You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by Michael Osipov <mi...@apache.org> on 2021/06/23 08:02:35 UTC
Maven 3.8.x
Folks,
I'd like to proceed with 3.8.x since there are a few issues which users
would like to see addressed.
I went through the issues in 4.0.0-alpha-1 and would like to evaluate
the following to be back ported to 3.8.x branch:
https://issues.apache.org/jira/browse/MNG-5669
https://issues.apache.org/jira/browse/MNG-5868
https://issues.apache.org/jira/browse/MNG-6071
https://issues.apache.org/jira/browse/MNG-6160
https://issues.apache.org/jira/browse/MNG-6737
https://issues.apache.org/jira/browse/MNG-6767
https://issues.apache.org/jira/browse/MNG-6819
https://issues.apache.org/jira/browse/MNG-6824
https://issues.apache.org/jira/browse/MNG-6828
https://issues.apache.org/jira/browse/MNG-6842
https://issues.apache.org/jira/browse/MNG-6850
https://issues.apache.org/jira/browse/MNG-6921
https://issues.apache.org/jira/browse/MNG-6937
https://issues.apache.org/jira/browse/MNG-6964
https://issues.apache.org/jira/browse/MNG-6983
https://issues.apache.org/jira/browse/MNG-6991
https://issues.apache.org/jira/browse/MNG-7000
https://issues.apache.org/jira/browse/MNG-7034
https://issues.apache.org/jira/browse/MNG-7057
Almost all are bugfixes.
Do you see any other issues need to be back ported? Any objects for those?
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Maven 3.8.x
Posted by Hervé BOUTEMY <he...@free.fr>.
ok, I'm now fully convinced: thanks Robert
Le mercredi 23 juin 2021, 19:40:14 CEST Robert Scholte a écrit :
> MNG-5669 contains lambda and IIRC there was a follow up improvement by
> Guillaume.
>
> MNG-6824 contains method references.
>
> I think both are more improvements than bugs.
> Before MNG-5669 Maven read a dependency that was also part of the reactor
> again. Result was the same, just spilling time.
>
> Before MNG-6824 the way ModelMerger was used one didn't hit the issue, but
> with build/consumer it did.
>
> So I don't consider these as regressions and would prefer not to take the
> risks of cherrypicking.
>
> Robert
> On 23-6-2021 19:19:44, Hervé BOUTEMY <he...@free.fr> wrote:
> IIUC, DefaultModelBuilder fundamental change was done on June 22 2020:
> https://github.com/apache/maven/commit/bdec668de9c600165bb69c95b6ea0625d9f74
> fb0
>
> before that point in time, there is no issue, isn't it?
> then I imagine MNG-5669 and MNG-6824 are safe to cherry pick?
>
> Regards,
>
> Hervé
>
> Le mercredi 23 juin 2021, 11:10:18 CEST Robert Scholte a écrit :
> > I would avoid cherrypicking any commit related to the DefaultModelBuilder,
> > this is just not the same class anymore. Also don't try to add fixes that
> > has been done with Java 8 features.
> >
> > To make your life easier I would focus on regressions only.
> >
> > So I would at least NOT try to include:
> > - MNG-5669
> > - MNG-6160
> > - MNG-6824
> >
> > Robert
> >
> >
> > On 23-6-2021 10:02:52, Michael Osipov wrote:
> > Folks,
> >
> > I'd like to proceed with 3.8.x since there are a few issues which users
> > would like to see addressed.
> > I went through the issues in 4.0.0-alpha-1 and would like to evaluate
> > the following to be back ported to 3.8.x branch:
> >
> > https://issues.apache.org/jira/browse/MNG-5669
> > https://issues.apache.org/jira/browse/MNG-5868
> > https://issues.apache.org/jira/browse/MNG-6071
> > https://issues.apache.org/jira/browse/MNG-6160
> > https://issues.apache.org/jira/browse/MNG-6737
> > https://issues.apache.org/jira/browse/MNG-6767
> > https://issues.apache.org/jira/browse/MNG-6819
> > https://issues.apache.org/jira/browse/MNG-6824
> > https://issues.apache.org/jira/browse/MNG-6828
> > https://issues.apache.org/jira/browse/MNG-6842
> > https://issues.apache.org/jira/browse/MNG-6850
> > https://issues.apache.org/jira/browse/MNG-6921
> > https://issues.apache.org/jira/browse/MNG-6937
> > https://issues.apache.org/jira/browse/MNG-6964
> > https://issues.apache.org/jira/browse/MNG-6983
> > https://issues.apache.org/jira/browse/MNG-6991
> > https://issues.apache.org/jira/browse/MNG-7000
> > https://issues.apache.org/jira/browse/MNG-7034
> > https://issues.apache.org/jira/browse/MNG-7057
> >
> > Almost all are bugfixes.
