW=-0.7,
	RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001]
	autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id 5LUdFFzQY1tr for <users@jackrabbit.apache.org>;
	Mon, 16 Oct 2017 16:47:16 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 24E1A5FCD0
	for <users@jackrabbit.apache.org>; Mon, 16 Oct 2017 16:47:16 +0000 (UTC)
Received: from [192.168.178.20] ([93.217.93.225]) by mail.gmx.com (mrgmx102
 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MbrR4-1dlvCd0bmI-00JHJh; Mon, 16
 Oct 2017 18:47:09 +0200
Subject: Re: Release date for Jackrabbit 2.15.7
To: Jan Kreutzfeld <Jan.Kreutzfeld@doubleslash.de>,
 "users@jackrabbit.apache.org" <users@jackrabbit.apache.org>
References: <3a663a2baf0744808a97b200733ce092@FDHMSX01.doubleslash.org>
 <86c51b9e-255c-df5d-8df0-b998fb0037be@gmx.de>
 <abb392d42cf7450a8874becfe5785ee4@FDHMSX01.doubleslash.org>
From: Julian Reschke <julian.reschke@gmx.de>
Message-ID: <0d76aae5-537e-8388-c63f-2e825c1fe3e8@gmx.de>
Date: Mon, 16 Oct 2017 18:47:08 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <abb392d42cf7450a8874becfe5785ee4@FDHMSX01.doubleslash.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:75zfA6pbnbmG4cEUXvAFzBUpIv16Ag/VTwlSgB+ExHRSYsDmACT
 QC+0dBotqQyB44whwDV1ZfepVYFmorFO1q5UokiByyHli2er5BPo8Zhwx37BfS3HniQZHCa
 P9TZCkuA4gGIghWgvSrdsq8dSTY+9ACCBiHduQMZ6P8U2jVq1cenKz6mWG6C2QDj8hqjND9
 CHc7yIgRgb6SQ+QNbOqeg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:2eOxMheAEg8=:9RguwkawgIQg1XjIxji3dq
 sYLsztwrgSwwGDga9P7F+SLtLUn4dVHnOroGQxYhDbR6XrPwHNi2aemXWuSrM/e4Pwm1aJIL/
 ffY9VKofSAvJAKMLL78Y5cjd8HS21+RieyzISreWlZofcnTOG/sswVSibLWJnOqFp/tKUvvSE
 HVx2gzDR0d2nfqbze1T5fZgF22LnnudO0lRT8GsI3OKsLlxPR6d5OAhfjEWnVPQXjF4T2/tuQ
 8Ou1vOKWZPEafHv6mEiY81mlHkg9Jgf3/z7dZDDYLyi8QPAxDhf1hPSbpPWnHQZ6EmLZY4t66
 FB+l55dw3g1wO+f+T1fCqvbSuXHAU1w8LIk5OkqpOGbcSnD02ukMlVHXyWH6b6zV9cjVPMDSP
 qKM1BF+XYAifB5+LGJ3D2/oH9NxzcvduN05rA1KebEi8umzen16V15QDpaF9Y30QsP9YOoLg+
 KJkoBu0jHqLjC+OP1hDOoPXmkrYZTbQaiuGb03oUEwfy1DQWGJF2tqujUIUA6NmLtQr+eAQgk
 os7tjnS7HEQAZxckQ63B11Qb+kyGdI4eKHS2wi+IvCBRpPyXdza1jKz3qFvEbs1zT8Jl+1iiO
 XRipjJ9L+HfqhTkKgZSWLzgAe1D3JkomBn6fpP6TIp6xNJnSLNVbj1Ldf7mKwPeROOOJq8mSZ
 Gu/r8uMp8zFWE4damHuqjnF9VcUz0liPvsqqXW455nLUXV/UA87wJM0y4HuBUcx2spACy95po
 14QHhIrMVpqONNQNrvqxHRjB5ykkfnIQ0WU+mdzBVeZzDOHPBe0Jcmo6QBUqEcaWbNnFASWOe
 0y9o9sUTzphE73n3P66RdD9MMpGDe133CjFKd/PKAbalRJF18o=
archived-at: Mon, 16 Oct 2017 16:47:21 -0000

On 2017-10-16 18:08, Jan Kreutzfeld wrote:
> I'm referring to this issue: https://www.cvedetails.com/cve/CVE-2015-1832/

Thanks - I don't think that we use that code (worth checking though), so 
this doesn't appear to be urgent.

> As always, we need to get rid of the issue as soon as possible, so we would use the unstable release if necessary.

So which release are you using right now?

> Of course, if a stable release would be available, we would prefer to use that instead.
> So I guess the proper question would be: can you tell me the ETA for the earliest release which updates the derby driver? :-)

Sometimes in November, unless it becomes clear that the vulnerability 
indeed affects Jackrabbit operation.

Best regards, Julian