Re: [VOTE] Apache POI 5.2.0 release (RC2)
Wow 6 PMC members voted when was the last time that happened? Sent from my iPhone > On Jan 14, 2022, at 3:01 PM, PJ Fanning wrote: > > The vote carries with 6 +1s from PMC members. I will proceed with the > release and announcement. > > Thanks everyone for verifying the release. > > > > > > > On Sunday 9 January 2022, 22:36:48 GMT+1, Andreas Beeker > wrote: > > > > > > +1 from me. Thank you for providing the release, PJ! > > Eventually we need to decide, if we only provide the logging api jars or also > the implementation, > as SLF4J is used at least in XmlSec and providing the api is not enough [1]. > On the other side for log4j-shell, we had the excuse of only providing the > api ... > > Andi > > [1] https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/index.html > > > > - > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > For additional commands, e-mail: dev-h...@poi.apache.org > > - > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > For additional commands, e-mail: dev-h...@poi.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
Re: [VOTE] Apache POI 5.2.0 release (RC2)
The vote carries with 6 +1s from PMC members. I will proceed with the release and announcement. Thanks everyone for verifying the release. On Sunday 9 January 2022, 22:36:48 GMT+1, Andreas Beeker wrote: +1 from me. Thank you for providing the release, PJ! Eventually we need to decide, if we only provide the logging api jars or also the implementation, as SLF4J is used at least in XmlSec and providing the api is not enough [1]. On the other side for log4j-shell, we had the excuse of only providing the api ... Andi [1] https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/index.html - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
Re: [VOTE] Apache POI 5.2.0 release (RC2)
Dominik's understanding mirrors mine. I just added the updated docs for logging configs, and I'll take a look at adding something about transitive dependencies as well. -- Cheers, Marius Volkhart On Wed, Jan 12, 2022 at 1:48 AM Dominik Stadler wrote: > On Logging dependencies: As far as I understand it, we should not deliver > such "log-framework-x to log-framework-y" dependencies as part of a library > as it can lead to endless-loops of forwarding logs back and forth if an > application or another library includes the reverse forwarding. > > So my proposal would be that we only document that some transitive > dependencies of Apache POI use slf4j and thus dependencies on either the > bridge "log4j -> slf4j" or "slf4j -> log4j" should be added by users, > depending on what framework the application wants to use. > > Thanks... Dominik. > > > On Sun, Jan 9, 2022 at 10:36 PM Andreas Beeker > wrote: > > > +1 from me. Thank you for providing the release, PJ! > > > > Eventually we need to decide, if we only provide the logging api jars or > > also the implementation, > > as SLF4J is used at least in XmlSec and providing the api is not enough > > [1]. > > On the other side for log4j-shell, we had the excuse of only providing > the > > api ... > > > > Andi > > > > [1] https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/index.html > > > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > > For additional commands, e-mail: dev-h...@poi.apache.org > > > > >
Re: [VOTE] Apache POI 5.2.0 release (RC2)
On Logging dependencies: As far as I understand it, we should not deliver such "log-framework-x to log-framework-y" dependencies as part of a library as it can lead to endless-loops of forwarding logs back and forth if an application or another library includes the reverse forwarding. So my proposal would be that we only document that some transitive dependencies of Apache POI use slf4j and thus dependencies on either the bridge "log4j -> slf4j" or "slf4j -> log4j" should be added by users, depending on what framework the application wants to use. Thanks... Dominik. On Sun, Jan 9, 2022 at 10:36 PM Andreas Beeker wrote: > +1 from me. Thank you for providing the release, PJ! > > Eventually we need to decide, if we only provide the logging api jars or > also the implementation, > as SLF4J is used at least in XmlSec and providing the api is not enough > [1]. > On the other side for log4j-shell, we had the excuse of only providing the > api ... > > Andi > > [1] https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/index.html > > > - > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > For additional commands, e-mail: dev-h...@poi.apache.org > >
