Hi Stephen On 04.12.2013 22:22, Stephen Nelson wrote: [...] > I think it would be a pragmatic solution to backport the fix into the > current codebase as it should clear the grave bug and shouldn't impact > the r-deps. Agreed. I created a new branch "stable-security" and backported the patch to the stable release of libspring-java. If we decide to push on with this, I suggest we keep the security team informed by adding them to CC. > I'm working on a local branch right now so I'll be sure not to push > anything into master for the time being. I have also applied the same changes to master. I think it should be safe™. Feedback and more checks are welcome. Thanks for working on a new upstream release btw! Cheers, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature