Just realized the other CVE was for pekko-http, you can ignore my previous email. Apologies.
On Mon, Jun 19, 2023 at 11:22 AM Matthew Benedict de Detrich < [email protected]> wrote: > There was technically 2 CVEs, the other one was > https://security.snyk.io/vuln/SNYK-JAVA-COMTYPESAFEAKKA-5596910 > > On Mon, Jun 19, 2023 at 11:19 AM PJ Fanning <[email protected]> wrote: > >> I have updated the release notes to mention the CVE. [1] >> >> I'm in the process of creating the RC artifacts. Hopefully, should start >> the VOTE thread in a few hours. >> >> [1] >> https://cwiki.apache.org/confluence/display/PEKKO/Pekko+Core+Release+Notes >> >> On 2023/06/19 09:07:40 João Costa wrote: >> > What do you think of also adding to the release notes the Akka CVEs >> fixed >> > from Akka 2.6.20 to Pekko 1.0.0? >> > >> > I understand that it's a bit weird for the first release of a project >> > having CVEs fixes related to another project, but I think it will be >> useful >> > for those migrating to Pekko to keep track of what's been fixed. >> > >> > On 2023/06/16 11:00:16 PJ Fanning wrote: >> > > We are finalising the commits to incubator-pekko Git repo today and >> hope >> > to get an RC1 ready for testing and voting - possibly on Monday. >> > > >> > > I would appreciate if the Pekko community can help out with the >> testing >> > and voting. If we don't get enough release approvals, we won't be able >> to >> > release. >> > > >> > > We will need to take any RC that gets Pekko community approval and >> bring >> > it the Apache Incubator team to get them to vote on it too. >> > > >> > > This is our first RC so we are expecting that there is a good chance >> that >> > some issues with the source packaging will be found. We are pretty happy >> > that the jars built from the current source work well and have good >> testing >> > in place. All in all, it could take a number of weeks until we get the >> > release completed. >> > > >> > > Draft Release Notes: >> > > >> > > >> https://cwiki.apache.org/confluence/display/PEKKO/Pekko+Core+Release+Notes >> > > >> > > Draft Release Process: >> > > >> > > >> https://github.com/apache/incubator-pekko-site/wiki/Pekko-Release-Process >> > > >> > > >> > > On 2023/05/29 09:13:17 PJ Fanning wrote: >> > > > Hi everyone, >> > > > >> > > > There is a general plan to create a RC-1 release candidate soon - >> > possibly towards the end of next week. Matthew de Detrich and I are >> happy >> > to work on it. If you want to get involved, please comment on this >> thread. >> > Generally, we will need to have people to test out the RC1. >> > > > >> > > > If anyone thinks that this is too soon, please comment on this email >> > thread also. >> > > > >> > > > We are expecting to probably have to go through a few RCs before >> doing >> > an actual release. So that 1.0.0 release could be a fair few weeks away >> yet. >> > > > >> > > > What do I mean by Pekko Core? >> > > > These are the modules in the incubator-pekko repo [1]. Modules in >> our >> > other git repos [2] will be released later - hopefully, within a few >> months. >> > > > >> > > > What work is still ongoing? >> > > > There is a milestone tracking this [3]. There is one bug and a few >> > issues about documenting the release and how people validating the >> release >> > can do so. There is a thread about what should be in this milestone [4]. >> > > > >> > > > It would be great if people could start checking the project website >> > for issues [5]. >> > > > >> > > > [1] https://github.com/apache/incubator-pekko >> > > > [2] https://pekko.apache.org/modules.html#repositories >> > > > [3] https://github.com/apache/incubator-pekko/milestone/1 >> > > > [4] >> https://lists.apache.org/thread/jjpowpv8dlost7swo1sbokw0rwgqqs2m >> > > > [5] https://pekko.apache.org/ >> > > > >> > > > >> --------------------------------------------------------------------- >> > > > To unsubscribe, e-mail: [email protected] >> > > > For additional commands, e-mail: [email protected] >> > > > >> > > > >> > > >> > > --------------------------------------------------------------------- >> > > To unsubscribe, e-mail: [email protected] >> > > For additional commands, e-mail: [email protected] >> > > >> > > >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > > -- > > Matthew de Detrich > > *Aiven Deutschland GmbH* > > Immanuelkirchstraße 26, 10405 Berlin > > Amtsgericht Charlottenburg, HRB 209739 B > > Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen > > *m:* +491603708037 > > *w:* aiven.io *e:* [email protected] > -- Matthew de Detrich *Aiven Deutschland GmbH* Immanuelkirchstraße 26, 10405 Berlin Amtsgericht Charlottenburg, HRB 209739 B Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen *m:* +491603708037 *w:* aiven.io *e:* [email protected]
