commons-imaging stability?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

commons-imaging stability?

Matt Seil
Greetings!

I'm the project Co-Lead for OWASP's ESAPI project, and I'm looking
into this library to enhance capability.  What I'm unsure about is
that it looks like every release was either "incubator" or "Snapshot,"
and if we brought it on as a dependency, many companies have rules
against using "snapshot" terminology.

What kind of instability are we talking about?  Is it security related
or just bugs for particular file types?

This is what sparked my interest:
https://www.owasp.org/index.php/Protect_FileUpload_Against_Malicious_File#Case_n.C2.B03:_Images

--
xeno6696

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: commons-imaging stability?

Bruno P. Kinoshita-3
 Hi Matt,
The project was called Sanselan during its incubation in ASF. It had a few full releases, without reaching a 1.0 (0.97 was the last release line I believe).
Then when it was moved under commons, got renamed to Apache Commons Imaging. Several packages changes, and the code base has changed significantly since Sanselan too.
Alas, there was a long hiatus since Sanselan's last release. Commons Imaging 1.0 vote came out some months ago, but due to some issues with that release, it was postponed. I am now looking for some spare time to prepare the 1.0 release again.
If you intend to use Commons Imaging, it might be a good idea to wait for the 1.0 release. Can't promise when I will have time to work on the release again, but my plan is to have it released in February (or earlier). Otherwise my next long window for OSS development would be April.
Other committers may step in and work on it before as well. If you have time to help with the release, especially testing, that would be great too.
CheersBruno

    On Saturday, 26 January 2019, 11:03:32 AM NZDT, Matt Seil <[hidden email]> wrote:  
 
 Greetings!

I'm the project Co-Lead for OWASP's ESAPI project, and I'm looking
into this library to enhance capability.  What I'm unsure about is
that it looks like every release was either "incubator" or "Snapshot,"
and if we brought it on as a dependency, many companies have rules
against using "snapshot" terminology.

What kind of instability are we talking about?  Is it security related
or just bugs for particular file types?

This is what sparked my interest:
https://www.owasp.org/index.php/Protect_FileUpload_Against_Malicious_File#Case_n.C2.B03:_Images

--
xeno6696

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

 
Reply | Threaded
Open this post in threaded view
|

Re: commons-imaging stability?

P. Ottlinger
Am 25.01.19 um 23:47 schrieb Bruno P. Kinoshita:
> If you intend to use Commons Imaging, it might be a good idea to wait for the 1.0 release. Can't promise when I will have time to work on the release again, but my plan is to have it released in February (or earlier). Otherwise my next long window for OSS development would be April.
> Other committers may step in and work on it before as well. If you have time to help with the release, especially testing, that would be great too.

+1

Thanks for a release with the current functionality.

Cheers,
Phil

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]