Hi I would be interested as well by a release including those commits (with this one as well https://github.com/apache/commons-compress/commit/51265b23722d9ce2262d68979ce7dbb79b94f430 ) Technically I'm still PMC, I can volunteer but you have to point me in the right procedure. Thanks Olivier
On Thu, 3 Jun 2021 at 09:45, Gary Gregory <garydgreg...@gmail.com> wrote: > This is no release schedule at this time. As you may know we are volunteers > with varying levels of free time. Stay tuned though. > > Gary > > > On Wed, Jun 2, 2021, 14:21 Merrill, Greg <gmerr...@onenetwork.com.invalid> > wrote: > > > Hello - I'm inquiring to see if there is any planned upcoming release of > > commons-compress 1.21? > > > > To elaborate, I have a project uses commons-compress 1.20. But there are > > some security-related vulnerabilities in 1.20 reported by JFrog X-Ray, > > mostly coming from findings by the "oss-fuzz" project. These have > actually > > been fixed in the commons-compress git repo already, but are not yet > > released. > > > > I'm trying to find out if there is any plan to release 1.21 in the near- > > to mid-term, or if I should build my own commons-compress snapshot > release > > if I need those fixes. Appreciate any guidance you might have. > > > > Here are the specific fixes in question: > > > > * > > > https://github.com/apache/commons-compress/commit/26924e96c7730db014c310757e11c9359db07f3e > > * > > > https://github.com/apache/commons-compress/commit/882c6dd12473d7b615d503e08fd6b866d0f866d5 > > * > > > https://github.com/apache/commons-compress/commit/d15c285941351958a902265aeacdc151fa98c127 > > > > > > Thanks, > > Greg Merrill > > Platform Architect, One Network Enterprises > > gmerr...@onenetwork.com > > office: (972) 455-3514 cell: (214) 450-8239 > > > > This document contains ONE Network Enterprises Proprietary and > > Confidential Business Information and is intended solely for the use and > > information of the person and/or company to whom it is addressed. It may > > not be duplicated or published without the written consent of One > Network. > > > > > -- Olivier Lamy http://twitter.com/olamy | http://linkedin.com/in/olamy