> > Do you see any other issues need to be back ported? Any objects for those?
> >
> > Michael
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> > For additional commands, e-mail: dev-help@maven.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Maven 3.8.x
Posted by Robert Scholte <rf...@apache.org>.
MNG-5669 contains lambda and IIRC there was a follow up improvement by Guillaume.
MNG-6824 contains method references.
I think both are more improvements than bugs.
Before MNG-5669 Maven read a dependency that was also part of the reactor again. Result was the same, just spilling time.
Before MNG-6824 the way ModelMerger was used one didn't hit the issue, but with build/consumer it did.
So I don't consider these as regressions and would prefer not to take the risks of cherrypicking.
Robert
On 23-6-2021 19:19:44, Hervé BOUTEMY <he...@free.fr> wrote:
IIUC, DefaultModelBuilder fundamental change was done on June 22 2020:
https://github.com/apache/maven/commit/bdec668de9c600165bb69c95b6ea0625d9f74fb0
before that point in time, there is no issue, isn't it?
then I imagine MNG-5669 and MNG-6824 are safe to cherry pick?
Regards,
Hervé
Le mercredi 23 juin 2021, 11:10:18 CEST Robert Scholte a écrit :
> I would avoid cherrypicking any commit related to the DefaultModelBuilder,
> this is just not the same class anymore. Also don't try to add fixes that
> has been done with Java 8 features.
>
> To make your life easier I would focus on regressions only.
>
> So I would at least NOT try to include:
> - MNG-5669
> - MNG-6160
> - MNG-6824
>
> Robert
>
>
> On 23-6-2021 10:02:52, Michael Osipov wrote:
> Folks,
>
> I'd like to proceed with 3.8.x since there are a few issues which users
> would like to see addressed.
> I went through the issues in 4.0.0-alpha-1 and would like to evaluate
> the following to be back ported to 3.8.x branch:
>
> https://issues.apache.org/jira/browse/MNG-5669
> https://issues.apache.org/jira/browse/MNG-5868
> https://issues.apache.org/jira/browse/MNG-6071
> https://issues.apache.org/jira/browse/MNG-6160
> https://issues.apache.org/jira/browse/MNG-6737
> https://issues.apache.org/jira/browse/MNG-6767
> https://issues.apache.org/jira/browse/MNG-6819
> https://issues.apache.org/jira/browse/MNG-6824
> https://issues.apache.org/jira/browse/MNG-6828
> https://issues.apache.org/jira/browse/MNG-6842
> https://issues.apache.org/jira/browse/MNG-6850
> https://issues.apache.org/jira/browse/MNG-6921
> https://issues.apache.org/jira/browse/MNG-6937
> https://issues.apache.org/jira/browse/MNG-6964
> https://issues.apache.org/jira/browse/MNG-6983
> https://issues.apache.org/jira/browse/MNG-6991
> https://issues.apache.org/jira/browse/MNG-7000
> https://issues.apache.org/jira/browse/MNG-7034
> https://issues.apache.org/jira/browse/MNG-7057
>
> Almost all are bugfixes.
> Do you see any other issues need to be back ported? Any objects for those?
>
> Michael
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Maven 3.8.x
Posted by Hervé BOUTEMY <he...@free.fr>.
IIUC, DefaultModelBuilder fundamental change was done on June 22 2020:
https://github.com/apache/maven/commit/bdec668de9c600165bb69c95b6ea0625d9f74fb0
before that point in time, there is no issue, isn't it?
then I imagine MNG-5669 and MNG-6824 are safe to cherry pick?
