On 28 Mar, Kay Schenk wrote: > > > On 03/27/2016 03:37 PM, Don Lewis wrote: >> On 27 Mar, Andrea Pescetti wrote: >>> On 29/01/2016 Andrea Pescetti wrote: >>>> For 4.2.0 we need a Release Manager. I would prefer NOT to be the >>>> Release Manager for 4.2.0 since I'm finding that in this period I can >>>> help more productively with tasks that do not require constant >>>> interaction ... >>>> I am surely available to have a significant role in the 4.2.0 release >>> >>> A few days after writing this, almost 2 months ago, sudden events left >>> me incapacitated to make any significant contributions until very >>> recently. I'm still unable to make long-term commitments. >>> >>> Anyway, there are some issues we need to get done as a team before >>> appointing a release manager makes sense: >>> >>> 1) Enough code. Done. The merge of the recent gbuild work totally >>> justifies a 4.2.0 release. Also, in 4.1.2 we only included a tiny >>> fraction of the fixes that (at that time) were available on trunk. So >>> here we are already OK, and we've been OK for months. >> >> Some of the external software that is bundled has security issues. I >> put together a patch for nss here: >> <https://bz.apache.org/ooo/show_bug.cgi?id=126891>. >> >> The version of libxml currently bundled also has a lot of known >> vulnerabilities. I'm currently testing a patch. >> >> These both need review and testing. > > Ok, I'll keep my eyes open for the libxml patch and test > with your already supplied nss patch.
I filed a PR with the libxml patch late yesterday: <https://bz.apache.org/ooo/show_bug.cgi?id=126893> As an added bonus, here is the curl patch: <https://bz.apache.org/ooo/show_bug.cgi?id=126896> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
