+1 on skipping 0.10 since we are very close to closing all 1.0 blockers. Best, Prashant Singh
On Fri, Jun 6, 2025 at 3:57 PM Yufei Gu <flyrain...@gmail.com> wrote: > +1 on skipping 0.10 and releasing 1.0 directly given the current status. We > don't have to spend more time on 0.10.0-beta, and 0.10.0-beta is an > experimental release, not supposed to be used by users. There would be less > confusion on the users side, if we cancel it now. > > Yufei > > > On Fri, Jun 6, 2025 at 3:49 PM Jean-Baptiste Onofré <j...@nanthrax.net> > wrote: > > > Hi everyone, > > > > As you know, due to the JDBC issue, we cancel the > > 0.10.0-beta-incubating rc4 release vote. > > > > After investigating and discussing with Prashant, 0.10.0 rc4 release > > was NOT impacted by the SQL injection issue: > > - the "vulnerable" code is in extension/persistence/relational-jdbc > > module (in the release/0.10.x branch) > > - but this module is not used (not part of the Polaris runtime > > distribution) and the documentation doesn't include it > > Sorry about that, I was confused by the presence of the > > relational-jdbc module in the release branch. > > > > So, we have two options: > > - we remove extension/persistence/relational-jdbc module from > > release/0.10.x branch and we do RC5 > > - we just skip 0.10 release and we directly jump to 1.0.0 release > > (creating the release/1.x branch from main) > > > > As we are very close to 1.0, I propose to just skip 0.10 to focus on 1.0. > > > > Thoughts ? > > > > Regards > > JB > > >
