Hi Gary, On 26.07.2025 23:04, Gary Gregory wrote: > JApiCmp Report (compared to 1.27.1): > > https://dist.apache.org/repos/dist/dev/commons/compress/1.28.0-RC1/site/japicmp.html
+1 (binding): release the artifacts. I conducted the following checks: - Verified checksums and signatures for source and binary archives. - Reproduced the Maven artifacts using: Debian 12, Maven 3.9.9, JDK 21, TZ=UTC, and umask 0022. - Ran unit tests successfully. - Reviewed the RAT (license) report. - Reviewed API compatibility using JApiCmp and confirmed results with BND Baseline. The JApiCmp report is somewhat tricky to interpret, as it lists several methods as `REMOVED`: https://dist.apache.org/repos/dist/dev/commons/compress/1.28.0-RC1/site/japicmp.html In reality, these methods have been *relocated*, not removed: - `ArchiveOutputStream` and `CompressorOutputStream`: methods were moved to the new `CompressFilterOutputStream` class. - `LZ77Compressor.BackReference`, `LiteralBlock`, and `EOD`: affected methods were moved to `LZ77Compressor.AbstractReference`. Note: The Javadoc for `AbstractReference` appears to be copy-pasted and lacks an `@since 1.28.0` annotation. To confirm binary compatibility, I ran a BND Baseline check, and the results were satisfactory. Comments on the release notes: - The notes are extremely detailed, listing individual additions like `GzipParameters.getModificationInstant` and `setModificationInstant`. - They also include minor documentation and Javadoc improvements. - While this level of granularity might be appreciated by contributors, it may be hard for users outside the project to quickly assess the significance of the release. Some grouping would be very appreciated. Since this release indirectly “addresse” a *non-exploitable* CVE in `commons-lang3`, it may be helpful to highlight changes such as deprecations, especially for users who enforce strict policies against using deprecated methods. Best regards, Piotr --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
