Thank you all!

On 2026/06/22 12:12:31 Atita Arora wrote:
> Hi,
> This vote passes with the following +1 being cast:
> - Richard Zowalla (binding)
> - Martin Wiesner (binding)
> - Atita Arora (binding)
> 
> Thanks to all voters. I'll proceed with the steps.
> 
> -Atita
> 
> On Fri, Jun 19, 2026 at 10:46 PM Martin Wiesner <[email protected]> wrote:
> 
> > Hi all,
> >
> > thanks Atita for prepping the release candidate, and thanks Richard for
> > backporting the CVE fixes.
> >
> > +1 (binding)
> >
> > [x] Both source (tar.gz/zip) and binary artifacts (tar.gz/zip) are
> > present, along with .asc and .sha512 files for each.
> > [x] PGP signatures are valid for the release artifacts using the KEYS file
> > from dist.apache.org
> > [x] SHA512 checksums are correct and verified.
> > [x] LICENSE and NOTICE files exist and are accurate.
> > [x] No unexpected binary files in the source release.
> > [x] All source files have appropriate ASF headers (excluding generated
> > files and legacy files).
> > [x] Build completes successfully from source and the instruction to do so
> > are clear.
> >
> > Env used for Build checks (and for the records):
> >
> > Apache Maven 3.9.14 (996c630dbc656c76214ce58821dcc58be960875b)
> > Maven home: /Applications/apache-maven-3
> > Java version: 1.8.0_492, vendor: Azul Systems, Inc., runtime:
> > /Library/Java/JavaVirtualMachines/zulu-8u492.jdk/Contents/Home/jre
> > Default locale: de_DE, platform encoding: UTF-8
> > OS name: "mac os x", version: "26.5.1", arch: "aarch64", family: „mac“
> >
> > The eval build in an Java 8 environment found here:
> > https://ci-builds.apache.org/job/OpenNLP/job/eval-tests-releases/32/
> > finished correctly: all passed.
> >
> > Best
> > Martin | mawiesne
> >
> > > Am 18.06.2026 um 19:19 schrieb Richard Zowalla <[email protected]>:
> > >
> > > Hi,
> > >
> > > thanks for prepping.
> > >
> > > [x] Both source (tar.gz/zip) and binary artifacts (tar.gz/zip) are
> > present, along with .asc and .sha512 files for each.
> > > [x] PGP signatures are valid for the release artifacts using the KEYS
> > file from dist.apache.org
> > > [x] SHA512 checksums are correct and verified.
> > > [x] LICENSE and NOTICE files exist and are accurate.
> > > [x] No unexpected binary files in the source release.
> > > [x] All source files have appropriate ASF headers (excluding generated
> > files and legacy files).
> > > [x] Build completes successfully from source and the instruction to do
> > so are clear.
> > >
> > > +1 (binding)
> > >
> > > Some non blocking observations:
> > >
> > > 1.) NOTICE file has a old year.
> > >
> > > Gruß
> > > Richard
> > >
> > >> Am 18.06.2026 um 18:59 schrieb Atita Arora <[email protected]>:
> > >>
> > >> Hi all,
> > >>
> > >> I have posted a release candidate for the Apache OpenNLP 1.9.5 release
> > and
> > >> it is ready for testing.
> > >>
> > >> This is a maintenance release of the 1.9.x line, addressing several
> > >> security vulnerabilities (CVEs) that affect Apache Lucene 8.x and
> > >> downstream Solr 8.x which depend on OpenNLP 1.9.x:
> > >>
> > >> - OPENNLP-1819: Align DictionaryEntryPersistor XML parsing with XmlUtil
> > >> helper
> > >> - OPENNLP-1820: Restrict ExtensionLoader to allowlisted package prefixes
> > >> - OPENNLP-1821: Prevent OutOfMemory due to huge array allocation
> > >> - OPENNLP-1826: Fix for XML parser security options
> > >> - OPENNLP-1835: Tolerate unsupported XML parser security options
> > >>
> > >> Thank you to everyone who contributed to this release, including all of
> > our
> > >> users and the people who submitted bug reports, contributed code or
> > >> documentation enhancements.
> > >>
> > >> The release was made using the OpenNLP release process, documented on
> > the
> > >> website:
> > >> https://opennlp.apache.org/release.html
> > >>
> > >> Maven Repo:
> > >>
> > https://repository.apache.org/content/repositories/orgapacheopennlp-1067
> > >>
> > >> <repositories>
> > >> <repository>
> > >>   <id>opennlp-1.9.5-rc1</id>
> > >>   <name>Testing OpenNLP 1.9.5 release candidate</name>
> > >>   <url>
> > >>
> > https://repository.apache.org/content/repositories/orgapacheopennlp-1067
> > >> </url>
> > >> </repository>
> > >> </repositories>
> > >>
> > >> Binaries & Source:
> > >> https://dist.apache.org/repos/dist/dev/opennlp/opennlp-1.9.5
> > >>
> > >> Tag:
> > >> https://github.com/apache/opennlp/releases/tag/opennlp-1.9.5
> > >>
> > >> Tag Hash: 558f83bd89ec0f324fd6331067a093ce2ae58d1c
> > >>
> > >> Release notes:
> > >>
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311215&version=12355022
> > >>
> > >> Reminder: The up-to-date KEYS file for signature verification can be
> > >> found here: https://dist.apache.org/repos/dist/release/opennlp/KEYS
> > >>
> > >> Checklist for reference:
> > >>
> > >> [ ] Both source (tar.gz/zip) and binary artifacts (tar.gz/zip) are
> > present,
> > >> along with .asc and .sha512 files for each.
> > >> [ ] PGP signatures are valid for the release artifacts using the KEYS
> > file
> > >> from dist.apache.org
> > >> [ ] SHA512 checksums are correct and verified.
> > >> [ ] LICENSE and NOTICE files exist and are accurate.
> > >> [ ] No unexpected binary files in the source release.
> > >> [ ] All source files have appropriate ASF headers (excluding generated
> > >> files and legacy files).
> > >> [ ] Build completes successfully from source and the instruction to do
> > so
> > >> are clear.
> > >>
> > >> Please vote on releasing these packages as Apache OpenNLP 1.9.5. The
> > >> vote is open for at least the next 72 hours.
> > >>
> > >> Only votes from OpenNLP PMC are binding, but everyone is welcome to
> > >> check the release candidate and vote.
> > >> The vote passes if at least three binding +1 votes are cast.
> > >>
> > >> Please VOTE
> > >>
> > >> [+1] go ship it
> > >> [+0] meh, don't care
> > >> [-1] stop, there is a ${showstopper}
> > >>
> > >> Thanks!
> > >>
> > >> Atita
> > >
> >
> >
> 

Reply via email to