You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bval.apache.org by mb...@apache.org on 2018/12/17 23:44:02 UTC
svn commit: r1849133 -
/bval/cms-site/trunk/content/board-reports/2018-12.mdtext
Author: mbenson
Date: Mon Dec 17 23:44:02 2018
New Revision: 1849133
URL: http://svn.apache.org/viewvc?rev=1849133&view=rev
Log:
CMS commit to bval by mbenson
Modified:
bval/cms-site/trunk/content/board-reports/2018-12.mdtext
Modified: bval/cms-site/trunk/content/board-reports/2018-12.mdtext
URL: http://svn.apache.org/viewvc/bval/cms-site/trunk/content/board-reports/2018-12.mdtext?rev=1849133&r1=1849132&r2=1849133&view=diff
==============================================================================
--- bval/cms-site/trunk/content/board-reports/2018-12.mdtext (original)
+++ bval/cms-site/trunk/content/board-reports/2018-12.mdtext Mon Dec 17 23:44:02 2018
@@ -1,4 +1,4 @@
-## Apache BVal Report September 2018 ##
+## Apache BVal Report December 2018 ##
- The Apache BVal project implements the Java EE Bean Validation
specification(s) and related extensions, and became a top-level project of
@@ -10,18 +10,18 @@
## Activity:
- - Apache BVal community members working in Apache Commons have recently
- succeeded in pushing the 2.0 release of the Apache Commons Weaver component
- upon which we depend.
- - Our immediate plans are to push the release of the Apache licensed bean
- validation 2.0 specification artifact through the Apache Geronimo project and
- then to release Apache BVal 2.0.
- - The security issue mentioned last quarter is incurred at the specification
- level and has been deemed low priority by the bean validation community as a
- whole, any vulnerability requiring deliberate and naive custom code on the
- part of the application developer. The Apache BVal community continue to
- ponder what actions we might take to reduce the likelihood of such naive
- exposures.
+ - During the past quarter we released Apache BVal 2.0.0 which delivers an
+ implementation of the latest 2.0 Bean Validation JSR specification.
+ - The recent release included code that, unless deliberately circumvented,
+ would prevent the behavior at the core of the security vulnerability reported
+ during Q2.
+ - The Bean Validation EG leadership has reached out to encourage us to obtain
+ official status as a conforming implementation. This is primarily a matter
+ of configuration tooling which we hope to address in a forthcoming point
+ release.
+ - We have received a small number of post-release bug reports which we intend
+ to address in the immediate future when the team's non-volunteer workload
+ permits.
## Health report:
@@ -41,9 +41,22 @@
## Releases:
- - Last release was 1.1.2 on Wed Nov 02 2016
+ - 2.0.0 was released on Sat Oct 27 2018
+
+## Mailing list activity:
+
+ - Activity this quarter reflects the release process of version 2.0.0 and an
+ accompanying JIRA cleanup. Post-release saw some activity in response.
+
+ - dev@bval.apache.org:
+ - 42 subscribers (down -4 in the last 3 months):
+ - 118 emails sent to list (26 in previous quarter)
+
+ - user@bval.apache.org:
+ - 54 subscribers (down -2 in the last 3 months):
+ - 5 emails sent to list (2 in previous quarter)
## JIRA activity:
- - 1 JIRA tickets created in the last 3 months
- - 0 JIRA tickets closed/resolved in the last 3 months
+ - 11 JIRA tickets created in the last 3 months
+ - 21 JIRA tickets closed/resolved in the last 3 months