Tomas, The link you provided is not relevant to Commons CLI because the class SetUniqueList from Commons Collections the link mentions is not used by CLI, so there is nothing to change.
Gary On Sun, May 26, 2024 at 10:06 AM Tomas Lanik <tomas.la...@kvantanet.com> wrote: > > Hi All, > Has the security issue ( > https://devhub.checkmarx.com/cve-details/Cx78f40514-81ff/ ) related > to commons-collections:commons-collections:3.2.2 been addressed? > I can not see it in release notes. > > FYI > > Tom > > On Sat, May 25, 2024 at 11:12 PM Gary Gregory <ggreg...@apache.org> wrote: > > > We have fixed a few bugs and added enhancements since Apache Commons > > Validator 1.8.0 was released, so I would like to release Apache > > Commons Validator 1.9.0. > > > > Apache Commons Validator 1.9.0 RC1 is available for review here: > > https://dist.apache.org/repos/dist/dev/commons/validator/1.9.0-RC1 > > (svn revision 69387) > > > > The Git tag commons-validator-1.9.0-RC1 commit for this RC is > > 191171b2fb1500d24c42a809cf13386ac8f4ecac which you can browse here: > > > > https://gitbox.apache.org/repos/asf?p=commons-validator.git;a=commit;h=191171b2fb1500d24c42a809cf13386ac8f4ecac > > You may checkout this tag using: > > git clone https://gitbox.apache.org/repos/asf/commons-validator.git > > --branch > > <https://gitbox.apache.org/repos/asf/commons-validator.git--branch> > > commons-validator-1.9.0-RC1 commons-validator-1.9.0-RC1 > > > > Maven artifacts are here: > > > > https://repository.apache.org/content/repositories/orgapachecommons-1734/commons-validator/commons-validator/1.9.0/ > > > > These are the artifacts and their hashes: > > > > #Release SHA-512s > > #Sat May 25 20:36:23 UTC 2024 > > > > commons-validator-1.9.0-bin.tar.gz=a755d2be1b9fb3cb75cb71c2c6143969eabd8ba48401dd86cad6c658e0de72e52a887e157ef38e780471382c2da68db228866303f3d4cb4500f995b8b3967476 > > > > commons-validator-1.9.0-bin.zip=7c0cb444f4e162c46cbd356c8a3c8b166b06bcaf79b6c433ee5ad585498a1f0b4dfef3606ca4beedeef418b5b56209f86cac6dd2c1c8fa4dfe62c679df0018db > > > > commons-validator-1.9.0-bom.json=7e9baecc1b58f5de101d247b95d871a5b3227603a99eddf8bcce07e3656024dffc615b8ec0b765376bf640f9596581cb483830861878474fe79339bb84352cd3 > > > > commons-validator-1.9.0-bom.xml=d4a5d380ade4eec7f7a71cb260a61901b5945129bc448894c89ae10d3375a4dac2898be6498eb3aaba60cd8c464837f7884521fc467285c0fc2f129b92e52bf9 > > > > commons-validator-1.9.0-javadoc.jar=b4b3dee67453e72ea070140d858ff66c45ed5794b69b68760639726cea0edba1224cb2c1cda64411893ded0ba96e2758a7677e2ffa21249899630e39949d88ed > > > > commons-validator-1.9.0-sources.jar=f91890e90979ed1c7abcebb4b37f223a163bfc73bc3da6a4bc3469d399e7d0ff9315d89e528bab88b53cd0ef0a1c3f8c7e0e463a784f47546ae8ca8f3d4c2269 > > > > commons-validator-1.9.0-src.tar.gz=4e36f0ec5b1b8ae9724f020c51396332444d7359988fbcceaab004cde30e223b8130315e85d9b3d568fdc30399e9e503783bb81f217fe5f846f9e14c484a1fe0 > > > > commons-validator-1.9.0-src.zip=201ee0723d5f078b128aa7a54bc2b03494c467e6f2df843d74bf3607d085067a0ea395e1e2174fd3237248f18f8bc5e7469e72fc9378813cbe7e5397e20c03d1 > > > > commons-validator-1.9.0-test-sources.jar=6fee6648f66e666ff49e99ef3ee49039436bd19b150eb2294d3b6a0e57dab7c0a9e7bcaecde005c478f24a21729d59365e4deb096a579b5044aafa513c90972c > > > > commons-validator-1.9.0-tests.jar=2c2a13fd3c242c1ab06e9ef8f6f18ed3eae392b8fb0a5c9bbce137ce0e9873820c37197a8517984a42d4804433501521c5f5970ef8ae868f8c6d2a061e88b05e > > > > commons-validator_commons-validator-1.9.0.spdx.json=bd19d362ae59afbe41425f57e02d4d5c32f99b9e218ebdf6ea8eaa388cb9fb28721e93781f084533e98eb345d9d7bc5a96790e06e0ac1f0d0aaff6db063042fe > > > > I have tested this with 'mvn' and 'mvn -V -Prelease -Ptest-deploy -P > > jacoco -P japicmp clean package site deploy' using: > > > > openjdk version "17.0.11" 2024-04-16 > > OpenJDK Runtime Environment Homebrew (build 17.0.11+0) > > OpenJDK 64-Bit Server VM Homebrew (build 17.0.11+0, mixed mode, sharing) > > > > Apache Maven 3.9.7 (8b094c9513efc1b9ce2d952b3b9c8eaedaf8cbf0) > > Maven home: /usr/local/Cellar/maven/3.9.7/libexec > > Java version: 17.0.11, vendor: Homebrew, runtime: > > /usr/local/Cellar/openjdk@17/17.0.11/libexec/openjdk.jdk/Contents/Home > > Default locale: en_US, platform encoding: UTF-8 > > OS name: "mac os x", version: "14.5", arch: "x86_64", family: "mac" > > > > Darwin **** 23.5.0 Darwin Kernel Version 23.5.0: Wed May 1 20:09:52 > > PDT 2024; root:xnu-10063.121.3~5/RELEASE_X86_64 x86_64 > > > > Details of changes since 1.8.0 are in the release notes: > > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.9.0-RC1/RELEASE-NOTES.txt > > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.9.0-RC1/site/changes-report.html > > > > Site: > > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.9.0-RC1/site/index.html > > (note some *relative* links are broken and the 1.9.0 directories > > are not yet created - these will be OK once the site is deployed.) > > > > JApiCmp Report (compared to 1.8.0): > > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.9.0-RC1/site/japicmp.html > > > > RAT Report: > > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.9.0-RC1/site/rat-report.html > > > > KEYS: > > https://downloads.apache.org/commons/KEYS > > > > Please review the release candidate and vote. > > This vote will close no sooner than 72 hours from now. > > > > [ ] +1 Release these artifacts > > [ ] +0 OK, but... > > [ ] -0 OK, but really should fix... > > [ ] -1 I oppose this release because... > > > > Thank you, > > > > Gary Gregory, > > Release Manager (using key 86fdc7e2a11262cb) > > > > For following is intended as a helper and refresher for reviewers. > > > > Validating a release candidate > > ============================== > > > > These guidelines are NOT complete. > > > > Requirements: Git, Java, Maven. > > > > You can validate a release from a release candidate (RC) tag as follows. > > > > 1a) Clone and checkout the RC tag > > > > git clone https://gitbox.apache.org/repos/asf/commons-validator.git > > --branch > > <https://gitbox.apache.org/repos/asf/commons-validator.git--branch> > > commons-validator-1.9.0-RC1 commons-validator-1.9.0-RC1 > > cd commons-validator-1.9.0-RC1 > > > > 1b) Download and unpack the source archive from: > > > > https://dist.apache.org/repos/dist/dev/commons/validator/1.9.0-RC1/source > > > > 2) Check Apache licenses > > > > This step is not required if the site includes a RAT report page which > > you then must check. > > > > mvn apache-rat:check > > > > 3) Check binary compatibility > > > > Older components still use Apache Clirr: > > > > This step is not required if the site includes a Clirr report page > > which you then must check. > > > > mvn clirr:check > > > > Newer components use JApiCmp with the japicmp Maven Profile: > > > > This step is not required if the site includes a JApiCmp report page > > which you then must check. > > > > mvn install -DskipTests -P japicmp japicmp:cmp > > > > 4) Build the package > > > > mvn -V clean package > > > > You can record the Maven and Java version produced by -V in your VOTE > > reply. > > To gather OS information from a command line: > > Windows: ver > > Linux: uname -a > > > > 5) Build the site for a single module project > > > > Note: Some plugins require the components to be installed instead of > > packaged. > > > > mvn site > > Check the site reports in: > > - Windows: target\site\index.html > > - Linux: target/site/index.html > > > > -the end- > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
