Conflicting version numbers and release dates #58
Comments
1.0.0 was released in 2021, not 2022. I guess that is just a typo here. At this point it was clear that the next version will be 2.0.0 to allow specific breaking changes
this is the date when the binary was built and not the release date. Should be older that the date on the web by some 7-10 days, but usually it is more
tag creation does not imply immediate availability of the official release
the date matches the day when the release record on github was created. There is no way to change it if one forgets to publish it on the right day
there is and always will be a delay between the content of the VCS and the web site since the web site needs to be built from the content in the VCS |
|
Thank you for the explanation. This still does not make sense to me. When are the Tags on GitHub created then? What does the Tag mean? And when I understand you correctly it seems like there is an error in the changelog as the pull request #14 was made after the release on the web, GitHub tag and date of publishing on Maven Repostory/Central Repository and therefore would not be included in version 1.0? |
14th Dec date was set by the parent project at some point during 2021 and this project was supposed to use it. Later on the release date was moved to September 22, 2022, so the project got more time for work & testing. As requirements from the parent project were changing, project had to do few respins
Maven Central is the source of truth, mvnrepository is not
it was planned to be included, yet the respin has not been done in time. Fixed in the change log already |
But then version 1.0.0 was ready earlier and got released 18th of January of 2022 or when was it released then? I cannot find the 22nd of September mentioned anywhere and wouldn't it be quite early to build a binary 8 month before release? Also if the actual release date was postponed from the 14th of December 2021, why does the website still state only that date? Isn't that confusing, especially as users are normally interested in the actual release date (only)?
Ah, ok. Thank you. It was #14 that was merged by the way not #12. Also if this was only changed in version 1.1.0, this means that version 1.0.0 is also affected by the security issue outlined in CVE-2021-44549. |
Built on Jan 18, sent from staging to central likely during end of Feb/beginning of March
https://jakarta.ee/news/jakarta-ee-10-released/
the date was changed few times every quarter. Given number of projects affected and people involved, it is not feasible to keep everything updated after each and every change in the plan
#12 is an issue, #14 is a PR fixing it. Changelog is supposed to list bugs and not PRs, if possible |
Describe the bug
There are multiple conflicting release dates for version 1.0.0 and it is unclear what's the reasoning behind version 2.0.0, 1.1.0 and 1.0.1:
Expected behavior
Every possible source lists the exact same release date for a given version and there is consensus about the next version after 1.0.0.
Additional Context
To determine whether one is affected by e.g. CVE-2021-44549 too, it would be necessary to know exactly what version one is using and in what version certain changes have been made.
The text was updated successfully, but these errors were encountered: