You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2022/04/05 12:59:23 UTC
Releases soon?
Hi,
We've received a JIRA request to get new releases out due to the
recent Spring CVE issue. I think it's reasonable due to the publicity
surrounding the issue, and also we have quite a few issues fixed since
the last releases.
WDYT - can we aim to call a vote in around a week or so?
Colm.
Re: Releases soon?
Posted by Andriy Redko <dr...@gmail.com>.
+1, let me prepare the change, sounds good to you Dan?
Thanks!
Best Regards,
Andriy Redko
COh> There's a CVE in Jackson 2.11.x that isn't fixed, so it probably makes
COh> sense to upgrade to 2.13.x?
COh> Colm.
COh> On Fri, Apr 8, 2022 at 4:08 PM Daniel Kulp <dk...@apache.org> wrote:
>> Andriy,
>> I just tried pushing the update to 1.6.6 to 3.4.x, but it’s failing in the Karaf validation. 1.6.6 apparently requires Jackson 2.13 whereas 3.4 uses 2.11. Thus, the choice is to also upgrade Jackson or keep on 1.6.5. Any thoughts?
>> Dan
>> > On Apr 8, 2022, at 10:51 AM, Andriy Redko <dr...@gmail.com> wrote:
>> >
>> > Hi Dan,
>> >
>> > Sorry for late notice, may I push 1 commit to 3.4.x (Swagger update)
>> > before the release? Thanks!
>> >
>> > Best Regards,
>> > Andriy Redko
>> >
>> > DK> I plan on doing the builds tomorrow. If there are any last minute updates/changes, please get them in ASAP.
>> >
>> > DK> Thanks!
>> > DK> Dan
>> >
>> >
>> >
>> >
>> >>> On Apr 7, 2022, at 7:31 AM, Colm O hEigeartaigh <co...@apache.org> wrote:
>> >
>> >>> Hi Dan,
>> >
>> >>> We are ready to go for 3.5.2 and 3.4.7 whenever you can do the releases.
>> >
>> >>> Colm.
>> >
>> >>> On Thu, Apr 7, 2022 at 2:36 AM Jim Ma <ma...@gmail.com> wrote:
>> >
>> >
>> >
>> >>>> On Thu, Apr 7, 2022 at 5:25 AM Andriy Redko <dr...@gmail.com> wrote:
>> >
>> >>>>> Hey Colm,
>> >
>> >>>>> https://issues.apache.org/jira/browse/CXF-8683 is moved to next release, for
>> >>>>> https://issues.apache.org/jira/browse/CXF-8668 we already have PRs open, @Jim
>> >>>>> could you please wrap them up? Thank you!
>> >
>> >
>> >>>> It can be merged. I added these changes to the 3.5.x and 3.4.x branch.
>> >
>> >
>> >
>> >>>>> Best Regards,
>> >>>>> Andriy Redko
>> >
>> >
>> >>>>> COh> We still have these two issues as "To Do", shall we defer them to the
>> >>>>> COh> next release?
>> >
>> >>>>> COh> https://issues.apache.org/jira/browse/CXF-8668
>> >>>>> COh> https://issues.apache.org/jira/browse/CXF-8683
>> >
>> >>>>> COh> Colm.
>> >
>> >>>>> COh> On Wed, Apr 6, 2022 at 11:33 AM Jim Ma <ma...@gmail.com> wrote:
>> >
>> >>>>>>> +1
>> >
>> >>>>>>> On Tue, Apr 5, 2022 at 8:59 PM Colm O hEigeartaigh <co...@apache.org> wrote:
>> >
>> >>>>>>>> Hi,
>> >
>> >>>>>>>> We've received a JIRA request to get new releases out due to the
>> >>>>>>>> recent Spring CVE issue. I think it's reasonable due to the publicity
>> >>>>>>>> surrounding the issue, and also we have quite a few issues fixed since
>> >>>>>>>> the last releases.
>> >
>> >>>>>>>> WDYT - can we aim to call a vote in around a week or so?
>> >
>> >>>>>>>> Colm.
>> >
>> >
>> --
>> Daniel Kulp
>> dkulp@apache.org <ma...@apache.org>
>> Talend - https://talend.com <https://talend.com/>
Re: Releases soon?
Posted by Colm O hEigeartaigh <co...@apache.org>.
There's a CVE in Jackson 2.11.x that isn't fixed, so it probably makes
sense to upgrade to 2.13.x?
Colm.
