+1 on skipping 0.10 and releasing 1.0 directly given the current status. We don't have to spend more time on 0.10.0-beta, and 0.10.0-beta is an experimental release, not supposed to be used by users. There would be less confusion on the users side, if we cancel it now.
Yufei On Fri, Jun 6, 2025 at 3:49 PM Jean-Baptiste Onofré <j...@nanthrax.net> wrote: > Hi everyone, > > As you know, due to the JDBC issue, we cancel the > 0.10.0-beta-incubating rc4 release vote. > > After investigating and discussing with Prashant, 0.10.0 rc4 release > was NOT impacted by the SQL injection issue: > - the "vulnerable" code is in extension/persistence/relational-jdbc > module (in the release/0.10.x branch) > - but this module is not used (not part of the Polaris runtime > distribution) and the documentation doesn't include it > Sorry about that, I was confused by the presence of the > relational-jdbc module in the release branch. > > So, we have two options: > - we remove extension/persistence/relational-jdbc module from > release/0.10.x branch and we do RC5 > - we just skip 0.10 release and we directly jump to 1.0.0 release > (creating the release/1.x branch from main) > > As we are very close to 1.0, I propose to just skip 0.10 to focus on 1.0. > > Thoughts ? > > Regards > JB >
