Re: [VOTE] Release Log4j 2.3.2 for Java 6

Tue, 28 Dec 2021 23:46:16 -0800 

+1

commits OK
sigs OK
hashes OK
`./mvnw clean verify apache-rat:check *-pl \!:log4j-perf*` OK on

$ java -version
openjdk version "1.8.0_312"
OpenJDK Runtime Environment (Zulu 8.58.0.13-CA-linux64) (build
1.8.0_312-b07)
OpenJDK 64-Bit Server VM (Zulu 8.58.0.13-CA-linux64) (build 25.312-b07,
mixed mode)

$ uname -a
Linux tahta 5.11.0-43-generic #47~20.04.2-Ubuntu SMP Mon Dec 13 11:06:56
UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

On Wed, Dec 29, 2021 at 2:59 AM Matt Sicker <[email protected]> wrote:

> This is a vote to release Log4j 2.3.2, a security release for Java 6 users.
>
> Please download, test, and cast your votes on the log4j developers list.
> [] +1, release the artifacts
> [] -1, don't release because…
>
> The vote will remain open for as short amount as time as required to vet
> the release. All votes are welcome and we encourage everyone to test the
> release, but only Logging PMC votes are “officially” counted. As always, at
> least 3 +1 votes and more positive than negative votes are required.
>
> Changes in this version include:
>
> Fixed Bugs
>
> Fixed Bugs:
> o LOG4J2-3293:  JDBC Appender should use JNDI Manager and JNDI access
> should be limited.
>         Backport fix for CVE-2021-44832.
> o LOG4J2-2819:  Add support for specifying an SSL configuration for
> SmtpAppender.
>         Backport fix for CVE-2020-9488 to allow SSL/TLS hostname
> verification.
>
> Tag:
> a)  for a new copy do "git clone
> https://github.com/apache/logging-log4j2.git <
> https://github.com/apache/logging-log4j2.git>" and then "git checkout
> tags/log4j-2.3.2-rc1”  or just "git clone -b log4j-2.3.2-rc1
> https://github.com/apache/logging-log4j2.git <
> https://github.com/apache/logging-log4j2.git>"
> b) for an existing working copy to “git pull” and then “git checkout
> tags/log4j-2.3.2-rc1”
>
> Web Site: [none published yet; need someone to stage a generated site]
>
> Maven Artifacts:
> https://repository.apache.org/content/repositories/orgapachelogging-1081/
>
> Distribution archives:
> https://dist.apache.org/repos/dist/dev/logging/log4j/ <
> https://dist.apache.org/repos/dist/dev/logging/log4j/>
>
> You may download all the Maven artifacts by executing:
> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate
> https://repository.apache.org/content/repositories/orgapachelogging-1081/org/apache/logging/log4j/
>
>  --
> Matt Sicker
>
>

Reply via email to