Hi,
Can someone please get a CVE for the readObject issue? I don’t know what the
internal ASF process is for that, but ASF is its own CNA so it seems there must
be one.
Also, it’d be good to issue a security advisory concurrent with the release
announcement.
Regards,
David
From: Mukul Ga
Hi all,
The 1st voting for Xerces-J 2.12.0 release was stopped, due to certain
issues that were in the release candidates (RC) that were found by the
reviewers ([5]). Those have been fixed now, and I'm initiating this new
mail for the Vote for new RC.
I've uploaded Xerces-J 2.12.0 release candi
On Mon, Apr 23, 2018 at 4:51 PM, sebb wrote:
> > I alone can't decide on this (though I sort of agree with you). Lets see
> how
> > others react to the topic of having or not having MD5 hashes, and we can
> > accordingly finalize as this voting concludes.
>
> The ASF policy was updated recently,
On 23 April 2018 at 11:04, Mukul Gandhi wrote:
> On Sun, Apr 22, 2018 at 3:19 PM, sebb wrote:
>
>> Contains MD5 hashes; these are deprecated and should be removed.
>
>
> I alone can't decide on this (though I sort of agree with you). Lets see how
> others react to the topic of having or not havin
On Sun, Apr 22, 2018 at 3:19 PM, sebb wrote:
Contains MD5 hashes; these are deprecated and should be removed.
>
I alone can't decide on this (though I sort of agree with you). Lets see
how others react to the topic of having or not having MD5 hashes, and we
can accordingly finalize as this votin
