You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by tn...@apache.org on 2015/11/22 01:37:47 UTC
svn commit: r1715595 - in /commons/proper/collections/trunk:
RELEASE-NOTES.txt src/site/site.xml src/site/xdoc/release_3_2_2.xml
src/site/xdoc/release_4_0.xml src/site/xdoc/release_4_1.xml
Author: tn
Date: Sun Nov 22 00:37:47 2015
New Revision: 1715595
URL: http://svn.apache.org/viewvc?rev=1715595&view=rev
Log:
Update release notes.
Added:
commons/proper/collections/trunk/src/site/xdoc/release_4_1.xml (with props)
Modified:
commons/proper/collections/trunk/RELEASE-NOTES.txt
commons/proper/collections/trunk/src/site/site.xml
commons/proper/collections/trunk/src/site/xdoc/release_3_2_2.xml
commons/proper/collections/trunk/src/site/xdoc/release_4_0.xml
Modified: commons/proper/collections/trunk/RELEASE-NOTES.txt
URL: http://svn.apache.org/viewvc/commons/proper/collections/trunk/RELEASE-NOTES.txt?rev=1715595&r1=1715594&r2=1715595&view=diff
==============================================================================
--- commons/proper/collections/trunk/RELEASE-NOTES.txt (original)
+++ commons/proper/collections/trunk/RELEASE-NOTES.txt Sun Nov 22 00:37:47 2015
@@ -32,7 +32,7 @@ Major changes since 4.0
-----------------------
o Added interface MultiSet (package multiset)
- o Added interface MultiValuedMap, ListValuedMap and SetValuedMap (package multimap)
+ o Added interfaces MultiValuedMap, ListValuedMap and SetValuedMap (package multimap)
o Added fluent API for Iterable instances (class FluentIterable)
Modified: commons/proper/collections/trunk/src/site/site.xml
URL: http://svn.apache.org/viewvc/commons/proper/collections/trunk/src/site/site.xml?rev=1715595&r1=1715594&r2=1715595&view=diff
==============================================================================
--- commons/proper/collections/trunk/src/site/site.xml (original)
+++ commons/proper/collections/trunk/src/site/site.xml Sun Nov 22 00:37:47 2015
@@ -29,6 +29,7 @@
<item name="Security Reports" href="/security-reports.html"/>
<item name="Users guide" href="/userguide.html"/>
<item name="History" href="/history.html"/>
+ <item name="Release Notes v4.1" href="/release_4_1.html"/>
<item name="Release Notes v4.0" href="/release_4_0.html"/>
<item name="Release Notes v3.2.2" href="/release_3_2_2.html"/>
<item name="Javadoc v4.1" href="/javadocs/api-release/index.html"/>
Modified: commons/proper/collections/trunk/src/site/xdoc/release_3_2_2.xml
URL: http://svn.apache.org/viewvc/commons/proper/collections/trunk/src/site/xdoc/release_3_2_2.xml?rev=1715595&r1=1715594&r2=1715595&view=diff
==============================================================================
--- commons/proper/collections/trunk/src/site/xdoc/release_3_2_2.xml (original)
+++ commons/proper/collections/trunk/src/site/xdoc/release_3_2_2.xml Sun Nov 22 00:37:47 2015
@@ -23,9 +23,6 @@
<body>
<section name="Release notes for v3.2.2">
-<p>
-These are the release notes for Commons Collections v3.2.2:
-</p>
<hr />
<p>
Commons collections is a project to develop and maintain collection classes
@@ -43,9 +40,8 @@ an instance of these classes. For more d
<p>
All users are strongly encouraged to updated to this release.
</p>
-<hr />
-<center><h3>COMPATIBILITY</h3></center>
+<h3>Compatibility</h3>
<p>
This release is fully source and binary compatible with v3.2. For changes since the
v3.1 see the <a href="release_3_2.html">v3.2 Release Notes</a>. Note that the method
@@ -53,10 +49,10 @@ v3.1 see the <a href="release_3_2.html">
added.
</p>
-<center><h3>Changes</h3></center>
+<h3>Security Changes</h3>
<table>
<tr>
- <td>COLLECTIONS-580</td>
+ <td><b>COLLECTIONS-580</b></td>
<td>Serialization support for unsafe classes in the functor package is
disabled by default as this can be exploited for remote code execution
attacks. To re-enable the feature the system property
@@ -67,81 +63,9 @@ added.
</tr>
</table>
-<center><h3>Bugfixes</h3></center>
-<table>
-<tr>
- <td>COLLECTIONS-538</td>
- <td>"ExtendedProperties" will now use a privileged action to access the "file.separator" system property.
