Hello all, Personally, I would like to resolve the TEXT-36 and TEXT-42 Jira tickets before proceeding with the release, but I wanted to check to see if anyone else has any opinions on what work needs to be completed before the release.
Regarding TEXT-36: 'Dependency on “Commons RNG” ‘, I’m relatively indifferent here, I just want some other’s to weigh in as to their thoughts before deciding to leave in the dependency and making more progress on the best pattern after the 1.0 release. Regarding TEXT-42: '[XSS] Possible attacks through StringEscapeUtils.escapeEcmaScript?’, I think we should minimally include something in the javadoc directly stating that with the string '\"' and the output will be '\\\”’ and to be careful using the method from a security perspective. I think maximally we should implement a distinct method that accommodates ECMA script escaping with security being the primary focus of the method, but it feels like this could wait to be included down the road. For the other tickets, they did not seem to me to be quite as pressing as these, but I’m open to ensuring whatever gets resolved prior to releasing. I mainly just want a second set of eyes on the list of Jira’s before proceeding. Cheers and happy new year, -Rob --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
