codehaus


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [VOTE] Release Apache Commons FileUpload 1.4 based on RC2


Hello,

+1

(checked jar cheksums, , compiled java11/mvn3.3.1 on win10, read Reports)

With nits, there is a „No client code changes are required to migrate from version 1.3.0 to 1.3.1.“ sentence which could be removed in the release notes and could be replaced by „1.4 removed serialisation for security, might be a change you Need to accomodate for“ or something like this?

Should we add a „Fixed in 1.4 section“ in the security report only to document that the serialisation and System property are gone? (we had quite some discussion…)


Bernd
Good Holidays everyone
-- 
http://bernd.eckenfels.net

Von: Rob Tompkins
Gesendet: Montag, 24. Dezember 2018 08:23
An: Commons Developers List
Betreff: [VOTE] Release Apache Commons FileUpload 1.4 based on RC2

We have fixed quite a few bugs and added some significant enhancements since Apache Commons FileUpload 1.3.3 was released, so I would like to release Apache Commons FileUpload 1.4.

Apache Commons FileUpload 1.4 RC2 is available for review here:
    https://dist.apache.org/repos/dist/dev/commons/fileupload/1.4-RC2 (svn revision 31675)

The Git tag commons-fileupload-1.4-RC2 commit for this RC is 047f31576411beee69cf75584ae76531cc9ac753 which you can browse here:
    https://github.com/apache/commons-fileupload/releases/tag/commons-fileupload-1.4-RC2

Maven artifacts are here:
    https://repository.apache.org/content/repositories/orgapachecommons-1404/commons-fileupload/commons-fileupload/1.4/

These are the Maven artifacts and their hashes in Nexus:

#Nexus SHA-1s
commons-fileupload-1.4.jar=f95188e3d372e20e7328706c37ef366e5d7859b0
commons-fileupload-1.4-test-sources.jar=fbccf3978e3a3c3d08df96a8d1b7174b298e35d8
commons-fileupload-1.4.pom=65112009d674333c1acfafb4e198ff250d710764
commons-fileupload-1.4-tests.jar=8c3335b84d252a422546aaf82e716dc73cfc2e48
commons-fileupload-1.4-sources.jar=d50ee98902746c6a351662fa8b728189d1a30e90
commons-fileupload-1.4-javadoc.jar=bd6061c92eaa54a63d35acc4f36182893a679cef

#Release SHA-256s
#Mon Dec 24 02:07:07 EST 2018
commons-fileupload-1.4-src-tar.gz=4eb7d03ecc48d62d72fde877df321df0f9288b3eb4119f8471417a303a9c0871
commons-fileupload-1.4-bin-tar.gz=7df64e29e8424a44b6741ddaa0d35766b94d8a56df1f7354a6ee5c491fd96eab
commons-fileupload-1.4-src-zip=43ea130373f3b827c9322caf62d858e73dc430c55a5ab26a95f0554097c37b2d
commons-fileupload-1.4-bin-zip=ff1e8c581b462913f90b95791f58a97d5ffb48dd8ab1ed94229714573d0ceed7

I have tested this with 'mvn clean test package site' using: 
Apache Maven 3.6.0 (97c98ec64a1fdfee7767ce5ffb20918da4f719f3; 2018-10-24T14:41:47-04:00)
Maven home: /usr/local/Cellar/maven/3.6.0/libexec
Java version: 1.8.0_191, vendor: Oracle Corporation, runtime: /Library/Java/JavaVirtualMachines/jdk1.8.0_191.jdk/Contents/Home/jre
Default locale: en_US, platform encoding: UTF-8
OS name: "mac os x", version: "10.14.1", arch: "x86_64", family: "mac"

Details of changes since 1.3.3 are in the release notes:
    https://dist.apache.org/repos/dist/dev/commons/fileupload/1.4-RC2/RELEASE-NOTES.txt
    https://dist.apache.org/repos/dist/dev/commons/fileupload/1.4-RC2/site/changes-report.html

Site:
    https://dist.apache.org/repos/dist/dev/commons/fileupload/1.4-RC2/site
    (note some *relative* links are broken and the 1.4 directories are not yet created - these will be OK once the site is deployed.)

CLIRR Report (compared to 1.3.3): We expect there to be 3 failures here.
    https://dist.apache.org/repos/dist/dev/commons/fileupload/1.4-RC2/site/clirr-report.html
    
RAT Report:
    https://dist.apache.org/repos/dist/dev/commons/fileupload/1.4-RC2/site/rat-report.html

KEYS:
  https://www.apache.org/dist/commons/KEYS

Please review the release candidate and vote.
This vote will close no sooner that 72 hours from now.

  [ ] +1 Release these artifacts
  [ ] +0 OK, but...
  [ ] -0 OK, but really should fix...
  [ ] -1 I oppose this release because...

Thank you,

Rob Tompkins, 
Release Manager (using key B6E73D84EA4FCC47166087253FAAD2CD5ECBB314)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, e-mail: dev-help@xxxxxxxxxxxxxxxxxx