Hi, Here is a vote on the release of Apache Jena 4.3.1. This is the first proposed release candidate.
The primary purpose of this release is to update log4j2: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 The deadline is Monday, 13 December 2021 at 17:00 UTC. Please vote to approve this release: [ ] +1 Approve the release [ ] 0 Don't care [ ] -1 Don't release, because ... ==== Items in this release JENA-2211: Upgrade to Log4j2 2.15.0 JENA-2209, JENA-2210: xloader improvements JENA-2207: Fix for SERVICE ==== Release Vote Everyone, not just committers, is invited to test and vote. Please download and test the proposed release. Staging repository: https://repository.apache.org/content/repositories/orgapachejena-1046 Proposed dist/ area: https://dist.apache.org/repos/dist/dev/jena/ Keys: https://svn.apache.org/repos/asf/jena/dist/KEYS Git commit (browser URL): https://github.com/apache/jena/commit/7f47eaaf7c Git Commit Hash: 7f47eaaf7cc0029291ce64790da987ec2d29fdf5 Git Commit Tag: jena-4.3.1 This vote will be open until at least Monday, 13 December 2021 at 17:00 UTC. If you expect to check the release but the time limit does not work for you, please email within the schedule above with an expected time and we can extend the vote period. Thanks, Andy Checking needed: + are the GPG signatures fine? + are the checksums correct? + is there a source archive? + can the source archive be built? (NB This requires a "mvn install" first time) + is there a correct LICENSE and NOTICE file in each artifact (both source and binary artifacts)? + does the NOTICE file contain all necessary attributions? + have any licenses of dependencies changed due to upgrades? if so have LICENSE and NOTICE been upgraded appropriately? + does the tag/commit in the SCM contain reproducible sources?
