Re: [ALL] GitHub is done with Java 8

+8, 11.0.16+101, 11.0.16+8, 11.0.15+10 > > > > So it looks like goodbye Java 8 on GitHub. > > > > Gary > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org

Re: [VOTE] Release Apache Commons Compress 1.26.0 based on RC1

package > > You can record the Maven and Java version produced by -V in your VOTE > reply. > To gather OS information from a command line: > Windows: ver > Linux: uname -a > > 5) Build the site for a single module project > > Note: Some plugins require the components to be installed instead of > packaged. > > mvn site > Check the site reports in: > - Windows: target\site\index.html > - Linux: target/site/index.html > > -the end- > > - > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- Arnout Engelen ASF Security Response Podling Project Management Committee member on Apache Pekko Committer on NixOS Independent Open Source consultant

Re: Security model for Commons Imaging, Compress, Codec and IO: RCE and DOS?

On Thu, Dec 14, 2023 at 2:00 PM Elliotte Rusty Harold wrote: > On Thu, Dec 14, 2023 at 6:09 AM Arnout Engelen wrote: > > * I'd say parsing/decompression/decoding should never allow malicious > input > > to trigger arbitrary code execution(?) > > Do any of these products

Security model for Commons Imaging, Compress, Codec and IO: RCE and DOS?

d to treat such issues as security problems (that should be fixed with some priority and, after release, disclosed in an advisory) or bugs/improvements (where we can possibly take more of an 'issues and patches welcome' position). I'm curious about your thoughts! -- Arnout Engelen ASF Securit

Re: Improve vulnerability reporting

be provided through alternative ways (such as GitHub Private Vulnerability Reporting) is definitely on our radar. We're working out some challenges to fit it into the rest of our workflow, though, and it will depend on the project whether they choose to use it. Kind regards, -- Arnout Engelen ASF Security Response

Re: Publish statement on Commons Text CVE

src/site/xdoc/security.xml) > if you want to update the details. > > > > > > TY! > > > > > > On Tue, Oct 18, 2022, 09:52 Arnout Engelen wrote: > > >> > > >> Hello Commons, > > >> > > >> As you might kno

Publish statement on Commons Text CVE

Hello Commons, As you might know Commons Text recently published a CVE. It seems there is a fair bit of confusion about its severity online, so it seems like a good idea to publish a statement around that on the website. I've proposed one at https://github.com/apache/commons-text/pull/374 and