The instructions look straightforward enough: run some ant tasks, tag SVN, write up an e-mail, modify a few files on the website.
I’m interested in becoming a committer, although admittedly, I’m only interested in building a new release that fixes this bug (which was previously stated to already be in the code). What do I need to do to make that happen? -Will Herrmann > On Jan 11, 2018, at 2:29 PM, Michael Glavassevich <mrgla...@ca.ibm.com> wrote: > > Some of these steps are out-of-date but this [1] should give you a general > idea of what's involved in preparing a release. I think some projects have > had committers who just wrote documentation or contributed in other > non-coding ways so that's certainly a possibility. > > Thanks. > > [1] http://xerces.apache.org/xerces2-j/faq-contributing.html#faq-2 > <http://xerces.apache.org/xerces2-j/faq-contributing.html#faq-2> > > Michael Glavassevich > XML Technologies and WAS Development > IBM Toronto Lab > E-mail: mrgla...@ca.ibm.com > E-mail: mrgla...@apache.org > > "Eric J. Schwarzenbach" <eric.schwarzenb...@wrycan.com> wrote on 01/11/2018 > 02:05:12 PM: > > > From: "Eric J. Schwarzenbach" <eric.schwarzenb...@wrycan.com> > > To: j-users@xerces.apache.org > > Date: 01/11/2018 02:05 PM > > Subject: Re: Any Xerces-J 2.12.0 release date to address CVE-2012-0881? > > > > One might expect "commiter" to imply a coder, but could someone who > > is not going to actually work on xerces code be made a committer? If > > so, what skills would such a person need in order to help get the release > > out? > > On 01/11/2018 01:42 PM, Michael Glavassevich wrote: > > A lot of what needs to get done requires write-access and that can > > only be done by committers [1]. That's where this project has been > > hurting for a long time and where we definitely need help. Of course > > there are activities such as testing or doing a build that anyone > > could do, but someone with commit access is needed to pull a > > releasetogether. > > > > Thanks. > > > > [1] http://www.apache.org/foundation/getinvolved.html#become-a-committer > > <http://www.apache.org/foundation/getinvolved.html#become-a-committer> > > > > Michael Glavassevich > > XML Technologies and WAS Development > > IBM Toronto Lab > > E-mail: mrgla...@ca.ibm.com > > E-mail: mrgla...@apache.org > > > > Will Herrmann <wjherrm...@gmail.com> wrote on 01/10/2018 11:34:39 PM: > > > > > I too work with an organization that is a bit concerned about using > > > a library with a 5-year old security issue. If the issue is a lack > > > of volunteers, what can we do to help, especially given that the fix > > > is already done? Do you need testers? People to build from source? > > > Something else? > > > > > > -Will Herrmann > > > > > > > As has been the case for a long time, Xerces-J 2.12.0 needs volunteers > > > > to > > > > actually make this release happen. > > > > > > > > Michael Glavassevich > > > > XML Technologies and WAS Development > > > > IBM Toronto Lab > > > > E-mail: mrgla...@ca.ibm.com > > > > E-mail: mrgla...@apache.org > > > > > > > > Gary Gregory <garydgreg...@gmail.com> wrote on 12/22/2017 01:46:28 PM: > > > > > > > > > Good question. Xerces has been rather... inactive :-( > > > > > > > > > > Gary > > > > > > > > > > On Fri, Dec 22, 2017 at 7:15 AM, Yves Geissbühler < > > > > > yves.geissbueh...@incentage.com> wrote: > > > > > Hi all, > > > > > my problem is that Xerces-J 2.11.0 pops up on the OWASP Dependency > > > > > Check [1] having the vulnerability CVE-2012-0881. > > > > > > > > > > After some investigation I found that CVE-2012-0881 has been indeed > > > > > fixed and is scheduled to be released for Xerces-J 2.12.0 [2]. > > > > > > > > > > However, no specific release date is given [3]. > > > > > > > > > > Could you point me to a release schedule or do you know the release > > > > date? > > > > > > > > > > Using libraries which contain vulnerabilities is not an option for > > > > > my organisation. So, I'm hoping for a Xerces-J 2.11.0 release > > > > > happening soonish. > > > > > > > > > > Best regards, > > > > > Yves > > > > > > > > > > [1] https://urldefense.proofpoint.com/v2/url? > > > > > <https://urldefense.proofpoint.com/v2/url?> > > > > > u=https-3A__www.owasp.org_index.php_OWASP-5FDependency-5FCheck&d=DwIFaQ&c=jf_iaSHvJObTbx- > > > siA1ZOg&r=KSsQtaTrbQnz98UqasbfUccVGXxb9hHxwso62zJ- > > > DKI&m=mhg1UoAqEyPAE- > > > > > iRxRa_1F1tVGzXVcJXZNLn39oyBRM&s=8VFeoB1BkOSReGrRxENRnFx7vA5raEwKWVB8GdwRkf8&e= > > > > > [2] https://urldefense.proofpoint.com/v2/url? > > > > > <https://urldefense.proofpoint.com/v2/url?> > > > > > u=https-3A__issues.apache.org_jira_browse_XERCESJ-2D1685&d=DwIFaQ&c=jf_iaSHvJObTbx- > > > siA1ZOg&r=KSsQtaTrbQnz98UqasbfUccVGXxb9hHxwso62zJ- > > > DKI&m=mhg1UoAqEyPAE- > > > > > iRxRa_1F1tVGzXVcJXZNLn39oyBRM&s=hCJU3BJU6XA9RAk8dWjptod9p0vLPln5AdUllsOIlus&e= > > > > > [3] https://urldefense.proofpoint.com/v2/url? > > > > > <https://urldefense.proofpoint.com/v2/url?> > > > > > u=https-3A__issues.apache.org_jira_projects_XERCESJ_versions_12336542&d=DwIFaQ&c=jf_iaSHvJObTbx- > > > siA1ZOg&r=KSsQtaTrbQnz98UqasbfUccVGXxb9hHxwso62zJ- > > > DKI&m=mhg1UoAqEyPAE- > > > > > iRxRa_1F1tVGzXVcJXZNLn39oyBRM&s=InGKcCzaUSGYeBbHNA8i3dJtU2CQb40diziknWlHYJY&e= > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org > > > For additional commands, e-mail: j-users-h...@xerces.apache.org >
