Le 13/11/2015 00:31, Thomas Neidhart a écrit :
> Hi all,
>
> in order to provide a work-around for the known remote code exploit via
> java de-serialization of malicious InvokerTransformer instances, I would
> like to start a vote to release Commons Collections 3.2.2 based on RC3.
>
> Notes:
>
A more reasonable and measured article that appeared in JavaWorld:
http://www.javaworld.com/article/3003197/security/library-misuse-exposes-leading-java-platforms-to-attack.html
On Fri, Nov 13, 2015 at 8:19 AM, Donald Freeman
wrote:
>
> I wanted to forward this
I'd think commons-io too. I have once again startes moves to release the
next version so if you're quick I can review & incorporate it. Remember
testcases :)
Kristian
13. nov. 2015 18.00 skrev "Bertrand Delacretaz" :
> Hi,
>
> I've just subscribed to this list after
Hi Jörg,
On Fri, Nov 13, 2015 at 6:22 PM, Jörg Schaible wrote:
> ...Good enhancement. For commons-io?...
Probably, I'm not familiar with the wide picture of Commons modules.
> ...Would be good to have also an analogous ObjectOutputStream, just to avoid a
> problem at
Hi Bertrand,
Bertrand Delacretaz wrote:
> Hi,
>
> I've just subscribed to this list after briefly discussing this with
> Benedikt Ritter.
>
> I have written a small module [1] that provides a safer replacement
> for ObjectInputStream, to avoid the recently discussed Java
> deserialization
Hi,
I've just subscribed to this list after briefly discussing this with
Benedikt Ritter.
I have written a small module [1] that provides a safer replacement
for ObjectInputStream, to avoid the recently discussed Java
deserialization issues.
For now that module is in my Sling whiteboard but I'd
+1
Builds fine now with my compiler zoo.
Thomas Neidhart wrote:
> Hi all,
>
> in order to provide a work-around for the known remote code exploit via
> java de-serialization of malicious InvokerTransformer instances, I would
> like to start a vote to release Commons Collections 3.2.2 based on
On Fri, Nov 13, 2015 at 6:26 PM, Kristian Rosenvold
wrote:
> ...if you're quick I can review & incorporate it. Remember
> testcases :)...
How quick? Weekend starts in half an hour here and I'll be busy with
other things ;-)
And if I miss that "quick" train, when's the
+1
Tested with src zip.
BUT:
- The site Javadoc link is labeled "3.2.1" (fixed in
https://svn.apache.org/repos/asf/commons/proper/collections/branches/COLLECTIONS_3_2_X
)
- The site history does not mentioned (fixed in svn)
ASC OK, MD5 OK, SHA1 OK. Everyone's checking these, right?
Reports
Hey Bertrand,
Welcome to Commons!
Phil
> On Nov 13, 2015, at 12:00 PM, Bertrand Delacretaz
> wrote:
>
> Hi,
>
> I've just subscribed to this list after briefly discussing this with
> Benedikt Ritter.
>
> I have written a small module [1] that provides a safer
On Fri, Nov 13, 2015 at 11:53 AM, Phil Steitz wrote:
> Hey Bertrand,
>
> Welcome to Commons!
>
+1
Gary
>
> Phil
>
> > On Nov 13, 2015, at 12:00 PM, Bertrand Delacretaz <
> bdelacre...@apache.org> wrote:
> >
> > Hi,
> >
> > I've just subscribed to this list after
On Fri, Nov 13, 2015 at 6:27 PM, Bertrand Delacretaz
wrote:
>... How quick? Weekend starts in half an hour here...
Actually that was more than enough, here you go:
https://issues.apache.org/jira/browse/IO-487
-Bertrand
Sounds intetesting!
Gary
On Nov 13, 2015 9:48 AM, "Bertrand Delacretaz"
wrote:
> On Fri, Nov 13, 2015 at 6:27 PM, Bertrand Delacretaz
> wrote:
> >... How quick? Weekend starts in half an hour here...
>
> Actually that was more than enough, here
On 11/13/2015 08:26 PM, Gary Gregory wrote:
> +1
>
> Tested with src zip.
>
> BUT:
>
> - The site Javadoc link is labeled "3.2.1" (fixed in
> https://svn.apache.org/repos/asf/commons/proper/collections/branches/COLLECTIONS_3_2_X
> )
> - The site history does not mentioned (fixed in svn)
as I
On Fri, Nov 13, 2015 at 12:12 PM, Luc Maisonobe wrote:
> Le 13/11/2015 20:26, Gary Gregory a écrit :
> > +1
> >
> > Tested with src zip.
> >
> > BUT:
> >
> > - The site Javadoc link is labeled "3.2.1" (fixed in
> >
>
+2 :-)
mit freundlichen Grüßen
Uwe Barthel
--
bart...@x-reizend.de
> On 13 Nov 2015, at 18:22, Jörg Schaible wrote:
>
> Hi Bertrand,
>
> Bertrand Delacretaz wrote:
>
>> Hi,
>>
>> I've just subscribed to this list after briefly discussing this with
>> Benedikt
On 2015-11-13, Thomas Neidhart wrote:
> Please review the release candidate and vote.
+1
Stefan
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
Github user PascalSchumacher commented on the pull request:
https://github.com/apache/commons-compress/commit/1e592b52c54ff3186b5d11fe64021ab758db7234#commitcomment-14393072
In src/changes/changes.xml:
In src/changes/changes.xml on line 50:
"fpr" should be "for"
---
If your
Le 13/11/2015 20:26, Gary Gregory a écrit :
> +1
>
> Tested with src zip.
>
> BUT:
>
> - The site Javadoc link is labeled "3.2.1" (fixed in
> https://svn.apache.org/repos/asf/commons/proper/collections/branches/COLLECTIONS_3_2_X
> )
> - The site history does not mentioned (fixed in svn)
>
>
On Fri, Nov 13, 2015 at 8:53 PM, Phil Steitz wrote:
> ...Welcome to Commons!
Thanks! After so many years doing Java stuff at the ASF I finally
found something meaningful to contribute here.
-Bertrand
-
I wanted to forward this on. I found this article this morning talking about
the issue on itworld.
http://www.itworld.com/article/3004632/thousands-of-java-applications-vulnerable-to-nine-month-old-remote-code-execution-exploit.html
Thanks,Don Freeman
On Thu, Nov 12, 2015 at 10:11 AM, Gary
On Mon, 9 Nov 2015 10:34:43 -0600, Ole Ersoy wrote:
If I'm interested in some functionality that is 'beta' then I first
have to realize that it's 'beta'...Maybe just tag the branch beta.
After that there's probably (Judging from the number of people
communicating here) 1/2 people interested.
22 matches
Mail list logo