Re: [VOTE] Release Log4j 2.15.1-rc1

Sun, 12 Dec 2021 12:01:07 -0800 

Those were already disabled in 2.15.0.

Matt Sicker

> On Dec 12, 2021, at 13:41, Volkan Yazıcı <vol...@yazi.ci> wrote:
> 
> I very well recognize your heroic effort on tackling this issue and I am
> very thankful for that.
> I vote -1, because I want message (not configuration!) lookups to be
> removed.
> 
> Message lookups create a vast attack surface. Anything they offer can
> simply be implemented by the user.
> 
>> On Sun, Dec 12, 2021 at 4:48 AM Matt Sicker <boa...@gmail.com> wrote:
>> 
>> This is a vote to release Log4j 2.15.1, the next version of the Log4j 2
>> project.
>> 
>> Please download, test, and cast your votes on the log4j developers list.
>> [] +1, release the artifacts
>> [] -1, don't release because...
>> 
>> The vote will remain open for 72 hours (or more if required). All votes
>> are welcome and we encourage everyone to test the release, but only Logging
>> PMC votes are “officially” counted. As always, at least 3 +1 votes and more
>> positive than negative votes are required.
>> 
>> Changes in this release include:
>> 
>> Fixed Bugs
>> 
>> * LOG4J2-3208: Disable JNDI by default. Require log4j2.enableJndi to be
>> set to true to allow JNDI.
>> 
>> Tag:
>> a)  for a new copy do "git clone
>> https://github.com/apache/logging-log4j2.git <
>> https://github.com/apache/logging-log4j2.git>" and then "git checkout
>> tags/log4j-2.15.1-rc1”  or just "git clone -b log4j-2.15.1-rc1
>> https://github.com/apache/logging-log4j2.git <
>> https://github.com/apache/logging-log4j2.git>"
>> b) for an existing working copy to “git pull” and then “git checkout
>> tags/log4j-2.15.1-rc1”
>> 
>> Web Site:  https://logging.staged.apache.org/log4j/2.x/index.html <
>> https://logging.staged.apache.org/log4j/2.x/index.html>.
>> 
>> Maven Artifacts:
>> https://repository.apache.org/content/repositories/orgapachelogging-1067/
>> 
>> Distribution archives:
>> https://dist.apache.org/repos/dist/dev/logging/log4j/ <
>> https://dist.apache.org/repos/dist/dev/logging/log4j/>
>> 
>> You may download all the Maven artifacts by executing:
>> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate
>> https://repository.apache.org/content/repositories/orgapachelogging-1067/org/apache/logging/log4j/

Reply via email to