On 2014-09-01, sebb wrote:
> Might be useful to add a link to the security page under "General
> Information".
Right.
> The page mentions denial of service - not sure that applies to any of
> the Commons components?
The one issue with Compress could be used for a DoS attack.
Stefan
-
We have fixed a few bugs and made some enhancements since 2.2 and I
think we should cut 2.3. I will volunteer to RM. I will start
rolling RCs from trunk around the end of this week. I don't see any
of the current open bugs against 2.x as blockers. I may implement
the request in POOL-272 (or gla
On 31 August 2014 20:28, Stefan Bodewig wrote:
> Hi all
>
> it's only four issues we've closed since the 1.8.1 release but I
> consider COMPRESS-286 pretty serious - it looks as if reading 7z
> archives using LZMA (not LZMA2) was in trouble.
>
> One thing that bothers me is COMPRESS-284 as I simpl
Might be useful to add a link to the security page under "General Information".
The page mentions denial of service - not sure that applies to any of
the Commons components?
On 31 August 2014 13:40, Stefan Bodewig wrote:
> On 2014-08-31, Gary Gregory wrote:
>
>> I get a 404...
>
> strange. Tak
Hello Benedikt,
I finally had some time to look at this. I tried to integrate it into
VFS. I did not (yet) change the commpons-parent, I instead used the
direct call method:
mvn org.apache.commons:commons-build-plugin:1.5-SNAPSHOT:readme-md
I dont think this affects the result substantially, bu
Hi all
it's only four issues we've closed since the 1.8.1 release but I
consider COMPRESS-286 pretty serious - it looks as if reading 7z
archives using LZMA (not LZMA2) was in trouble.
One thing that bothers me is COMPRESS-284 as I simply cannot reproduce
it - and don't see the bug by reading the
On 2014-08-31, Gary Gregory wrote:
> I get a 404...
strange. Take note of "staging" in the URL
> http://commons.staging.apache.org/security.html
Stefan
-
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For addition
I get a 404...
Gary
Original message From: Stefan Bodewig
Date:08/31/2014 06:52 (GMT-05:00)
To: Commons Developers List
Subject: Re: Top Level Security Page
On 2014-08-31, Gary Gregory wrote:
> Great idea!
> Every Commons component should have such a page indeed, can be
Hi all,
I've put together a security page for Commons so people have a place to
get information quickly, it is based on the recommendations by our
security team[1] and the existing page of Compress[2].
http://commons.staging.apache.org/security.html
this one is still in staging so we ca
On 2014-08-31, Gary Gregory wrote:
> Great idea!
> Every Commons component should have such a page indeed, can be a link
> to the same page for all of Commons IMO.
> Some changes though are needed.
> It should be made clearer that there is an important distinction
> between undisclosed and disc
FYI: this has been boiled down to a different issue. This user has a BOM in his
file.
Gary
Original message From: Emmanuel Bourg
Date:08/31/2014 05:09 (GMT-05:00)
To: dev@commons.apache.org Subject: Re: [CSV][CSV-127]
Ignore Empty Lines doesn't ignore empty first
line
L
Great idea!
Every Commons component should have such a page indeed, can be a link to the
same page for all of Commons IMO.
Some changes though are needed.
It should be made clearer that there is an important distinction between
undisclosed and disclosed issues.
One way to do this is with two
Le 28/08/2014 17:35, sebb a écrit :
> If so, maybe it would be useful to provide a means of skipping N lines
> before reading the column names.
Since the caller controls the input reader he could easily invoke
readLine() before handing the parsing to CSVParser.
Emmanuel Bourg
-
Hi all
I was just browsing the security pages of some ASF projects and the
guidelines set by our security team[1] (preparing a talk, not because
there was any issue) and realized Commons didn't have a page describing
how to report security issues.
Since I'm the one who created the page for Compre
14 matches
Mail list logo
