tbh. What's the difference between cutting a new release right after the release and just postponing this release (again) to include this log4j version? I'd rather have a 4.3.4 accepted by our consumers instead of everyone just waiting for the 4.3.5 ;)
my 2 cents :) regards, Achim Am Di., 14. Dez. 2021 um 10:09 Uhr schrieb Jean-Baptiste Onofré < j...@nanthrax.net>: > There's no big change between log4j 2.15 and 2.16 (in term of CVE). So, > I would leave this vote running, and prepare Pax Logging/Karaf new > release after (pretty soon). > > Regards > JB > > On 14/12/2021 09:30, Bernd Eckenfels wrote: > > If you have any reason to delay it some more, a new pax logging with > log4j 2.0.16 should be close by ,) Log4j finally disabled JNDI and removed > the lookup code. Otherwise another minor release would also be an option. > > -- > > http://bernd.eckenfels.net > > ________________________________ > > Von: Francois Papon <francois.pa...@openobject.fr> > > Gesendet: Tuesday, December 14, 2021 8:49:24 AM > > An: dev@karaf.apache.org <dev@karaf.apache.org> > > Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2) > > > > +1 (binding) > > > > Thanks JB! > > > > regards, > > > > Francois > > > > On 13/12/2021 16:24, Jean-Baptiste Onofré wrote: > >> Hi everyone, > >> > >> I submit Apache Karaf runtime 4.3.4 to your vote (take #2). > >> > >> This release includes dependency upgrades, fixes, and improvements, > >> especially: > >> > >> - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing > >> important security issue (CVE-2021-44228) > >> - align dependencies versions between Karaf and Pax * > >> - fix missing system export packages > >> - fix on Karaf features json support > >> - fix features autoRefresh configuration handling > >> - fix on sshd session handling > >> - update to sshd 2.8.0 > >> - lot of pax * updates > >> - and much more ! > >> > >> Please take a look on Release Notes for details ! > >> > >> Release Notes: > >> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547 > >> > >> > >> Staging Maven Repository: > >> https://repository.apache.org/content/repositories/orgapachekaraf-1164/ > >> > >> Staging Dist Repository: > >> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/ > >> > >> Git tag: > >> karaf-4.3.4 > >> > >> Please vote to approve this release: > >> > >> [ ] +1 Approve the release > >> [ ] -1 Don't approve the release (please provide specific comments) > >> > >> This vote will be open for at least 72 hours. > >> > >> Regards > >> JB > > > -- Apache Member Apache Karaf <http://karaf.apache.org/> Committer & PMC OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead blog <http://notizblog.nierbeck.de/> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
