Thanks! This vote is now closed with 6 +1 votes and one +0 vote. -- Matt Sicker
> On Dec 29, 2021, at 12:46, Ron Grabowski <[email protected]> > wrote: > > +0 no concerns, I'm just not at a machine where I can verify > On Wednesday, December 29, 2021, 01:40:50 PM EST, Matt Sicker > <[email protected]> wrote: > > I’m waiting to see if Ron or any other PMC members wanted to review this > before I close the vote and continue with the release. > -- > Matt Sicker > >> On Dec 29, 2021, at 11:42, Matt Sicker <[email protected]> wrote: >> >> My +1 >> -- >> Matt Sicker >> >>> On Dec 29, 2021, at 10:35, Carter Kozak <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> +1 >>> >>> $ mvn -version >>> Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537) >>> Maven home: /opt/homebrew/Cellar/maven/3.8.4/libexec >>> Java version: 1.8.0_312, vendor: Azul Systems, Inc., runtime: >>> /Users/ckozak/.tools/jdk/zulu8.58.0.13-ca-jdk8.0.312-macosx_aarch64/zulu-8.jdk/Contents/Home/jre >>> Default locale: en_US, platform encoding: UTF-8 >>> OS name: "mac os x", version: "12.1", arch: "aarch64", family: "mac" >>> >>> build/tests/rat look good >>> >>> -ck >>> >>> On Tue, Dec 28, 2021, at 20:59, Matt Sicker wrote: >>>> This is a vote to release Log4j 2.3.2, a security release for Java 6 users. >>>> >>>> Please download, test, and cast your votes on the log4j developers list. >>>> [] +1, release the artifacts >>>> [] -1, don't release because… >>>> >>>> The vote will remain open for as short amount as time as required to vet >>>> the release. All votes are welcome and we encourage everyone to test the >>>> release, but only Logging PMC votes are “officially” counted. As always, >>>> at least 3 +1 votes and more positive than negative votes are required. >>>> >>>> Changes in this version include: >>>> >>>> Fixed Bugs >>>> >>>> Fixed Bugs: >>>> o LOG4J2-3293: JDBC Appender should use JNDI Manager and JNDI access >>>> should be limited. >>>> Backport fix for CVE-2021-44832. >>>> o LOG4J2-2819: Add support for specifying an SSL configuration for >>>> SmtpAppender. >>>> Backport fix for CVE-2020-9488 to allow SSL/TLS hostname >>>> verification. >>>> >>>> Tag: >>>> a) for a new copy do "git clone >>>> https://github.com/apache/logging-log4j2.git >>>> <https://github.com/apache/logging-log4j2.git> >>>> <https://github.com/apache/logging-log4j2.git >>>> <https://github.com/apache/logging-log4j2.git>>" and then "git checkout >>>> tags/log4j-2.3.2-rc1” or just "git clone -b log4j-2.3.2-rc1 >>>> https://github.com/apache/logging-log4j2.git >>>> <https://github.com/apache/logging-log4j2.git> >>>> <https://github.com/apache/logging-log4j2.git >>>> <https://github.com/apache/logging-log4j2.git>>" >>>> b) for an existing working copy to “git pull” and then “git checkout >>>> tags/log4j-2.3.2-rc1” >>>> >>>> Web Site: [none published yet; need someone to stage a generated site] >>>> >>>> Maven Artifacts: >>>> https://repository.apache.org/content/repositories/orgapachelogging-1081/ >>>> <https://repository.apache.org/content/repositories/orgapachelogging-1081/> >>>> >>>> Distribution archives: >>>> https://dist.apache.org/repos/dist/dev/logging/log4j/ >>>> <https://dist.apache.org/repos/dist/dev/logging/log4j/> >>>> <https://dist.apache.org/repos/dist/dev/logging/log4j/ >>>> <https://dist.apache.org/repos/dist/dev/logging/log4j/>> >>>> >>>> You may download all the Maven artifacts by executing: >>>> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate >>>> https://repository.apache.org/content/repositories/orgapachelogging-1081/org/apache/logging/log4j/ >>>> >>>> <https://repository.apache.org/content/repositories/orgapachelogging-1081/org/apache/logging/log4j/> >>>> >>>> -- >>>> Matt Sicker >> >
