Hi LinLin, Log4j version 2.16.0 has DDoS possibilities in some cases [1] . Can we move to Log4j 2.17.0 in 2.8.2?
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not > protect from uncontrolled recursion from self-referential lookups. This > allows an attacker with control over Thread Context Map data to cause a > denial of service when a crafted string is interpreted. This issue was > fixed in Log4j 2.17.0 and 2.12.3. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105 Regards, Shivji Kumar Jha http://www.shivjijha.com/ +91 8884075512 On Tue, 21 Dec 2021 at 14:42, Masahiro Sakamoto <massa...@yahoo-corp.jp> wrote: > +1 (binding) > > - Checked checksums and signatures > - Checked license headers using Apache Rat > - Compiled the source > - Ran the standalone server > - Confirmed that producer and consumer work properly > - Validated functions, connectors, and stateful functions > > Regards, > > Masahiro Sakamoto > Yahoo Japan Corp. > E-mail: massa...@yahoo-corp.jp > > -----Original Message----- > From: Hiroyuki Sakai <hsa...@yahoo-corp.jp> > Sent: Tuesday, December 21, 2021 1:07 PM > To: dev@pulsar.apache.org > Subject: Re: [VOTE] Apache Pulsar 2.8.2 candidate 2 > > +1 (binding) > > - check signatures/checksums > - Built sources > - Validate Pub/Sub and Java Functions > - Validate Connectors > - Validate Stateful Functions > > Regards, > Hiroyuki > > > ________________________________ > From: linlin <lin...@apache.org> > Sent: Monday, December 20, 2021 20:18 > To: dev@pulsar.apache.org <dev@pulsar.apache.org> > Subject: [VOTE] Apache Pulsar 2.8.2 candidate 2 > > This is the second release candidate for Apache Pulsar, version 2.8.2 > > It fixes the following issues: > > https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fpulsar%2Fissues%3Fq%3Dlabel%253Acherry-picked%252Fbranch-2.8%2Blabel%253Arelease%252F2.8.2%2Bis%253Aclosed&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qYRCQ3Fohdy%2B6U2trDKNTO0w406ATKPZ6cPZExBQTJ4%3D&reserved=0 > > *** Please download, test and vote on this release. This vote will stay > open > for at least 72 hours *** > > Note that we are voting upon the source (tag), binaries are provided for > convenience. > Source and binary files: > > https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdist.apache.org%2Frepos%2Fdist%2Fdev%2Fpulsar%2Fpulsar-2.8.2-candidate-2%2F&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=TfezF%2BDzswX5xpbXNM1GXzW8Msqj1GkjGt4ULF6xKZA%3D&reserved=0 > > SHA-512 checksums: > > 59aa0a14188a766ce802ba30cbaa2584a1904d26d8f41f164d3f97ea1970aa1391e11755d8077c96aeb136d2b9d73bf8b768978de7fa7f71d69cb57e2c1fce8c > apache-pulsar-2.8.2-bin.tar.gz > > > 82a1423fda4004297ca2867279077ed261c7149be96deca2c127ba5b91af08fec80dc4a8b15ee2ba8704e209efa577a0c7b4cfb78341d3a43a38bf476c894c5c > apache-pulsar-2.8.2-src.tar.gz > > Maven staging repo: > > https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Frepositories%2Forgapachepulsar-1129%2F&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=4TVSZI76N8xalmLLwJyvtUJkkpNC7T0s2Taj%2Fc5CKgg%3D&reserved=0 > > The tag to be voted upon: > v2.8.2-candidate-2 (4b9cadcd57e41bc8eb95cc9b9917f938365b1cca) > > https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fpulsar%2Freleases%2Ftag%2Fv2.8.2-candidate-2&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Ba6OsrGNvcCsuYFgPp%2Btg49yRHK%2FVBmWumN7haK%2Birw%3D&reserved=0 > > Pulsar's KEYS file containing PGP keys we use to sign the release: > > https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdist.apache.org%2Frepos%2Fdist%2Fdev%2Fpulsar%2FKEYS&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=EyKfkM0wHvCOASccnZw4QN6yjtSp8lzDrKAO%2FnB3IXk%3D&reserved=0 > > Release notes draft: > > https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fpulsar%2Fpull%2F13400&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=l1tCWGIinNawL%2B%2Bui0PwSLlBn0UmKT5nX8dmH1Wfidg%3D&reserved=0 > > Please download the source package, and follow the README to build > and run the Pulsar standalone service. >
