t; wrote:
> >
> > Thank you for the brilliant detective work Bruno!
> >
> > Gary
> >
> > On Wed, Oct 19, 2022, 16:16 Bruno Kinoshita wrote:
> >>
> >> I had a look at the browser network tab, and saw an HTTP 302 location
> >> redirect from Varn
I had a look at the browser network tab, and saw an HTTP 302 location
redirect from Varnish. These redirects normally need to be configured in
Varnish with some sort of rule.
I went back to your email, grabbed the SVN URL, stepped up a few
directories and saw an .htaccess at a parent level, that
+1
Built successfully from tag, using:
Apache Maven 3.8.5 (3599d3414f046de2324203b78ddcf9b5e4388aa0)
Maven home: /opt/apache-maven-3.8.5
Java version: 17.0.4, vendor: Private Build, runtime:
/usr/lib/jvm/java-17-openjdk-amd64
Default locale: en_US, platform encoding: UTF-8
OS name: "linux",
> staffed with Google employees.
>
> On Mon, Oct 10, 2022 at 4:41 PM Bruno Kinoshita wrote:
> >
> > The JIRA issue linked appears to be one of those reported based on the
> > existing CVE's that were generated for jxpath.
> >
> > I opened the CVE, and the link
to tackle
the issue and release a new version.
-Bruno
On Tue, 11 Oct 2022 at 10:36, Bruno Kinoshita wrote:
> Hi Eric,
>
> As far as I know, there is no integration between issues found in OSS Fuzz
> and our JIRA. Issues reported in OSS Fuzz exist only there. And security
> issu
2. https://commons.apache.org/proper/commons-jxpath/issue-tracking.html
>
>
> Get Outlook for iOS<https://aka.ms/o0ukef>
>
> From: Bruno Kinoshita
> Sent: Monday, October 10, 2022 4:15:03 PM
> To: Commons Developers List
> Subj
g and
> fix as applicable?
>
>
> Get Outlook for iOS<https://aka.ms/o0ukef>
>
> From: Bruno Kinoshita
> Sent: Monday, October 10, 2022 3:51:30 PM
> To: Commons Developers List
> Subject: Re: Re: [jxpath] reported CVE and path
Hi,
I commented in another thread about oss-fuzz and new components, maybe that
could be part of the issue here.
See that thread in the archives, or TL;DR: someone is adding more Commons
Components to oss-fuzz, directly as components instead of using the shared
apache-commons project. This
Hi Matt,
I am also subscribed to oss-fuzz for Imaging.
Looks like someone added jxpath to oss-fuzz here:
https://github.com/google/oss-fuzz/pull/7582
The initial oss-fuzz for ASF was, if I recall correctly, all put under a
single project:
(I mean, to customize RNG's CONTRIBUTING.md to add that info, not the
templated file from the parent or release-plugin)
On Tue, 11 Oct 2022 at 09:37, Bruno Kinoshita wrote:
> Hi Alex,
>
> The updated changes report looks great!
>
> The Unit Tests [2] looks really useful to new
:53, Alex Herbert wrote:
> On Mon, 10 Oct 2022 at 09:22, Alex Herbert
> wrote:
> >
> >
> > On Mon, 10 Oct 2022 at 08:26, Bruno Kinoshita wrote:
> >>
> >>
> >> Changes report
> >> look OK too, confirmed the Java version in the descript
Also had a very brief look at the Maven repository and everything seems to
be OK (expected files are present, non-empty; didn't have time to check
signatures of maven staged repo, sorry).
Thanks!
Bruno
On Mon, 10 Oct 2022 at 19:42, Bruno Kinoshita wrote:
> I have 20 mins before a quick dinne
I have 20 mins before a quick dinner and meeting. Cloning the repository
now.
On Mon, 10 Oct 2022 at 19:38, Alex Herbert wrote:
> Can I get another PMC vote for this please?
>
> Thanks,
>
> Alex
>
> On Wed, 5 Oct 2022 at 11:25, Alex Herbert wrote:
>
> > We have fixed quite a few bugs and added
[x] +1 Release these artifacts (assuming the changes.xml date can be
fixed later)
Build passed with no issues, running `mvn clean test install site` on
Apache Maven 3.8.5 (3599d3414f046de2324203b78ddcf9b5e4388aa0)
Maven home: /opt/apache-maven-3.8.5
Java version: 17.0.4, vendor: Private
[x] +1 Release these artifacts
Built from tag with mvn clean test install site on
Apache Maven 3.8.5 (3599d3414f046de2324203b78ddcf9b5e4388aa0)
Maven home: /opt/apache-maven-3.8.5
Java version: 17.0.4, vendor: Private Build, runtime:
/usr/lib/jvm/java-17-openjdk-amd64
Default locale: en_US,
these are to be used by cyclonedx.org and spdx.dev, for SBOM (out
of the loop, sorry). Shouldn't be a problem as these provide more metadata
about artefacts, build, provenance, and security, so +1
On Sun, 25 Sept 2022 at 11:58, Bruno Kinoshita wrote:
> [x] +1 Release these artifacts
>
> Build passed with
[x] +1 Release these artifacts
Build passed with no issues, with `mvn clean test install site -e -x` on
kinow@ranma:~/Development/java/apache/commons-text$ mvn -v
Apache Maven 3.8.5 (3599d3414f046de2324203b78ddcf9b5e4388aa0)
Maven home: /opt/apache-maven-3.8.5
Java version: 17.0.4, vendor:
[x] +1 Release these artifacts
Thanks!
On Mon, 19 Sept 2022 at 03:47, Gary Gregory wrote:
> We have fixed a few bugs and added enhancements since Apache Commons
> Parent 53 was released, so I would like to release Apache Commons
> Parent 54.
>
> Apache Commons Parent 54 RC1 is available for
+1
On Tue, 13 Sept 2022 at 10:57, Gary Gregory wrote:
> Here the board report I plan to submit tomorrow at the latest:
>
> ## Description:
> The mission of Apache Commons is the creation and maintenance of Java
> focused
> reusable libraries and components
>
> ## Issues:
> There are no issues
Hi Peter,
I think not keeping comments may help with memory management in cases where
you have an enormous amount of comments, or maybe speed up processing if
you discard them? Not sure.
But in any case, if you already have the patch working, I'd suggest 1)
taking a look at the JIRA of CSV and
Is anyone able to make a summary of what's necessary for the release? I
read the thread and looked at the latest commits for commons-fileupload,
and from what I understand the RM would need to:
- Locate and remove any code marked as deprecated, updating the changes.xml
& release notes afterwards
Hi
There is an oss-fuzz project for commons where multiple modules are hosted
(I am sure Imaging is there, and I think Compress too).
It is a single project with fuzzers for different components.
I think it may be simpler to add your new fuzzer there. That project had
some changes in the
Hi Rodde,
It has been almost a week since your last response. Did you take a look at
> my work?
>
Please note that we are all volunteers here, so sometimes we may be able to
respond quickly, others we may take a few days/weeks/months/...
I know Matt is active in other Apache mailing lists, and
[x] +1 Release these artifacts
Building tag OK with mvn clean test install site -e -X on
Apache Maven 3.8.5 (3599d3414f046de2324203b78ddcf9b5e4388aa0)
Maven home: /opt/apache-maven-3.8.5
Java version: 17.0.3, vendor: Private Build, runtime:
/usr/lib/jvm/java-17-openjdk-amd64
Default locale:
Missed this RC, sorry. Thanks for the reminder, on it.
On Sun, 3 Jul 2022 at 16:35, Matt Juntunen
wrote:
> Could we get some votes on RC3, please?
>
> Regards,
> Matt J
>
> On Fri, Jul 1, 2022 at 8:23 AM Gary Gregory
> wrote:
> >
> > Well, not fix the warnings since these are in generated code
[x] +1 Release these artifacts
Thanks Matt!
-Bruno
On Wed, 22 Jun 2022 at 15:47, Matt Juntunen
wrote:
> We have fixed quite a few bugs and added some significant enhancements
> since Apache Commons Configuration 2.7 was released, so I would like
> to release Apache Commons Configuration
Hi Matt,
Inspected NOTICE, LICENSE, RELEASE-NOTES, and found no issues. Checked out
the tag, and `mvn clean test install site` passed with no errors.
The README is still showing 2.7 in the download instructions. I **think**
one of the preparation steps uses a release-plugin goal that
No objections from me. I'm +1 to normally killing old code too, but I think
in this case it might be simple to keep both working in [configuration] as
users appear to be still transitioning JEE apps to the jakarta namespace.
