Hi all,
we have accumulated enough changes since the last 4.0 release as well as
we need to provide a fix for the known remote code exploit via java
de-serialization. Therefore, I would like to start a vote to release
Commons Collections 4.1 based on RC1.
Note:
The fix for the security related issue results in Clirr errors as unsafe
classes in the functor package do not implement the Serializable
interface anymore. This is mentioned in the release notes.
Collections 4.1 RC1 is available for review here:
https://dist.apache.org/repos/dist/dev/commons/collections/
(svn revision 11263)
Maven artifacts are here:
https://repository.apache.org/content/repositories/orgapachecommons-1122/org/apache/commons/commons-collections4/4.1/
Details of changes since 4.0 are in the release notes:
https://dist.apache.org/repos/dist/dev/commons/collections/RELEASE-NOTES.txt
http://people.apache.org/builds/commons/collections/4.1/RC1/changes-report.html
The tag is here:
https://svn.apache.org/repos/asf/commons/proper/collections/tags/COLLECTIONS_4_1_RC1
(svn revision 1715703)
Site:
http://people.apache.org/builds/commons/collections/4.1/RC1/
Clirr Report (compared to 4.0):
http://people.apache.org/builds/commons/collections/4.1/RC1/clirr-report.html
RAT Report:
http://people.apache.org/builds/commons/collections/4.1/RC1/rat-report.html
KEYS:
https://www.apache.org/dist/commons/KEYS
Please review the release candidate and vote.
This vote will close no sooner that 72 hours from now, i.e. after 2400
GMT 25-November 2015
[ ] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Thanks,
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
