[VOTE] Release Commons Collections 4.1 Based on RC2 (24h vote)

Wed, 25 Nov 2015 14:21:07 -0800 

Hi all,

we have accumulated enough changes since the last 4.0 release as well as
we need to provide a fix for the known remote code exploit via java
de-serialization. Therefore, I would like to start a vote to release
Commons Collections 4.1 based on RC2.

Note:

 * The fix for the security related issue results in Clirr errors as
   unsafe classes in the functor package do not implement the
   Serializable interface anymore. This is mentioned in the release
   notes.

 * There are 2 test failures with the IBM 6 JDK. The same failures were
   reported for the 4.0 release and are related to a buggy Map
   implementation in this JDK

 * Commons Collections 4.X does not successfully compile with JDK 9 EA
   This will be tackled in a later release.

Changes since RC1:

 * fixed compilation problems of test classes with some Java 8 compilers
 * fixed some javadoc in IterableUtils and MultiValuedMap
 * added travis configuration (only in the repository, not part of the
   release) to help a RM by building with different jdks

Collections 4.1 RC2 is available for review here:
    https://dist.apache.org/repos/dist/dev/commons/collections/
    (svn revision 11307)

Maven artifacts are here:

https://repository.apache.org/content/repositories/orgapachecommons-1129/org/apache/commons/commons-collections4/4.1/

Details of changes since 4.0 are in the release notes:

https://dist.apache.org/repos/dist/dev/commons/collections/RELEASE-NOTES.txt

http://people.apache.org/builds/commons/collections/4.1/RC2/changes-report.html

The tag is here:

https://svn.apache.org/repos/asf/commons/proper/collections/tags/COLLECTIONS_4_1_RC2
    (svn revision 1716550)

Site:
    http://people.apache.org/builds/commons/collections/4.1/RC2/

Clirr Report (compared to 4.0):

http://people.apache.org/builds/commons/collections/4.1/RC2/clirr-report.html

RAT Report:

http://people.apache.org/builds/commons/collections/4.1/RC2/rat-report.html

KEYS:
    https://www.apache.org/dist/commons/KEYS

Please review the release candidate and vote.

This vote will close no sooner than 24 hours from now, i.e. after 2400
GMT 26-November 2015

  [ ] +1 Release these artifacts
  [ ] +0 OK, but...
  [ ] -0 OK, but really should fix...
  [ ] -1 I oppose this release because...

Thanks,

Thomas

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Reply via email to