Hi all: -1
Sorry, the RAT failure needs to be handled one way or another: exclude the files or add headers: Unapproved licenses: data/test/NullComparator.version2.obj1 data/test/NullComparator.version2.obj2 xdocs/style/project.css I imagine the obj files can be excluded but the CSS file can just have a header added, just like https://svn.apache.org/repos/asf/commons/proper/daemon/trunk/src/docs/daemon.css It's just messy to rush this through without dotting the i's and so on. There is also the issue of the possibly wrong revision being tagged or being used in the VOTE email thread. That can be fixed for RC2 as well. Gary On Mon, Nov 9, 2015 at 2:37 PM, Thomas Neidhart <thomas.neidh...@gmail.com> wrote: > Hi all, > > in order to provide a work-around for the known remote code exploit via > java de-serialization of malicious InvokerTransformer instances, I would > like to start a vote to release Commons Collections 3.2.2 based on RC1. > > I would kindly ask people to review the RC especially wrt the following > topics: > > * OSGI compatibility > * reproducing the exploits and verifying that it provides protection > * any kind of regression that this release might create with existing > applications > > Notes: > > * the site will not be published, it just serves as a reference to > access the various reports. After a successful vote, the current 4.X > branch site will be updated with relevant information and published. > > * some tests might fail with various IBM JDK 6 JREs, these are known > issues and have been worked-around in the 4.X branch but are not > back-ported to this release. > > > Collections 3.2.2 RC1 is available for review here: > https://dist.apache.org/repos/dist/dev/commons/collections/ > (svn revision 11092) > > Maven artifacts are here: > > > https://repository.apache.org/content/repositories/orgapachecommons-1115/commons-collections/commons-collections/3.2.2/ > > Details of changes since 3.2.1 are in the release notes: > > > https://dist.apache.org/repos/dist/dev/commons/collections/RELEASE-NOTES.txt > > > http://people.apache.org/builds/commons/collections/3.2.2/RC1/changes-report.html > > The tag is here: > > > https://svn.apache.org/repos/asf/commons/proper/collections/tags/COLLECTIONS_3_2_2_RC1 > (svn revision 1713561) > > Site: > http://people.apache.org/builds/commons/collections/3.2.2/RC1/ > > Clirr Report (compared to 3.2.1): > > > http://people.apache.org/builds/commons/collections/3.2.2/RC1/clirr-report.html > > RAT Report: > > > http://people.apache.org/builds/commons/collections/3.2.2/RC1/rat-report.html > > KEYS: > https://www.apache.org/dist/commons/KEYS > > Please review the release candidate and vote. > > This vote will close no sooner that 72 hours from now, i.e. after 2300 > GMT 12-November 2015 > > [ ] +1 Release these artifacts > [ ] +0 OK, but... > [ ] -0 OK, but really should fix... > [ ] -1 I oppose this release because... > > Thanks, > > Thomas > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- E-Mail: garydgreg...@gmail.com | ggreg...@apache.org Java Persistence with Hibernate, Second Edition <http://www.manning.com/bauer3/> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> Spring Batch in Action <http://www.manning.com/templier/> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
