Release can wait. The caja problem was a limited set of revisions. On Thursday, September 20, 2012, Henry Saputra wrote:
> Hi Stanton, > > The Caja fix does warrant new release but I think it could wait till > next week if no one actively using Caja with Shindig. > > I dont know if any implementors of Shindig that uses Caja needs this > ASAP. I know Yahoo! container does use it. > > I am CCing user list for FYI. > > Paul, any thoughts? > > - Henry > > On Thu, Sep 20, 2012 at 4:02 PM, Stanton Sievers > <ssiev...@apache.org<javascript:;>> > wrote: > > Does that mean it can happen at the regularly scheduled time, i.e., the > end > > of the month? Or do you think we need beta5 ASAP because of the caja > fix? > > > > Thanks, > > -Stanton > > > > On Thu, Sep 20, 2012 at 6:52 PM, Henry Saputra > > <henry.sapu...@gmail.com<javascript:;> > >wrote: > > > >> Ah you are right Ryan, looks like you had cutoff the beta4 before > >> Dan's commit the changes. > >> > >> We have "custom" beta4 that include Dan's refactor that we now revert > >> to default beta4. > >> > >> So looks like we only need beta5 for Caja fix then I suppose. > >> > >> - Henry > >> > >> On Thu, Sep 20, 2012 at 3:40 PM, Henry Saputra > >> <henry.sapu...@gmail.com<javascript:;> > > > >> wrote: > >> > Hmm so looks like the original bug > >> > https://issues.apache.org/jira/browse/SHINDIG-1864 is close with > wrong > >> > fix version then? > >> > > >> > It has fix version of 2.5.0-beta4 > >> > > >> > - Henry > >> > > >> > On Thu, Sep 20, 2012 at 3:35 PM, Ryan Baxter > >> > <rbaxte...@gmail.com<javascript:;> > > > >> wrote: > >> >> I am fairly sure Dan's oAuth changes didn't make it in beta 4 but the > >> Caja > >> >> fix probably warrants a new build. > >> >> > >> >> -Ryan > >> >> > >> >> On Sep 20, 2012, at 5:34 PM, Paul Lindner > >> >> <lind...@inuus.com<javascript:;>> > wrote: > >> >> > >> >> sure. happy to. > >> >> > >> >> > >> >> On Thursday, September 20, 2012, Henry Saputra wrote: > >> >>> > >> >>> Hi Ryan or Paul, > >> >>> > >> >>> With Dan's reverting changes to improvement for oauthpopup (this > will > >> >>> fix OAuth 1.0a flow for three legged dance) and Paul changes to fix > >> >>> Caja security vulnerability, could one of you help preparing > >> >>> 2.5.0-beta5 release? > >> >>> > >> >>> > >> >>> Thanks, > >> >>> > >> >>> - Henry > >> >> > >> >> > >> >> > >> >> -- > >> >> Paul Lindner -- lind...@inuus.com <javascript:;> -- > profiles.google.com/pmlindner > >> > -- Paul Lindner -- lind...@inuus.com -- profiles.google.com/pmlindner