- In case the class does not have permission to read system properties, the "File#separator" field will
- be used instead. Thanks to Trejkaz.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-447</td>
- <td>Tree traversal with a TreeListIterator will not be affected anymore by
- the removal of an element directly after a call to previous(). Thanks to Jeffrey Barnes.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-444</td>
- <td>SetUniqueList.set(int, Object) now works correctly if the object to be inserted
- is already placed at the given position. Thanks to Thomas Vahrst, John Vasileff.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-350</td>
- <td>Removed debug output in "MapUtils#getNumber(Map)". Thanks to Michael Akerman.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-335</td>
- <td>Fixed cache assignment for "TreeBidiMap#entrySet". Thanks to sebb.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-334</td>
- <td>Synchronized access to lock in "StaticBucketMap#size()". Thanks to sebb.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-307</td>
- <td>"SetUniqueList#subList()#contains(Object)" will now correctly check the subList
- rather than the parent list. Thanks to Christian Semrau.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-304</td>
- <td>"SetUniqueList#set(int, Object)" will now correctly enforce the uniqueness constraint.
- Thanks to Rafa? Figas,Bjorn Townsend.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-294</td>
- <td>"CaseInsensitiveMap" will now convert input strings to lower-case in a
- locale-independent manner. Thanks to Benjamin Bentmann.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-266</td>
- <td>"MultiKey" will now be correctly serialized/de-serialized. Thanks to Joerg Schaible.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-261</td>
- <td>"Flat3Map#remove(Object)" will now return the correct value mapped to the removed key
- if the size of the map is less or equal 3. Thanks to ori.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-249</td>
- <td>"SetUniqueList.addAll(int, Collection)" now correctly add the collection at the
- provided index. Thanks to Joe Kelly.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-228</td>
- <td>"MultiValueMap#put(Object, Object)" and "MultiValueMap#putAll(Object, Collection)"
- now correctly return if the map has changed by this operation.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-219</td>
- <td>"CollectionUtils#removeAll" wrongly called "ListUtils#retainAll". Thanks to Tom Leccese.</td>
-</tr>
-<tr>
- <td>COLLECTIONS-217</td>
- <td>Calling "setValue(Object)" on any Entry returned by a "Flat3Map" will now
- correctly set the value for the current entry. Thanks to Matt Bishop.</td>
-</tr>
-</table>
-
+<p>
+For a full list of changes in this release, refer to the <a href="changes-report.html#a3.2.2">Change report</a>.
+</p>
</section>
</body>
Modified: commons/proper/collections/trunk/src/site/xdoc/release_4_0.xml
URL: http://svn.apache.org/viewvc/commons/proper/collections/trunk/src/site/xdoc/release_4_0.xml?rev=1715595&r1=1715594&r2=1715595&view=diff
==============================================================================
--- commons/proper/collections/trunk/src/site/xdoc/release_4_0.xml (original)
+++ commons/proper/collections/trunk/src/site/xdoc/release_4_0.xml Sun Nov 22 00:37:47 2015
@@ -23,9 +23,6 @@
<body>
<section name="Release notes for v4.0">
-<p>
-These are the release notes for Commons Collections v4.0:
-</p>
<hr />
<p>
Commons collections is a project to develop and maintain collection classes based on and inspired
@@ -50,9 +47,8 @@ These release notes will try to guide yo
should remember that this is a new API based on the original, so some concepts
have changed.
</p>
-<hr />
-<center><h3>Compatibility</h3></center>
+<h3>Compatibility</h3>
<ul>
<li>Java 5 or later is required</li>
<li>This release is <b>not</b> source or binary compatible with previous releases of
@@ -60,7 +56,7 @@ have changed.
preceding alpha releases for 4.0 (see details of changes below)</li>
</ul>
-<center><h3>Major changes since 3.2.1</h3></center>
+<h3>Major changes since 3.2.1</h3>
<ul>
<li>Use of generics and other language features introduced in Java 5 (varargs, Iterable)</li>
<li>Removed deprecated classes / methods and features which are now supported by the JDK</li>
@@ -69,7 +65,7 @@ have changed.
<li>Added new Trie interface together with an implementation of a Patricia Trie</li>
</ul>
-<center><h3>Removed Classes</h3></center>
+<h3>Removed Classes</h3>
<ul>
<li>Removed unused class "AbstractUntypedCollectionDecorator"</li>
<li>Removed "Buffer" interface and all its implementations and related classes.
@@ -96,7 +92,7 @@ have changed.
<li>Removed deprecated collection classes and methods</li>
</ul>
-<center><h3>New Classes</h3></center>
+<h3>New Classes</h3>
<ul>
<li>CollectionSortedBag - decorates a SortedBag to make it comply with the Collection contract.</li>
<li>CollectionBag - decorates another Bag to make it comply with the Collection contract.</li>
@@ -122,7 +118,7 @@ have changed.
