JENA-1898 (version of commons-codec) is not a problem users will
encounter. Depending on apache-jena-libs will bring the right version in.
I can only get it to happen by depending on test artifacts, which
because they are not recursive, changes the depth and encounter order
for maven dependencies - and then only sometimes.
JENA-1812 switched to using Murmur3 for some hashing and that's not in
commons-codec 1.11
Why now? (and not during development) The project was using
3.15.0-SNAPSHOT anyway. Why it flipped when set to use a 3.16.0-SNAPSHOT
isn't clear - my guess is that a slight order change has happened (same
depth, different order).
Andy
https://issues.apache.org/jira/browse/JENA-1898
On 15/05/2020 15:50, Andy Seaborne wrote:
Hi,
Here is a vote on the release of Apache Jena 3.15.0
This is the first proposed release candidate.
The deadline is Tuesday, 19th May 2020 at 06:00 UTC
==== Dependency changes:
JENA-1829: Apache Parent POM to v23.
JENA-1812: Update Commons Codec 1.13 -> 1.14
JENA-1883: Commons Lang3 : 3.9 -> 3.10
JENA-1839: Update Commons CSV 1.7 -> 1.8
JENA-1005
Update slf4j 1.7.26 -> 1.7.30
new : org.apache.logging.log4j2 version 2.13.1
Remove log4j1
JENA-1850: Commons compress 1.19 -> 1.20
JENA-1836: Shiro: 1.2.6 -> 1.5.1 (CVE-2019-12422)
JENA-1850: Jetty: 9.4.12.v20180830 -> 9.4.26.v20200117
JENA-1851: Lucene: 7.4.0 -> 7.7.2 (Not -> 8.4.1)
ElasticSearch 6.4.2 -> ES 6.8.6 for Lucene 7.7.x
(Not -> ES 7.6.0 for Lucene 8.4.x)
==== Changes for 3.15.0:
https://s.apache.org/jena-3.15.0-jira
==== Release Vote
Everyone, not just committers, is invited to test and vote.
Please download and test the proposed release.
Staging repository:
https://repository.apache.org/content/repositories/orgapachejena-1037
Proposed dist/ area:
https://dist.apache.org/repos/dist/dev/jena/
Keys:
https://svn.apache.org/repos/asf/jena/dist/KEYS
Git commit (browser URL):
https://github.com/apache/jena/commit/a59b6b103c
Git Commit Hash:@@
a59b6b103c8b109fbbdc15f9269fab6eebfc132c
Git Commit Tag:
jena-3.15.0
Please vote to approve this release:
[ ] +1 Approve the release
[ ] 0 Don't care
[ ] -1 Don't release, because ...
This vote will be open until at least
Tuesday, 19th May 2020 at 06:00 UTC
If you expect to check the release but the time limit does not work
for you, please email within the schedule above with an expected time
and we can extend the vote period.
Thanks,
Andy
Checking needed:
+ are the GPG signatures fine?
+ are the checksums correct?
+ is there a source archive?
+ can the source archive really be built?
(NB This requires a "mvn install" first time)
+ is there a correct LICENSE and NOTICE file in each artifact
(both source and binary artifacts)?
+ does the NOTICE file contain all necessary attributions?
+ have any licenses of dependencies changed due to upgrades?
if so have LICENSE and NOTICE been upgraded appropriately?
+ does the tag/commit in the SCM contain reproducible sources?
