Hi all, we have accumulated enough changes since the last 4.0 release as well as we need to provide a fix for the known remote code exploit via java de-serialization. Therefore, I would like to start a vote to release Commons Collections 4.1 based on RC2.
Note: * The fix for the security related issue results in Clirr errors as unsafe classes in the functor package do not implement the Serializable interface anymore. This is mentioned in the release notes. * There are 2 test failures with the IBM 6 JDK. The same failures were reported for the 4.0 release and are related to a buggy Map implementation in this JDK * Commons Collections 4.X does not successfully compile with JDK 9 EA This will be tackled in a later release. Changes since RC1: * fixed compilation problems of test classes with some Java 8 compilers * fixed some javadoc in IterableUtils and MultiValuedMap * added travis configuration (only in the repository, not part of the release) to help a RM by building with different jdks Collections 4.1 RC2 is available for review here: https://dist.apache.org/repos/dist/dev/commons/collections/ (svn revision 11307) Maven artifacts are here: https://repository.apache.org/content/repositories/orgapachecommons-1129/org/apache/commons/commons-collections4/4.1/ Details of changes since 4.0 are in the release notes: https://dist.apache.org/repos/dist/dev/commons/collections/RELEASE-NOTES.txt http://people.apache.org/builds/commons/collections/4.1/RC2/changes-report.html The tag is here: https://svn.apache.org/repos/asf/commons/proper/collections/tags/COLLECTIONS_4_1_RC2 (svn revision 1716550) Site: http://people.apache.org/builds/commons/collections/4.1/RC2/ Clirr Report (compared to 4.0): http://people.apache.org/builds/commons/collections/4.1/RC2/clirr-report.html RAT Report: http://people.apache.org/builds/commons/collections/4.1/RC2/rat-report.html KEYS: https://www.apache.org/dist/commons/KEYS Please review the release candidate and vote. This vote will close no sooner than 24 hours from now, i.e. after 2400 GMT 26-November 2015 [ ] +1 Release these artifacts [ ] +0 OK, but... [ ] -0 OK, but really should fix... [ ] -1 I oppose this release because... Thanks, Thomas --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org