Common thread I keep seeing. Update all the libraries! ...the common thread.. No concern on this one but maven does still release vulnerable plugin usage especially around transient commons collections. We keep patching so it's also frustrating the speed of plugin releases that are not accounting for already available pull requests only to see core team make this argument each release recently...
I think in general, same I tell my devs. Review the bot pull requests and incorporate all the ones possible before any release. Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Elliotte Rusty Harold <elh...@ibiblio.org> Sent: Wednesday, May 31, 2023 7:09:22 AM To: Maven Developers List <dev@maven.apache.org> Subject: Re: [VOTE] Release Apache Maven Release Plugin version 3.0.1 One minor dependency update to maven-scm: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fmaven-release%2Fpull%2F192&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N%2B3ESphp2RdNQUw0Lmr1s41MrdDcFVth7rpvJJCVxjM%3D&reserved=0<https://github.com/apache/maven-release/pull/192> Otherwise, looks good. On Tue, May 30, 2023 at 9:35 PM Slawomir Jaranowski <s.jaranow...@gmail.com> wrote: > > Hi, > > We solved 8 issues: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fsecure%2FReleaseNote.jspa%3FprojectId%3D12317824%26version%3D12353136&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=K0PqT3u1i%2BnCyjtXTFaeS5B%2Bf%2FkYtZbCuQGaZLHIANY%3D&reserved=0<https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317824&version=12353136> > > There are still a couple of issues left in JIRA: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fissues%2F%3Fjql%3Dproject%2520%253D%2520MRELEASE%2520AND%2520resolution%2520%253D%2520Unresolved&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oWlIcdjMAesuCqZJji1g38cVL8mo8rTo47TjNZrdzQw%3D&reserved=0<https://issues.apache.org/jira/issues/?jql=project%20%3D%20MRELEASE%20AND%20resolution%20%3D%20Unresolved> > > > Staging repo: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Frepositories%2Fmaven-1950%2F&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lvgqlqCAjzalGHn96QSFkchLbh5MyTU9c8Cyo4B%2BN08%3D&reserved=0<https://repository.apache.org/content/repositories/maven-1950/> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Frepositories%2Fmaven-1950%2Forg%2Fapache%2Fmaven%2Frelease%2Fmaven-release%2F3.0.1%2Fmaven-release-3.0.1-source-release.zip&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YTkPBYdoTpceNk8Zxy296APUndozmceHfzQ7NwzcThg%3D&reserved=0<https://repository.apache.org/content/repositories/maven-1950/org/apache/maven/release/maven-release/3.0.1/maven-release-3.0.1-source-release.zip> > > Source release checksum(s): > maven-release-3.0.1-source-release.zip - SHA-512: > e59018a70e67f8af38f4d02bc28703f54ec01d032bd9d21972d087bb196ed8997040da0600a687d5604ebed794ab444d67b697ae17f793f0e8908a4ca0a37f69 > > > Staging site: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaven.apache.org%2Fcomponents%2Fmaven-release-archives%2Fmaven-release-LATEST&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cJSBpS5K1UcmitC%2BlKYuqZpDjOGm%2F4LJ5bc8Fi9tb20%3D&reserved=0<https://maven.apache.org/components/maven-release-archives/maven-release-LATEST> > > Guide to testing staged releases: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaven.apache.org%2Fguides%2Fdevelopment%2Fguide-testing-releases.html&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UQgW4ZDiIOZp16XxdvpWvoYu4eBXRxbTOLH4ZcYRQnQ%3D&reserved=0<https://maven.apache.org/guides/development/guide-testing-releases.html> > > Vote open for at least 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > -- > Sławomir Jaranowski -- Elliotte Rusty Harold elh...@ibiblio.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org