About PCRE 8.45 end of life

[Yi Zhang]

Hi Philip,
I noticed that PCRE 8.45 is now at end of life, but unfortunately we have some legacy systems still in use. We are also trying to upgrade to PCRE2, but it will take some time. I would like to know will the community provide some help such as patch fixes when a CVE vulnerability happens by accident?

Thanks!

[Philip Hazel]

I'm afraid I have no idea. If a really serious issue arose, I might be persuaded to take a look, but it is now 7 years since PCRE2 was released so I have completely forgotten how the code works. 

Regards,

Philip

--
You received this message because you are subscribed to the Google Groups "PCRE2 discussion list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pcre2-dev+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pcre2-dev/bd94ee65-7b4b-4772-a903-3ad6e7c78127n%40googlegroups.com.

[wang song]

Dear Mr. Philip, thank you for your open source dedication, my company also has several legacy projects using PCRE 8.X, which unfortunately cannot be upgraded to PCRE2. Are there other ways to get help from the community if serious issues arise in the future?
Thanks, looking forward to your reply!

[Philip Hazel]

You can try asking on this list, but I suspect there are not many people about who are familiar with the 8.xx code any more. 

Regards,

Philip

To view this discussion on the web visit https://groups.google.com/d/msgid/pcre2-dev/c9803c18-ca18-4fa5-9d2c-5932f9818c2cn%40googlegroups.com.

[Yi Zhang]

Hi Mr Philip,
I see that you have created the `PCRE2Project` organization on github. Is it possible to put PCRE 8.45 under this organization as well? I would be more than willing to help continue maintaining PCRE, for example by providing 1 year of extended support (no new features, just fix CVE or serious bugs).
Because there are not only many legacy systems that use pcre widely, but this is also the case in the open source community, such as openresty\glib2\grep, etc.
I think the switch to PCRE2 is very necessary, but it will take a process. In the process of switching to PCRE2, it is also necessary to give PCRE some support for vulnerabilities.
 
Looking forward to your reply, thanks!

Philip Hazel <philip...@gmail.com> 于2022年3月27日周日 00:25写道：

To view this discussion on the web visit https://groups.google.com/d/msgid/pcre2-dev/CADz7ckYpPa13b6xz5OAXED8ZMmZmO7%2BY9e13X7k6gW%3DDj_HjWA%40mail.gmail.com.

[Philip Hazel]

Hello,

Thank you for your message, but I am afraid the answer has to be "no". The organization is called PCRE2Project to emphasise that it applies only to PCRE2. It makes no sense to include the legacy PCRE1. But as well as that, I really don't want to encourage the use of PCRE1 in any way. It is now more than seven years since PCRE2 first appeared, and until nearly a year ago we did fix bugs in it, but there was nothing very serious in the last few years. Your offer of support is generous, but I suspect there will not be anything that needs doing. 

Regards,

Philip

[Yi Zhang]

I understand. Thank you for your reply and my best regards to you.

Philip Hazel <philip...@gmail.com> 于2022年4月24日周日 21:48写道：