Hi all, we have accumulated enough changes since the last 4.0 release as well as we need to provide a fix for the known remote code exploit via java de-serialization. Therefore, I would like to start a vote to release Commons Collections 4.1 based on RC1.
Note: The fix for the security related issue results in Clirr errors as unsafe classes in the functor package do not implement the Serializable interface anymore. This is mentioned in the release notes. Collections 4.1 RC1 is available for review here: https://dist.apache.org/repos/dist/dev/commons/collections/ (svn revision 11263) Maven artifacts are here: https://repository.apache.org/content/repositories/orgapachecommons-1122/org/apache/commons/commons-collections4/4.1/ Details of changes since 4.0 are in the release notes: https://dist.apache.org/repos/dist/dev/commons/collections/RELEASE-NOTES.txt http://people.apache.org/builds/commons/collections/4.1/RC1/changes-report.html The tag is here: https://svn.apache.org/repos/asf/commons/proper/collections/tags/COLLECTIONS_4_1_RC1 (svn revision 1715703) Site: http://people.apache.org/builds/commons/collections/4.1/RC1/ Clirr Report (compared to 4.0): http://people.apache.org/builds/commons/collections/4.1/RC1/clirr-report.html RAT Report: http://people.apache.org/builds/commons/collections/4.1/RC1/rat-report.html KEYS: https://www.apache.org/dist/commons/KEYS Please review the release candidate and vote. This vote will close no sooner that 72 hours from now, i.e. after 2400 GMT 25-November 2015 [ ] +1 Release these artifacts [ ] +0 OK, but... [ ] -0 OK, but really should fix... [ ] -1 I oppose this release because... Thanks, Thomas --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org