Can other PMC members please review this? It has been more than 72 hours. Ralph
> On Jul 30, 2020, at 11:17 PM, Davyd McColl <davyd.mcc...@codeo.co.za> wrote: > > Hi all, I've never done this before, so bear with me if I fluff it: > > This is a proposed vote to release log4net 2.0.9 from PR > https://github.com/apache/logging-log4net/pull/61 > > Release artifacts (including source zip) are at: > https://ci.appveyor.com/project/fluffynuts/logging-log4net/builds/34063235/artifacts > Source can be checked out from > https://github.com/fluffynuts/logging-log4net/logging-log4net, tag rel/2.0.9. > I can't push tags to the upstream, but this tag is exactly the same commit as > the last in the PR mentioned above, which was accepted into master a few days > ago. > > Please check out the artifacts & if everyone is ok with what's there, please > can someone with the rights to publish to nuget do so. > > Once I've seen how this process works, I'd like to tackle the CVE that has > been brought up on this list more than once -- it's a simple change which was > already committed to the develop branch some time ago, so there are a couple > of options here: > 1. cherry-pick that commit & do a 2.0.10 release pronto, with only that change > 2. trawl the develop branch to see what else was already solved in there, and > get that out as 2.0.10, and perhaps close out that branch to avoid future > confusion. > > Thanks for your time > -d
