976
91f09c1a is described below
commit 91f09c1ae3432051b6d94ab0ec3f0becf3de08ea
Author: Mark Thomas
AuthorDate: Mon Jun 16 13:30:14 2025 +0100
Add information for CVE-2025-48976
---
RELEASE-NOTES.txt | 2 +-
src/changes/changes.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-
+1 (binding)
Mark
On 13/06/2025 21:08, Gary Gregory wrote:
We have fixed two (2) bugs since Apache Commons FileUpload 2.0.0-M3
was released, so I would like to release Apache Commons FileUpload
2.0.0-M4. This is a 24-hour release vote.
Apache Commons FileUpload 2.0.0-M4 RC1 is available for r
On 26/03/2025 08:55, libstech-auto (via GitHub) wrote:
This bot just earned themselves an ASF-wide ban from GitHub.
Mark
libstech-auto opened a new pull request, #497:
URL: https://github.com/apache/commons-imaging/pull/497
This PR adds a libs.tech recommendation badge to the README, hig
The following votes were cast:
Binding:
+1: markt, ggregory, chtompki
No other votes were cast.
The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@co
Just a reminder that this VOTE is still open. It has 2 +1 votes so far.
Mark
On 07/01/2025 15:20, Mark Thomas wrote:
We have fixed a few bugs and added enhancements since Apache Commons
Daemon 1.4.0 was released, so I would like to release Apache Commons
Daemon 1.4.1.
Apache Commons Daemon
^ ~~~
arguments.c:464:5: warning: switch condition has boolean value [-Wswitch-bool]
464 | switch (par) {
| ^ ~~~
arguments.c:475:5: warning: switch condition has boolean value [-Wswitch-bool]
475 | switch (par) {
| ^ ~~~
3 warnings generated.
Then I
onf) if building from git
149d986 is described below
commit 149d986f62df24813ea7d1aec05489b776aae651
Author: Mark Thomas
AuthorDate: Tue Jan 7 17:27:51 2025 +
Automake is required (not just Autoconf) if building from git
---
src/native/unix/INSTALL.txt | 2 +-
1 file changed, 1 insertio
oks simple. Since I
am cleaning things up I'll see if I can clean those up too.
Then I was also able to build the 64-binaries but not the fat binaries
(I must be missing something)
I will try Windows next.
Great. Tx for all the testing.
Mark
Gary.
On Tue, Jan 7, 2025 at 12:22 PM M
el Version 24.2.0: Fri Dec 6
19:03:40 PST 2024; root:xnu-11215.61.5~2/RELEASE_ARM64_T6041 arm64
Docker version 27.3.1, build ce12230
On Tue, Jan 7, 2025 at 10:21 AM Mark Thomas wrote:
We have fixed a few bugs and added enhancements since Apache Commons
Daemon 1.4.0 was released, so I would
On 07/01/2025 15:20, Mark Thomas wrote:
We have fixed a few bugs and added enhancements since Apache Commons
Daemon 1.4.0 was released, so I would like to release Apache Commons
Daemon 1.4.1.
[X] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix
.
This vote will close no sooner than 72 hours from now.
[ ] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Thank you,
Mark Thomas,
Release Manager (using key 10C01C5A2F6059E7)
For following is intended as a helper
Hi all,
Just a quick heads up that I'll be starting the release process for
DAEMON shortly. I'm not sure if I'll end up tagging today or tomorrow -
it depends how long it takes me to check that everything is ready for
the tag.
Mark
--
:
new 38034853 Fix tests that current fail on Java 20 onwards
38034853 is described below
commit 38034853592f21d4c2ca9f0987fe416d3cf9552f
Author: Mark Thomas
AuthorDate: Tue Nov 26 18:53:28 2024 +
Fix tests that current fail on Java 20 onwards
FYI. This was breaking Gump builds when
On 20/08/2024 13:01, Gary Gregory wrote:
The Apache Commons Team is pleased to announce Commons Compress version 1.27.1.
