Hi everyone,

As you know, due to the JDBC issue, we cancel the
0.10.0-beta-incubating rc4 release vote.

After investigating and discussing with Prashant, 0.10.0 rc4 release
was NOT impacted by the SQL injection issue:
- the "vulnerable" code is in extension/persistence/relational-jdbc
module (in the release/0.10.x branch)
- but this module is not used (not part of the Polaris runtime
distribution) and the documentation doesn't include it
Sorry about that, I was confused by the presence of the
relational-jdbc module in the release branch.

So, we have two options:
- we remove extension/persistence/relational-jdbc module from
release/0.10.x branch and we do RC5
- we just skip 0.10 release and we directly jump to 1.0.0 release
(creating the release/1.x branch from main)

As we are very close to 1.0, I propose to just skip 0.10 to focus on 1.0.

Thoughts ?

Regards
JB

Reply via email to