Release date for Jackrabbit 2.15.7

[Jan Kreutzfeld <Ja...@doubleslash.de>]

Hello everyone,

is there already a set release date for Jackrabbit 2.15.7?
We need the new version because of the derby update, which fixes vulnerability issues.

Thanks for the information!

Jan

Re: Release date for Jackrabbit 2.15.7

[Julian Reschke <ju...@gmx.de>]

On 2017-10-16 18:08, Jan Kreutzfeld wrote:
> I'm referring to this issue: https://www.cvedetails.com/cve/CVE-2015-1832/

Thanks - I don't think that we use that code (worth checking though), so 
this doesn't appear to be urgent.

> As always, we need to get rid of the issue as soon as possible, so we would use the unstable release if necessary.

So which release are you using right now?

> Of course, if a stable release would be available, we would prefer to use that instead.
> So I guess the proper question would be: can you tell me the ETA for the earliest release which updates the derby driver? :-)

Sometimes in November, unless it becomes clear that the vulnerability 
indeed affects Jackrabbit operation.

Best regards, Julian

Re: Release date for Jackrabbit 2.15.7

[Julian Reschke <ju...@gmx.de>]

On 2017-10-13 13:32, Jan Kreutzfeld wrote:
> Hello everyone,
> 
> is there already a set release date for Jackrabbit 2.15.7?
> We need the new version because of the derby update, which fixes vulnerability issues.
> 
> Thanks for the information!
> 
> Jan

a) which vulnerability update, specifically?

b) 2.15.* are unstable releases, so I guess what you're really looking 
for is either 2.14.4 or 2.16.0?

Best regards, Julian