Re: [math] Added constructors taking sample data as arguments to enumerated real and integer distributions. JIRA: MATH-1287.

2015-11-10 Thread Gilles
Hi Phil, On Tue, 10 Nov 2015 03:48:33 + (UTC), pste...@apache.org wrote: Repository: commons-math Updated Branches: refs/heads/MATH_3_X 8aecb842d -> 430c7f456 Added constructors taking sample data as arguments to enumerated real and integer distributions. JIRA: MATH-1287. [...]

Re: Blog post "commons" vulnerability

2015-11-10 Thread Gary Gregory
Thank you Sally! Gary On Nov 10, 2015 2:20 AM, "Sally Khudairi" wrote: > Hello everyone --we are live: > - ASF "Foundation" blog http://s.apache.org/bsA - @TheASF Twitter feed > https://twitter.com/TheASF/status/664023691051843584 > ...plus sent to annou...@apache.org and our

Re: [math] Added constructors taking sample data as arguments to enumerated real and integer distributions. JIRA: MATH-1287.

2015-11-10 Thread Phil Steitz
On 11/10/15 9:13 AM, Gilles wrote: > Hi Phil, > > On Tue, 10 Nov 2015 03:48:33 + (UTC), pste...@apache.org wrote: >> Repository: commons-math >> Updated Branches: >> refs/heads/MATH_3_X 8aecb842d -> 430c7f456 >> >> >> Added constructors taking sample data as arguments to enumerated >> real

Re: [VOTE] Release Commons Collections 3.2.2 Based on RC1

2015-11-10 Thread Luc Maisonobe
Le 09/11/2015 23:37, Thomas Neidhart a écrit : > Hi all, > > in order to provide a work-around for the known remote code exploit via > java de-serialization of malicious InvokerTransformer instances, I would > like to start a vote to release Commons Collections 3.2.2 based on RC1. > > I would

Re: [2/2] [math] MATH-1285: added definition of distribution to javadoc of ZipfDistribution

2015-11-10 Thread Otmar Ertl
Thanks, good to know. Unfortunately, I used LogNormalDistribution as template. On Tue, Nov 10, 2015 at 9:51 PM, Gilles wrote: > Hi Otmar. > > On Tue, 10 Nov 2015 20:32:13 -, oe...@apache.org wrote: >> >> MATH-1285: added definition of distribution to javadoc of

Re: [VOTE] Release Commons Collections 3.2.2 Based on RC1

2015-11-10 Thread Gary Gregory
Hi all: -1 Sorry, the RAT failure needs to be handled one way or another: exclude the files or add headers: Unapproved licenses: data/test/NullComparator.version2.obj1 data/test/NullComparator.version2.obj2 xdocs/style/project.css I imagine the obj files can be excluded but the CSS

Re: [VOTE] Release Commons Collections 3.2.2 Based on RC1

2015-11-10 Thread Thomas Neidhart
On 11/10/2015 09:59 PM, Luc Maisonobe wrote: > Le 09/11/2015 23:37, Thomas Neidhart a écrit : >> Hi all, >> >> in order to provide a work-around for the known remote code exploit via >> java de-serialization of malicious InvokerTransformer instances, I would >> like to start a vote to release

[GitHub] commons-compress pull request: Add bzip2 support to zip (read-only...

2015-11-10 Thread UncleOwen
GitHub user UncleOwen opened a pull request: https://github.com/apache/commons-compress/pull/4 Add bzip2 support to zip (read-only) You can merge this pull request into a Git repository by running: $ git pull https://github.com/UncleOwen/commons-compress

Re: [2/2] [math] MATH-1285: added definition of distribution to javadoc of ZipfDistribution

2015-11-10 Thread Gilles
Hi Otmar. On Tue, 10 Nov 2015 20:32:13 -, oe...@apache.org wrote: MATH-1285: added definition of distribution to javadoc of ZipfDistribution [...] diff --git a/src/main/java/org/apache/commons/math3/distribution/ZipfDistribution.java

