Re: Re: Re: [fileupload] Have a FileUpload release (after 3.5 years)

2022-07-21 Thread Eric Bresie 
Does any of this help?
(1) https://commons.apache.org/releases/index.html
(2) https://infra.apache.org/release-publishing.html

Eric Bresie
ebre...@gmail.com (mailto:ebre...@gmail.com)

> On July 17, 2022 at 2:59:26 PM CDT, Gary Gregory  (mailto:garydgreg...@gmail.com)> wrote:
> Yeah, there is code that looks odd for 2022, like a custom Closeable
> interface instead of reusing the JRE's. I'll take a look.
>
> Gary
>
> On Sun, Jul 17, 2022 at 2:32 PM Matt Juntunen  (mailto:matt.a.juntu...@gmail.com)> wrote:
> >
> > Sounds good. Do you know of anything else that needs to be done? I'm
> > guessing we can hold off on a full 1.x migration guide until the full
> > 2.0.0 version.
> >
> > -Matt J
> >
> > On Sun, Jul 17, 2022 at 2:13 PM Gary Gregory  > (mailto:garydgreg...@gmail.com)> wrote:
> > >
> > > We should at least remove deprecated elements.
> > >
> > > Gary
> > >
> > > On Sun, Jul 17, 2022 at 10:49 AM Matt Juntunen
> > > mailto:matt.a.juntu...@gmail.com)> wrote:
> > > >
> > > > I am going to put the 2.0.0-beta1 release on my TODO list. I am
> > > > currently working toward a release of commons-text, so I can't be sure
> > > > on a timeline. If anyone has questions or time to pick this up, please
> > > > let me know.
> > > >
> > > > Regards,
> > > > Matt J
> > > >
> > > > On Fri, Jul 15, 2022 at 12:35 PM Matt Juntunen
> > > > mailto:matt.a.juntu...@gmail.com)> wrote:
> > > > >
> > > > > It sounds like we've agreed on creating a 2.0.0-beta1 release. Does
> > > > > anyone have availability to lead the release?
> > > > >
> > > > > Regards,
> > > > > Matt J
> > > > >
> > > > > On Wed, Jul 13, 2022 at 9:35 AM sebb  > > > > (mailto:seb...@gmail.com)> wrote:
> > > > > >
> > > > > > It looks like Commons does not have the concept of Alpha releases.
> > > > > >
> > > > > > https://commons.apache.org/releases/versioning.html
> > > > > >
> > > > > > Sorry, I must have been thinking of a different project.
> > > > > >
> > > > > > Sebb
> > > > > >
> > > > > > On Wed, 13 Jul 2022 at 01:36, Gary Gregory  > > > > > (mailto:garydgreg...@gmail.com)> wrote:
> > > > > > >
> > > > > > > A beta is a good idea IMO.
> > > > > > >
> > > > > > > Gary
> > > > > > >
> > > > > > > On Tue, Jul 12, 2022, 17:19 Matt Juntunen 
> > > > > > > mailto:matt.a.juntu...@gmail.com)> 
> > > > > > > wrote:
> > > > > > >
> > > > > > > > Based on what I'm hearing, I'm thinking a beta release might be
> > > > > > > > appropriate. That would give consumers a chance to move away 
> > > > > > > > from the
> > > > > > > > previous version while giving us a chance to test and fine-tune 
> > > > > > > > the
> > > > > > > > API. Thoughts?
> > > > > > > >
> > > > > > > > Regards,
> > > > > > > > Matt J
> > > > > > > >
> > > > > > > > On Tue, Jul 12, 2022 at 4:15 PM Christoph Grüninger 
> > > > > > > > mailto:f...@grueninger.de)>
> > > > > > > > wrote:
> > > > > > > > >
> > > > > > > > > Publishing a first release candidate might help. Currently 
> > > > > > > > > there is no
> > > > > > > > > indication for anybody to invest in testing FileUpload.
> > > > > > > > >
> > > > > > > > > In doubt: release early, release often. People are using 
> > > > > > > > > FileUpload
> > > > > > > > > together with vulnerable dependencies!
> > > > > > > > >
> > > > > > > > > Bye
> > > > > > > > > Christoph
> > > > > > > > >
> > > > > > > > > -
> > > > > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org 
> > > > > > > > > (mailto:dev-unsubscr...@commons.apache.org)
> > > > > > > > > For additional commands, e-mail: dev-h...@commons.apache.org 
> > > > > > > > > (mailto:dev-h...@commons.apache.org)
> > > > > > > > >
> > > > > > > >
> > > > > > > > -
> > > > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org 
> > > > > > > > (mailto:dev-unsubscr...@commons.apache.org)
> > > > > > > > For additional commands, e-mail: dev-h...@commons.apache.org 
> > > > > > > > (mailto:dev-h...@commons.apache.org)
> > > > > > > >
> > > > > > > >
> > > > > >
> > > > > > -
> > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org 
> > > > > > (mailto:dev-unsubscr...@commons.apache.org)
> > > > > > For additional commands, e-mail: dev-h...@commons.apache.org 
> > > > > > (mailto:dev-h...@commons.apache.org)
> > > > > >
> > > >
> > > > -
> > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org 
> > > > (mailto:dev-unsubscr...@commons.apache.org)
> > > > For additional commands, e-mail: dev-h...@commons.apache.org 
> > > > (mailto:dev-h...@commons.apache.org)
> > > >
> > >
> > > -
> > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org 
> > > (mailto:dev-unsubscr...@commons.apache.org)
> > > For addition

Re: Re: Re: [fileupload] Have a FileUpload release (after 3.5 years)

2022-07-21 Thread Gary Gregory 
On Thu, Jul 21, 2022 at 7:54 AM Eric Bresie  wrote:
>
> Does any of this help?
> (1) https://commons.apache.org/releases/index.html
> (2) https://infra.apache.org/release-publishing.html

We know how to release our software ;-) but, we are volunteers, each
with our own priorities and time limitations ;-)

Gary
>
> Eric Bresie
> ebre...@gmail.com (mailto:ebre...@gmail.com)
>
> > On July 17, 2022 at 2:59:26 PM CDT, Gary Gregory  > (mailto:garydgreg...@gmail.com)> wrote:
> > Yeah, there is code that looks odd for 2022, like a custom Closeable
> > interface instead of reusing the JRE's. I'll take a look.
> >
> > Gary
> >
> > On Sun, Jul 17, 2022 at 2:32 PM Matt Juntunen  > (mailto:matt.a.juntu...@gmail.com)> wrote:
> > >
> > > Sounds good. Do you know of anything else that needs to be done? I'm
> > > guessing we can hold off on a full 1.x migration guide until the full
> > > 2.0.0 version.
> > >
> > > -Matt J
> > >
> > > On Sun, Jul 17, 2022 at 2:13 PM Gary Gregory  > > (mailto:garydgreg...@gmail.com)> wrote:
> > > >
> > > > We should at least remove deprecated elements.
> > > >
> > > > Gary
> > > >
> > > > On Sun, Jul 17, 2022 at 10:49 AM Matt Juntunen
> > > > mailto:matt.a.juntu...@gmail.com)> wrote:
> > > > >
> > > > > I am going to put the 2.0.0-beta1 release on my TODO list. I am
> > > > > currently working toward a release of commons-text, so I can't be sure
> > > > > on a timeline. If anyone has questions or time to pick this up, please
> > > > > let me know.
> > > > >
> > > > > Regards,
> > > > > Matt J
> > > > >
> > > > > On Fri, Jul 15, 2022 at 12:35 PM Matt Juntunen
> > > > > mailto:matt.a.juntu...@gmail.com)> wrote:
> > > > > >
> > > > > > It sounds like we've agreed on creating a 2.0.0-beta1 release. Does
> > > > > > anyone have availability to lead the release?
> > > > > >
> > > > > > Regards,
> > > > > > Matt J
> > > > > >
> > > > > > On Wed, Jul 13, 2022 at 9:35 AM sebb  > > > > > (mailto:seb...@gmail.com)> wrote:
> > > > > > >
> > > > > > > It looks like Commons does not have the concept of Alpha releases.
> > > > > > >
> > > > > > > https://commons.apache.org/releases/versioning.html
> > > > > > >
> > > > > > > Sorry, I must have been thinking of a different project.
> > > > > > >
> > > > > > > Sebb
> > > > > > >
> > > > > > > On Wed, 13 Jul 2022 at 01:36, Gary Gregory 
> > > > > > > mailto:garydgreg...@gmail.com)> wrote:
> > > > > > > >
> > > > > > > > A beta is a good idea IMO.
> > > > > > > >
> > > > > > > > Gary
> > > > > > > >
> > > > > > > > On Tue, Jul 12, 2022, 17:19 Matt Juntunen 
> > > > > > > > mailto:matt.a.juntu...@gmail.com)> 
