Hi,
Here is a vote on a release of Jena 3.9.0.
This is the first proposed candidate.
The deadline is Wednesday, 2018-10-03, 08:00 UTC.
==== Process Change
The jena-VER-source-release.zip that goes into /source now has a
".sha512" as per the ASF new recommendations and this is now generated
by the build itself. There is no SHA1 in /source and MD5 was already not
recommended. The copy that goes to maven central still has .md5 and sha1
(these are de facto hard coded into the way maven works).
==== Release changes:
37 JIRA:
https://s.apache.org/jena-3.9.0-jira
== Upgrades to libraries (runtime dependencies):
No license changes.
Apache parent v20 -> v21
JSON-LD 0.12.0 -> 0.12.1
Jetty 9.4.7.v20170914 -> 9.4.12.v20180830
== Changes of note:
JENA-1598
Upgrade Jetty to 9.4.12.v20180830
(this fixes several CVEs)
JENA-1593
Update Apache parent POM to v21
JENA-1599
Upgrade to jsonld-java version 0.12.1
JENA-1594
Provide per-graph access control in Fuseki
New maven module for Fuseki2.
JENA-1585
Reorganize the Fuseki codebase to split the server engine classes from
the webapp classes
JENA-1573
Remove the jena-fuseki1 distribution
The jar is still available.
JENA-1571
Remove the jena-sdb distribution.
The jar is still available.
JENA-1481
Deleting a dataset in Fuseki now deletes it permanently
JENA-868
Fuseki2: docker: When redirecting ports, UI URLs should now work.
==== Release Vote
Everyone, not just committers, is invited to test and vote.
Please download and test the proposed release.
Staging repository:
https://repository.apache.org/content/repositories/orgapachejena-1025
Proposed dist/ area:
https://dist.apache.org/repos/dist/dev/jena/
Keys:
https://svn.apache.org/repos/asf/jena/dist/KEYS
Git commit (browser URL):
https://github.com/apache/jena/commit/30f2f1e9031d
Git Commit Hash:
30f2f1e9031d17b5c70cb6432233c8c8d95d6a2e
Git Commit Tag:
jena-3.9.0-rc1
Please vote to approve this release:
[ ] +1 Approve the release
[ ] 0 Don't care
[ ] -1 Don't release, because ...
This vote will be open to at least
Wednesday, 2018-10-03, 08:00 UTC.
If you expect to check the release but the time limit does not work
for you, please email within the schedule above with an expected time
and we can extend the vote period.
Thanks,
Andy
Checking needed:
+ does everything work on Linux?
+ does everything work on MS Windows?
+ does everything work on OS X?
+ are the GPG signatures fine?
+ are the checksums correct?
+ is there a source archive?
+ can the source archive really be built?
(NB This requires a "mvn install" first time)
+ is there a correct LICENSE and NOTICE file in each artifact
(both source and binary artifacts)?
+ does the NOTICE file contain all necessary attributions?
+ have any licenses of dependencies changed due to upgrades?
if so have LICENSE and NOTICE been upgraded appropriately?
+ does the tag/commit in the SCM contain reproducible sources?