Re: [VOTE] Release Commons Collections 3.2.2 Based on RC1

2015-11-10 Thread Gary Gregory
On Tue, Nov 10, 2015 at 2:22 PM, Thomas Neidhart wrote: > On 11/10/2015 10:52 PM, Gary Gregory wrote: > > Hi all: > > > > -1 > > > > Sorry, the RAT failure needs to be handled one way or another: exclude > the > > files or add headers: > > > > Unapproved licenses: > >

Re: [VOTE] Release Commons Collections 3.2.2 Based on RC1

2015-11-10 Thread Thomas Neidhart
On 11/10/2015 10:52 PM, Gary Gregory wrote: > Hi all: > > -1 > > Sorry, the RAT failure needs to be handled one way or another: exclude the > files or add headers: > > Unapproved licenses: > > data/test/NullComparator.version2.obj1 > data/test/NullComparator.version2.obj2 >

Re: Blog post "commons" vulnerability

2015-11-10 Thread Mark Thomas
On 10/11/2015 09:37, Jochen Wiedmann wrote: > I think that two important actions are missing: > > - Cut new releases. > - Create a CVE id. (No idea, who can do that or how its done.) You only need a CVE ID if there is a vulnerability. I would argue (and the OPs appear to agree with me) that

Re: Blog post "commons" vulnerability

2015-11-10 Thread Sally Khudairi
Hello everyone --we are live:  - ASF "Foundation" blog http://s.apache.org/bsA - @TheASF Twitter feed  https://twitter.com/TheASF/status/664023691051843584 ...plus sent to annou...@apache.org and our dedicated media/analyst distribution list. This will appear on the apache.org homepage during the

Re: Blog post "commons" vulnerability

2015-11-10 Thread Jochen Wiedmann
I think that two important actions are missing: - Cut new releases. - Create a CVE id. (No idea, who can do that or how its done.) We should wait with any publication until these are completed. Jochen On Tue, Nov 10, 2015 at 8:19 AM, Benedikt Ritter wrote: > Hi, >

Re: Blog post "commons" vulnerability

2015-11-10 Thread Jochen Wiedmann
On Tue, Nov 10, 2015 at 10:51 AM, Mark Thomas > You only need a CVE ID if there is a vulnerability. > > I would argue (and the OPs appear to agree with me) that this is NOT a > vulnerability in Apache Commons Collections. The vulnerability lies in > applications that are

Deserialization vulnerability in Apache Commons Collection

2015-11-10 Thread Kapoor, Deepesh
Hi Team, This is regarding "commons-collections Java library". In our applications we are widely using this library and hence looking to urgently patch the fix for vulnerability issue if it is available. Searching on internet we found one patch released on Sunday 08th Nov

Re: Blog post "commons" vulnerability

2015-11-10 Thread Mark Thomas
On 10/11/2015 10:17, Jochen Wiedmann wrote: > On Tue, Nov 10, 2015 at 10:51 AM, Mark Thomas > >> You only need a CVE ID if there is a vulnerability. >> >> I would argue (and the OPs appear to agree with me) that this is NOT a >> vulnerability in Apache Commons Collections. The

Jenkins build is back to normal : Commons-Compress » Apache Commons Compress #25

2015-11-10 Thread Apache Jenkins Server
See - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org

Jenkins build is back to normal : Commons-Compress #25

2015-11-10 Thread Apache Jenkins Server
See - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org

Re: Deserialization vulnerability in Apache Commons Collection

2015-11-10 Thread Timo
Hi Deepesh, there is an ongoing vote to release commons-collections 3.2.2, which by default prevents InvokerTransformer from being deserialized. You can find the release notes here: https://dist.apache.org/repos/dist/dev/commons/collections/RELEASE-NOTES.txt For further information, please take

[GitHub] commons-compress pull request: Add bzip2 support to zip (read-only...

2015-11-10 Thread bodewig
Github user bodewig commented on the pull request: https://github.com/apache/commons-compress/pull/4#issuecomment-155670599 Thanks a lot! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this

[GitHub] commons-compress pull request: Add bzip2 support to zip (read-only...

2015-11-10 Thread asfgit
Github user asfgit closed the pull request at: https://github.com/apache/commons-compress/pull/4 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the