My +1
--
Matt Sicker
> On Dec 29, 2021, at 10:35, Carter Kozak <[email protected]> wrote:
>
> +1
>
> $ mvn -version
> Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537)
> Maven home: /opt/homebrew/Cellar/maven/3.8.4/libexec
> Java version: 1.8.0_312, vendor: Azul Systems, Inc., runtime:
> /Users/ckozak/.tools/jdk/zulu8.58.0.13-ca-jdk8.0.312-macosx_aarch64/zulu-8.jdk/Contents/Home/jre
> Default locale: en_US, platform encoding: UTF-8
> OS name: "mac os x", version: "12.1", arch: "aarch64", family: "mac"
>
> build/tests/rat look good
>
> -ck
>
> On Tue, Dec 28, 2021, at 20:59, Matt Sicker wrote:
>> This is a vote to release Log4j 2.3.2, a security release for Java 6 users.
>>
>> Please download, test, and cast your votes on the log4j developers list.
>> [] +1, release the artifacts
>> [] -1, don't release because…
>>
>> The vote will remain open for as short amount as time as required to vet the
>> release. All votes are welcome and we encourage everyone to test the
>> release, but only Logging PMC votes are “officially” counted. As always, at
>> least 3 +1 votes and more positive than negative votes are required.
>>
>> Changes in this version include:
>>
>> Fixed Bugs
>>
>> Fixed Bugs:
>> o LOG4J2-3293: JDBC Appender should use JNDI Manager and JNDI access should
>> be limited.
>> Backport fix for CVE-2021-44832.
>> o LOG4J2-2819: Add support for specifying an SSL configuration for
>> SmtpAppender.
>> Backport fix for CVE-2020-9488 to allow SSL/TLS hostname verification.
>>
>> Tag:
>> a) for a new copy do "git clone
>> https://github.com/apache/logging-log4j2.git
>> <https://github.com/apache/logging-log4j2.git>
>> <https://github.com/apache/logging-log4j2.git
>> <https://github.com/apache/logging-log4j2.git>>" and then "git checkout
>> tags/log4j-2.3.2-rc1” or just "git clone -b log4j-2.3.2-rc1
>> https://github.com/apache/logging-log4j2.git
>> <https://github.com/apache/logging-log4j2.git>
>> <https://github.com/apache/logging-log4j2.git
>> <https://github.com/apache/logging-log4j2.git>>"
>> b) for an existing working copy to “git pull” and then “git checkout
>> tags/log4j-2.3.2-rc1”
>>
>> Web Site: [none published yet; need someone to stage a generated site]
>>
>> Maven Artifacts:
>> https://repository.apache.org/content/repositories/orgapachelogging-1081/
>> <https://repository.apache.org/content/repositories/orgapachelogging-1081/>
>>
>> Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/
>> <https://dist.apache.org/repos/dist/dev/logging/log4j/>
>> <https://dist.apache.org/repos/dist/dev/logging/log4j/
>> <https://dist.apache.org/repos/dist/dev/logging/log4j/>>
>>
>> You may download all the Maven artifacts by executing:
>> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate
>> https://repository.apache.org/content/repositories/orgapachelogging-1081/org/apache/logging/log4j/
>>
>> <https://repository.apache.org/content/repositories/orgapachelogging-1081/org/apache/logging/log4j/>
>>
>> --
>> Matt Sicker