<li>SplitMapUtils / splitmap.TransformedSplitMap - utilities and implementation for split maps</li>
</ul>
-<center><h3>Enhancements</h3></center>
+<h3>Enhancements</h3>
<ul>
<li>Added CollectionsUtils#matchesAll(Iterable, Predicate) to test if all elements of a collection match a given predicate.</li>
<li>ListUtils#longestCommonSubsequence(...) to get the longest common subsequence of arbitrary lists or CharSequences.</li>
@@ -154,7 +150,7 @@ have changed.
<li>Added support for resettable iterators in "IteratorIterable". Thanks to Dusan Chromy.</li>
</ul>
-<center><h3>Changed classes / methods</h3></center>
+<h3>Changed classes / methods</h3>
<ul>
<li>Resolved generic parameter inconsistency for various static fields, e.g. BagUtils.EMPTY_BAG,
TruePredicate.INSTANCE and many others. All accessible static fields use raw types so that
@@ -206,7 +202,7 @@ have changed.
<li>ArrayStack is now deprecated and will be removed in the next major release. It is replaced by the java.util.Deque interface available from Java 6.</li>
</ul>
-<center><h3>Bugfixes</h3></center>
+<h3>Bugfixes</h3>
<ul>
<li>"CollectionBag" will now also respect the contract of the decorated bag in case a null argument is provided to either removeAll or retainAll.</li>
<li>Fixed collision detection/resolution when calling "CompositeSet#addComposited(...)" with more than one Set as argument.</li>
Added: commons/proper/collections/trunk/src/site/xdoc/release_4_1.xml
URL: http://svn.apache.org/viewvc/commons/proper/collections/trunk/src/site/xdoc/release_4_1.xml?rev=1715595&view=auto
==============================================================================
--- commons/proper/collections/trunk/src/site/xdoc/release_4_1.xml (added)
+++ commons/proper/collections/trunk/src/site/xdoc/release_4_1.xml Sun Nov 22 00:37:47 2015
@@ -0,0 +1,76 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<document>
+ <properties>
+ <title>Release notes for v4.1</title>
+ <author email="dev@commons.apache.org">Commons Documentation Team</author>
+ </properties>
+<body>
+
+<section name="Release notes for v4.1">
+<hr />
+<p>
+Apache Commons Collections is a project to develop and maintain collection
+classes based on and inspired by the JDK collection framework.
+</p>
+<p>
+This v4.1 release is a minor and security release, fixing several bugs present in
+previous releases of the 4.X branch. Additionally, this release provides a mitigation
+for a known remote code exploitation via the standard java object serialization
+mechanism. Serialization support for unsafe classes in the functor package has been
+completely removed (classes do not implement the Serializable interface anymore).
+For more details, please refer to COLLECTIONS-580.
+</p>
+<p>
+All users are strongly encouraged to updated to this release.
+</p>
+
+<h3>Compatibility</h3>
+<ul>
+ <li>Java 6 or later is now required (previous version 4.0 required Java 5)</li>
+ <li>This release is source and binary compatible with the previous 4.0 release
+ of Commons Collections with the exception that some classes in the functor
+ package do not implement the Serializable interface anymore (see COLLECTIONS-580)</li>
+</ul>
+
+<center><h3>Major changes since 4.0</h3></center>
+<ul>
+<li>Added interface MultiSet (package multiset)</li>
+<li>Added interfaces MultiValuedMap, ListValuedMap and SetValuedMap (package multimap)</li>
+<li>Added fluent API for Iterable instances (class FluentIterable)</li>
+</ul>
+
+<h3>Security Changes</h3>
+<table>
+<tr>
+ <td><b>COLLECTIONS-580</b></td>
+ <td>Serialization support for unsafe classes in the functor package has been
+ removed completely as this can be exploited for remote code execution
+ attacks. Classes considered to be unsafe are: CloneTransformer, ForClosure,
+ InstantiateFactory, InstantiateTransformer, InvokerTransformer,
+ PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure.</td>
+</tr>
+</table>
+
+<p>
+For a full list of changes in this release, refer to the <a href="changes-report.html#a4.1">Change report</a>.
+</p>
+</section>
+
+</body>
+</document>
Propchange: commons/proper/collections/trunk/src/site/xdoc/release_4_1.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: commons/proper/collections/trunk/src/site/xdoc/release_4_1.xml
------------------------------------------------------------------------------
svn:keywords = Id Revision HeadURL
Propchange: commons/proper/collections/trunk/src/site/xdoc/release_4_1.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml