On Tue, Jun 25, 2013 at 12:34 AM, sebb <seb...@gmail.com> wrote: > On 24 June 2013 21:31, Thomas Neidhart <thomas.neidh...@gmail.com> wrote: > > On 06/24/2013 10:09 PM, Oliver Heger wrote: > >> Hi Thomas, > > > > Hi Oliver, > > > >> first of all: Many thanks for your energy you put into this component! > >> You really did a great job! > > > > thanks for the kind words! > > > >> Unfortunately, I do not have the time to have a closer look at the API, > >> so I can only vote based on technical checks of the artifacts. > >> > >> Build works fine with Java 1.5 and 1.7 on Windows 7, artifacts and site > >> look good. > >> > >> One minor point: The README.txt in the source distribution refers to a > >> collections test framework jar. Is this still correct, AFAICT no such > >> artifact is produced. > > > > I tried to keep the old name, but the artifact should still be there: > > > > commons-collections4-4.0-alpha1-tests.jar > > > > It is just the normal test jar as produced by maven during the > > distribution process. > > > > You can create it with target test-jar when using the ant build script. > > > >> The build JDK seems to be 1.7.0_21. Because of the security issue > >> related to Javadoc it would be advisable to generate the site with the > >> latest update. > > Or wait for the Maven Javadoc plugin update. > If the RC has to be redone, I suggest waiting for that to be released. > > > Ah, there was not yet an openjdk update so I produced the site with an > > old jdk, but the final site will be created with the patched oracle jdk. > > What about the javadoc jar? >
Yes this is vulnerable, but it is not intended to be hosted on websites imho. The same applies to most of the javadoc jars hosted on maven central I guess. Thomas