> > > > > > > > wrote:
> > > > > > > >
> > > > > > > > > Based on what I'm hearing, I'm thinking a beta release might 
> > > > > > > > > be
> > > > > > > > > appropriate. That would give consumers a chance to move away 
> > > > > > > > > from the
> > > > > > > > > previous version while giving us a chance to test and 
> > > > > > > > > fine-tune the
> > > > > > > > > API. Thoughts?
> > > > > > > > >
> > > > > > > > > Regards,
> > > > > > > > > Matt J
> > > > > > > > >
> > > > > > > > > On Tue, Jul 12, 2022 at 4:15 PM Christoph Grüninger 
> > > > > > > > > mailto:f...@grueninger.de)>
> > > > > > > > > wrote:
> > > > > > > > > >
> > > > > > > > > > Publishing a first release candidate might help. Currently 
> > > > > > > > > > there is no
> > > > > > > > > > indication for anybody to invest in testing FileUpload.
> > > > > > > > > >
> > > > > > > > > > In doubt: release early, release often. People are using 
> > > > > > > > > > FileUpload
> > > > > > > > > > together with vulnerable dependencies!
> > > > > > > > > >
> > > > > > > > > > Bye
> > > > > > > > > > Christoph
> > > > > > > > > >
> > > > > > > > > > -
> > > > > > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org 
> > > > > > > > > > (mailto:dev-unsubscr...@commons.apache.org)
> > > > > > > > > > For additional commands, e-mail: 
> > > > > > > > > > dev-h...@commons.apache.org 
> > > > > > > > > > (mailto:dev-h...@commons.apache.org)
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > > -
> > > > > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org 
> > > > > > > > > (mailto:dev-unsubscr...@commons.apache.org)
> > > > > > > > > For additional commands, e-mail: dev-h...@commons.apache.org 
> > > > > > > > > (mailto:dev-h...@commons.apache.org)
> > > > > > > > >
> > > > > > > > >
> > > > > > >
> > > > > > > -
> > > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org 
> > > > > > > (mailto:dev-unsubscr...@commons.apache.org)
> > > > > > > For additional commands, e-mail: dev-h...@commons.apache.org 
> > > > > > > (mailto:dev-h...@commons.apache.org)
> > > > > > >
> > > > >
> > > > > -
>

Integration of commons-math into oss-fuzz

2022-07-21 Thread Alonso Schaich 
Hi all,

I have prepared the initial integration of commons-math into google 
oss-fuzz in 
https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/94cfd612612dde84388322391bf612dd348cf810
 . This will enable continuous fuzzing of this project, which will be conducted 
by Google. Bugs that will be found by fuzzing will be reported to you. After 
the initial integration of this project into oss-fuzz, I will continue to add 
additional fuzz tests to improve the code coverage over time.


The integration requires a primary contact, someone to deal with the bug 
reports submitted by oss-fuzz. The email address needs to belong to an 
established project committer and be associated with a Google account as per 
https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/ . 
When a bug is found, you will receive an email that will provide you with 
access to ClusterFuzz, crash reports, and fuzzer statistics. More than 1 person 
can be included. Please let me know who I should include, if anyone.

Jazzer 
(https://github.com/CodeIntelligenceTesting/jazzer) is used for fuzzing Java 
applications. Jazzer is a coverage-guided, in-process fuzzer for the JVM 
platform developed by Code Intelligence. It is based on libFuzzer and brings 
many of its instrumentation-powered mutation features to the JVM. Jazzer has 
already found several bugs in JVM applications: 
https://github.com/CodeIntelligenceTesting/jazzer#findings

[https://repository-images.githubusercontent.com/333867901/e8c8cf80-6b8c-11eb-90ee-13efd7719871]
CodeIntelligenceTesting/jazzer: Coverage-guided, in-process fuzzing for the JVM 
- GitHub
Jazzer. Jazzer is a coverage-guided, in-process fuzzer for the JVM platform 
developed by Code Intelligence.It is based on libFuzzer and brings many of its 
instrumentation-powered mutation features to the JVM.. The JVM bytecode is 
executed inside the fuzzer process, which ensures fast execution speeds and 
allows seamless fuzzing of native libraries.
github.com



Please let me know if you have any questions regarding fuzzing or the oss-fuzz 
integration.

Re: Integration of commons-math into oss-fuzz

2022-07-21 Thread Bruno Kinoshita 
Hi

There is an oss-fuzz project for commons where multiple modules are hosted
(I am sure Imaging is there, and I think Compress too).

It is a single project with fuzzers for different components.

I think it may be simpler to add your new fuzzer there. That project had
some changes in the reporting policy to adapt to ASF Commons release
practices too.

Cheers
Bruno

On Fri, 22 Jul 2022, 7:59 am Alonso Schaich, 
wrote:

> Hi all,
>
> I have prepared the initial integration of commons-math into google
> oss-fuzz in
> https://github.com/CodeIntelligenceTesting/oss-fuzz/commit/94cfd612612dde84388322391bf612dd348cf810
> . This will enable continuous fuzzing of this project, which will be
> conducted by Google. Bugs that will be found by fuzzing will be reported to
> you. After the initial integration of this project into oss-fuzz, I will
> continue to add additional fuzz tests to improve the code coverage over
> time.
>
>
> The integration requires a primary contact, someone to deal with the bug
> reports submitted by oss-fuzz. The email address needs to belong to an
> established project committer and be associated with a Google account as
> per
> https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/
> . When a bug is found, you will receive an email that will provide you with
> access to ClusterFuzz, crash reports, and fuzzer statistics. More than 1
> person can be included. Please let me know who I should include, if anyone.
>
> Jazzer (
> https://github.com/CodeIntelligenceTesting/jazzer) is used for fuzzing
> Java applications. Jazzer is a coverage-guided, in-process fuzzer for the
> JVM platform developed by Code Intelligence. It is based on libFuzzer and
> brings many of its instrumentation-powered mutation features to the JVM.
> Jazzer has already found several bugs in JVM applications:
> https://github.com/CodeIntelligenceTesting/jazzer#findings
>
> [
> https://repository-images.githubusercontent.com/333867901/e8c8cf80-6b8c-11eb-90ee-13efd7719871
> ]
> CodeIntelligenceTesting/jazzer: Coverage-guided, in-process fuzzing for
> the JVM - GitHub
> Jazzer. Jazzer is a coverage-guided, in-process fuzzer for the JVM
> platform developed by Code Intelligence.It is based on libFuzzer and brings
> many of its instrumentation-powered mutation features to the JVM.. The JVM
> bytecode is executed inside the fuzzer process, which ensures fast
> execution speeds and allows seamless fuzzing of native libraries.
> github.com
> 
>
>
> Please let me know if you have any questions regarding fuzzing or the
> oss-fuzz integration.
>
>