Regards,
Hervé
Le mercredi 23 juin 2021, 11:10:18 CEST Robert Scholte a écrit :
> I would avoid cherrypicking any commit related to the DefaultModelBuilder,
> this is just not the same class anymore. Also don't try to add fixes that
> has been done with Java 8 features.
>
> To make your life easier I would focus on regressions only.
>
> So I would at least NOT try to include:
> - MNG-5669
> - MNG-6160
> - MNG-6824
>
> Robert
>
>
> On 23-6-2021 10:02:52, Michael Osipov <mi...@apache.org> wrote:
> Folks,
>
> I'd like to proceed with 3.8.x since there are a few issues which users
> would like to see addressed.
> I went through the issues in 4.0.0-alpha-1 and would like to evaluate
> the following to be back ported to 3.8.x branch:
>
> https://issues.apache.org/jira/browse/MNG-5669
> https://issues.apache.org/jira/browse/MNG-5868
> https://issues.apache.org/jira/browse/MNG-6071
> https://issues.apache.org/jira/browse/MNG-6160
> https://issues.apache.org/jira/browse/MNG-6737
> https://issues.apache.org/jira/browse/MNG-6767
> https://issues.apache.org/jira/browse/MNG-6819
> https://issues.apache.org/jira/browse/MNG-6824
> https://issues.apache.org/jira/browse/MNG-6828
> https://issues.apache.org/jira/browse/MNG-6842
> https://issues.apache.org/jira/browse/MNG-6850
> https://issues.apache.org/jira/browse/MNG-6921
> https://issues.apache.org/jira/browse/MNG-6937
> https://issues.apache.org/jira/browse/MNG-6964
> https://issues.apache.org/jira/browse/MNG-6983
> https://issues.apache.org/jira/browse/MNG-6991
> https://issues.apache.org/jira/browse/MNG-7000
> https://issues.apache.org/jira/browse/MNG-7034
> https://issues.apache.org/jira/browse/MNG-7057
>
> Almost all are bugfixes.
> Do you see any other issues need to be back ported? Any objects for those?
>
> Michael
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Maven 3.8.x
Posted by Robert Scholte <rf...@apache.org>.
I would avoid cherrypicking any commit related to the DefaultModelBuilder, this is just not the same class anymore.
Also don't try to add fixes that has been done with Java 8 features.
To make your life easier I would focus on regressions only.
So I would at least NOT try to include:
- MNG-5669
- MNG-6160
- MNG-6824
Robert
On 23-6-2021 10:02:52, Michael Osipov <mi...@apache.org> wrote:
Folks,
I'd like to proceed with 3.8.x since there are a few issues which users
would like to see addressed.
I went through the issues in 4.0.0-alpha-1 and would like to evaluate
the following to be back ported to 3.8.x branch:
https://issues.apache.org/jira/browse/MNG-5669
https://issues.apache.org/jira/browse/MNG-5868
https://issues.apache.org/jira/browse/MNG-6071
https://issues.apache.org/jira/browse/MNG-6160
https://issues.apache.org/jira/browse/MNG-6737
https://issues.apache.org/jira/browse/MNG-6767
https://issues.apache.org/jira/browse/MNG-6819
https://issues.apache.org/jira/browse/MNG-6824
https://issues.apache.org/jira/browse/MNG-6828
https://issues.apache.org/jira/browse/MNG-6842
https://issues.apache.org/jira/browse/MNG-6850
https://issues.apache.org/jira/browse/MNG-6921
https://issues.apache.org/jira/browse/MNG-6937
https://issues.apache.org/jira/browse/MNG-6964
https://issues.apache.org/jira/browse/MNG-6983
https://issues.apache.org/jira/browse/MNG-6991
https://issues.apache.org/jira/browse/MNG-7000
https://issues.apache.org/jira/browse/MNG-7034
https://issues.apache.org/jira/browse/MNG-7057
Almost all are bugfixes.
Do you see any other issues need to be back ported? Any objects for those?
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Maven 3.8.x
Posted by Michael Osipov <mi...@apache.org>.
