+8, 11.0.16+101, 11.0.16+8, 11.0.15+10
> >
> > So it looks like goodbye Java 8 on GitHub.
> >
> > Gary
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
> > For additional commands, e-mail: dev-h...@commons.apache.org
package
>
> You can record the Maven and Java version produced by -V in your VOTE
> reply.
> To gather OS information from a command line:
> Windows: ver
> Linux: uname -a
>
> 5) Build the site for a single module project
>
> Note: Some plugins require the components to be installed instead of
> packaged.
>
> mvn site
> Check the site reports in:
> - Windows: target\site\index.html
> - Linux: target/site/index.html
>
> -the end-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
> For additional commands, e-mail: dev-h...@commons.apache.org
>
>
--
Arnout Engelen
ASF Security Response
Podling Project Management Committee member on Apache Pekko
Committer on NixOS
Independent Open Source consultant
On Thu, Dec 14, 2023 at 2:00 PM Elliotte Rusty Harold
wrote:
> On Thu, Dec 14, 2023 at 6:09 AM Arnout Engelen wrote:
> > * I'd say parsing/decompression/decoding should never allow malicious
> input
> > to trigger arbitrary code execution(?)
>
> Do any of these products
d to treat such
issues as security problems (that should be fixed with some priority and,
after release, disclosed in an advisory) or bugs/improvements (where we can
possibly take more of an 'issues and patches welcome' position).
I'm curious about your thoughts!
--
Arnout Engelen
ASF Securit
be provided through
alternative ways (such as GitHub Private Vulnerability Reporting) is
definitely on our radar. We're working out some challenges to fit it into
the rest of our workflow, though, and it will depend on the project whether
they choose to use it.
Kind regards,
--
Arnout Engelen
ASF Security Response
src/site/xdoc/security.xml)
> if you want to update the details.
> > >
> > > TY!
> > >
> > > On Tue, Oct 18, 2022, 09:52 Arnout Engelen wrote:
> > >>
> > >> Hello Commons,
> > >>
> > >> As you might kno
Hello Commons,
As you might know Commons Text recently published a CVE. It seems there is
a fair bit of confusion about its severity online, so it seems like a good
idea to publish a statement around that on the website.
I've proposed one at https://github.com/apache/commons-text/pull/374 and