You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@commons.apache.org by "Merrill, Greg" <gm...@onenetwork.com.INVALID> on 2021/06/02 16:29:26 UTC

[COMPRESS] release plan for commons-compress 1.21?

Hello - I'm inquiring to see if there is any planned upcoming release of commons-compress 1.21?

To elaborate, I have a project uses commons-compress 1.20.  But there are some security-related vulnerabilities in 1.20 reported by JFrog X-Ray, mostly coming from findings by the "oss-fuzz" project.  These have actually been fixed in the commons-compress git repo already, but are not yet released.

I'm trying to find out if there is any plan to release 1.21 in the near- to mid-term, or if I should build my own commons-compress snapshot release if I need those fixes.  Appreciate any guidance you might have.

Here are the specific fixes in question:

  *   https://github.com/apache/commons-compress/commit/26924e96c7730db014c310757e11c9359db07f3e
  *   https://github.com/apache/commons-compress/commit/882c6dd12473d7b615d503e08fd6b866d0f866d5
  *   https://github.com/apache/commons-compress/commit/d15c285941351958a902265aeacdc151fa98c127


Thanks,
Greg Merrill
Platform Architect,  One Network Enterprises
gmerrill@onenetwork.com
office: (972) 455-3514    cell: (214) 450-8239

This document contains ONE Network Enterprises Proprietary and Confidential Business Information and is intended solely for the use and information of the person and/or company to whom it is addressed.  It may not be duplicated or published without the written consent of One Network.

Re: [COMPRESS] release plan for commons-compress 1.21?

Posted by Olivier Lamy <ol...@apache.org>.

Hi
I would be interested as well by a release including those commits (with
this one as well
https://github.com/apache/commons-compress/commit/51265b23722d9ce2262d68979ce7dbb79b94f430
)
Technically I'm still PMC, I can volunteer but you have to point me in the
right procedure.
Thanks
Olivier


On Thu, 3 Jun 2021 at 09:45, Gary Gregory <ga...@gmail.com> wrote:

> This is no release schedule at this time. As you may know we are volunteers
> with varying levels of free time. Stay tuned though.
>
> Gary
>
>
> On Wed, Jun 2, 2021, 14:21 Merrill, Greg <gm...@onenetwork.com.invalid>
> wrote:
>
> > Hello - I'm inquiring to see if there is any planned upcoming release of
> > commons-compress 1.21?
> >
> > To elaborate, I have a project uses commons-compress 1.20.  But there are
> > some security-related vulnerabilities in 1.20 reported by JFrog X-Ray,
> > mostly coming from findings by the "oss-fuzz" project.  These have
> actually
> > been fixed in the commons-compress git repo already, but are not yet
> > released.
> >
> > I'm trying to find out if there is any plan to release 1.21 in the near-
> > to mid-term, or if I should build my own commons-compress snapshot
> release
> > if I need those fixes.  Appreciate any guidance you might have.
> >
> > Here are the specific fixes in question:
> >
> >   *
> >
> https://github.com/apache/commons-compress/commit/26924e96c7730db014c310757e11c9359db07f3e
> >   *
> >
> https://github.com/apache/commons-compress/commit/882c6dd12473d7b615d503e08fd6b866d0f866d5
> >   *
> >
> https://github.com/apache/commons-compress/commit/d15c285941351958a902265aeacdc151fa98c127
> >
> >
> > Thanks,
> > Greg Merrill
> > Platform Architect,  One Network Enterprises
> > gmerrill@onenetwork.com
> > office: (972) 455-3514    cell: (214) 450-8239
> >
> > This document contains ONE Network Enterprises Proprietary and
> > Confidential Business Information and is intended solely for the use and
> > information of the person and/or company to whom it is addressed.  It may
> > not be duplicated or published without the written consent of One
> Network.
> >
> >
>


-- 
Olivier Lamy
http://twitter.com/olamy | http://linkedin.com/in/olamy

Re: [COMPRESS] release plan for commons-compress 1.21?

Posted by Gary Gregory <ga...@gmail.com>.

This is no release schedule at this time. As you may know we are volunteers
with varying levels of free time. Stay tuned though.

Gary


On Wed, Jun 2, 2021, 14:21 Merrill, Greg <gm...@onenetwork.com.invalid>
wrote:

> Hello - I'm inquiring to see if there is any planned upcoming release of
> commons-compress 1.21?
>
> To elaborate, I have a project uses commons-compress 1.20.  But there are
> some security-related vulnerabilities in 1.20 reported by JFrog X-Ray,
> mostly coming from findings by the "oss-fuzz" project.  These have actually
> been fixed in the commons-compress git repo already, but are not yet
> released.
>
> I'm trying to find out if there is any plan to release 1.21 in the near-
> to mid-term, or if I should build my own commons-compress snapshot release
> if I need those fixes.  Appreciate any guidance you might have.
>
> Here are the specific fixes in question:
>
>   *
> https://github.com/apache/commons-compress/commit/26924e96c7730db014c310757e11c9359db07f3e
>   *
> https://github.com/apache/commons-compress/commit/882c6dd12473d7b615d503e08fd6b866d0f866d5
>   *
> https://github.com/apache/commons-compress/commit/d15c285941351958a902265aeacdc151fa98c127
>
>
> Thanks,
> Greg Merrill
> Platform Architect,  One Network Enterprises
> gmerrill@onenetwork.com
> office: (972) 455-3514    cell: (214) 450-8239
>
> This document contains ONE Network Enterprises Proprietary and
> Confidential Business Information and is intended solely for the use and
> information of the person and/or company to whom it is addressed.  It may
> not be duplicated or published without the written consent of One Network.
>
>