You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2018/07/11 22:01:30 UTC
svn commit: r28064 - in /release/commons/collections: ./ binaries/ source/
Author: ggregory
Date: Wed Jul 11 22:01:30 2018
New Revision: 28064
Log:
Apache Commons Collections 4.2.
Removed:
release/commons/collections/RELEASE-NOTES-3.2.2.txt
release/commons/collections/RELEASE-NOTES-4.0.txt
release/commons/collections/binaries/commons-collections4-4.1-bin.tar.gz
release/commons/collections/binaries/commons-collections4-4.1-bin.tar.gz.asc
release/commons/collections/binaries/commons-collections4-4.1-bin.tar.gz.sha1
release/commons/collections/binaries/commons-collections4-4.1-bin.tar.gz.sha256
release/commons/collections/binaries/commons-collections4-4.1-bin.zip
release/commons/collections/binaries/commons-collections4-4.1-bin.zip.asc
release/commons/collections/binaries/commons-collections4-4.1-bin.zip.sha1
release/commons/collections/binaries/commons-collections4-4.1-bin.zip.sha256
release/commons/collections/source/commons-collections4-4.1-src.tar.gz
release/commons/collections/source/commons-collections4-4.1-src.tar.gz.asc
release/commons/collections/source/commons-collections4-4.1-src.tar.gz.sha1
release/commons/collections/source/commons-collections4-4.1-src.tar.gz.sha256
release/commons/collections/source/commons-collections4-4.1-src.zip
release/commons/collections/source/commons-collections4-4.1-src.zip.asc
release/commons/collections/source/commons-collections4-4.1-src.zip.sha1
release/commons/collections/source/commons-collections4-4.1-src.zip.sha256
Modified:
release/commons/collections/README.html
release/commons/collections/RELEASE-NOTES.txt
release/commons/collections/binaries/README.html
release/commons/collections/source/README.html
Modified: release/commons/collections/README.html
==============================================================================
--- release/commons/collections/README.html (original)
+++ release/commons/collections/README.html Wed Jul 11 22:01:30 2018
@@ -1,7 +1,7 @@
-<h1>Commons-Collections v4.1</h1>
+<h1>Commons-Collections v4.2</h1>
<p>
-This is the 4.1 release of commons-collections.
+This is the 4.2 release of commons-collections.
It is available in both binary and source distributions.
</p>
@@ -40,13 +40,13 @@ HREF="http://www.apache.org/dist/commons
<pre>Always test available signatures, <i>e.g.</i>,
$ pgpk -a KEYS
-$ pgpv commons-collections4-4.1-bin.tar.gz.asc
+$ pgpv commons-collections4-4.2-bin.tar.gz.asc
or,
$ pgp -ka KEYS
-$ pgp commons-collections4-4.1-bin.tar.gz.asc
+$ pgp commons-collections4-4.2-bin.tar.gz.asc
or,
$ gpg --import KEYS
-$ gpg --verify commons-collections4-4.1-bin.tar.gz.asc
+$ gpg --verify commons-collections4-4.2-bin.tar.gz.asc
</pre>
<p>
Modified: release/commons/collections/RELEASE-NOTES.txt
==============================================================================
--- release/commons/collections/RELEASE-NOTES.txt (original)
+++ release/commons/collections/RELEASE-NOTES.txt Wed Jul 11 22:01:30 2018
@@ -1,4 +1,4 @@
- Apache Apache Commons Collections 4.2 RELEASE NOTES
+ Apache Apache Commons Collections 4.2 RELEASE NOTES
The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.
@@ -209,3 +209,77 @@ For complete information on Apache Commo
patches, or suggestions for improvement, see the Apache Apache Commons Collections website:
http://commons.apache.org/proper/commons-collections/
+
+===============================================================================
+
+ Apache Commons Collections
+ Version 3.2.2
+ RELEASE NOTES
+
+
+INTRODUCTION:
+
+Commons collections is a project to develop and maintain collection classes
+based on and inspired by the JDK collection framework.
+This release is JDK1.3 compatible, and does not use JDK1.5 generics.
+
+This v3.2.2 release is a bugfix release, fixing several bugs present in the previous
+releases of the 3.2 branch. Additionally, this release provides a mitigation for a
+known remote code exploitation via the standard java object serialization mechanism.