On Fri, Apr 8, 2022 at 4:08 PM Daniel Kulp <dk...@apache.org> wrote:
>
>
> Andriy,
>
> I just tried pushing the update to 1.6.6 to 3.4.x, but it’s failing in the Karaf validation. 1.6.6 apparently requires Jackson 2.13 whereas 3.4 uses 2.11. Thus, the choice is to also upgrade Jackson or keep on 1.6.5. Any thoughts?
>
> Dan
>
>
>
> > On Apr 8, 2022, at 10:51 AM, Andriy Redko <dr...@gmail.com> wrote:
> >
> > Hi Dan,
> >
> > Sorry for late notice, may I push 1 commit to 3.4.x (Swagger update)
> > before the release? Thanks!
> >
> > Best Regards,
> > Andriy Redko
> >
> > DK> I plan on doing the builds tomorrow. If there are any last minute updates/changes, please get them in ASAP.
> >
> > DK> Thanks!
> > DK> Dan
> >
> >
> >
> >
> >>> On Apr 7, 2022, at 7:31 AM, Colm O hEigeartaigh <co...@apache.org> wrote:
> >
> >>> Hi Dan,
> >
> >>> We are ready to go for 3.5.2 and 3.4.7 whenever you can do the releases.
> >
> >>> Colm.
> >
> >>> On Thu, Apr 7, 2022 at 2:36 AM Jim Ma <ma...@gmail.com> wrote:
> >
> >
> >
> >>>> On Thu, Apr 7, 2022 at 5:25 AM Andriy Redko <dr...@gmail.com> wrote:
> >
> >>>>> Hey Colm,
> >
> >>>>> https://issues.apache.org/jira/browse/CXF-8683 is moved to next release, for
> >>>>> https://issues.apache.org/jira/browse/CXF-8668 we already have PRs open, @Jim
> >>>>> could you please wrap them up? Thank you!
> >
> >
> >>>> It can be merged. I added these changes to the 3.5.x and 3.4.x branch.
> >
> >
> >
> >>>>> Best Regards,
> >>>>> Andriy Redko
> >
> >
> >>>>> COh> We still have these two issues as "To Do", shall we defer them to the
> >>>>> COh> next release?
> >
> >>>>> COh> https://issues.apache.org/jira/browse/CXF-8668
> >>>>> COh> https://issues.apache.org/jira/browse/CXF-8683
> >
> >>>>> COh> Colm.
> >
> >>>>> COh> On Wed, Apr 6, 2022 at 11:33 AM Jim Ma <ma...@gmail.com> wrote:
> >
> >>>>>>> +1
> >
> >>>>>>> On Tue, Apr 5, 2022 at 8:59 PM Colm O hEigeartaigh <co...@apache.org> wrote:
> >
> >>>>>>>> Hi,
> >
> >>>>>>>> We've received a JIRA request to get new releases out due to the
> >>>>>>>> recent Spring CVE issue. I think it's reasonable due to the publicity
> >>>>>>>> surrounding the issue, and also we have quite a few issues fixed since
> >>>>>>>> the last releases.
> >
> >>>>>>>> WDYT - can we aim to call a vote in around a week or so?
> >
> >>>>>>>> Colm.
> >
> >
>
> --
> Daniel Kulp
> dkulp@apache.org <ma...@apache.org>
> Talend - https://talend.com <https://talend.com/>
>
Re: Releases soon?
Posted by Daniel Kulp <dk...@apache.org>.
Andriy,
I just tried pushing the update to 1.6.6 to 3.4.x, but it’s failing in the Karaf validation. 1.6.6 apparently requires Jackson 2.13 whereas 3.4 uses 2.11. Thus, the choice is to also upgrade Jackson or keep on 1.6.5. Any thoughts?
Dan
> On Apr 8, 2022, at 10:51 AM, Andriy Redko <dr...@gmail.com> wrote:
>
> Hi Dan,
>
> Sorry for late notice, may I push 1 commit to 3.4.x (Swagger update)
> before the release? Thanks!
>
> Best Regards,
> Andriy Redko
>
> DK> I plan on doing the builds tomorrow. If there are any last minute updates/changes, please get them in ASAP.
>
> DK> Thanks!
> DK> Dan
>
>
>
>
>>> On Apr 7, 2022, at 7:31 AM, Colm O hEigeartaigh <co...@apache.org> wrote:
>
>>> Hi Dan,
>
>>> We are ready to go for 3.5.2 and 3.4.7 whenever you can do the releases.
>
>>> Colm.
>
>>> On Thu, Apr 7, 2022 at 2:36 AM Jim Ma <ma...@gmail.com> wrote:
>
>
>
>>>> On Thu, Apr 7, 2022 at 5:25 AM Andriy Redko <dr...@gmail.com> wrote:
>
>>>>> Hey Colm,
>
>>>>> https://issues.apache.org/jira/browse/CXF-8683 is moved to next release, for
>>>>> https://issues.apache.org/jira/browse/CXF-8668 we already have PRs open, @Jim
>>>>> could you please wrap them up? Thank you!
>
>
>>>> It can be merged. I added these changes to the 3.5.x and 3.4.x branch.
>
>
>
>>>>> Best Regards,
>>>>> Andriy Redko
>
>
>>>>> COh> We still have these two issues as "To Do", shall we defer them to the
>>>>> COh> next release?
>
>>>>> COh> https://issues.apache.org/jira/browse/CXF-8668
>>>>> COh> https://issues.apache.org/jira/browse/CXF-8683
>
>>>>> COh> Colm.
>
>>>>> COh> On Wed, Apr 6, 2022 at 11:33 AM Jim Ma <ma...@gmail.com> wrote:
>
>>>>>>> +1
>
>>>>>>> On Tue, Apr 5, 2022 at 8:59 PM Colm O hEigeartaigh <co...@apache.org> wrote:
>
>>>>>>>> Hi,
>
>>>>>>>> We've received a JIRA request to get new releases out due to the
>>>>>>>> recent Spring CVE issue. I think it's reasonable due to the publicity
>>>>>>>> surrounding the issue, and also we have quite a few issues fixed since
>>>>>>>> the last releases.
>
>>>>>>>> WDYT - can we aim to call a vote in around a week or so?
>
>>>>>>>> Colm.
>
>
--
Daniel Kulp
dkulp@apache.org <ma...@apache.org>
Talend - https://talend.com <https://talend.com/>
Re: Releases soon?
Posted by Andriy Redko <dr...@gmail.com>.
Hi Dan,
Sorry for late notice, may I push 1 commit to 3.4.x (Swagger update)
before the release? Thanks!
Best Regards,
Andriy Redko
DK> I plan on doing the builds tomorrow. If there are any last minute updates/changes, please get them in ASAP.
DK> Thanks!
DK> Dan
>> On Apr 7, 2022, at 7:31 AM, Colm O hEigeartaigh <co...@apache.org> wrote:
>> Hi Dan,
>> We are ready to go for 3.5.2 and 3.4.7 whenever you can do the releases.
>> Colm.
>> On Thu, Apr 7, 2022 at 2:36 AM Jim Ma <ma...@gmail.com> wrote:
>>> On Thu, Apr 7, 2022 at 5:25 AM Andriy Redko <dr...@gmail.com> wrote:
>>>> Hey Colm,
>>>> https://issues.apache.org/jira/browse/CXF-8683 is moved to next release, for
>>>> https://issues.apache.org/jira/browse/CXF-8668 we already have PRs open, @Jim
>>>> could you please wrap them up? Thank you!
>>> It can be merged. I added these changes to the 3.5.x and 3.4.x branch.
>>>> Best Regards,
>>>> Andriy Redko
>>>> COh> We still have these two issues as "To Do", shall we defer them to the
>>>> COh> next release?
>>>> COh> https://issues.apache.org/jira/browse/CXF-8668
>>>> COh> https://issues.apache.org/jira/browse/CXF-8683
>>>> COh> Colm.
>>>> COh> On Wed, Apr 6, 2022 at 11:33 AM Jim Ma <ma...@gmail.com> wrote:
>>>>>> +1
>>>>>> On Tue, Apr 5, 2022 at 8:59 PM Colm O hEigeartaigh <co...@apache.org> wrote:
>>>>>>> Hi,
>>>>>>> We've received a JIRA request to get new releases out due to the
>>>>>>> recent Spring CVE issue. I think it's reasonable due to the publicity
>>>>>>> surrounding the issue, and also we have quite a few issues fixed since
>>>>>>> the last releases.
>>>>>>> WDYT - can we aim to call a vote in around a week or so?
>>>>>>> Colm.
Re: Releases soon?
Posted by Daniel Kulp <dk...@apache.org>.
I plan on doing the builds tomorrow. If there are any last minute updates/changes, please get them in ASAP.
Thanks!
Dan
> On Apr 7, 2022, at 7:31 AM, Colm O hEigeartaigh <co...@apache.org> wrote:
>
> Hi Dan,
>
> We are ready to go for 3.5.2 and 3.4.7 whenever you can do the releases.
>
> Colm.
