[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [VOTE] Release Apache Commons FileUpload 1.4 based on RC2



(checked jar cheksums, , compiled java11/mvn3.3.1 on win10, read Reports)

With nits, there is a „No client code changes are required to migrate from version 1.3.0 to 1.3.1.“ sentence which could be removed in the release notes and could be replaced by „1.4 removed serialisation for security, might be a change you Need to accomodate for“ or something like this?

Should we add a „Fixed in 1.4 section“ in the security report only to document that the serialisation and System property are gone? (we had quite some discussion…)

Good Holidays everyone

Von: Rob Tompkins
Gesendet: Montag, 24. Dezember 2018 08:23
An: Commons Developers List
Betreff: [VOTE] Release Apache Commons FileUpload 1.4 based on RC2

We have fixed quite a few bugs and added some significant enhancements since Apache Commons FileUpload 1.3.3 was released, so I would like to release Apache Commons FileUpload 1.4.

Apache Commons FileUpload 1.4 RC2 is available for review here: (svn revision 31675)

The Git tag commons-fileupload-1.4-RC2 commit for this RC is 047f31576411beee69cf75584ae76531cc9ac753 which you can browse here:

Maven artifacts are here:

These are the Maven artifacts and their hashes in Nexus:

#Nexus SHA-1s

#Release SHA-256s
#Mon Dec 24 02:07:07 EST 2018

I have tested this with 'mvn clean test package site' using: 
Apache Maven 3.6.0 (97c98ec64a1fdfee7767ce5ffb20918da4f719f3; 2018-10-24T14:41:47-04:00)
Maven home: /usr/local/Cellar/maven/3.6.0/libexec
Java version: 1.8.0_191, vendor: Oracle Corporation, runtime: /Library/Java/JavaVirtualMachines/jdk1.8.0_191.jdk/Contents/Home/jre
Default locale: en_US, platform encoding: UTF-8
OS name: "mac os x", version: "10.14.1", arch: "x86_64", family: "mac"

Details of changes since 1.3.3 are in the release notes:

    (note some *relative* links are broken and the 1.4 directories are not yet created - these will be OK once the site is deployed.)

CLIRR Report (compared to 1.3.3): We expect there to be 3 failures here.
RAT Report:


Please review the release candidate and vote.
This vote will close no sooner that 72 hours from now.

  [ ] +1 Release these artifacts
  [ ] +0 OK, but...
  [ ] -0 OK, but really should fix...
  [ ] -1 I oppose this release because...

Thank you,

Rob Tompkins, 
Release Manager (using key B6E73D84EA4FCC47166087253FAAD2CD5ECBB314)
To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxxxx