Hi everyone, As you know, due to the JDBC issue, we cancel the 0.10.0-beta-incubating rc4 release vote.
After investigating and discussing with Prashant, 0.10.0 rc4 release was NOT impacted by the SQL injection issue: - the "vulnerable" code is in extension/persistence/relational-jdbc module (in the release/0.10.x branch) - but this module is not used (not part of the Polaris runtime distribution) and the documentation doesn't include it Sorry about that, I was confused by the presence of the relational-jdbc module in the release branch. So, we have two options: - we remove extension/persistence/relational-jdbc module from release/0.10.x branch and we do RC5 - we just skip 0.10 release and we directly jump to 1.0.0 release (creating the release/1.x branch from main) As we are very close to 1.0, I propose to just skip 0.10 to focus on 1.0. Thoughts ? Regards JB
