[CANCELLED] [VOTE] Release Apache Sling XSS Protection API 2.3.10
Hi, This vote is cancelled because of the extra OSGi requirements that were unintentionally added. The fix is tracked in https://issues.apache.org/jira/browse/SLING-12123 . Thanks, Robert
Re: [VOTE] Release Apache Sling XSS Protection API 2.3.10
Hi Eric, On Sat, 2023-10-28 at 14:23 -0700, Eric Norman wrote: > -1 for me. This version doesn't appear to resolve when I plug it > into the > starter project. Were there additional new dependencies required to > use > it? Good catch, I will cancel the vote. I don't think any of the new requirements are intentional. We did some work around dependencies, upgrading version and also started using org.owasp.encoder as a bundle ( SLING-12005 ), but none of the changes should result in the requirements that you reported. Thanks, Robert
Re: [VOTE] Release Apache Sling XSS Protection API 2.3.10
-1 for me. This version doesn't appear to resolve when I plug it into the starter project. Were there additional new dependencies required to use it? It reports the following errors from the feature analyzer: [ERROR] [bundle-packages] org.apache.sling:org.apache.sling.xss:2.3.10: Bundle is importing packages [javax.annotation.meta, android.os] with start order 20 but no bundle is exporting these for that start order. [ERROR] Analyser detected errors on feature 'org.apache.sling:org.apache.sling.starter:slingosgifeature:oak_tar:13-SNAPSHOT'. See log output for error messages. On Thu, Oct 26, 2023 at 9:45 AM Robert Munteanu wrote: > Hi, > > We solved 6 issues in this release: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353392=Text > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2799/ > > You can use this UNIX script to download the release and verify the > signatures: > > https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh > > Usage: > sh check_staged_release.sh 2799 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > Regards, > Robert Munteanu >
Re: [VOTE] Release Apache Sling XSS Protection API 2.3.10
On Thu, 2023-10-26 at 16:43 +, Robert Munteanu wrote: > Please vote to approve this release: +1 Robert signature.asc Description: This is a digitally signed message part
Re: [VOTE] Release Apache Sling XSS Protection API 2.3.10
+1 On Thu, Oct 26, 2023 at 12:44 PM Robert Munteanu wrote: > > Hi, > > We solved 6 issues in this release: > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353392=Text > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2799/ > > You can use this UNIX script to download the release and verify the > signatures: > https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh > > Usage: > sh check_staged_release.sh 2799 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > Regards, > Robert Munteanu
[VOTE] Release Apache Sling XSS Protection API 2.3.10
Hi, We solved 6 issues in this release: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310710=12353392=Text Staging repository: https://repository.apache.org/content/repositories/orgapachesling-2799/ You can use this UNIX script to download the release and verify the signatures: https://raw.githubusercontent.com/apache/sling-tooling-release/master/check_staged_release.sh Usage: sh check_staged_release.sh 2799 /tmp/sling-staging Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... This majority vote is open for at least 72 hours. Regards, Robert Munteanu