To adhere to configuration management paradigm, it may be good to fork off 3.2.
The information contained in this transmission is for the personal and confidential use of the individual or entity to which it is addressed. If the reader is not the intended recipient, you are hereby notified that any review, dissemination, or copying of this communication is strictly prohibited. If you have received this transmission in error, please notify the sender immediately -----Original Message----- From: Steve Lawrence <[email protected]> Sent: Wednesday, December 15, 2021 8:21 AM To: [email protected] Subject: Re: Need to create daffodil 3.2.1 ? I feel the changes to the main branch since v3.2.0 are small enough that the risk of regressions is pretty low. So I'd lean towards keeping things simple and base the 3.2.1 release off of the main branch without a fork. On 12/15/21 8:02 AM, Mike Beckerle wrote: > I think we're going to need to create a Daffodil 3.2.1 release. > > We have this current critical bug > https://issues.apache.org/jira/browse/DAFFODIL-2608 which is a flaw in > unparsing associated with a primary 3.2.0 feature. I'll take the blame > for inadequate testing there. I hope to work on this today. > > There is also a urgent CVE about Log4J. The cybersecurity community, > which uses Daffodil quite a bit, is insisting on updates to software > using Log4J within 15 days. The update for this is already in the > 3.3.0-SNAPSHOT branch. > > There have been a number of other changes made on the 3.3.0-SNAPSHOT > branch since the official 3.2.0 release. > > Are there any thoughts on whether we should just release > 3.3.0-SNAPSHOT branch as 3.2.1, or whether we should fork from 3.2.0 > and apply the minimum amount of fixes? >