Am 2021-06-25 um 00:40 schrieb Michael Osipov:
> Am 2021-06-25 um 00:26 schrieb Falko Modler:
>> Hi,
>>
>> I'd like to suggest an update of maven-shared-utils to at least 3.3.3
>> due to security issue https://issues.apache.org/jira/browse/MSHARED-297.
>> Quarkus is using parts of Maven that bring in maven-shared-utils 3.2.1
>> and we received complaints by users:
>> https://github.com/quarkusio/quarkus/issues/18050
>> In the short term, we'll most likely override that version in Quarkus,
>> but the clean solution would be in Maven itself.
>
> MNG-7177.
I had to close this because this needs to be done on tandem with Jansi
update. It requires a bit more effort.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Maven 3.8.x
Posted by Michael Osipov <mi...@apache.org>.
Am 2021-06-25 um 00:26 schrieb Falko Modler:
> Hi,
>
> I'd like to suggest an update of maven-shared-utils to at least 3.3.3
> due to security issue https://issues.apache.org/jira/browse/MSHARED-297.
> Quarkus is using parts of Maven that bring in maven-shared-utils 3.2.1
> and we received complaints by users:
> https://github.com/quarkusio/quarkus/issues/18050
> In the short term, we'll most likely override that version in Quarkus,
> but the clean solution would be in Maven itself.
MNG-7177.
> Also, I'm not sure about the status of
> https://github.com/apache/maven/pull/413 which fixes a relatively
> widespread concurrency issue in context of aggregating plugin goals.
I will need to take a look at this again.
@Robert, you and Guillaume have approved the PR, so do you think we can
add this to alpha 1?
M
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Maven 3.8.x
Posted by Falko Modler <f....@gmx.net>.
Hi,
I'd like to suggest an update of maven-shared-utils to at least 3.3.3
due to security issue https://issues.apache.org/jira/browse/MSHARED-297.
Quarkus is using parts of Maven that bring in maven-shared-utils 3.2.1
and we received complaints by users:
https://github.com/quarkusio/quarkus/issues/18050
In the short term, we'll most likely override that version in Quarkus,
but the clean solution would be in Maven itself.
Also, I'm not sure about the status of
https://github.com/apache/maven/pull/413 which fixes a relatively
widespread concurrency issue in context of aggregating plugin goals.
Cheers,
Falko
Am 23.06.2021 um 10:02 schrieb Michael Osipov:
> Folks,
>
> I'd like to proceed with 3.8.x since there are a few issues which
> users would like to see addressed.
> I went through the issues in 4.0.0-alpha-1 and would like to evaluate
> the following to be back ported to 3.8.x branch:
>
> https://issues.apache.org/jira/browse/MNG-5669
> https://issues.apache.org/jira/browse/MNG-5868
> https://issues.apache.org/jira/browse/MNG-6071
> https://issues.apache.org/jira/browse/MNG-6160
> https://issues.apache.org/jira/browse/MNG-6737
> https://issues.apache.org/jira/browse/MNG-6767
> https://issues.apache.org/jira/browse/MNG-6819
> https://issues.apache.org/jira/browse/MNG-6824
> https://issues.apache.org/jira/browse/MNG-6828
> https://issues.apache.org/jira/browse/MNG-6842
> https://issues.apache.org/jira/browse/MNG-6850
> https://issues.apache.org/jira/browse/MNG-6921
> https://issues.apache.org/jira/browse/MNG-6937
> https://issues.apache.org/jira/browse/MNG-6964
> https://issues.apache.org/jira/browse/MNG-6983
> https://issues.apache.org/jira/browse/MNG-6991
> https://issues.apache.org/jira/browse/MNG-7000
> https://issues.apache.org/jira/browse/MNG-7034
> https://issues.apache.org/jira/browse/MNG-7057
>
> Almost all are bugfixes.
> Do you see any other issues need to be back ported? Any objects for
> those?
>
> Michael
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Maven 3.8.x
Posted by Robert Scholte <rf...@apache.org>.
It is probably easier to do a backport of maven-shared-utils with the vulnerability fix.
Robert
On 27-6-2021 00:48:00, Michael Osipov <mi...@apache.org> wrote:
Folks,
I have now back ported a lot of issues to maven-3.8.x which aren't
related to resume, producer/consumer, etc. Many are just an output of
Resolver update, no code changes in Maven itself.
The following are open now:
1. MNG-7034: waiting for a backport from gnodet@ since my humble try did
not work
2. Without MNG-6965 I see MNG-7115 constantly.
3. Jansi/maven-shared-utils upgrade:
> https://issues.apache.org/jira/issues/?jql=project%20%3D%2012316922%20AND%20fixVersion%20%3D%2012349448%20%20AND%20(summary%20~%20jansi%20OR%20text%20~%20jansi)%20and%20issuekey%20not%20in%20(MNG-6915%2CMNG-7087%2CMNG-6914)%20ORDER%20BY%20priority%20DESC%2C%20key%20ASC
Looks like a lot, but most are fixed by Jansi upgrade.
Anyone wants to help out with Jansi?
I see no further issues from master worth/possible back porting to
maven-3.8.x. It we can resolve those from above, I'd start a release in
July.
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Maven 3.8.x
Posted by Michael Osipov <mi...@apache.org>.
Folks,
I have now back ported a lot of issues to maven-3.8.x which aren't
related to resume, producer/consumer, etc. Many are just an output of
Resolver update, no code changes in Maven itself.
The following are open now:
1. MNG-7034: waiting for a backport from gnodet@ since my humble try did
not work
2. Without MNG-6965 I see MNG-7115 constantly.
3. Jansi/maven-shared-utils upgrade:
> https://issues.apache.org/jira/issues/?jql=project%20%3D%2012316922%20AND%20fixVersion%20%3D%2012349448%20%20AND%20(summary%20~%20jansi%20OR%20text%20~%20jansi)%20and%20issuekey%20not%20in%20(MNG-6915%2CMNG-7087%2CMNG-6914)%20ORDER%20BY%20priority%20DESC%2C%20key%20ASC
Looks like a lot, but most are fixed by Jansi upgrade.
Anyone wants to help out with Jansi?
I see no further issues from master worth/possible back porting to
maven-3.8.x. It we can resolve those from above, I'd start a release in
July.
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Maven 3.8.x
Posted by Martin Kanters <ma...@apache.org>.
I don't have any objections with backporting those bugfixes, but I'm not
sure whether MNG-6160 will work without MNG-4660. See Maarten's analysis in
the comments [1]. We'll have to re-check that bug when preparing the 3.8.x
release.
[1] https://issues.apache.org/jira/browse/MNG-6160
Op wo 23 jun. 2021 om 10:02 schreef Michael Osipov <mi...@apache.org>:
> Folks,
>
> I'd like to proceed with 3.8.x since there are a few issues which users
> would like to see addressed.
> I went through the issues in 4.0.0-alpha-1 and would like to evaluate
> the following to be back ported to 3.8.x branch:
>
> https://issues.apache.org/jira/browse/MNG-5669
> https://issues.apache.org/jira/browse/MNG-5868
> https://issues.apache.org/jira/browse/MNG-6071
> https://issues.apache.org/jira/browse/MNG-6160
> https://issues.apache.org/jira/browse/MNG-6737
> https://issues.apache.org/jira/browse/MNG-6767
> https://issues.apache.org/jira/browse/MNG-6819
> https://issues.apache.org/jira/browse/MNG-6824
> https://issues.apache.org/jira/browse/MNG-6828
> https://issues.apache.org/jira/browse/MNG-6842
> https://issues.apache.org/jira/browse/MNG-6850
> https://issues.apache.org/jira/browse/MNG-6921
> https://issues.apache.org/jira/browse/MNG-6937
> https://issues.apache.org/jira/browse/MNG-6964
> https://issues.apache.org/jira/browse/MNG-6983
> https://issues.apache.org/jira/browse/MNG-6991
> https://issues.apache.org/jira/browse/MNG-7000
> https://issues.apache.org/jira/browse/MNG-7034
> https://issues.apache.org/jira/browse/MNG-7057
>
> Almost all are bugfixes.
> Do you see any other issues need to be back ported? Any objects for those?
>
> Michael
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
>