I feel the changes to the main branch since v3.2.0 are small enough that
the risk of regressions is pretty low. So I'd lean towards keeping
things simple and base the 3.2.1 release off of the main branch without
a fork.
On 12/15/21 8:02 AM, Mike Beckerle wrote:
I think we're going to need to create a Daffodil 3.2.1 release.
We have this current critical bug
https://issues.apache.org/jira/browse/DAFFODIL-2608 which is a flaw in
unparsing associated with a primary 3.2.0 feature. I'll take the blame
for inadequate testing there. I hope to work on this today.
There is also a urgent CVE about Log4J. The cybersecurity community,
which uses Daffodil quite a bit, is insisting on updates to software
using Log4J within 15 days. The update for this is already in the
3.3.0-SNAPSHOT branch.
There have been a number of other changes made on the 3.3.0-SNAPSHOT
branch since the official 3.2.0 release.
Are there any thoughts on whether we should just release
3.3.0-SNAPSHOT branch as 3.2.1, or whether we should fork from 3.2.0
and apply the minimum amount of fixes?
