Skipping the 0.10.0 release and going for 1.0.0 sounds good to me. Cheers, Dmitri.
On Fri, Jun 6, 2025 at 6:49 PM Jean-Baptiste Onofré <j...@nanthrax.net> wrote: > Hi everyone, > > As you know, due to the JDBC issue, we cancel the > 0.10.0-beta-incubating rc4 release vote. > > After investigating and discussing with Prashant, 0.10.0 rc4 release > was NOT impacted by the SQL injection issue: > - the "vulnerable" code is in extension/persistence/relational-jdbc > module (in the release/0.10.x branch) > - but this module is not used (not part of the Polaris runtime > distribution) and the documentation doesn't include it > Sorry about that, I was confused by the presence of the > relational-jdbc module in the release branch. > > So, we have two options: > - we remove extension/persistence/relational-jdbc module from > release/0.10.x branch and we do RC5 > - we just skip 0.10 release and we directly jump to 1.0.0 release > (creating the release/1.x branch from main) > > As we are very close to 1.0, I propose to just skip 0.10 to focus on 1.0. > > Thoughts ? > > Regards > JB >
