On 11/14/2015 04:20 PM, Uwe Barthel wrote:
> Thx Thomas.
>
> The fix for the Java serialization vulnerability is on the way.
> Now should we add some information on
> http://commons.apache.org/security.html like Commons Compress did?
yes, we will do something similar.
Thomas
---
Thx Thomas.
The fix for the Java serialization vulnerability is on the way.
Now should we add some information on
http://commons.apache.org/security.html like Commons Compress did?
-- Uwe
On November 14, 2015 10:59:52 AM Thomas Neidhart
wrote:
On 11/13/2015 12:31 AM, Thomas Neidhart wr
On 11/13/2015 12:31 AM, Thomas Neidhart wrote:
> Hi all,
[snip]
> Considering that this is a security related release and that RC2 did not
> show any functional problems with the release, I plan to close this vote
> in 24h from now, i.e. after 0100 GMT 14-November 2015
Here is a tally of the VOT
On 2015-11-13, Thomas Neidhart wrote:
> Please review the release candidate and vote.
+1
Stefan
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
On Fri, Nov 13, 2015 at 12:12 PM, Luc Maisonobe wrote:
> Le 13/11/2015 20:26, Gary Gregory a écrit :
> > +1
> >
> > Tested with src zip.
> >
> > BUT:
> >
> > - The site Javadoc link is labeled "3.2.1" (fixed in
> >
> https://svn.apache.org/repos/asf/commons/proper/collections/branches/COLLECTIONS
Le 13/11/2015 20:26, Gary Gregory a écrit :
> +1
>
> Tested with src zip.
>
> BUT:
>
> - The site Javadoc link is labeled "3.2.1" (fixed in
> https://svn.apache.org/repos/asf/commons/proper/collections/branches/COLLECTIONS_3_2_X
> )
> - The site history does not mentioned (fixed in svn)
>
> ASC
On 11/13/2015 08:26 PM, Gary Gregory wrote:
> +1
>
> Tested with src zip.
>
> BUT:
>
> - The site Javadoc link is labeled "3.2.1" (fixed in
> https://svn.apache.org/repos/asf/commons/proper/collections/branches/COLLECTIONS_3_2_X
> )
> - The site history does not mentioned (fixed in svn)
as I sa
+1
Tested with src zip.
BUT:
- The site Javadoc link is labeled "3.2.1" (fixed in
https://svn.apache.org/repos/asf/commons/proper/collections/branches/COLLECTIONS_3_2_X
)
- The site history does not mentioned (fixed in svn)
ASC OK, MD5 OK, SHA1 OK. Everyone's checking these, right?
Reports OK.
+1
Builds fine now with my compiler zoo.
Thomas Neidhart wrote:
> Hi all,
>
> in order to provide a work-around for the known remote code exploit via
> java de-serialization of malicious InvokerTransformer instances, I would
> like to start a vote to release Commons Collections 3.2.2 based on R
Le 13/11/2015 00:31, Thomas Neidhart a écrit :
> Hi all,
>
> in order to provide a work-around for the known remote code exploit via
> java de-serialization of malicious InvokerTransformer instances, I would
> like to start a vote to release Commons Collections 3.2.2 based on RC3.
>
> Notes:
>
>
Hi all,
in order to provide a work-around for the known remote code exploit via
java de-serialization of malicious InvokerTransformer instances, I would
like to start a vote to release Commons Collections 3.2.2 based on RC3.
Notes:
* the site will not be published, it just serves as a reference
11 matches
Mail list logo