We might just need to remember to remove the old package/namespace when
Hi Gary,
No objections from me. I can't recall if we did that for other components.
We could also, I think, have a document for Commons to reference when
releasing a major version update of a component. In that document we could
explain we are a team of volunteers, that if 4.x is out, users can
+1
On Tue, 7 Jun 2022 at 01:43, Gary Gregory wrote:
> Hi All:
>
> I propose that we migrate Validator from Java 7 to 8 and from Apache
> Commons Collections 3.x to 4.x.
>
> Thoughts?
>
> Gary
>
> -
> To unsubscribe, e-mail:
Hi Hans,
Thanks for pointing that out. I had a look at the latest version of that
page in GitHub, and it looks like some CVEs were added post-release:
https://github.com/apache/commons-compress/blob/master/src/site/xdoc/security-reports.xml
I tried building it locally to deploy a new version,
+1
Thanks Alex!
On Fri, 27 May 2022, 3:13 am Alex Herbert, wrote:
> Continuing the thread about switching Travis to GitHub actions...
>
> Commons RNG has been running travis and GH actions in parallel now for 6
> weeks as an experiment.
>
> Some PRs have been missed by Travis. The master
Hi Gary,
Fair enough. I only checked on case, in the Functions.java where a generic
type extends Throwable and triggers the issue in Spotbugs [1]
But I agree other cases might be legit code smells that need fixing. I will
revert the change on the master branch, and when/if Dependabot triggers a
the build passed.
Thanks
On Sun, 22 May 2022 at 10:39, Bruno Kinoshita wrote:
> Ah, good point. I saw builds in other projects failing, and the PR's being
> closed due to the upgrade, but looks like Text's GH Actions set up needs to
> be fixed too. The build for checkstyle passed (ev
Ah, good point. I saw builds in other projects failing, and the PR's being
closed due to the upgrade, but looks like Text's GH Actions set up needs to
be fixed too. The build for checkstyle passed (even though it appears to
include Java 8), maybe it's not calling checkstyle.
Hi Richard,
Thanks for the explanation and patience. Being a team of volunteers means
that for some discussions and issues like this one we may take a while to
find a solution/decision.
I think the pull request/issue is valid since the code allows symbols
without the semicolon to be escaped, but
Ah, good to know. Thanks Gary!
On Fri, 20 May 2022, 10:12 pm Gary Gregory, wrote:
> The rel/ prefix is special to Apache and is supposed to be read-only.
>
> Gary
>
> On Fri, May 20, 2022, 05:06 Bruno Kinoshita wrote:
>
> > Almost forgot, quick questio
.org/releases/release.html
[2] https://github.com/apache/commons-imaging/tags
On Fri, 20 May 2022 at 21:02, Bruno Kinoshita wrote:
> Hi all,
>
> After the Apache Commons Imaging 1.0-alpha3 I noticed the release
> instructions had a few things that needed to be updated. Could some
Hi all,
After the Apache Commons Imaging 1.0-alpha3 I noticed the release
instructions had a few things that needed to be updated. Could someone
review this PR for the Release Plug-in (mainly typos)
https://github.com/apache/commons-release-plugin/pull/113, and this other
SVN diff for the Commons
put into this
> release.
>
> Gary
>
>
> On Thu, May 19, 2022 at 3:56 AM Bruno Kinoshita wrote:
>
> > The Apache Commons Team is pleased to announce the availability of
> > Apache Commons Imaging 1.0-alpha3.
> >
> > Apache Commons Imaging, previously known as Apac
The Apache Commons Team is pleased to announce the availability of
Apache Commons Imaging 1.0-alpha3.
Apache Commons Imaging, previously known as Apache Commons Sanselan,
is a library that reads and writes a variety of image formats, including
fast parsing of image info (size, color space, ICC
Forgot to include Gary Lucas' +1 (non-binding), sorry! Got confused with
the Gary's when counting the votes, sorry :)
-Bruno
-- Forwarded message -
From: Bruno Kinoshita
Date: Thu, 19 May 2022 at 14:16
Subject: [RESULT[[VOTE] Release Apache Commons Imaging 1.0-alpha3 based
a lot to everybody who voted and helped test this release, as well
as other contributors and users that helped with the changes in it.
