Hi all, +1 to skip the 0.10 release.
Thanks, Alex On Sat, Jun 7, 2025 at 2:52 AM Dmitri Bourlatchkov <di...@apache.org> wrote: > > Skipping the 0.10.0 release and going for 1.0.0 sounds good to me. > > Cheers, > Dmitri. > > On Fri, Jun 6, 2025 at 6:49 PM Jean-Baptiste Onofré <j...@nanthrax.net> wrote: > > > Hi everyone, > > > > As you know, due to the JDBC issue, we cancel the > > 0.10.0-beta-incubating rc4 release vote. > > > > After investigating and discussing with Prashant, 0.10.0 rc4 release > > was NOT impacted by the SQL injection issue: > > - the "vulnerable" code is in extension/persistence/relational-jdbc > > module (in the release/0.10.x branch) > > - but this module is not used (not part of the Polaris runtime > > distribution) and the documentation doesn't include it > > Sorry about that, I was confused by the presence of the > > relational-jdbc module in the release branch. > > > > So, we have two options: > > - we remove extension/persistence/relational-jdbc module from > > release/0.10.x branch and we do RC5 > > - we just skip 0.10 release and we directly jump to 1.0.0 release > > (creating the release/1.x branch from main) > > > > As we are very close to 1.0, I propose to just skip 0.10 to focus on 1.0. > > > > Thoughts ? > > > > Regards > > JB > >