Apache Commons Compress defines an API for working with compression
and archive formats. These include bzip2, gzip, pack200, LZMA, XZ,
Snappy, traditional Unix Compress, DEFLA
ads/master by this push:
new a343dd4 tab -> 8 spaces, fix indent
a343dd4 is described below
commit a343dd4be0aea8c1352b557e73ab61acbfeca5a0
Author: Mark Thomas
AuthorDate: Thu Jun 20 14:21:27 2024 +0100
tab -> 8 spaces, fix indent
---
src/native/windows/apps/prunsrv/prunsrv.c |
The Apache Commons Team is pleased to announce the availability of
Apache Commons Daemon 1.4.0
The Apache Commons Daemon software library provides a generic Daemon
(unix) or Service (Windows) wrapper for Java code.
Version 1.4.0 raises the minimum supported version of Java to Java 8 and
Windows
ks to everyone who contributed to this release.
Mark
On 17/05/2024 19:05, Mark Thomas wrote:
We have fixed a few bugs, added enhancements and updated the minimum
Java and Windows version since Apache Commons Daemon 1.3.4 was released,
so I would like to release Apache Commons Daemon 1.4.0.
A
On 17/05/2024 19:05, Mark Thomas wrote:
[X] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Signatures confirmed for Windows binaries.
Tested successfully with Tomcat 11.0.x build.
Mark
1.4.0-RC1/source/
https://dist.apache.org/repos/dist/dev/commons/daemon/1.4.0-RC1/binaries/
Gary
On Fri, May 17, 2024 at 2:06 PM Mark Thomas wrote:
We have fixed a few bugs, added enhancements and updated the minimum
Java and Windows version since Apache Commons Daemon 1.3.4 was released,
so I
close no sooner than 72 hours from now.
[ ] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Thank you,
Mark Thomas,
Release Manager (using key 10C01C5A2F6059E7)
For following is intended as a helper and refresher
Set them as false positives or just ignore them.
Mark
On 17/05/2024 15:09, Gary Gregory wrote:
Mark and all:
Is there anything smile to do to appease the warnings "Wrong type of
arguments to formatting function" in see
https://github.com/apache/commons-daemon/security/code-scanning ?
TY
Gary
being rate limited. You should received it in the next few hours.
Mark
On 10/08/2023 09:48, Mark Thomas wrote:
Hi all,
In an effort to trace the idiot that set up whatever process is
triggering these messages directly to anyone who posts to the dev list I
will be sending out some test mes
noise.
Mark
On 07/08/2023 15:40, Gilles Sadowski wrote:
Le lun. 7 août 2023 à 16:38, Gilles Sadowski a écrit :
Le lun. 7 août 2023 à 10:46, Mark Thomas a écrit :
Got the error message. To help me play hunt the subscriber, can anyone
provide information on when this behaviour started?
I
Reject it. And document the existing behavior.
Mark
On 09/08/2023 19:52, Gary Gregory wrote:
Hi all,
Any thoughts on https://github.com/apache/commons-codec/pull/197
Gary
-
To unsubscribe, e-mail: dev-unsubscr...@commons.
Got the error message. To help me play hunt the subscriber, can anyone
provide information on when this behaviour started?
Thanks,
Mark
On 07/08/2023 09:44, Mark Thomas wrote:
".invalid" is something that the ASF adds to addresses.
See https://infra.apach
".invalid" is something that the ASF adds to addresses.
See https://infra.apache.org/blog/dmarc_filtering_on_lists_that.html
Hopefully I'll get a similar error message from gitlab in response to
this. I'll see if I can track down which mailing list subscriber is
triggering it.
Mark
On 06/08
On 21/07/2023 16:18, Gary Gregory wrote:
Now that 2.0.0-M1 is out the door, let's talk about Java platform requirements.
I propose that for 2.0.0, FileUpload be bumped from Java 8 to 11, if not 17.
