Re: [xml] Entering freeze for release of libxml2-2.9.9

2018-12-01 Thread Mike Dalessio via xml
Nokogiri (a Ruby wrapper around libxml2) went green with RC2. I'll keep this github PR up to date as more RCs or the Final get released: https://github.com/sparklemotion/nokogiri/pull/1824 On Thu, Nov 29, 2018 at 4:58 PM Daniel Veillard via xml wrote: > I pushed RC2 in git and pushed signed ta

Re: [xml] Entering freeze for release of libxml2-2.9.9

2018-12-13 Thread Mike Dalessio via xml
Hi Daniel, I'm curious if you have an updated release schedule for 2.9.9 final? Thanks much for coordinating this release. -m On Thu, Nov 29, 2018 at 4:58 PM Daniel Veillard via xml wrote: > I pushed RC2 in git and pushed signed tarball and rpms to the usual > place: > >ftp://xmlsoft.o

Re: [xml] Entering freeze for libxml2-2.9.10

2019-10-28 Thread Mike Dalessio via xml
Hi all, Just FYI - the Nokogiri (Ruby gem wrapping libxml2) test pipelines are all *green* with 2.9.10-rc1. See https://ci.nokogiri.org/teams/nokogiri-core/pipelines/nokogiri-libxml-2.9.10 for details, but RC1 looks good from here. -m On Mon, Oct 28, 2019 at 10:12 AM Daniel Veillard via xml w

Re: [xml] Trouble figuring out xmlregexp regular expressions

2021-03-20 Thread Mike Dalessio via xml
Hi Tim, I don't know much about the regular expression support, but there does appear to be a test harness that exercises it. You may want to take a look at https://gitlab.gnome.org/GNOME/libxml2/-/blob/master/testRegexp.c. -m On Sat, Mar 20, 2021 at 12:05 AM Timothy Wrona via xml wrote: > Hi

Re: [xml] Stepping down

2021-07-25 Thread Mike Dalessio via xml
Nick, I'm very sorry to hear that you're stepping away from the project. You've done an enormous amount of work over the past few years, and you'll be missed. Thanks for everything, and I hope to get to work with you again at some point in the future. On Thu, Jul 22, 2021 at 7:23 AM Nick Wellnho

Re: [xml] Resuming maintenance

2022-01-10 Thread Mike Dalessio via xml
I'm so happy to hear that you'll be able to spend time on libxml2 this year, Nick. Thank you and thanks to Google. Although I'm relieved, the potential loss of maintainers from the project was alarming. Perhaps another goal to cons

Re: [xml] Release of libxml2 2.9.13

2022-02-20 Thread Mike Dalessio via xml
Nick, thank you for shipping this release! Is there any additional information about CVE-2022-23308 (other than the commit log) that would help downstream projects triage? Was there a CVSS score calculated or severity assigned? On Sun, Feb 20, 2022 at 7:53 AM Nick Wellnhofer via xml wrote: > Ve

Re: [xml] Release of libxml2 2.9.13

2022-02-21 Thread Mike Dalessio via xml
Hi Nick, I understand and appreciate the general difficulty of scoring severity without some application-specific context. And I don't disagree with your take on CVSS scores for libraries. However, downstream maintainers may want to issue our own security advisories so that our users can make an

Re: [xml] Release of libxml2 2.9.13

2022-02-21 Thread Mike Dalessio via xml
This is very helpful. Thanks as always, Nick. On Mon, Feb 21, 2022 at 11:42 AM Nick Wellnhofer wrote: > On 21/02/2022 14:57, Mike Dalessio wrote: > > I'm not asking specifically for a CVSS score for this vulnerability, and > I'm > > certainly not asking you to create a CVE for every memory fix t