-Bruno
On Sat, 14 May 2022 at 00:02, Bruno Kinoshita wrote:
> We have fixed quite a few bugs and added some significant enhancements
> since Apache C
Hi,
There's a Dockerfile in the commons-crypto repo on GitHub. Not sure if it's
used for building it... but just in case it helps.
https://github.com/apache/commons-crypto/blob/master/src/conf/Docker/Dockerfile-luw
-Bruno
On Thu, 19 May 2022 at 07:58, Jochen Wiedmann
wrote:
> On Wed, May
ost-it to look into it after the release.
Thanks Thomas
-Bruno
On Mon, 16 May 2022 at 21:18, Thomas Vandahl wrote:
> Hi Bruno,
>
> > Am 13.05.2022 um 14:02 schrieb Bruno Kinoshita :
> >
> > We have fixed quite a few bugs and added some significant enhancements
> >
I've approved the PR, and also set the fixVersion for the next 2.8.0
release.
This change doesn't break binary compatibility, but does change
behavior/feature. Users who were - for one reason or another - handling
array values, instead of the first value, will have to update their code
after this
My own vote
[x] +1 Release these artifacts
Leaving the vote thread open until Wednesday or Thursday NZ time since I
called it just before a weekend (and NZ is normally one day ahead, so
giving more time if others want to test the RC2).
Thanks!
Bruno
On Sat, 14 May 2022 at 00:02, Bruno
ber)
> > >
> > > I've succesfully build the alpha release using
> > >
> > > mvn clean install site
> > >
> > > Apache Maven 3.6.3 (Red Hat 3.6.3-13)
> > > Java version: 11.0.15, vendor: Red Hat, Inc., runtime:
> /usr
We have fixed quite a few bugs and added some significant enhancements
since Apache Commons Imaging 1.0-alpha2 was released, so I would like to
release Apache Commons Imaging 1.0-alpha3.
Apache Commons Imaging 1.0-alpha3 RC2 is available for review here:
RC1 vote is cancelled due to an issue in the build related to a Maven
Plug-in. I am preparing a new release at the moment.
Thanks
Bruno
On Fri, 13 May 2022 at 17:26, Bruno Kinoshita wrote:
> We have fixed quite a few bugs and added some significant enhancements
> since Apache Commons I
uno
>
> > Am 13.05.2022 um 07:26 schrieb Bruno Kinoshita :
> >
> >
> https://gitbox.apache.org/repos/asf?p=commons-imaging.git;a=commit;h=b1cfcaad38de7c30f7814a5b3d80e45fe2bd9af1
> > You may checkout this tag using:
> >git clone https://gitbox.apache.org/repos/asf/c
om pom.xml and upgrade to commons-parent-53
Thanks!
-Bruno
[1]
https://github.com/apache/commons-imaging/blob/b1cfcaad38de7c30f7814a5b3d80e45fe2bd9af1/pom.xml#L29-L32
[2]
https://github.com/apache/commons-imaging/blob/b1cfcaad38de7c30f7814a5b3d80e45fe2bd9af1/pom.xml#L29-L32
On Fri, 13 May 2022 at 17
to seeing the alpha-3 release be available via
> the Maven Central Repository. Bruno has introduced some significant
> improvements to the API. Having them available via Maven will be a boon to
> the Java developer community.
>
> Thanks,
>
> Gary (the other Gary)
>
> O
Thank you Matt! :)
On Thu, 12 May 2022 at 22:16, Matt Benson wrote:
> Nice job, Bruno! Thanks for pushing this.
>
> Matt
>
> On Wed, May 11, 2022, 11:32 PM Bruno Kinoshita
> wrote:
>
> > Hi,
> >
> > We have fixed all the issues that were raised as blocke
We have fixed quite a few bugs and added some significant enhancements
since Apache Commons Imaging 1.0-alpha2 was released, so I would like to
release Apache Commons Imaging 1.0-alpha3.
Apache Commons Imaging 1.0-alpha3 RC1 is available for review here:
Hi,
We have fixed all the issues that were raised as blockers for 1.0 some
years ago (4? maybe 5 years ago?). I'm finishing the preparations for the
1.0-alpha3 vote for Imaging. It's the last alpha release I have planned.
I started working on Imaging when I became curious if we could use it as
ed too, if you'd like.
Thanks!!!