+By default, serialization support for unsafe classes in the functor package is
+disabled and will result in an exception when either trying to serialize or de-serialize
+an instance of these classes. For more details, please refer to COLLECTIONS-580.
+
+All users are strongly encouraged to updated to this release.
+
+
+Changes in this version include:
+
+CHANGES
+=======
+
+o COLLECTIONS-580: Serialization support for unsafe classes in the functor package is
+ disabled by default as this can be exploited for remote code execution
+ attacks. To re-enable the feature the system property
+ "org.apache.commons.collections.enableUnsafeSerialization" needs to be
+ set to "true".
+ Classes considered to be unsafe are: CloneTransformer, ForClosure,
+ InstantiateFactory, InstantiateTransformer, InvokerTransformer,
+ PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure.
+
+BUGFIXES
+========
+
+o COLLECTIONS-538: "ExtendedProperties" will now use a privileged action to access the
+ "file.separator" system property. In case the class does not have
+ permission to read system properties, the "File#separator" field will
+ be used instead. Thanks to Trejkaz.
+o COLLECTIONS-447: Tree traversal with a TreeListIterator will not be affected anymore by
+ the removal of an element directly after a call to previous(). Thanks to Jeffrey Barnes.
+o COLLECTIONS-444: SetUniqueList.set(int, Object) now works correctly if the object to be inserted
+ is already placed at the given position. Thanks to Thomas Vahrst, John Vasileff.
+o COLLECTIONS-350: Removed debug output in "MapUtils#getNumber(Map)". Thanks to Michael Akerman.
+o COLLECTIONS-335: Fixed cache assignment for "TreeBidiMap#entrySet". Thanks to sebb.
+o COLLECTIONS-334: Synchronized access to lock in "StaticBucketMap#size()". Thanks to sebb.
+o COLLECTIONS-307: "SetUniqueList#subList()#contains(Object)" will now correctly check the subList
+ rather than the parent list. Thanks to Christian Semrau.
+o COLLECTIONS-304: "SetUniqueList#set(int, Object)" will now correctly enforce the uniqueness constraint.
+ Thanks to Rafa? Figas,Bjorn Townsend.
+o COLLECTIONS-294: "CaseInsensitiveMap" will now convert input strings to lower-case in a
+ locale-independent manner. Thanks to Benjamin Bentmann.
+o COLLECTIONS-266: "MultiKey" will now be correctly serialized/de-serialized. Thanks to Joerg Schaible.
+o COLLECTIONS-261: "Flat3Map#remove(Object)" will now return the correct value mapped to the removed key
+ if the size of the map is less or equal 3. Thanks to ori.
+o COLLECTIONS-249: "SetUniqueList.addAll(int, Collection)" now correctly add the collection at the
+ provided index. Thanks to Joe Kelly.
+o COLLECTIONS-228: "MultiValueMap#put(Object, Object)" and "MultiValueMap#putAll(Object, Collection)"
+ now correctly return if the map has changed by this operation.
+o COLLECTIONS-219: "CollectionUtils#removeAll" wrongly called "ListUtils#retainAll". Thanks to Tom Leccese.
+o COLLECTIONS-217: Calling "setValue(Object)" on any Entry returned by a "Flat3Map" will now
+ correctly set the value for the current entry. Thanks to Matt Bishop.
+
+
+For complete information on Apache Commons Collections, including instructions on how to submit bug reports,
+patches, or suggestions for improvement, see the Apache Commons Collections website:
+
+http://commons.apache.org/collections/
Modified: release/commons/collections/binaries/README.html
==============================================================================
--- release/commons/collections/binaries/README.html (original)
+++ release/commons/collections/binaries/README.html Wed Jul 11 22:01:30 2018
@@ -1 +1,52 @@
-link ../README.html
\ No newline at end of file
+<h1>Commons-Collections v4.2</h1>
+
+<p>
+This is the 4.2 release of commons-collections.
+It is available in both binary and source distributions.
+</p>
+
+<p><font color="red" size="+2">Note:</font>
+The tar files in the distribution use GNU tar extensions
+and must be untarred with a GNU compatible version of tar. The version
+of tar on Solaris and Mac OS X will not work with these files</p>
+
+<a name="changes"><h2>Changes</h2></a>
+
+<p>The changes in this release are detailed in the release notes.</p>
+
+<p>Thank you for using <a href="http://commons.apache.org/collections/">Collections</a>.</p>
+
+<p>From the Apache Commons Project<br><a href="http://commons.apache.org/">http://commons.apache.org/</a></p>
+
+<h2><a name="mirrors">Download from your
+ <a href="http://www.apache.org/dyn/closer.cgi/commons/">nearest mirror site!</a></a></h2>
+
+<p>
+ Do not download from www.apache.org. Please use a mirror site
+ to help us save apache.org bandwidth.
+ <a href="http://www.apache.org/dyn/closer.cgi/commons/">Go
+ here to find your nearest mirror.</a>
+</p>
+
+<a name="sig"><h2>Signatures</h2></a>
+
+<p>Many of the files have been digitally signed using GnuPG. If so,
+there will be an accompanying <samp><em>file</em>.asc</samp> signature
+file in the same directory as the file (binaries/ or source/). The
+signing keys can be found in the distribution directory at <<a
+HREF="http://www.apache.org/dist/commons/KEYS"><samp>http://www.apache.org/dist/commons/KEYS</samp></a>>.</p>
+
+<p><b>Always download the KEYS file directly from the Apache site, never from a mirror site.</b></p>
+
+<pre>Always test available signatures, <i>e.g.</i>,
+$ pgpk -a KEYS
+$ pgpv commons-collections4-4.2-bin.tar.gz.asc
+or,
+$ pgp -ka KEYS
+$ pgp commons-collections4-4.2-bin.tar.gz.asc
+or,
+$ gpg --import KEYS
+$ gpg --verify commons-collections4-4.2-bin.tar.gz.asc
+</pre>
+<p>
+
Modified: release/commons/collections/source/README.html
==============================================================================
--- release/commons/collections/source/README.html (original)
+++ release/commons/collections/source/README.html Wed Jul 11 22:01:30 2018
@@ -1 +1,52 @@
-link ../README.html
\ No newline at end of file
+<h1>Commons-Collections v4.2</h1>
+
+<p>
+This is the 4.2 release of commons-collections.
+It is available in both binary and source distributions.
+</p>
+
+<p><font color="red" size="+2">Note:</font>
+The tar files in the distribution use GNU tar extensions
+and must be untarred with a GNU compatible version of tar. The version
+of tar on Solaris and Mac OS X will not work with these files</p>
+
+<a name="changes"><h2>Changes</h2></a>
+
+<p>The changes in this release are detailed in the release notes.</p>
+
+<p>Thank you for using <a href="http://commons.apache.org/collections/">Collections</a>.</p>
+
+<p>From the Apache Commons Project<br><a href="http://commons.apache.org/">http://commons.apache.org/</a></p>
+
+<h2><a name="mirrors">Download from your
+ <a href="http://www.apache.org/dyn/closer.cgi/commons/">nearest mirror site!</a></a></h2>
+
+<p>
+ Do not download from www.apache.org. Please use a mirror site
+ to help us save apache.org bandwidth.
+ <a href="http://www.apache.org/dyn/closer.cgi/commons/">Go
+ here to find your nearest mirror.</a>
+</p>
+
+<a name="sig"><h2>Signatures</h2></a>
+
+<p>Many of the files have been digitally signed using GnuPG. If so,
+there will be an accompanying <samp><em>file</em>.asc</samp> signature
+file in the same directory as the file (binaries/ or source/). The
+signing keys can be found in the distribution directory at <<a
+HREF="http://www.apache.org/dist/commons/KEYS"><samp>http://www.apache.org/dist/commons/KEYS</samp></a>>.</p>
+
+<p><b>Always download the KEYS file directly from the Apache site, never from a mirror site.</b></p>
+
+<pre>Always test available signatures, <i>e.g.</i>,
+$ pgpk -a KEYS
+$ pgpv commons-collections4-4.2-bin.tar.gz.asc
+or,
+$ pgp -ka KEYS
+$ pgp commons-collections4-4.2-bin.tar.gz.asc
+or,
+$ gpg --import KEYS
+$ gpg --verify commons-collections4-4.2-bin.tar.gz.asc
+</pre>
+<p>
+