On Tue, Dec 14, 2021 at 10:42 AM Ralph Goers <ralph.go...@dslextreme.com> wrote:
> Great. But I still need to back port the security fix. > Sure, I just want it to build here as a sanity check (my sanity that is), I know yours is good :-) Gary > > Ralph > > > On Dec 14, 2021, at 8:36 AM, Gary Gregory <garydgreg...@gmail.com> > wrote: > > > > This problem was a red herring for me, my ${java:runtime} string was > > wrapping due to length and the test did not account for that. I updated > the > > branch and I am building locally to see if I can go through a whole > build... > > > > Gary > > > > On Tue, Dec 14, 2021 at 6:06 AM Gary Gregory <garydgreg...@gmail.com> > wrote: > > > >> After checking out the tag (git status says 'HEAD detached at > >> log4j-2.12.2-rc1') and running 'mvn clean install' with Java 8 and Maven > >> 3.8.4, I get: > >> [INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: > >> 0.351 s - in org.apache.logging.log4j.MarkerMixInJsonTest > >> [INFO] > >> [INFO] Results: > >> [INFO] > >> [ERROR] Failures: > >> [ERROR] YamlLayoutTest.testAdditionalFields:318 --- > >> thread: "MyThreadName" > >> level: "DEBUG" > >> loggerName: "a.B" > >> marker: > >> name: "Marker1" > >> parents: > >> - name: "ParentMarker1" > >> parents: > >> - name: "GrandMotherMarker" > >> - name: "GrandFatherMarker" > >> - name: "ParentMarker2" > >> message: "Msg" > >> thrown: > >> commonElementCount: 0 > >> localizedMessage: "testIOEx" > >> message: "testIOEx" > >> name: "java.io.IOException" > >> cause: > >> commonElementCount: 38 > >> localizedMessage: "testNPEx" > >> message: "testNPEx" > >> name: "java.lang.NullPointerException" > >> suppressed: > >> - commonElementCount: 0 > >> localizedMessage: "I am suppressed exception 1" > >> message: "I am suppressed exception 1" > >> name: "java.lang.IndexOutOfBoundsException" > >> - commonElementCount: 0 > >> localizedMessage: "I am suppressed exception 2" > >> message: "I am suppressed exception 2" > >> name: "java.lang.IndexOutOfBoundsException" > >> contextStack: > >> - "stack_msg1" > >> - "stack_msg2" > >> endOfBatch: false > >> loggerFqcn: "f.q.c.n" > >> instant: > >> epochSecond: 0 > >> nanoOfSecond: 1000000 > >> threadId: 1 > >> threadPriority: 5 > >> KEY1: "VALUE1" > >> KEY2: "OpenJDK Runtime Environment (build > >> 1.8.0_312-bre_2021_10_20_23_15-b00) from\ > >> \ Homebrew" > >> > >> [INFO] > >> [ERROR] Tests run: 2063, Failures: 1, Errors: 0, Skipped: 21 > >> > >> Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537) > >> Maven home: /usr/local/Cellar/maven/3.8.4/libexec > >> Java version: 1.8.0_312, vendor: Homebrew, runtime: > >> /usr/local/Cellar/openjdk@8 > >> /1.8.0+312/libexec/openjdk.jdk/Contents/Home/jre > >> Default locale: en_US, platform encoding: UTF-8 > >> OS name: "mac os x", version: "12.0.1", arch: "x86_64", family: "mac" > >> > >> I can reproduce this from Eclipse by running the one test class. > >> > >> The test uses a Java lookup here: > >> > https://github.com/apache/logging-log4j2/blob/ad361d2e517e765f69db464d9407ac2dd80bc93e/log4j-core/src/test/java/org/apache/logging/log4j/core/layout/YamlLayoutTest.java#L312 > >> > >> And expects it to be present here: > >> > https://github.com/apache/logging-log4j2/blob/ad361d2e517e765f69db464d9407ac2dd80bc93e/log4j-core/src/test/java/org/apache/logging/log4j/core/layout/YamlLayoutTest.java#L318 > >> > >> (1) Should this test pass or fail? I thought we disabled lookups > _except_ > >> in configuration files. > >> (2) If the test should pass, is _my_ failure due to some line length or > >> line wrapping issue? > >> > >> TY and congrats to all of us for spending so much time on this, > >> Gary > >> > >> > >> On Tue, Dec 14, 2021 at 12:58 AM Ralph Goers < > ralph.go...@dslextreme.com> > >> wrote: > >> > >>> This is a vote to release Log4j 2.12.2, a security release for Java 7 > >>> users. > >>> > >>> Please download, test, and cast your votes on the log4j developers > list. > >>> [] +1, release the artifacts > >>> [] -1, don't release because... > >>> > >>> The vote will remain open for as short amount as time as required to > vet > >>> the release. All votes are welcome and we encourage everyone to test > the > >>> release, but only Logging PMC votes are “officially” counted. As > always, at > >>> least 3 +1 votes and more positive than negative votes are required. > >>> > >>> Changes in this version include: > >>> > >>> Fixed Bugs > >>> > >>> • LOG4J-3220: Disable JNDI by default, remove JNDI Lookup, > remove > >>> message lookups. When enabled JNDI only supports the java protocol. > >>> > >>> Tag: > >>> a) for a new copy do "git clone > >>> https://github.com/apache/logging-log4j2.git" and then "git checkout > >>> tags/log4j-2.12.2-rc1” or just "git clone -b log4j-2.12.2-rc1 > >>> https://github.com/apache/logging-log4j2.git" > >>> b) for an existing working copy to “git pull” and then “git checkout > >>> tags/log4j-2.12.2-rc1” > >>> > >>> Web Site: No web site was generated for this release. The 2.16.0 web > >>> site will be updated appropriately. > >>> > >>> Maven Artifacts: > >>> > https://repository.apache.org/content/repositories/orgapachelogging-1070 > >>> > >>> Distribution archives: > >>> https://dist.apache.org/repos/dist/dev/logging/log4j/ > >>> > >>> You may download all the Maven artifacts by executing: > >>> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate > >>> > https://repository.apache.org/content/repositories/orgapachelogging-1070/org/apache/logging/log4j/ > >> > >> > >