+1, as I understand it the role of 0.10 was to get us ready for a release
with binaries and to that end it has served its purpose. We're now 1.0
ready thanks in large part to the work done to make 0.10 happen even if
there winds up being no actual 0.10 release.

On Fri, Jun 6, 2025 at 4:00 PM Prashant Singh
<prashant.si...@snowflake.com.invalid> wrote:

> +1 on skipping 0.10 since we are very close to closing all 1.0 blockers.
>
> Best,
> Prashant Singh
>
> On Fri, Jun 6, 2025 at 3:57 PM Yufei Gu <flyrain...@gmail.com> wrote:
>
> > +1 on skipping 0.10 and releasing 1.0 directly given the current status.
> We
> > don't have to spend more time on 0.10.0-beta, and 0.10.0-beta is an
> > experimental release, not supposed to be used by users. There would be
> less
> > confusion on the users side, if we cancel it now.
> >
> > Yufei
> >
> >
> > On Fri, Jun 6, 2025 at 3:49 PM Jean-Baptiste Onofré <j...@nanthrax.net>
> > wrote:
> >
> > > Hi everyone,
> > >
> > > As you know, due to the JDBC issue, we cancel the
> > > 0.10.0-beta-incubating rc4 release vote.
> > >
> > > After investigating and discussing with Prashant, 0.10.0 rc4 release
> > > was NOT impacted by the SQL injection issue:
> > > - the "vulnerable" code is in extension/persistence/relational-jdbc
> > > module (in the release/0.10.x branch)
> > > - but this module is not used (not part of the Polaris runtime
> > > distribution) and the documentation doesn't include it
> > > Sorry about that, I was confused by the presence of the
> > > relational-jdbc module in the release branch.
> > >
> > > So, we have two options:
> > > - we remove extension/persistence/relational-jdbc module from
> > > release/0.10.x branch and we do RC5
> > > - we just skip 0.10 release and we directly jump to 1.0.0 release
> > > (creating the release/1.x branch from main)
> > >
> > > As we are very close to 1.0, I propose to just skip 0.10 to focus on
> 1.0.
> > >
> > > Thoughts ?
> > >
> > > Regards
> > > JB
> > >
> >
>

Reply via email to