[SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.

2019-08-14 Thread Rob Tompkins
CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default. Severity: Medium Vendor: The Apache Software Foundation Versions Affected: commons-beanutils-1.9.3 and earlier Description: A special BeanIntrospector class was added in version 1.9

[ANNOUNCE] Commons BeanUtils 1.9.4 Released

2019-08-14 Thread Rob Tompkins
The Apache Commons Team is pleased to announce the release of Apache Commons BeanUtils 1.9.4. The Apache Commons BeanUtils open source software library provides easy-to-use wrappers around the Java reflection and introspection APIs. Source and binary distributions are available for download from

Re: [All] Source Repo page

2019-08-14 Thread Pascal Schumacher
+1 Am 12.08.2019 um 14:48 schrieb Gary Gregory: Hi All, I'm thinking that our components source repo page should also include a link to the GitHub version of the repo. Thoughts? Gary - To unsubscribe, e-mail: dev-unsubscr

[VOTE][RESULT] Release Apache Commons VFS Project 2.4.1 based on RC1

2019-08-14 Thread Gary Gregory
This VOTE passes with the following +1 binding votes: - Bruno P. Kinoshita - Rob Tompkins - Gary Gregory Otto Fowler cast a +1 non-binding vote. Thank you all! Gary On Tue, Aug 13, 2019 at 6:50 PM Rob Tompkins wrote: > +1 all ok, builds to site on java 8, tests out on java 11. > > > On Au

Re: [VOTE] Release Apache Commons VFS Project 2.4.1 based on RC1

2019-08-14 Thread Gary Gregory
My +1 Gary On Sun, Aug 11, 2019 at 5:50 AM Gary Gregory wrote: > We have fixed 2 bugs and enhanced Javadocs since Apache Commons VFS 2.4 > was released, so I would like to release Apache Commons VFS 2.4.1. > > Apache Commons VFS 2.4.1 RC1 is available for review here: > https://dist.apache.

Re: [compress] Need Feedback for COMPRESS-479

2019-08-14 Thread Gary Gregory
We all understood each other in a brief email thread, remarkable! :-) Gary On Wed, Aug 14, 2019 at 9:00 AM Matt Sicker wrote: > Yes, I think you understand us. A strategy pattern with default sensible > strategies to choose. > > On Wed, Aug 14, 2019 at 06:08, Stefan Bodewig wrote: > > > On 201

Re: [compress] Need Feedback for COMPRESS-479

2019-08-14 Thread Matt Sicker
Yes, I think you understand us. A strategy pattern with default sensible strategies to choose. On Wed, Aug 14, 2019 at 06:08, Stefan Bodewig wrote: > On 2019-08-13, Matt Sicker wrote: > > > The enum makes sense. Are there any feasible ways to, say, configure > > some sort of handler class that c

Re: [compress] Need Feedback for COMPRESS-479

2019-08-14 Thread Stefan Bodewig
On 2019-08-13, Matt Sicker wrote: > The enum makes sense. Are there any feasible ways to, say, configure > some sort of handler class that can implement logic around unknown > fields? Not really. The only extension point here currently is plugging in your own implementations of ZipExtraField via