[RESULT] [VOTE] Release Apache Sling XSS Protection API 2.2.20
Hi, The vote has passed with the following result: +1 (binding): Carsten Ziegeler, Karl Pauls, Robert Munteanu +1 (non-binding): none I will copy this release to the Sling dist directory and promote the artifacts to the central Maven repository. Regards, Robert Munteanu
Re: [VOTE] Release Apache Sling XSS Protection API 2.2.20
Hi Eric, On Fri, 2022-05-20 at 14:04 -0700, Eric Norman wrote: > +1 for the functionality as I don't see anything broken > > However, this isn't really a drop in replacement for the previous > version > since the SLING-11201 changes have introduced a new dependency on > "org.apache.commons:commons-text:1.9" and that bundle is not > currently in > the starter distribution. Others may be missing that bundle as > well. So > there may be an additional step needed to add the commons-text bundle > to > your server before this version of the xss bundle can be resolved and > used. Perhaps that would warrant an increase to the minor version > number > and some migration instructions in the README or somewhere else? I think this is a good point. We typically have not paid too much attention to to bundle versions and what they communicate to consumers. I have also considered a minor version upgrade, but decided against it, for the following reasons: - commons-text is a relatively small requirement, and there will not be a lot of work to add it to an existing deployment - we will get a minor version bump 'soon' once we stop supporting embedded stylesheets - we will get another minor version bump once we switch away from AntiSamy [1] Therefore, I'd like to 'conserve' the minor version bumps for these more significant occurences. I would like to release this version now in order to get more people running it ASAP so they are warned of the policy change regarding embedded stylesheets, which would allow us to make a decision regarding retiring it sooner. I hope that works for you. Thanks, Robert [1]: https://issues.apache.org/jira/browse/SLING-7231 > > Regards, > -Eric > > > On Fri, May 20, 2022 at 4:45 AM Robert Munteanu > wrote: > > > Hi, > > > > We solved 4 issues in this release: > > https://issues.apache.org/jira/browse/SLING/fixforversion/12351228 > > > > Staging repository: > > https://repository.apache.org/content/repositories/orgapachesling-2640/ > > > > You can use this UNIX script to download the release and verify the > > signatures: > > > > https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD > > > > Usage: > > sh check_staged_release.sh 2640 /tmp/sling-staging > > > > Please vote to approve this release: > > > > [ ] +1 Approve the release > > [ ] 0 Don't care > > [ ] -1 Don't release, because ... > > > > This majority vote is open for at least 72 hours. > > > > Regards, > > Robert Munteanu > >
Re: [VOTE] Release Apache Sling XSS Protection API 2.2.20
+1 for the functionality as I don't see anything broken However, this isn't really a drop in replacement for the previous version since the SLING-11201 changes have introduced a new dependency on "org.apache.commons:commons-text:1.9" and that bundle is not currently in the starter distribution. Others may be missing that bundle as well. So there may be an additional step needed to add the commons-text bundle to your server before this version of the xss bundle can be resolved and used. Perhaps that would warrant an increase to the minor version number and some migration instructions in the README or somewhere else? Regards, -Eric On Fri, May 20, 2022 at 4:45 AM Robert Munteanu wrote: > Hi, > > We solved 4 issues in this release: > https://issues.apache.org/jira/browse/SLING/fixforversion/12351228 > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2640/ > > You can use this UNIX script to download the release and verify the > signatures: > > https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD > > Usage: > sh check_staged_release.sh 2640 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > Regards, > Robert Munteanu >
Re: [VOTE] Release Apache Sling XSS Protection API 2.2.20
On Fri, 2022-05-20 at 11:43 +, Robert Munteanu wrote: > Please vote to approve this release: +1 Robert signature.asc Description: This is a digitally signed message part
Re: [VOTE] Release Apache Sling XSS Protection API 2.2.20
+1 regards, Karl On Friday, May 20, 2022, Carsten Ziegeler wrote: > +1 > > Carsten > > Am 20.05.2022 um 13:43 schrieb Robert Munteanu: > >> Hi, >> >> We solved 4 issues in this release: >> https://issues.apache.org/jira/browse/SLING/fixforversion/12351228 >> >> Staging repository: >> https://repository.apache.org/content/repositories/orgapachesling-2640/ >> >> You can use this UNIX script to download the release and verify the >> signatures: >> https://gitbox.apache.org/repos/asf?p=sling-tooling-release. >> git;a=blob;f=check_staged_release.sh;hb=HEAD >> >> Usage: >> sh check_staged_release.sh 2640 /tmp/sling-staging >> >> Please vote to approve this release: >> >>[ ] +1 Approve the release >>[ ] 0 Don't care >>[ ] -1 Don't release, because ... >> >> This majority vote is open for at least 72 hours. >> >> Regards, >> Robert Munteanu >> > > -- > Carsten Ziegeler > Adobe > cziege...@apache.org > -- Karl Pauls karlpa...@gmail.com
Re: [VOTE] Release Apache Sling XSS Protection API 2.2.20
+1 Carsten Am 20.05.2022 um 13:43 schrieb Robert Munteanu: Hi, We solved 4 issues in this release: https://issues.apache.org/jira/browse/SLING/fixforversion/12351228 Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2640/ You can use this UNIX script to download the release and verify the signatures: https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD Usage: sh check_staged_release.sh 2640 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards, Robert Munteanu -- Carsten Ziegeler Adobe cziege...@apache.org
[VOTE] Release Apache Sling XSS Protection API 2.2.20
Hi, We solved 4 issues in this release: https://issues.apache.org/jira/browse/SLING/fixforversion/12351228 Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2640/ You can use this UNIX script to download the release and verify the signatures: https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD Usage: sh check_staged_release.sh 2640 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards, Robert Munteanu