This voting thread passes with the following binding +1s:
- Rob Tompkins
- Gary Gregory
- Bruno Kinoshita
Gary
On Sat, Oct 28, 2023 at 2:13 PM Bruno Kinoshita wrote:
>
> +1
>
> build OK, site reports good. Thanks!
>
> On Fri, 27 Oct 2023 at 13:12, Gary Gregory wrote:
>
> > My +1
> >
> > Gary
+1
build OK, site reports good. Thanks!
On Fri, 27 Oct 2023 at 13:12, Gary Gregory wrote:
> My +1
>
> Gary
>
> On Thu, Oct 26, 2023 at 10:08 AM Rob Tompkins wrote:
> >
> > +1 - signatures good, rat good, reports good, builds good, site good,
> release note good.
> >
> > Keep crushing it Gary!
I would bring this up in secur...@commons.apache.org if you have something
noteworthy. Though a lot of people don’t understand that text manipulation is
an extremely general toolkit making security concerns something that would
occur at a higher lever with regards to the system using
My +1
Gary
On Thu, Oct 26, 2023 at 10:08 AM Rob Tompkins wrote:
>
> +1 - signatures good, rat good, reports good, builds good, site good, release
> note good.
>
> Keep crushing it Gary!
>
> Cheers,
> -Rob
>
> > On Oct 24, 2023, at 9:47 AM, Gary Gregory wrote:
> >
> > We have fixed quite a few
+1 - signatures good, rat good, reports good, builds good, site good, release
note good.
Keep crushing it Gary!
Cheers,
-Rob
> On Oct 24, 2023, at 9:47 AM, Gary Gregory wrote:
>
> We have fixed quite a few bugs and added some significant enhancements
> since Apache Commons Text 1.10.0 was
It's worth triaging the bug tracker sometime. At a quick glance I saw
several other issues that are arguably security related, mostly around
character escaping and unescaping.
On Tue, Oct 24, 2023 at 11:43 AM Gary Gregory wrote:
>
> The issue is a year old with zero comments, I downgraded it to
The issue is a year old with zero comments, I downgraded it to "Major".
What's worse is that if it were a real security issue, it should have gone
through our security protocol and not a Jira (initially at least).
Gary
On Tue, Oct 24, 2023, 10:32 AM Elliotte Rusty Harold
wrote:
>
>
https://issues.apache.org/jira/projects/TEXT/issues/TEXT-220?filter=allopenissues
is prirotized as a blocker. I haven't analyzed it in detail so I'm not
sure, but it is security related. If it is a blocker it should be
resolved before 1.11.0. If it is not a blocker, then the priority
should be
We have fixed quite a few bugs and added some significant enhancements
since Apache Commons Text 1.10.0 was released, so I would like to
release Apache Commons Text 1.11.0.
Apache Commons Text 1.11.0 RC1 is available for review here:
