Items for our quarterly update to the Board?

[Bryan Pendleton <bp...@gmail.com>]

Hi all, I am preparing the October report for the Board.

Can you please send me any updates that I should include?

Here is what I currently have; please help clarify what I should
include about JDO 3.2 and/or about JSR-243, if anything.

The DB project received a report of a CWE-502 vulnerability in the
retired DdlUtils source code. Although the DdlUtils subproject is
retired and no longer actively developed, the DB project decided
to address the vulnerability, which is now tracked as CVE-2021-41616,
and removed the insecure source code from the source repository.
The DB project also removed the DdlUtils-1.0 release from
distribution via the Apache mirrors, and updated the DdlUtils web
site to make it more clear that DdlUtils is retired and no longer
actively developed.

The JDO team have published the JDO 3.2 spec (or is it still in review?)

The JDO team have been making changes suggested by the Apache
Diversity Conscious Language Checker, including changing the
name of the git branch from master to main, and investigating
language changes in the source code and specification.

The Derby team have validated Derby behavior with Java 17. This
involved significant work to address changes due to JEP411.

Re: Items for our quarterly update to the Board?

[Bryan Pendleton <bp...@gmail.com>]

Thanks Craig, and congratulations to JDO team on the great progress!

On Thu, Sep 30, 2021 at 3:37 PM Craig Russell <ap...@gmail.com> wrote:
>
> Hi Bryan,
>
> Good start. Here's the latest on what JDO has been up to:
>
> The JDO team have been making changes suggested by the Apache
> Diversity Conscious Language Checker, including changing the
> name of the git branch from master to main, and resolving all issues in the source code and web site.
> https://clc.diversity.apache.org/analysis.html?project=db-jdo.git
> https://clc.diversity.apache.org/analysis.html?project=db-jdo-site.git
>
> The JDO project is ready to ask the Java Community Process (JCP) to approve the latest release, JDO 3.2. We have asked for specific guidance to submit the release to be voted by the JCP. Once the JCP approves the Maintenance Release, we will formally make the Apache release via the usual DB PMC process.
>
> Regards,
> Craig
>
> > On Sep 30, 2021, at 11:45 AM, Bryan Pendleton <bp...@gmail.com> wrote:
> >
> > Hi all, I am preparing the October report for the Board.
> >
> > Can you please send me any updates that I should include?
> >
> > Here is what I currently have; please help clarify what I should
> > include about JDO 3.2 and/or about JSR-243, if anything.
> >
> > The DB project received a report of a CWE-502 vulnerability in the
> > retired DdlUtils source code. Although the DdlUtils subproject is
> > retired and no longer actively developed, the DB project decided
> > to address the vulnerability, which is now tracked as CVE-2021-41616,
> > and removed the insecure source code from the source repository.
> > The DB project also removed the DdlUtils-1.0 release from
> > distribution via the Apache mirrors, and updated the DdlUtils web
> > site to make it more clear that DdlUtils is retired and no longer
> > actively developed.
> >
> > The JDO team have published the JDO 3.2 spec (or is it still in review?)
> >
> > The JDO team have been making changes suggested by the Apache
> > Diversity Conscious Language Checker, including changing the
> > name of the git branch from master to main, and investigating
> > language changes in the source code and specification.
> >
> > The Derby team have validated Derby behavior with Java 17. This
> > involved significant work to address changes due to JEP411.
>
> Craig L Russell
> clr@apache.org
>

Re: Items for our quarterly update to the Board?

[Craig Russell <ap...@gmail.com>]

Hi Bryan,

Good start. Here's the latest on what JDO has been up to:

The JDO team have been making changes suggested by the Apache
Diversity Conscious Language Checker, including changing the
name of the git branch from master to main, and resolving all issues in the source code and web site.
https://clc.diversity.apache.org/analysis.html?project=db-jdo.git
https://clc.diversity.apache.org/analysis.html?project=db-jdo-site.git

The JDO project is ready to ask the Java Community Process (JCP) to approve the latest release, JDO 3.2. We have asked for specific guidance to submit the release to be voted by the JCP. Once the JCP approves the Maintenance Release, we will formally make the Apache release via the usual DB PMC process.

Regards,
Craig

> On Sep 30, 2021, at 11:45 AM, Bryan Pendleton <bp...@gmail.com> wrote:
> 
> Hi all, I am preparing the October report for the Board.
> 
> Can you please send me any updates that I should include?
> 
> Here is what I currently have; please help clarify what I should
> include about JDO 3.2 and/or about JSR-243, if anything.
> 
> The DB project received a report of a CWE-502 vulnerability in the
> retired DdlUtils source code. Although the DdlUtils subproject is
> retired and no longer actively developed, the DB project decided
> to address the vulnerability, which is now tracked as CVE-2021-41616,
> and removed the insecure source code from the source repository.
> The DB project also removed the DdlUtils-1.0 release from
> distribution via the Apache mirrors, and updated the DdlUtils web
> site to make it more clear that DdlUtils is retired and no longer
> actively developed.
> 
> The JDO team have published the JDO 3.2 spec (or is it still in review?)
> 
> The JDO team have been making changes suggested by the Apache
> Diversity Conscious Language Checker, including changing the
> name of the git branch from master to main, and investigating
> language changes in the source code and specification.
> 
> The Derby team have validated Derby behavior with Java 17. This
> involved significant work to address changes due to JEP411.

Craig L Russell
clr@apache.org