You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Jan Kreutzfeld <Ja...@doubleslash.de> on 2017/10/13 11:32:41 UTC
Release date for Jackrabbit 2.15.7
Hello everyone,
is there already a set release date for Jackrabbit 2.15.7?
We need the new version because of the derby update, which fixes vulnerability issues.
Thanks for the information!
Jan
Re: Release date for Jackrabbit 2.15.7
Posted by Julian Reschke <ju...@gmx.de>.
On 2017-10-16 18:08, Jan Kreutzfeld wrote:
> I'm referring to this issue: https://www.cvedetails.com/cve/CVE-2015-1832/
Thanks - I don't think that we use that code (worth checking though), so
this doesn't appear to be urgent.
> As always, we need to get rid of the issue as soon as possible, so we would use the unstable release if necessary.
So which release are you using right now?
> Of course, if a stable release would be available, we would prefer to use that instead.
> So I guess the proper question would be: can you tell me the ETA for the earliest release which updates the derby driver? :-)
Sometimes in November, unless it becomes clear that the vulnerability
indeed affects Jackrabbit operation.
Best regards, Julian
Re: Release date for Jackrabbit 2.15.7
Posted by Julian Reschke <ju...@gmx.de>.
On 2017-10-13 13:32, Jan Kreutzfeld wrote:
> Hello everyone,
>
> is there already a set release date for Jackrabbit 2.15.7?
> We need the new version because of the derby update, which fixes vulnerability issues.
>
> Thanks for the information!
>
> Jan
a) which vulnerability update, specifically?
b) 2.15.* are unstable releases, so I guess what you're really looking
for is either 2.14.4 or 2.16.0?
Best regards, Julian