Re: [cross-project-issues-dev] Alert regarding Apache commons-compress 1

[David M Williams <david_williams@xxxxxxxxxx>]

Thanks Thomas. 

I'm sure most readers of this list know,
but in Orbit, we'd need an Eclipse Project to request it, (as Jan has requested
1.7) and then someone would have to volunteer to add it to Orbit (if original
project didn't have any committers, they could either ask to become a committer,
or see if an existing committer was willing to do it). 

Until that happens, though, I've added
a "note" to the "download table" next to org.apache.compress
that 

"Version 1.6 does contain a bad
bug, "see https://issues.apache.org/jira/browse/COMPRESS-249"


(from my reading of the bug, it seemed
to apply only to version 1.6 ... but it was not explicit). 
Let us know, if you know differently.


Thanks, 




From:      
 Thomas Hallgren <thomas@xxxxxxx>
To:      
 Cross project issues
<cross-project-issues-dev@xxxxxxxxxxx>, 
Date:      
 04/15/2014 10:46 AM
Subject:    
   [cross-project-issues-dev]
Alert regarding Apache commons-compress        1.6
Sent by:    
   cross-project-issues-dev-bounces@xxxxxxxxxxx

---

Hi,

I just encountered a really nasty bug in the Apache commons-compress TarAchiveInputStream
that makes it silently ignore 
large parts of an archive during unpack. The bug was fixed in version 1.7.
Here's the JIRA ticket:

https://issues.apache.org/jira/browse/COMPRESS-249

I'm posting this here because in Eclipse Orbit, the 1.6 version seems to
be the most recent one. That is the version 
that is affected by this critical bug and really needs to get updated to
at least 1.7 or even better, to the latest 
release (1.8 it seems).

- thomas



_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev