Skip to content

Scala 2.13.10 (was 2.13.8) #16074

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Kordyjan merged 1 commit into from
Oct 18, 2022
Merged

Scala 2.13.10 (was 2.13.8) #16074

Kordyjan merged 1 commit into from
Oct 18, 2022

Conversation

@SethTisue
Copy link
Member

@SethTisue SethTisue commented Sep 19, 2022

No description provided.

@SethTisue SethTisue marked this pull request as draft September 19, 2022 21:02
@SethTisue SethTisue changed the title Scala 2.13.9 (was 2.13.8) Scala 2.13.10 (was 2.13.8) Oct 13, 2022
This was referenced Oct 17, 2022
Merged
Closed
@SethTisue
Copy link
Member Author

SethTisue commented Oct 17, 2022
edited
Loading

community build: JsonMemoryFootprintSpec, in play-json, needs an update

I've submitted playframework/play-json#813 and hopefully the play-json folks will confirm that there's not some regression

@SethTisue SethTisue added the backport:nominated If we agree to backport this PR, replace this tag with "backport:accepted", otherwise delete it. label Oct 17, 2022
@SethTisue
Copy link
Member Author

SethTisue commented Oct 17, 2022

The play-json folks say it's good/expected. I've pushed the fix to dotty-staging.

@SethTisue SethTisue marked this pull request as ready for review October 17, 2022 15:06
@SethTisue
Copy link
Member Author

SethTisue commented Oct 17, 2022

This is ready for review. I suggest this be included in a Scala 3.2.x release, so that people who are crossbuilding on 2 and 3 can be on the same standard library version.

@SethTisue
Copy link
Member Author

SethTisue commented Oct 17, 2022
edited
Loading

One reason to fast-track this, that I should have mentioned earlier, is the LazyList deserialization CVE on 2.13.8 (and all earlier 2.13.0 versions). In practice, I doubt many users are truly affected by it. But in practice, many shops don't really analyze the contents of CVEs — any CVE is considered a big red flag, and the affected version is considered guilty unless proven innocent.

@Kordyjan Kordyjan merged commit 3636ee6 into scala:main Oct 18, 2022
@Kordyjan Kordyjan added backport:accepted This PR needs to be backported, once it's been backported replace this tag by "backport:done" and removed backport:nominated If we agree to backport this PR, replace this tag with "backport:accepted", otherwise delete it. labels Oct 18, 2022
@Kordyjan Kordyjan mentioned this pull request Oct 18, 2022
Merged
Kordyjan added a commit that referenced this pull request Oct 18, 2022
@Kordyjan
Backport "Scala 2.13.10 (was 2.13.8)" (#16203)
f99262d 
Backports #16074
@SethTisue SethTisue deleted the scala-2.13.9 branch October 18, 2022 12:04
@Kordyjan Kordyjan added backport:done This PR was successfully backported. and removed backport:accepted This PR needs to be backported, once it's been backported replace this tag by "backport:done" labels Oct 18, 2022
@SethTisue SethTisue mentioned this pull request Oct 26, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kordyjan Kordyjan Kordyjan approved these changes

@anatoliykmetyuk anatoliykmetyuk Awaiting requested review from anatoliykmetyuk

Assignees

No one assigned

Labels

backport:done This PR was successfully backported.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SethTisue @Kordyjan