Hi, I wait for the release because vulnerability issues (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517 and CVE-2021-36090) in common-compress. When do you think you can release? Thanks... Andreas
On 2021/09/05 15:43:23, PJ Fanning <[email protected]> wrote: > I put in a change to poi-ooxml/build.gradle to post process the generated pom > file and change the automatically included poi-ooxml-full dependency to > poi-ooxml-lite.> > > > > > On Saturday 4 September 2021, 22:48:04 IST, Andreas Beeker <[email protected]> > wrote: > > > > > > > Hi Devs,> > > first of all, thank you for getting the gradle teething problems > identified/solved. This should get better over time.> > > @RC1: -1, I'll provide a new one, after the mass regression tests> > > @poi-ooxml-lite -> poi-ooxml-full (runtime) and poi-integration (runtime): > this should be fixed - either you or I have a look> > > @Javac 14: this is of course my fault. I had used Java8 until I've fixed the > other ooxml-lite issue, then I forgot to switch back. I thought the --release > javac switch would take care about this. We probably should add a "release" > task similar to the ant release task, which checks for Java 8.> > > @poi-5.1.0.pom.sha*: I forgot to add those, but that could be still signed. > The pom files will be automatically signed by Nexus for the maven dist and > I've added also the gpg signatures there.> > > @License/Notice: yes, need to be added> > > @MANIFEST.MF "Specification-*" and"Implementation-*": not sure if this is > needed, but we should include those too.> > > @poi-integration: that's test stuff, I've omit it on-purpose> > > @XmlBeans *Factory classes: that's on purpose - I've changed the XmlBeans > generation> > > @org.apache.poi.Version: again, needs to be added> > > Andi> > > > > On 04.09.21 18:22, PJ Fanning wrote:> > > I think there is an issue in the poi-ooxml-lite pom - it has a dependency > > on poi-ooxml-full.> > >> > > https://dist.apache.org/repos/dist/dev/poi/5.1.0-RC1/maven/org/apache/poi/poi-ooxml-lite/5.1.0/poi-ooxml-lite-5.1.0.pom> > >> > >> > >> > >> > >> > >> > > On Saturday 4 September 2021, 15:10:03 IST, PJ Fanning > > <[email protected]> wrote:> > >> > >> > >> > >> > >> > > The java jars on > > https://dist.apache.org/repos/dist/dev/poi/5.1.0-RC1/maven/> > > seem to have been built with Java 14 and do not work with Java 8.> > >> > > I'm getting this when trying to use poi-ooxml jar:> > >> > > Caused by: java.lang.UnsupportedClassVersionError: > > org/apache/poi/openxml4j/opc/OPCPackage has been compiled by a more recent > > version of the Java Runtime (class file version 58.0), this version of the > > Java Runtime only recognizes class file versions up to 52.0> > >> > > One other thing: I've added > > https://dist.apache.org/repos/dist/dev/poi/5.1.0-RC1/maven/org/apache/poi/ > > to allow this to be more easily used as a maven repo. I left the jars in > > the original locations too.> > >> > > I can now use this in my maven pom when testing in another project:> > >> > > <repositories>> > > <repository>> > > <id>my-repo1</id>> > > <name>your custom repo</name>> > > <url>https://dist.apache.org/repos/dist/dev/poi/5.1.0-RC1/maven</url>> > > </repository>> > > </repositories>> > >> > >> > >> > >> > >> > >> > > On Saturday 4 September 2021, 14:20:09 IST, Dominik Stadler <[email protected]> > > wrote:> > >> > >> > >> > >> > >> > > Hi,> > >> > > When comparing the release files with 5.0.0, I saw the following, not sure> > > which one are on-purpose and which one should be changed:> > >> > > * Files poi-5.1.0.pom.sha256 and poi-5.1.0.pom.sha512 are not included> > > * The jar-files under maven/* do not contain "LICENSE" and "NOTICE" any> > > more under "META-INF"> > > * Jar-file "poi.jar" does not contain class "org.apache.poi.Version" any> > > more> > > * The MANIFEST.MF file previously had fields for "Specification-*" and> > > "Implementation-*" which are now missing> > > * jars for "poi-integration" are not included any more. These are mostly> > > used for mass-regression-testing, which usually works off of locally built> > > binaries anyway, so likely not needed.> > > * the poi-ooxml-lite and poi-ooxml-full packages do not include all the> > > *Factory classes any more> > >> > > Thanks... Dominik.> > >> > >> > >> > > On Sat, Sep 4, 2021 at 12:40 AM Andreas Beeker <[email protected]> wrote:> > >> > >> Hi *,> > >>> > >> I've prepared artifacts for the release of Apache POI 5.1.0 (RC1).> > >>> > >> The most notable changes in this release are:> > >>> > >> * upgrade dependencies: XmlBeans 5.0.1, Batik 1.14, BouncyCastle 1.69,> > >> Commons-Compress 1.21, ...> > >> * switching build to Gradle - Ant build is not supported anymore [#65206]> > >> * XSLFTable::addRow functionality reverted to pre-5.0.0 [github-221]> > >> * XSSFDrawing - import chart from other drawing [#63901]> > >> * Support for Excel functions IFS, SWITCH, TEXTJOIN, IFNA, MAXIFS, MINIFS,> > >> AVERAGEIFS> > >> * Fix SVG-related image rendering> > >>> > >> https://dist.apache.org/repos/dist/dev/poi/5.1.0-RC1/> > >>> > >> Things to check:> > >> According to Stackoverflow there were some problems with JPMS and XmlBeans> > >> -> > >> so maybe check for potential problems there.> > >>> > >> Please vote to release the artifacts.> > >> The vote keeps open until 2021-09-10.> > >> Planned release announcement date is Saturday, 2021-09-11.> > >>> > >> Here is my +1> > >>> > >> The SVN repo is open again.> > >>> > >> Andi> > >>> > >>> > >> ---------------------------------------------------------------------> > >> To unsubscribe, e-mail: [email protected]> > >> For additional commands, e-mail: [email protected]> > > >>> > > ---------------------------------------------------------------------> > > To unsubscribe, e-mail: [email protected]> > > For additional commands, e-mail: [email protected]> > >> > >> > > ---------------------------------------------------------------------> > > To unsubscribe, e-mail: [email protected]> > > For additional commands, e-mail: [email protected]> > >> > > > > ---------------------------------------------------------------------> > To unsubscribe, e-mail: [email protected]> > For additional commands, e-mail: [email protected]> > > > ---------------------------------------------------------------------> > To unsubscribe, e-mail: [email protected]> > For additional commands, e-mail: [email protected]> > > [ACTICO named a Leader by Forrester]<https://www.actico.com/news-en/actico-named-a-leader-by-forrester/?utm_campaign=20-21-ACT-FORRESTER-WAVE-Report-DDP&utm_source=email&utm_term=news&utm_content=emailBanner-emp>