Re: [VOTE] Apache POI 5.2.0 release (RC2)
+1 from me. Thank you for providing the release, PJ! Eventually we need to decide, if we only provide the logging api jars or also the implementation, as SLF4J is used at least in XmlSec and providing the api is not enough [1]. On the other side for log4j-shell, we had the excuse of only providing the api ... Andi [1] https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/index.html - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
Re: [VOTE] Apache POI 5.2.0 release (RC2)
+1 > 在 2022年1月8日,05:26,Dominik Stadler 写道: > > Hi, > > mass-regression testing looks good, we now actually successfully process > 2695 documents which failed before in 5.1.0, nice! > > also a quick comparison of release files looks good. > > +1 from me. > > Thanks... Dominik. > > >> On Fri, Jan 7, 2022 at 5:33 PM Axel Howind wrote: >> >> +1 >> >> >> Am 07.01.2022 um 09:44 schrieb PJ Fanning : >>> >>> Hi everyone, >>> >>> I've prepared artifacts for the release of Apache POI 5.2.0 (RC2). >>> >>> >>> The most notable changes in this release are: >>> >>> * upgrade dependencies: XmlBeans 5.0.3, XMLSec 2.3.0, BouncyCastle 1.70, >> Log4j-API 2.17.1, PDFBox Graphics2d 0.34, PDFBox 2.0.25 ... >>> >>> * Issue in XSSFReader where string builder is not always cleared between >> cell reads [#65676] >>> >>> * Extra DataFormatter options [#63211], [#65703], [#65730] >>> >>> * Password Protecting a document when Saxon is on classpath can corrupt >> the output [#65701] >>> >>> * stop using file deleteOnExit in DefaultTempFileCreationStrategy >> [#65772] >>> >>> * Refactor to XSSFReader, SharedStringsTable, CommentsTable and >> ThemesTable to make them more extensible >>> >>> * Support for Excel functions XMATCH, XLOOKUP >>> >>> * Extra checks for malicious files that could cause excess memory usage >>> >>> >>> >>> A full list of changes is available in the change log: >>> >>> https://poi.apache.org/changes.html >>> >>> >>> The artifacts are at: >>> >>> https://dist.apache.org/repos/dist/dev/poi/ >>> >>> >>> >>> You can use this maven URL for your mvn/gradle builds: >>> >>> https://repository.apache.org/content/repositories/staging >>> >>> >>> I haven't updated the "provided" dependencies as those have to be >> activated anyway explicitly. >>> >>> >>> Please vote to release the artifacts. >>> >>> >>> The vote keeps open until 2022-01-14 23:00 UTC. >>> >>> >>> Planned release announcement date is Saturday, 2022-01-15. >>> >>> >>> >>> Here is my +1 >>> >>> PJ >>> >>> - >>> To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org >>> For additional commands, e-mail: dev-h...@poi.apache.org >>> >> >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org >> For additional commands, e-mail: dev-h...@poi.apache.org >> >> > - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
Re: [VOTE] Apache POI 5.2.0 release (RC2)
Hi, mass-regression testing looks good, we now actually successfully process 2695 documents which failed before in 5.1.0, nice! also a quick comparison of release files looks good. +1 from me. Thanks... Dominik. On Fri, Jan 7, 2022 at 5:33 PM Axel Howind wrote: > +1 > > > > > Am 07.01.2022 um 09:44 schrieb PJ Fanning : > > > > Hi everyone, > > > > I've prepared artifacts for the release of Apache POI 5.2.0 (RC2). > > > > > > The most notable changes in this release are: > > > > * upgrade dependencies: XmlBeans 5.0.3, XMLSec 2.3.0, BouncyCastle 1.70, > Log4j-API 2.17.1, PDFBox Graphics2d 0.34, PDFBox 2.0.25 ... > > > > * Issue in XSSFReader where string builder is not always cleared between > cell reads [#65676] > > > > * Extra DataFormatter options [#63211], [#65703], [#65730] > > > > * Password Protecting a document when Saxon is on classpath can corrupt > the output [#65701] > > > > * stop using file deleteOnExit in DefaultTempFileCreationStrategy > [#65772] > > > > * Refactor to XSSFReader, SharedStringsTable, CommentsTable and > ThemesTable to make them more extensible > > > > * Support for Excel functions XMATCH, XLOOKUP > > > > * Extra checks for malicious files that could cause excess memory usage > > > > > > > > A full list of changes is available in the change log: > > > > https://poi.apache.org/changes.html > > > > > > The artifacts are at: > > > > https://dist.apache.org/repos/dist/dev/poi/ > > > > > > > > You can use this maven URL for your mvn/gradle builds: > > > > https://repository.apache.org/content/repositories/staging > > > > > > I haven't updated the "provided" dependencies as those have to be > activated anyway explicitly. > > > > > > Please vote to release the artifacts. > > > > > > The vote keeps open until 2022-01-14 23:00 UTC. > > > > > > Planned release announcement date is Saturday, 2022-01-15. > > > > > > > > Here is my +1 > > > > PJ > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > > For additional commands, e-mail: dev-h...@poi.apache.org > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > For additional commands, e-mail: dev-h...@poi.apache.org > >
Re: [VOTE] Apache POI 5.2.0 release (RC2)
+1 > Am 07.01.2022 um 09:44 schrieb PJ Fanning : > > Hi everyone, > > I've prepared artifacts for the release of Apache POI 5.2.0 (RC2). > > > The most notable changes in this release are: > > * upgrade dependencies: XmlBeans 5.0.3, XMLSec 2.3.0, BouncyCastle 1.70, > Log4j-API 2.17.1, PDFBox Graphics2d 0.34, PDFBox 2.0.25 ... > > * Issue in XSSFReader where string builder is not always cleared between cell > reads [#65676] > > * Extra DataFormatter options [#63211], [#65703], [#65730] > > * Password Protecting a document when Saxon is on classpath can corrupt the > output [#65701] > > * stop using file deleteOnExit in DefaultTempFileCreationStrategy [#65772] > > * Refactor to XSSFReader, SharedStringsTable, CommentsTable and ThemesTable > to make them more extensible > > * Support for Excel functions XMATCH, XLOOKUP > > * Extra checks for malicious files that could cause excess memory usage > > > > A full list of changes is available in the change log: > > https://poi.apache.org/changes.html > > > The artifacts are at: > > https://dist.apache.org/repos/dist/dev/poi/ > > > > You can use this maven URL for your mvn/gradle builds: > > https://repository.apache.org/content/repositories/staging > > > I haven't updated the "provided" dependencies as those have to be activated > anyway explicitly. > > > Please vote to release the artifacts. > > > The vote keeps open until 2022-01-14 23:00 UTC. > > > Planned release announcement date is Saturday, 2022-01-15. > > > > Here is my +1 > > PJ > > - > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > For additional commands, e-mail: dev-h...@poi.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
Re: [VOTE] Apache POI 5.2.0 release (RC2)
+1 Thank you for the many hours spent on fixing, triaging, responding, and releasing. Cheers, Marius > On Jan 7, 2022, at 03:44, PJ Fanning wrote: > > Hi everyone, > > I've prepared artifacts for the release of Apache POI 5.2.0 (RC2). > > > The most notable changes in this release are: > > * upgrade dependencies: XmlBeans 5.0.3, XMLSec 2.3.0, BouncyCastle 1.70, > Log4j-API 2.17.1, PDFBox Graphics2d 0.34, PDFBox 2.0.25 ... > > * Issue in XSSFReader where string builder is not always cleared between cell > reads [#65676] > > * Extra DataFormatter options [#63211], [#65703], [#65730] > > * Password Protecting a document when Saxon is on classpath can corrupt the > output [#65701] > > * stop using file deleteOnExit in DefaultTempFileCreationStrategy [#65772] > > * Refactor to XSSFReader, SharedStringsTable, CommentsTable and ThemesTable > to make them more extensible > > * Support for Excel functions XMATCH, XLOOKUP > > * Extra checks for malicious files that could cause excess memory usage > > > > A full list of changes is available in the change log: > > https://poi.apache.org/changes.html > > > The artifacts are at: > > https://dist.apache.org/repos/dist/dev/poi/ > > > > You can use this maven URL for your mvn/gradle builds: > > https://repository.apache.org/content/repositories/staging > > > I haven't updated the "provided" dependencies as those have to be activated > anyway explicitly. > > > Please vote to release the artifacts. > > > The vote keeps open until 2022-01-14 23:00 UTC. > > > Planned release announcement date is Saturday, 2022-01-15. > > > > Here is my +1 > > PJ > > - > To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org > For additional commands, e-mail: dev-h...@poi.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