Bruno
On Tue, 10 May 2022 at 14:57, Bruno Kinoshita
wrote:
> Nothing I can think of, but I will have a look tonight. There's one PR
> that I think I worked on some time ago, but not a must for this release.
>
> Thanks Matt!
>
> On Tue, 10 May 2022
Hi all,
Was having a look at the pull requests and issues for Configuration, and
found one from Dependabot where it's updating mailapi/javamail from 1.6 to
2.0.1 (2.0 was released Oct 2020 [1]).
The 2.0 release includes a change in namespace, from javax.mail.* to
jakarta.mail.*.
I created
Nothing I can think of, but I will have a look tonight. There's one PR that
I think I worked on some time ago, but not a must for this release.
Thanks Matt!
On Tue, 10 May 2022 at 14:50, Matt Juntunen
wrote:
> Hello,
>
> I'm getting ready to create the commons-configuration 2.8.0 release
> and
[x] +1 Release these artifacts
Building OK on
Apache Maven 3.8.2 (ea98e05a04480131370aa0c110b8c54cf726c06f)
Maven home: /opt/apache-maven-3.8.2
Java version: 11.0.15, vendor: Private Build, runtime:
/usr/lib/jvm/java-11-openjdk-amd64
Default locale: en_US, platform encoding: UTF-8
OS name:
Hi,
The reason is probably the lack of volunteer time by one of the committers.
I am planning a release soon as I am leaving my current $work and must have
1 month in-between jobs to release components. I can try dbutils, but no
promises since I never released it (not sure if I ever worked on
Came here to suggest Commons Graph too. The GH repo had some recent-ish
activity, Amey created some issues in JIRA too and submitted PR's. I
haven't had time yet to look into that again, but I have a couple cases
with graphs that I've been saving to have fun in either Graph or RDF/Jena.
+1 to archiving <7 versions.
Thanks
On Wed, 16 Mar 2022, 00:33 Gary Gregory, wrote:
> Hi Sebb,
>
> I don't plan on supporting pre-Java 8 versions, others may feel different
> of course. I say: go for it.
>
> Gary
>
> On Tue, Mar 15, 2022, 07:06 sebb wrote:
>
> > The DBCP versions for Java 6
On it, as soon as I have some spare time between tasks at $work. Voting in
the next hours.
Cheers,
Bruno
On Tue, 15 Mar 2022 at 09:48, Gary Gregory wrote:
> Hi PMC folk, we need more reviews please.
>
> Gary
>
> On Fri, Mar 11, 2022, 08:32 Mark Thomas wrote:
>
> > Since the 1.2.4 release, the
Not sure, but the console output is similar to this build from 2 days ago,
that also failed:
https://ci-builds.apache.org/job/Commons/job/commons-codec/commons-codec$commons-codec/134/console
Maybe it's due to Maven version, or to some Maven plugin? Travis/GH Actions
appear to be running OK.
:40, Bruno Kinoshita
wrote:
> Hi,
>
> There is a password entry form at
>>https://the-asf.slack.com/
>> However, it is not the "apache.org" domain; thus I'm wary of
>> supplying the ASF credentials there...
>>
>
> Yes, for Slack I use a diffe
d/Thu/Friday. So if you join you
should be able to get it answered pretty quickly over the next week, or use
JIRA if you don't want to use Slack, they normally respond quickly over
there too.
Bruno
On Sun, 30 Jan 2022 at 08:02, Gilles Sadowski wrote:
> Hello.
>
> Le ven. 28 jan
Normally I'd set up Jenkins jobs to build all branches in the main repo,
similar to GitHub Actions. However, I'd normally use a git hook in the repo
to avoid having Jenkins polling the server and getting faster builds.
The only other ASF project I'm involved with that uses Jenkins is Jena, but
mogenous.
Thanks Gilles!
Bruno
On Mon, 24 Jan 2022 at 14:24, Gilles Sadowski wrote:
> Hello.
>
> Le lun. 24 janv. 2022 à 00:49, Bruno Kinoshita
> a écrit :
> >
> > Hi Gilles,
> >
> > You can click on the job link, then using the sidebar locate the link t
Hi Gilles,
You can click on the job link, then using the sidebar locate the link to
"Workspace". There, navigate to the target directory and you should locate
the report file. If logged in, the link is:
https://ci-builds.apache.org/job/Commons/job/commons-imaging/ws/target/
It looks like I
101 - 170 of 170 matches
Mail list logo