Consider a 7.8.1 patch release
Issue #343
resolved
It appears that 7.9 is only bug fixes. I’d like to pick up those fixes for Spring Security 5.2.2. But, we keep a pretty strict policy to only take patch releases inside our own patch releases.
If it’s true that 7.9 is only bug fixes, then a patch release off of 7.8.1 containing those same fixes seems reasonable.
The nice thing about doing a 7.8.1 would be that Spring Boot and Spring Security users would get those fixes a little quicker without needing to manage the dependency.
Comments (4)
-
-
- changed status to resolved
Should be out on Maven Central later today: 7.8.1
-
reporter Thanks!
-
reporter Is it in the realm of possibilities to also update the CVE report to indicate that 7.8.1 also addresses the CVE?
- Log in to comment
7.9 extends the API with two new methods, for that reason it was considered a point release.
We could do another exact release of 7.9 as 7.8.1. The new Base64 method changes cannot be disentangled from the patches.