Re: Release commons-lang:2.6.1 with a fix for CVE-2025-48924

Vladimir Sitnikov 2025年11月14日 02:38:31 -0800

>If users adopt such policies that's their problem, we've done our homework.

For reference, Spring Boot has such a policy that forbids minor version
upgrades.
Sure your mileage might vary, however, it is an important bit of the
ecosystem, and not providing
a security patch effectively hurts Spring Boot users.
Vladimir

• Previous message
• View by thread
• View by date
• Next message

• Release commons-lang:2.6.1 with a fix for CVE-2025-4... Vladimir Sitnikov
• • Re: Release commons-lang:2.6.1 with a fix for C... Gary Gregory
  • • Re: Release commons-lang:2.6.1 with a fix f... Gary D. Gregory
  • Re: Release commons-lang:2.6.1 with a fix for C... Emmanuel Bourg
  • • Re: Release commons-lang:2.6.1 with a fix f... Vladimir Sitnikov
    • • Re: Release commons-lang:2.6.1 with a f... Emmanuel Bourg
      • • Re: Release commons-lang:2.6.1 with... Gary Gregory
        • Re: Release commons-lang:2.6.1 with... Phil Steitz
        • • Re: Release commons-lang:2.6.1... Piotr P. Karwasz
          • • Re: Release commons-lang:2... Emmanuel Bourg
            • • Re: Release commons-la... Vladimir Sitnikov
              • Re: Release commons-la... sebb
              • Re: Release commons-la... Vladimir Sitnikov
              • Re: Release commons-la... Emmanuel Bourg
              • Re: Release commons-la... Vladimir Sitnikov
              • Re: Release commons-la... Emmanuel Bourg
              • Re: Release commons-la... Vladimir Sitnikov
              • Re: Release commons-la... Emmanuel Bourg
          • Re: Release commons-lang:2.6.1... Arnout Engelen
      • Re: Release commons-lang:2.6.1 with a f... Elliotte Rusty Harold
      • • Re: Release commons-lang:2.6.1 with... Phil Steitz