Front page | perl.perl5.porters |
Postings from July 2012
Finally, 5.16.1 is unblocked. I can't tell you how relieved I am. In the course of investigating some unrelated and spurious reports, we discovered a surprising little bug. In short, C< require ::foo > acted like C< require "/foo.pm" > instead of searching only in @INC. The perl5 security team looked through this and a number of attached problems to try to determine whether this represented a vulnerability in perl, and we have determined that it does *not*. Still, we have already informed the security teams of downstream vendors of perl and given them time to object to proceeding with fixes for this as "business as usual." None objected. The smoke-me/require branch contains a fix for this bug, and will land on blead shortly assuming further testing finds no problems. It will then be backported to maint-5.16, which will be tested and released as usual. Once that's done, I'll move on to maint-5.14. A maint-5.12 is also likely after that. With that done, I hope to spend a little time lying atop a warm rock. Thanks for your patience during this unexpected and unexplained delay of maint-5.16. I think no one is more pleased than I to have things moving once again. -- rjbsThread Next