A more reasonable and measured article that appeared in JavaWorld:
http://www.javaworld.com/article/3003197/security/library-misuse-exposes-leading-java-platforms-to-attack.html
On Fri, Nov 13, 2015 at 8:19 AM, Donald Freeman
wrote:
>
> I wanted to forward this on. I found this article this m
I wanted to forward this on. I found this article this morning talking about
the issue on itworld.
http://www.itworld.com/article/3004632/thousands-of-java-applications-vulnerable-to-nine-month-old-remote-code-execution-exploit.html
Thanks,Don Freeman
On Thu, Nov 12, 2015 at 10:11 AM, Gary
On 11/12/2015 07:14 PM, Jörg Schaible wrote:
> Hi Thomas,
>
> Thomas Neidhart wrote:
>
>> Hi all,
>>
>> in order to provide a work-around for the known remote code exploit via
>> java de-serialization of malicious InvokerTransformer instances, I would
>> like to start a vote to release Commons Co
On 11/11/2015 05:27 PM, Thomas Neidhart wrote:
> Hi all,
>
> in order to provide a work-around for the known remote code exploit via
> java de-serialization of malicious InvokerTransformer instances, I would
> like to start a vote to release Commons Collections 3.2.2 based on RC2.
>
> Notes:
>
>
Hi Thomas,
Thomas Neidhart wrote:
> Hi all,
>
> in order to provide a work-around for the known remote code exploit via
> java de-serialization of malicious InvokerTransformer instances, I would
> like to start a vote to release Commons Collections 3.2.2 based on RC2.
>
> Notes:
>
> * the sit
On Nov 11, 2015 11:45 PM, "Emmanuel Bourg" wrote:
>
> Le 12/11/2015 04:39, Phil Steitz a écrit :
>
> > That is frankly ridiculous. To -1 a release based on false positive
report about files not included in the release is absurd.
>
> I agree with Phil. We are releasing code, not reports.
Keep in
Le 2015-11-12 10:18, Stefan Bodewig a écrit :
On 2015-11-11, Thomas Neidhart wrote:
Please review the release candidate and vote.
+1 for the release.
Luc
+1
Stefan
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apac
On 2015-11-11, Thomas Neidhart wrote:
> Please review the release candidate and vote.
+1
Stefan
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
On 2015-11-12, Phil Steitz wrote:
>> On Nov 11, 2015, at 12:05 PM, Gary Gregory wrote:
>> -1
> That is frankly ridiculous.
Couldn't agree more.
Stefan
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For addition
Le 12/11/2015 04:39, Phil Steitz a écrit :
> That is frankly ridiculous. To -1 a release based on false positive report
> about files not included in the release is absurd.
I agree with Phil. We are releasing code, not reports.
Emmanuel
---
> On Nov 11, 2015, at 12:05 PM, Gary Gregory wrote:
>
> -1
That is frankly ridiculous. To -1 a release based on false positive report
about files not included in the release is absurd.
Phil
>
> I'm sorry, but the RAT check is still not right.
>
> If you look at the POM:
>
> https://svn.
FYI, I was testing with:
Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
2015-11-10T08:41:47-08:00)
Maven home: E:\Java\apache-maven-3.3.9\bin\..
Java version: 1.8.0_65, vendor: Oracle Corporation
Java home: C:\Program Files\Java\jdk1.8.0_65\jre
Default locale: en_US, platform encodi
FYI, I was testing with:
On Wed, Nov 11, 2015 at 11:05 AM, Gary Gregory
wrote:
> -1
>
> I'm sorry, but the RAT check is still not right.
>
> If you look at the POM:
>
>
> https://svn.apache.org/repos/asf/commons/proper/collections/tags/COLLECTIONS_3_2_2_RC2/pom.xml
>
> you will see:
>
> src/tes
Hi Thomas,
build works fine with Java 1.6 on Windows 10, artifacts and site look
good. So +1.
Unfortunately, I have currently not the time to dig deeper into the
problematic addressed by this release; so I cannot comment on the fixes.
As I do not have a current project that depends on collections
-1
I'm sorry, but the RAT check is still not right.
If you look at the POM:
https://svn.apache.org/repos/asf/commons/proper/collections/tags/COLLECTIONS_3_2_2_RC2/pom.xml
you will see:
src/test/resources/data/test/*
This folder does not exist.
Which is why I see the following when I build:
Hi all,
in order to provide a work-around for the known remote code exploit via
java de-serialization of malicious InvokerTransformer instances, I would
like to start a vote to release Commons Collections 3.2.2 based on RC2.
Notes:
* the site will not be published, it just serves as a reference
16 matches
Mail list logo