>
> On Thu, Apr 7, 2022 at 2:36 AM Jim Ma <ma...@gmail.com> wrote:
>>
>>
>>
>> On Thu, Apr 7, 2022 at 5:25 AM Andriy Redko <dr...@gmail.com> wrote:
>>>
>>> Hey Colm,
>>>
>>> https://issues.apache.org/jira/browse/CXF-8683 is moved to next release, for
>>> https://issues.apache.org/jira/browse/CXF-8668 we already have PRs open, @Jim
>>> could you please wrap them up? Thank you!
>>
>>
>> It can be merged. I added these changes to the 3.5.x and 3.4.x branch.
>>
>>>
>>>
>>> Best Regards,
>>> Andriy Redko
>>>
>>>
>>> COh> We still have these two issues as "To Do", shall we defer them to the
>>> COh> next release?
>>>
>>> COh> https://issues.apache.org/jira/browse/CXF-8668
>>> COh> https://issues.apache.org/jira/browse/CXF-8683
>>>
>>> COh> Colm.
>>>
>>> COh> On Wed, Apr 6, 2022 at 11:33 AM Jim Ma <ma...@gmail.com> wrote:
>>>
>>>>> +1
>>>
>>>>> On Tue, Apr 5, 2022 at 8:59 PM Colm O hEigeartaigh <co...@apache.org> wrote:
>>>
>>>>>> Hi,
>>>
>>>>>> We've received a JIRA request to get new releases out due to the
>>>>>> recent Spring CVE issue. I think it's reasonable due to the publicity
>>>>>> surrounding the issue, and also we have quite a few issues fixed since
>>>>>> the last releases.
>>>
>>>>>> WDYT - can we aim to call a vote in around a week or so?
>>>
>>>>>> Colm.
>>>
--
Daniel Kulp
dkulp@apache.org <ma...@apache.org>
Talend - https://talend.com <https://talend.com/>
Re: Releases soon?
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Dan,
We are ready to go for 3.5.2 and 3.4.7 whenever you can do the releases.
Colm.
On Thu, Apr 7, 2022 at 2:36 AM Jim Ma <ma...@gmail.com> wrote:
>
>
>
> On Thu, Apr 7, 2022 at 5:25 AM Andriy Redko <dr...@gmail.com> wrote:
>>
>> Hey Colm,
>>
>> https://issues.apache.org/jira/browse/CXF-8683 is moved to next release, for
>> https://issues.apache.org/jira/browse/CXF-8668 we already have PRs open, @Jim
>> could you please wrap them up? Thank you!
>
>
> It can be merged. I added these changes to the 3.5.x and 3.4.x branch.
>
>>
>>
>> Best Regards,
>> Andriy Redko
>>
>>
>> COh> We still have these two issues as "To Do", shall we defer them to the
>> COh> next release?
>>
>> COh> https://issues.apache.org/jira/browse/CXF-8668
>> COh> https://issues.apache.org/jira/browse/CXF-8683
>>
>> COh> Colm.
>>
>> COh> On Wed, Apr 6, 2022 at 11:33 AM Jim Ma <ma...@gmail.com> wrote:
>>
>> >> +1
>>
>> >> On Tue, Apr 5, 2022 at 8:59 PM Colm O hEigeartaigh <co...@apache.org> wrote:
>>
>> >>> Hi,
>>
>> >>> We've received a JIRA request to get new releases out due to the
>> >>> recent Spring CVE issue. I think it's reasonable due to the publicity
>> >>> surrounding the issue, and also we have quite a few issues fixed since
>> >>> the last releases.
>>
>> >>> WDYT - can we aim to call a vote in around a week or so?
>>
>> >>> Colm.
>>
Re: Releases soon?
Posted by Jim Ma <ma...@gmail.com>.
On Thu, Apr 7, 2022 at 5:25 AM Andriy Redko <dr...@gmail.com> wrote:
> Hey Colm,
>
> https://issues.apache.org/jira/browse/CXF-8683 is moved to next release,
> for
> https://issues.apache.org/jira/browse/CXF-8668 we already have PRs open,
> @Jim
> could you please wrap them up? Thank you!
>
It can be merged. I added these changes to the 3.5.x and 3.4.x branch.
>
> Best Regards,
> Andriy Redko
>
>
> COh> We still have these two issues as "To Do", shall we defer them to the
> COh> next release?
>
> COh> https://issues.apache.org/jira/browse/CXF-8668
> COh> https://issues.apache.org/jira/browse/CXF-8683
>
> COh> Colm.
