Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[lyo-dev] [ANN] prerelease versions of Lyo 5.1.0 and 5.0.1
Dear community,

We are preparing for a release of Eclipse Lyo 5.1.0. We just published ‘5.1.0-alpha’ version of all artifacts to Central. Changes included are listed under https://github.com/eclipse/lyo/blob/575b1d2575322ccc02c73678bf96fdf89f654c9a/CHANGELOG.md#unreleased . The release was accelerated by a CVE-triggered release of Jena. The biggest change is the decoupling of the last Wink-dependent code into 'oslc4j-core-wink’ and of the Servlet-independent code where possible to 'lyo-core-model’ to enable building Lyo apps in Servlet-free environments. We are also planning to switch to building JVM 11 compatible bytecode using JDK 17 in this release, given the ample evidence from other OSS projects that the bytecode is indeed fully compatible if configured correctly. With this, some old issues with the Javadoc generation have been resolved, notably the search & navigation to the results now works well: https://download.eclipse.org/lyo/docs/all/5.1.0-alpha/apidocs/index.html . 

In a first for Lyo, we have also published ‘5.0.1.CR’ version (available on Central). Notably, this was done after publishing ‘5.1.0-alpha’ (apologies with the separator confusion, we will try to stick to the dots from now on for non-SNAPSHOT qualifiers) and not off the ‘master’ branch, but off ‘maint-5.0’. With this, we’ve put to test the CI improvements we made some time ago to enable releasing backported fixes to older versions of Lyo via ‘maint-*’ branches. The only change in this version (compared to '5.0.0.Final') is the Jena version change: https://github.com/eclipse/lyo/blob/maint-5.0/CHANGELOG.md . I would like to clarify that we are still limited by our dependencies in terms of maintain older versions of Lyo. Most importantly, Jena refuses to maintain older version due to a shortage of dev resources. In theory, we could follow https://reload4j.qos.ch/ and create a fork of Jena that would only backport security-related commits to older Jena versions. I am thinking of CVE-2021-39239 primarily (impacts the security of parsing RDF/XML inputs), see https://jena.apache.org/about_jena/security-advisories.html for a full list.

Of note to the occasional contributors to Lyo, we’ve also updated the CI/build process a bit and from now on, we will receive updated to dependencies automatically as well to the CI workflows. Also, existing PRs will be rebased automatically whenever possible. More importantly, we now have a process to semi-automatically test a downstream project with Lyo on a certain branch, which could increase confidence in landing the PRs on master. See https://github.com/oslc-op/refimpl/blob/master/.github/workflows/maven-acceptance-manual.yml and https://github.com/OSLC/lyo-samples/blob/master/.github/workflows/maven-smoke-manual.yml for the configuration examples.

You are welcome to test the published prerelease versions and report problems (if any) to https://github.com/eclipse/lyo/issues 

Best regards,
Andrew

Back to the top