+1 for Java 17
Mark
If you are going to ask why, see my reply in the [pool] thread
(https:/
On 28/06/2023 14:16, Gary Gregory wrote:
Hi All and Phil.
I haven't been that involved in Pool recently but Pool remains a key
dependency for Tomcat (via DBCP).
The main driver here was two combine keeping binary compatibility
_and_ benefit call sites of the API by _not_ having to catch Exc
Harvey,
Where did you find the task below? It looks like data from the old "help
wanted" system and I thought that had been disabled some time ago.
The task was created ~7 years ago so is somewhat out of date. Commons
Daemon has since moved to git
https://github.com/apache/commons-daemon/
The Apache Commons Team is pleased to announce the availability of
Apache Commons Daemon 1.3.4.
The Apache Commons Daemon software library provides a generic Daemon
(unix) or Service (Windows) wrapper for Java code.
Version 1.3.4 is a bugfix release.
A full list of changes can be found at
https
The following votes were cast:
Binding:
+1: ggregory, markt, kinow
No other votes were cast. The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@common
On 05/05/2023 11:27, Mark Thomas wrote:
Please review the release candidate and vote.
This vote will close no sooner than 72 hours from now.
[X] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Mark
lation. This can be obtained from:
https://github.com/mturk/cmsc
Version: 15.0.44"
Is this true for this release?
Gary
On 2023/05/05 10:27:23 Mark Thomas wrote:
We have fixed a few bugs since Apache Commons Daemon 1.3.3 was released,
so I would like to release Apache Commons Daemon 1.3.4.
Apa
github.com/mturk/cmsc
Version: 15.0.44"
Is this true for this release?
Yes.
Mark
Gary
On 2023/05/05 10:27:23 Mark Thomas wrote:
We have fixed a few bugs since Apache Commons Daemon 1.3.3 was released,
so I would like to release Apache Commons Daemon 1.3.4.
Apache Commons Daem
ter/src/changes/changes.xml#L43
Mark
Gary
On Fri, May 5, 2023, 06:31 Gary Gregory wrote:
The release notes are empty.
Gary
On Fri, May 5, 2023, 06:27 Mark Thomas wrote:
We have fixed a few bugs since Apache Commons Daemon 1.3.3 was released,
so I would like to release Apache Commons Daemon
OK, but really should fix...
[ ] -1 I oppose this release because...
Thank you,
Mark Thomas,
Release Manager (using key 10C01C5A2F6059E7)
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e
On 04/05/2023 16:44, Zhang, Cynthia X. (GSFC-710.0)[BOOZ ALLEN HAMILTON]
wrote:
Hello, my name is Cynthia Zhang and I am a Supply Chain Risk Management Analyst
at NASA. NASA is currently conducting a supply chain assessment of Commons
Text. We are interested in confirming the following informat
Looks plausible to me (or did you mean a different Mark?).
Mark
On 10/04/2023 15:13, Gary D. Gregory wrote:
Mark and all,
Any thoughts on https://github.com/apache/commons-bcel/pull/177 ?
Gary
-
To unsubscribe, e-mail: dev-
"Apache-Maven/3.8.4 (Java 1.8.0_362; Linux
5.19.0-32-generic)"
* "userId" = "markt"
* "ip" = "81.159.69.115"
*Details:*
The orgapachecommons-1621 staging repository has been dropped.
Action performed by Mark Thomas (markt)
---
CVE-2023-24998 Apache Commons FileUpload - DoS with excessive parts
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Commons FileUpload 1.0-beta-1 to 1.4
Description:
Apache Commons FileUpload before 1.5 does not limit the number of
request parts to be proc
The Apache Commons Team is pleased to announce the release of
Apache Commons FileUpload 1.5.
The Commons FileUpload software library makes it easy to add
robust, high-performance, file upload capability to your servlets
and web applications.
Source and binary distributions are available for do
The following votes were cast:
Binding:
+1: kinow, markt, ggregory
No other votes were cast.
The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@commo
Ping. One more PMC member vote required.
Mark
On 01/02/2023 12:57, Mark Thomas wrote:
We have fixed a few bugs and added some small enhancements since
FileUpload 1.4 was released, so I would like to release FileUpload 1.5.
FileUpload 1.5 RC1 is available for review here:
https
On 01/02/2023 12:57, Mark Thomas wrote:
Please review the release candidate and vote.
This vote will close no sooner that 72 hours from now,
i.e. sometime after 13:00 UTC 4 Feb 2023
[X] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose
We have fixed a few bugs and added some small enhancements since
FileUpload 1.4 was released, so I would like to release FileUpload 1.5.
FileUpload 1.5 RC1 is available for review here:
https://dist.apache.org/repos/dist/dev/commons/fileupload/1.5-RC1
(svn revision 59794)
The tag is here:
https
On 03/01/2023 09:52, Mark Thomas wrote:
On 15/12/2022 18:54, Jochen Wiedmann wrote:
On Wed, Dec 14, 2022 at 12:20 PM Mark Thomas wrote:
- Delete the b2_0 branch
- Move the head of the b1_4 branch to the 1.4 tag
- Update the b1_4 branch for development of 1.4.1
(or should that be 1.5 and
On 15/12/2022 18:54, Jochen Wiedmann wrote:
On Wed, Dec 14, 2022 at 12:20 PM Mark Thomas wrote:
- Delete the b2_0 branch
- Move the head of the b1_4 branch to the 1.4 tag
- Update the b1_4 branch for development of 1.4.1
(or should that be 1.5 and start a new branch?)
- Back-port my
On 16/12/2022 13:24, Gary Gregory wrote:
Thank you Richard for starting this thread.
My view is simpler perhaps: I would not make this about the javax vs
Jakarta namespaces.
I don't want to double the numbers of jars we produce from the same branch
for affected components as one of the scheme p
On 14/12/2022 12:12, Gilles Sadowski wrote:
Hi.
Le mer. 14 déc. 2022 à 12:25, Gary Gregory a écrit :
I would create a branch called "1.x" instead and bump the version in the
POM to 1.5.0.
FYI, I've been using the x.y.z version format in most of not all components
I work on, I find that it se
Hi all,
I was looking into the possibility of back-porting my recent file count
limit change to 1.4 and I think the Github branch is rather out of sync.
Using gitk to explore the history, the last commit on the b1_4 branch
was eed3e5 on 2017-06-03
But the 1.4 tag is at 047f315 on 2018-12-28
The following votes were cast:
Binding:
+1: ggregory, markt, kinow
No other votes were cast.
The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
On 23/11/2022 20:45, Mark Thomas wrote:
We have fixed a few bugssince Apache Commons Daemon 1.3.2 was released
On 23/11/2022 20:45, Mark Thomas wrote:
Please review the release candidate and vote.
This vote will close no sooner than 72 hours from now.
[X] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Tested with
,
Mark Thomas,
Release Manager (using key 10C01C5A2F6059E7)
For following is intended as a helper and refresher for reviewers.
Validating a release candidate
==
These guidelines are NOT complete.
Requirements: Git, Java, Maven.
You can validate a release from a release
No. We only had the RC1 tag for 1.3.2. This just creates a duplicate tag
for that version without the RC1 suffix.
But I did spot the need for it while preparing for 1.3.3-RC1.
Mark
On 23/11/2022 19:34, Gary Gregory wrote:
Don't you mean 1.3.3?
Gary
On Wed, Nov 23, 2022, 14:32 wrote:
This
ven the high number of issues
and high false positive rate.
Mark
Best,
Oliver
On Sun, 20 Nov 2022 at 21:24, Mark Thomas wrote:
Hi Oliver,
The following are a couple of (hopefully) low hanging fruit that will
smooth a couple of rough edges. These aren't the biggest issues - just
something
Hi all,
This is just a heads up.
I've just fixed a bug in DAEMON so I am expecting to tag 1.3.3 tomorrow
so the next round of Tomcat releases can pick up a version of Daemon
with the fix.
Mark
-
To unsubscribe, e-mail: dev-
On 22/11/2022 13:10, Gary D. Gregory wrote:
I am concerned that the recent fixes we've made through OSS fuzz and code
inspection to validate input are semantically incorrect: The verifier should
catch these errors, not the construction of Java objects. This could be a case
where fuzzing and lo
a call to walk through your
concerns and reach a good outcome.
Best regards,
--
Oliver
On Thu, 17 Nov 2022 at 06:56, Mark Thomas <mailto:ma...@apache.org>> wrote:
I haven't forgotten about this. I am currently working through the open
issues. I want to complete first that
APIs to tackle best. There was already some valuable feedback for
Apache Tomcat in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53153.
Let us extend this collaboration. We can discuss and agree on the attack
vectors in apache-commons components.
Best regards
Roman
On Thu, Nov 10, 2022 at
ns.apache.org>"
as primary contact. OSS-Fuzz could have some additional
documentation for that. @Oliver Chang <mailto:och...@google.com> do
you have any ideas here?
Best regards
Roman
On Tue, Nov 8, 2022 at 5:56 PM Mark Thomas mailto:ma...@apache.org>> wro
egory wrote:
Sounds good.
Gary
On Tue, Nov 8, 2022, 10:07 Mark Thomas wrote:
There has been no response to this email from anyone from Code
Intelligence.
Unless there are objections from the Apache Commons Community my next
step will be to submit a PR to have the following modules removed
.
Mark
On 19/10/2022 10:56, Mark Thomas wrote:
Hi,
You are receiving this email as you are currently configured as the
recipients for oss-fuzz reports for Apache Commons JXPath.
As per the discussion on the Apache Commons dev list[1], please make the
following configuration changes to the
On 31/10/2022 14:03, Henri Biestro wrote:
Let's restrict this discussion to the case of 'authenticated and authorised
users' of an 'enterprise platform'.
When we talk about 'unsafe input' vs 'safe input', I'm still confused about
what this actually entails. Let's assume we want those users to
On 26/10/2022 08:58, Henri Biestro wrote:
Fair points, thank you. They seem to lead into the point of view that JEXL (or
any scripting solution?) should not expose any feature that could be considered
security-related avoiding the CVE potential turmoils alltogether. Trusted
sanitised input is
On 24/10/2022 19:54, Gary Gregory wrote:
The problem is that you sent your message from what I assume is a bogus
email reply address: p...@wolfgang-jung.net.invalid
No, the ".invalid" was added by the ASF mail servers.
See: https://blogs.apache.org/infra/entry/dmarc_filtering_on_lists_that
We
On 24/10/2022 17:02, Henri Biestro (Apache) wrote:
Hello Commons;
JEXL-381 is an attempt at making JEXL's default more secure or at least
less 'permeable' wrt to the application/platform/JVM/file-system/host that
runs it. Based on JexlPermissions - a crude security visibility manager -,
this res
Hi,
You are receiving this email as you are currently configured as the
recipients for oss-fuzz reports for Apache Commons JXPath.
As per the discussion on the Apache Commons dev list[1], please make the
following configuration changes to the oss-fuzz integrations with
immediate effect:
-
On 15/10/2022 17:12, Mark Thomas wrote:
On 11/10/2022 16:25, Mike Drob wrote:
Thanks for this outline, Mark. Some questions in line.
Mike
On Tue, Oct 11, 2022 at 6:13 AM Mark Thomas wrote:
Roman - don't do anything yet.
Commons folk, I suggest the following which is based on how we
On 11/10/2022 16:25, Mike Drob wrote:
Thanks for this outline, Mark. Some questions in line.
Mike
On Tue, Oct 11, 2022 at 6:13 AM Mark Thomas wrote:
Roman - don't do anything yet.
Commons folk, I suggest the following which is based on how we have
oss-fuzz setup on Tomcat.
1. Cre
l check that information with the team.
However, I am really happy that there is some interest in
fixing the
RCE. I
have verified the vulnerability and for me it seems to be a
valid
RCE. @Mark Thomas should we continue to discuss further
details
via
secur...@apache.org?
Best regards
Roman
Hmm.
There are various red flags here that suggest to me that this issue is
likely not valid.
1. The source is oss-fuzz. I have been dealing with oss-fuzz issues for
Apache Tomcat and so far out of the 30+ issues raised (the majority
marked as security relevant) not one of the issues was a v
The Apache Commons Team is pleased to announce the availability of
Apache Commons Daemon 1.3.2.
The Apache Commons Daemon software library provides a generic Daemon
(unix) or Service (Windows) wrapper for Java code.
Version 1.3.2 is a bugfix release.
A full list of changes can be found at
https
The following votes were cast:
Binding:
+1: markt, linow, ggregory
No other votes were cast.
The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
On 05/10/2022 15:36, Mark Thomas wrote:
We have fixed a few bugs since Apache Commons Daemon 1.3.1 was released
On 05/10/2022 15:36, Mark Thomas wrote:
Please review the release candidate and vote.
This vote will close no sooner than 72 hours from now.
[X] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Mark
...
[ ] -1 I oppose this release because...
Thank you,
Mark Thomas,
Release Manager (using key 10C01C5A2F6059E7)
For following is intended as a helper and refresher for reviewers.
Validating a release candidate
==
These guidelines are NOT complete.
Requirements
I'll try and take a look this month.
Mark
On 04/10/2022 12:47, Gary Gregory wrote:
Hi Mark or anyone,
Do you have any time for releasing Daemon to pick up the logging fix?
Thank you,
Gary
-
To unsubscribe, e-mail: dev-unsu
The Apache Commons Team is pleased to announce the availability of
Apache Commons Daemon 1.3.1.
The Apache Commons Daemon software library provides a generic Daemon
(unix) or Service (Windows) wrapper for Java code.
Version 1.3.1 is a mainly bugfix release.
A full list of changes can be found a
On 05/05/2022 14:04, Gary Gregory wrote:
Can't build the site due to https://issues.apache.org/jira/browse/RAT-300
The JDepend plugin has a similar issue.
For the benefit of the archives I built both the RAT plugin and JDepend
plugin from source and then built the site for the 1.3.1 release
The following votes were cast:
Binding:
+1: kinow, markt, ggregory
The vote therefore passes.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
On 03/05/2022 16:43, Mark Thomas wrote:
[X] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Tested with Tomcat 10.1.x
Mark
-
To
Done.
Thanks for the patch.
Mark
On 04/05/2022 06:56, Bo YU wrote:
Hi,
Please add support for riscv64 arch.
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1010381;filename=riscv64.diff;msg=5
If you need me to do more tests on real riscv64 hardware, please let me
know,
Thank you.
B
://www.apache.org/dist/commons/KEYS
Please review the release candidate and vote.
This vote will close no sooner than 72 hours from now.
[ ] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Thank you,
Mark Thomas
Hi all,
This is a heads up I'm planning a Daemon 1.3.1 release soon. I want to
finish off the work on the log messages and then tag. I expect that will
be either later today or early next week.
Mark
-
To unsubscribe, e-mail:
On 16/03/2022 17:53, sebb wrote:
As the subject says.
We currently use separate directories for binaries and source, each of
which may contain multiple versions.
This is a bit awkward to maintain compared with a directory per
release which would contain both binaries and source.
I think we sho
On 16/03/2022 15:48, sebb wrote:
As for DBCP, I wonder if there are likely to be any updates to the
earlier versions of Pool?
Seems unlikely.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional co
The Apache Commons Team is pleased to announce the availability of
Apache Commons Daemon 1.3.0.