>
> COh> On Wed, Apr 6, 2022 at 11:33 AM Jim Ma <ma...@gmail.com> wrote:
>
> >> +1
>
> >> On Tue, Apr 5, 2022 at 8:59 PM Colm O hEigeartaigh <co...@apache.org>
> wrote:
>
> >>> Hi,
>
> >>> We've received a JIRA request to get new releases out due to the
> >>> recent Spring CVE issue. I think it's reasonable due to the publicity
> >>> surrounding the issue, and also we have quite a few issues fixed since
> >>> the last releases.
>
> >>> WDYT - can we aim to call a vote in around a week or so?
>
> >>> Colm.
>
>
Re: Releases soon?
Posted by Andriy Redko <dr...@gmail.com>.
Hey Colm,
https://issues.apache.org/jira/browse/CXF-8683 is moved to next release, for
https://issues.apache.org/jira/browse/CXF-8668 we already have PRs open, @Jim
could you please wrap them up? Thank you!
Best Regards,
Andriy Redko
COh> We still have these two issues as "To Do", shall we defer them to the
COh> next release?
COh> https://issues.apache.org/jira/browse/CXF-8668
COh> https://issues.apache.org/jira/browse/CXF-8683
COh> Colm.
COh> On Wed, Apr 6, 2022 at 11:33 AM Jim Ma <ma...@gmail.com> wrote:
>> +1
>> On Tue, Apr 5, 2022 at 8:59 PM Colm O hEigeartaigh <co...@apache.org> wrote:
>>> Hi,
>>> We've received a JIRA request to get new releases out due to the
>>> recent Spring CVE issue. I think it's reasonable due to the publicity
>>> surrounding the issue, and also we have quite a few issues fixed since
>>> the last releases.
>>> WDYT - can we aim to call a vote in around a week or so?
>>> Colm.
Re: Releases soon?
Posted by Colm O hEigeartaigh <co...@apache.org>.
We still have these two issues as "To Do", shall we defer them to the
next release?
https://issues.apache.org/jira/browse/CXF-8668
https://issues.apache.org/jira/browse/CXF-8683
Colm.
On Wed, Apr 6, 2022 at 11:33 AM Jim Ma <ma...@gmail.com> wrote:
>
> +1
>
> On Tue, Apr 5, 2022 at 8:59 PM Colm O hEigeartaigh <co...@apache.org> wrote:
>>
>> Hi,
>>
>> We've received a JIRA request to get new releases out due to the
>> recent Spring CVE issue. I think it's reasonable due to the publicity
>> surrounding the issue, and also we have quite a few issues fixed since
>> the last releases.
>>
>> WDYT - can we aim to call a vote in around a week or so?
>>
>> Colm.
Re: Releases soon?
Posted by Jim Ma <ma...@gmail.com>.
+1
On Tue, Apr 5, 2022 at 8:59 PM Colm O hEigeartaigh <co...@apache.org>
wrote:
> Hi,
>
> We've received a JIRA request to get new releases out due to the
> recent Spring CVE issue. I think it's reasonable due to the publicity
> surrounding the issue, and also we have quite a few issues fixed since
> the last releases.
>
> WDYT - can we aim to call a vote in around a week or so?
>
> Colm.
>
Re: Releases soon?
Posted by Andrey Redko <dr...@gmail.com>.
+1, I will wrap up the open tickets (I think it is only one) today, thanks
Colm!
Best Regards,
Andriy Redko
On Tue, Apr 5, 2022, 9:19 AM Freeman Fang <fr...@gmail.com> wrote:
> +1 to release soon
>
> Thanks!
> Freeman
>
> On Tue, Apr 5, 2022 at 8:59 AM Colm O hEigeartaigh <co...@apache.org>
> wrote:
>
> > Hi,
> >
> > We've received a JIRA request to get new releases out due to the
> > recent Spring CVE issue. I think it's reasonable due to the publicity
> > surrounding the issue, and also we have quite a few issues fixed since
> > the last releases.
> >
> > WDYT - can we aim to call a vote in around a week or so?
> >
> > Colm.
> >
>
Re: Releases soon?
Posted by Freeman Fang <fr...@gmail.com>.
+1 to release soon
Thanks!
Freeman
On Tue, Apr 5, 2022 at 8:59 AM Colm O hEigeartaigh <co...@apache.org>
wrote:
> Hi,
>
> We've received a JIRA request to get new releases out due to the
> recent Spring CVE issue. I think it's reasonable due to the publicity
> surrounding the issue, and also we have quite a few issues fixed since
> the last releases.
>
> WDYT - can we aim to call a vote in around a week or so?
>
> Colm.
>