Hello Gary,
Thank you for this release.
I'd like to point out to users of Commons Compress that this version
1.26.0 introduce a *new* dependency to commons-codec (for which it uses
the latest 1.16.1).
https://central.sonatype.com/artifact/org.apache.commons/commons-compress/dependencies
So in case some of you were expecting to perform drop in replacement of
the commons-compress jar to benefit from vulnerbabilities fixes, beware
that you must also introduce new dependencies. (Using dependency
management tool would have included thoses dependency, so this is more
of a warning for people still doing old and ugly "jar pickup and drop" ;) )
And for more details, below are the dependencies that were introduced
(in case you want to update anyway, you probably could without addding
commons codec, if you are not using those features...) :
org.apache.commons.compress.archivers.tar
--> org.apache.commons.codec.Charsets.toCharset(java.lang.String) *
org.apache.commons.compress.compressors.lz4
--> org.apache.commons.codec.digest.XXHash32 *
--> org.apache.commons.codec.digest.XXHash32.XXHash32() *
--> org.apache.commons.codec.digest.XXHash32.XXHash32(int) *
--> org.apache.commons.codec.digest.XXHash32.getValue() *
--> org.apache.commons.codec.digest.XXHash32.reset() *
--> org.apache.commons.codec.digest.XXHash32.update(byte[], int, int) *
--> org.apache.commons.codec.digest.XXHash32.update(int) *
org.apache.commons.compress.compressors.snappy
--> org.apache.commons.codec.digest.PureJavaCrc32C *
--> org.apache.commons.codec.digest.PureJavaCrc32C.PureJavaCrc32C() *
--> org.apache.commons.codec.digest.PureJavaCrc32C.getValue() *
--> org.apache.commons.codec.digest.PureJavaCrc32C.reset() *
--> org.apache.commons.codec.digest.PureJavaCrc32C.update(byte[],
int, int) *
Regards
On 19/02/2024 02:28, Gary Gregory wrote:
The Apache Commons team is pleased to announce Apache Compress 1.26.0.
Apache Commons Compress defines an API for working with compression
and archive formats. These include bzip2, gzip, pack200, LZMA, XZ,
Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli,
Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
This minor feature and maintenance release.
Historical list of changes:
https://commons.apache.org/proper/commons-compress/changes-report.html
For complete information on Apache Commons Compress, including
instructions on how to submit bug reports, patches, or suggestions for
improvement, see the Apache Commons Compress website:
https://commons.apache.org/proper/commons-compress/
Download page:
https://commons.apache.org/proper/commons-compress/download_io.cgi
Have fun!
Gary Gregory
-Apache Commons Team
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@commons.apache.org
For additional commands, e-mail: user-h...@commons.apache.org
EXTERNAL SENDER: Do not click any links or open any attachments unless you
trust the sender and know the content is safe.
EXPÉDITEUR EXTERNE: Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe à
moins qu’ils ne proviennent d’un expéditeur fiable, ou que vous ayez
l'assurance que le contenu provient d'une source sûre.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@commons.apache.org
For additional commands, e-mail: user-h...@commons.apache.org
