You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2020/02/02 15:05:54 UTC
[commons-compress] branch master updated: release notes for 1.20
This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-compress.git
The following commit(s) were added to refs/heads/master by this push:
new 633f9dd release notes for 1.20
633f9dd is described below
commit 633f9dd82313c7292db530ff720a77109b63f47b
Author: Stefan Bodewig <bo...@apache.org>
AuthorDate: Sun Feb 2 16:05:36 2020 +0100
release notes for 1.20
---
RELEASE-NOTES.txt | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt
index a1ddfe9..0ee5d5f 100644
--- a/RELEASE-NOTES.txt
+++ b/RELEASE-NOTES.txt
@@ -5,6 +5,61 @@ compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4,
Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
+Release 1.20
+------------
+
+Commons Compress 1.20 like any version of Commons Compress since 1.3
+can not be built from sources using Java 14 as Java 14 removes
+support for the Pack200 format. We will address this issue with the
+next release.
+
+Fixed Bugs:
+o SevenZFile could throw NullPointerException rather than
+ IOException for certain archives. In addition it now handles
+ certain empty archives more gracefully.
+ Issue: COMPRESS-492.
+o Deflate64CompressorInputStream.read would return 0 for some
+ inputs in violation of the InputStream.read contract.
+ Issue: COMPRESS-491.
+o SeekableInMemoryByteChannel's truncate didn't set position
+ according to the spec in an edge case.
+ Issue: COMPRESS-499.
+o BZip2CompressorInputStream now incorporates a similar patch as
+ the one that fixed CVE-2019-12900 in libbzip2.
+
+ Commons Compress has not been vulnerable to this CVE as it
+ would have rejected a file with too many selectors. With this
+ patch Commons Compress will be able to read certain archives
+ that would have caused errors in Compress 1.19. Thanks to Joseph Allemandou.
+
+Changes:
+o Update optional library com.github.luben:zstd-jni from
+ 1.4.0-1 to 1.4.4-7.
+ Issue: COMPRESS-493.
+o Update tests from org.apache.felix:org.apache.felix.framework
+ 6.0.2 to 6.0.3.
+o SevenZFile can now recover from a certain corruption that
+ seems to happen occasionally when split archives are created.
+ Issue: COMPRESS-497.
+ Thanks to Stefan Schlott.
+o Added random access support to SevenZFile.
+ Issue: COMPRESS-342.
+ Thanks to Peter Alfred Lee.
+o Added support for split ZIP archives.
+ Issue: COMPRESS-477.
+ Thanks to Peter Alfred Lee.
+o Added support for reading sparse entries to the TAR package.
+ Issue: COMPRESS-124.
+ Thanks to Peter Alfred Lee.
+o Update JUnit from 4.12 to 4.13.
+
+Removed:
+o Removed the extraction code from the example CLI class inside
+ of the SevenZ package. Not only is it superseeded by the
+ examples package, its implementation was vulnerable to the
+ ZipSlip attack.
+ Issue: COMPRESS-495.
+
Release 1.19
------------