'Re: Request for a new Release for Apache commons Configuiration2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jakarta-commons-user
Subject:    Re: Request for a new Release for Apache commons Configuiration2
From:       Gary Gregory <garydgregory () gmail ! com>
Date:       2022-10-28 13:35:40
Message-ID: CACZkXPxUn149V1-L-WzM1edrbfTQp0f=br8uqw9TdSZ579Uzxg () mail ! gmail ! com
[Download RAW message or body]


We don't create new releases just to update a dependency, you can do that
in your POM or whatever dependency system your project uses.

Eventually, we will release Commons Configuration again, but there are
other components that need updates first.

Gary

On Fri, Oct 28, 2022, 09:28 Seiwert, Thomas <Thomas.Seiwert@rewe-group.com>
wrote:

> Hello together,
> I am Thomas Seiwert and I am working at Rewe as a Software Developer.
> Why am I contacting you?
> We are currently using apache commons configuration2 to make apache
> shiro.ini configuratble per environment using strint interpolation.
> Our problem:
> Apache Commons Configuration in version 2.8.0 (which is the current
> release version) has several vulnerabilities. See
> https://mvnrepository.com/artifact/org.apache.commons/commons-configuration2/2.8.0
> <
> https://urldefense.com/v3/__https:/mvnrepository.com/artifact/org.apache.commons/com \
> mons-configuration2/2.8.0__;!!LmobyQ!qkHIm9QLM_7mszl57ldsAdhK73pxW-EdEcdL2rDXWuUfOCd9oLAs8ep4rH582oVEmz489Ps-7DB5OOJMUg7gLTLnq6z1Qg$>.
>  One of them is the apache commons text security issue.
> 
> As I have seen you have created a jira ticket for you already.
> 
> https://issues.apache.org/jira/projects/CONFIGURATION/issues/CONFIGURATION-823?filter=allopenissues
>  <
> https://urldefense.com/v3/__https:/issues.apache.org/jira/projects/CONFIGURATION/iss \
> ues/CONFIGURATION-823?filter=allopenissues__;!!LmobyQ!qkHIm9QLM_7mszl57ldsAdhK73pxW-EdEcdL2rDXWuUfOCd9oLAs8ep4rH582oVEmz489Ps-7DB5OOJMUg7gLTLYA6ft9g$
> 
> > 
> Is there any plan to create a new release with fixed apache commons text
> version? Can you already think of a date for the release?
> Thank in Advance
> Thomas Seiwert
> 
> 



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic