This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git
The following commit(s) were added to refs/heads/asf-staging by this push: new 3e75500 Fix 2.3.1/download page: MD5 links should be SHA512 links 3e75500 is described below commit 3e75500fbd111030b47772e408e6ed22c0032ec6 Author: Remko Popma <rem...@yahoo.com> AuthorDate: Thu Dec 23 11:28:34 2021 +0900 Fix 2.3.1/download page: MD5 links should be SHA512 links --- log4j-2.3.1/download.html | 70 +++++++++++++++++++++++++---------------------- 1 file changed, 38 insertions(+), 32 deletions(-) diff --git a/log4j-2.3.1/download.html b/log4j-2.3.1/download.html index cd6b746..517e953 100644 --- a/log4j-2.3.1/download.html +++ b/log4j-2.3.1/download.html @@ -257,39 +257,45 @@ <h2><a name="Download_Apache_Log4j_2"></a>Download Apache Log4j 2</h2> <p>Apache Log4j 2 is distributed under the <a class="externalLink" href="http://www.apache.org/licenses/LICENSE-2.0.html"> Apache License, version 2.0</a>.</p> <p>The link in the Mirrors column should display a list of available mirrors with a default selection based on your inferred location. If you do not see that page, try a different browser. The checksum and signature are links to the originals on the main distribution server.</p> -<table border="1" class="bodyTable"> -<tr class="a"> -<td align="left"></td> -<td align="left">Mirrors</td> -<td align="left">Checksum</td> -<td align="left">Signature</td></tr> -<tr class="b"> -<td align="left">Apache Log4j 2 binary (tar.gz)</td> -<td align="left"><a class="externalLink" href="http://www.apache.org/dyn/closer.cgi/logging/log4j/2.3.1/apache-log4j-2.3.1-bin.tar.gz"> apache-log4j-2.3.1-bin.tar.gz</a></td> -<td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log4j/2.3.1/apache-log4j-2.3.1-bin.tar.gz.md5"> apache-log4j-2.3.1-bin.tar.gz.md5</a></td> -<td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log4j/2.3.1/apache-log4j-2.3.1-bin.tar.gz.asc"> apache-log4j-2.3.1-bin.tar.gz.asc</a></td></tr> -<tr class="a"> -<td align="left">Apache Log4j 2 binary (zip)</td> -<td align="left"><a class="externalLink" href="http://www.apache.org/dyn/closer.cgi/logging/log4j/2.3.1/apache-log4j-2.3.1-bin.zip"> apache-log4j-2.3.1-bin.zip</a></td> -<td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log4j/2.3.1/apache-log4j-2.3.1-bin.zip.md5"> apache-log4j-2.3.1-bin.zip.md5</a></td> -<td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log42/apache-log4j-2.3.1-bin.zip.asc"> apache-log4j-2.3.1-bin.zip.asc</a></td></tr> -<tr class="b"> -<td align="left">Apache Log4j 2 source (tar.gz)</td> -<td align="left"><a class="externalLink" href="http://www.apache.org/dyn/closer.cgi/logging/log4j/2.3.1/apache-log4j-2.3.1-src.tar.gz"> apache-log4j-2.3.1-src.tar.gz</a></td> -<td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log4j/2.3.1/apache-log4j-2.3.1-src.tar.gz.md5"> apache-log4j-2.3.1-src.tar.gz.md5</a></td> -<td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log4j/2.3.1/apache-log4j-2.3.1-src.tar.gz.asc"> apache-log4j-2.3.1-src.tar.gz.asc</a></td></tr> -<tr class="a"> -<td align="left">Apache Log4j 2 source (zip)</td> -<td align="left"><a class="externalLink" href="http://www.apache.org/dyn/closer.cgi/logging/log4j/2.3.1/apache-log4j-2.3.1-src.zip"> apache-log4j-2.3.1-src.zip</a></td> -<td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log4j/2.3.1/apache-log4j-2.3.1-src.zip.md5"> apache-log4j-2.3.1-src.zip.md5</a></td> -<td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log42/apache-log4j-2.3.1-src.zip.asc"> apache-log4j-2.3.1-src.zip.asc</a></td></tr></table> -<p>It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures. Please read <a class="externalLink" href="http://httpd.apache.org/dev/verification.html">Verifying Apache HTTP Server Releases</a> for more information on why you should verify our releases.</p> -<p>The PGP signatures can be verified using PGP or GPG. First download the <a class="externalLink" href="https://www.apache.org/dist/logging/KEYS">KEYS</a> as well as the asc signature file for the relevant distribution. Make sure you get these files from the <a class="externalLink" href="https://www.apache.org/dist/logging/">main distribution directory</a>, rather than from a mirror. Then verify the signatures using</p> -<div> + + <table border="1" class="bodyTable"> + <tr class="a"> + <td align="left"></td> + <td align="left">Mirrors</td> + <td align="left">Checksum</td> + <td align="left">Signature</td></tr> + <tr class="b"> + <td align="left">Apache Log4j 2 binary (tar.gz)</td> + <td align="left"><a class="externalLink" href="http://www.apache.org/dyn/closer.cgi/logging/log4j/2.3.1/apache-log4j-2.3.1-bin.tar.gz"> apache-log4j-2.3.1-bin.tar.gz</a></td> + <td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log4j/2.3.1/apache-log4j-2.3.1-bin.tar.gz.sha512"> apache-log4j-2.3.1-bin.tar.gz.sha512</a></td> + <td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log4j/2.3.1/apache-log4j-2.3.1-bin.tar.gz.asc"> apache-log4j-2.3.1-bin.tar.gz.asc</a></td></tr> + <tr class="a"> + <td align="left">Apache Log4j 2 binary (zip)</td> + <td align="left"><a class="externalLink" href="http://www.apache.org/dyn/closer.cgi/logging/log4j/2.3.1/apache-log4j-2.3.1-bin.zip"> apache-log4j-2.3.1-bin.zip</a></td> + <td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log4j/2.3.1/apache-log4j-2.3.1-bin.zip.sha512"> apache-log4j-2.3.1-bin.zip.sha512</a></td> + <td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log42/apache-log4j-2.3.1-bin.zip.asc"> apache-log4j-2.3.1-bin.zip.asc</a></td></tr> + <tr class="b"> + <td align="left">Apache Log4j 2 source (tar.gz)</td> + <td align="left"><a class="externalLink" href="http://www.apache.org/dyn/closer.cgi/logging/log4j/2.3.1/apache-log4j-2.3.1-src.tar.gz"> apache-log4j-2.3.1-src.tar.gz</a></td> + <td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log4j/2.3.1/apache-log4j-2.3.1-src.tar.gz.sha512"> apache-log4j-2.3.1-src.tar.gz.sha512</a></td> + <td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log4j/2.3.1/apache-log4j-2.3.1-src.tar.gz.asc"> apache-log4j-2.3.1-src.tar.gz.asc</a></td></tr> + <tr class="a"> + <td align="left">Apache Log4j 2 source (zip)</td> + <td align="left"><a class="externalLink" href="http://www.apache.org/dyn/closer.cgi/logging/log4j/2.3.1/apache-log4j-2.3.1-src.zip"> apache-log4j-2.3.1-src.zip</a></td> + <td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log4j/2.3.1/apache-log4j-2.3.1-src.zip.sha512"> apache-log4j-2.3.1-src.zip.sha512</a></td> + <td align="left"><a class="externalLink" href="https://www.apache.org/dist/logging/log42/apache-log4j-2.3.1-src.zip.asc"> apache-log4j-2.3.1-src.zip.asc</a></td></tr></table> + <p>It is essential that you verify the integrity of the downloaded files using the PGP or SHA512 signatures. Please read <a class="externalLink" href="http://httpd.apache.org/dev/verification.html">Verifying Apache HTTP Server Releases</a> for more information on why you should verify our releases.</p> + <p>The PGP signatures can be verified using PGP or GPG. First download the <a class="externalLink" href="https://www.apache.org/dist/logging/KEYS">KEYS</a> as well as the asc signature file for the relevant distribution. Make sure you get these files from the <a class="externalLink" href="https://www.apache.org/dist/logging/">main distribution directory</a>, rather than from a mirror. Then verify the signatures using</p> + <div> <pre>% gpg --import KEYS -% gpg --verify apache-log4j-2.3.1-bin.tar.gz.asc</pre></div> -<p>Apache Log4j 2.3.1 is signed by Ralph Goers (B3D8E1BA)</p> -<p>Alternatively, you can verify the MD5 signature on the files. A unix program called md5 or md5sum is included in many unix distributions.</p> +% gpg --verify apache-log4j-2.3.1-bin.tar.gz.asc +</pre></div> + <p>Apache Log4j 2.3.1 is signed by Ralph Goers (B3D8E1BA)</p> + <p>Alternatively, you can verify the SHA512 signature on the files. A Unix program called sha or sha512sum is included in many Unix distributions.</p> + + + + <div class="section"> <h3><a name="Previous_Releases"></a>Previous Releases</h3> <p>All previous releases of Apache log4j can be found in the <a class="externalLink" href="http://archive.apache.org/dist/logging/log4j">archive repository</a>.</p></div>