The Apache Commons Daemon software library provides a generic Daemon
(unix) or Service (Windows) wrapper for Java code.
Version 1.3.0 is a mainly bugfix release but also increases the minimum
Java ve
The following votes were cast:
Binding:
+1: ggregory, markt, kinow
No other votes were cast. The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
On 11/03/2022 13:32, Mark Thomas wrote:
Since the 1.2.4 release, the minimum Java version has been updated to
On 11/03/2022 13:32, Mark Thomas wrote:
Please review the release candidate and vote.
This vote will close no sooner that 72 hours from now.
[X] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Tested with
at:
mvn deploy -Dcommons.release.isDistModule=true -Prelease
didn't complete cleanly but didn't appear to affect the release
artifacts. I've now figured out that was due to MNG-7316 and I'll add an
note to HOW-TO-RELEASE.txt for future reference.
Mark
Gary
On Fri, Mar 11, 2022, 08:32 Ma
that 72 hours from now.
[ ] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[ ] -1 I oppose this release because...
Thank you,
Mark Thomas,
Release Manager (using key 10C01C5A2F6059E7
Hi all,
Just a heads up that I'm planning on tagging Daemon 1.3.0 soon -
probably tomorrow.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-daemon.git
commit af00cbc3095e1798b3122a48ffe0d0c9d43d035d
Author: Mark Thomas
AuthorDate: Thu Feb 24 18:09:33 2022 +
This vote has been cancelled as the consensus is that the next version
needs to be 1.30 rather than 1.2.5.
Mark
On 27/01/2022 22:29, Mark Thomas wrote:
We have fixed a few bugs and added some enhancements since Apache
Commons Daemon 1.2.4 was released, so I would like to release Apache
On 27/01/2022 22:29, Mark Thomas wrote:
Please review the release candidate and vote.
This vote will close no sooner than 72 hours from now.
[ ] +1 Release these artifacts
[ ] +0 OK, but...
[ ] -0 OK, but really should fix...
[X] -1 I oppose this release because...
The minimum
can figure out why the release process didn't create
the structure for dist.
Mark
?
Gary
On Thu, Jan 27, 2022, 17:29 Mark Thomas wrote:
We have fixed a few bugs and added some enhancements since Apache
Commons Daemon 1.2.4 was released, so I would like to release Apache
Commons D
We have fixed a few bugs and added some enhancements since Apache
Commons Daemon 1.2.4 was released, so I would like to release Apache
Commons Daemon 1.2.5.
Apache Commons Daemon 1.2.5 RC1 is available for review here:
https://dist.apache.org/repos/dist/dev/commons/daemon/1.2.5-RC1
(svn rev
ource
28eb33b is described below
commit 28eb33b5b3551de2e630a4cb59dc3bc5506f8114
Author: Mark Thomas
AuthorDate: Wed Jan 5 19:07:51 2022 +
Update MXBean for use of Duration with BasicDataSource
---
.../org/apache/commons/dbcp2/BasicDataSource.java | 7 ++
.../org/apache/commons/
On 29/12/2021 15:04, Gary Gregory wrote:
On Wed, Dec 29, 2021 at 9:37 AM Rob Tompkins wrote:
Why not just run dependabot weekly. We move slowly enough that weekly
currently works. Until we can get more hands on the project, slower comms
are indeed reasonable…right?
I would be OK with it onc
+1
And it isn't just the notifications an upgrade is available. The
associated GitHub emails are just as much of a problem.
The Versions Maven Plugin would be a much better solution to this problem.
- Run it once as part of the pre-release process.
- One commit to apply all pending updates.
-
On 25/11/2021 08:21, Lukasz Lenart wrote:
Hi,
I wonder what do you think about dropping commons-ognl project? This
was supposed to be the next major version (4.x) but there was no
activity in the project for a long time. Also migrating all the
changes from the previous Github version is rather a
1 - 100 of 828 matches
Mail list logo
