> On 29 October 2019 at 13:24 Mattia Rizzolo <mat...@mapreri.org> wrote: > > Hello,
Hello Mattia, hello all, > I believe it's high time for a new PoDoFo release. > It has been slightly more than one year since the last one was done. > Alright, there are still a few CVEs and other bugs opened, but many > have been fixed in the same time, and it's getting slightly annoying to > keep cherry-picking patches. Also, it's likely that more will appear > the more we wait, so it doesn't make much sense to wait more. I don't think a new release should contain any known security issues, and if I recall correctly this was already deprioritised in 0.9.6, it'd disappoint me if this happened again. Is it still called "cherry-picking" when all the patches are taken into the packaging, or is there something to exclude from the Debian package (if I'm informed right, 0.9.7 is to be a bugfix-only release)? > Are there any particular blockers for 0.9.7 at this time? I would also like to work on a fix for CVE-2018-8002 if it's understood that it would entail a technical limit for nesting as there are limits given in an appendix of the PDF spec (free PDF32000_2008.pdf). For me, getting acceptance on what should be in the special (documentation) revision 2000 (see other ML post, please) would come first. > --regards, Mattia Rizzolo Best regards, mabri _______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users
