On Tue, Dec 14, 2021 at 10:42 AM Ralph Goers <ralph.go...@dslextreme.com>
wrote:
> Great. But I still need to back port the security fix.
>
Sure, I just want it to build here as a sanity check (my sanity that is), I
know yours is good :-)
Gary
>
> Ralph
>
> > On Dec 14, 2021, at 8:36 AM, Gary Gregory <garydgreg...@gmail.com>
> wrote:
> >
> > This problem was a red herring for me, my ${java:runtime} string was
> > wrapping due to length and the test did not account for that. I updated
> the
> > branch and I am building locally to see if I can go through a whole
> build...
> >
> > Gary
> >
> > On Tue, Dec 14, 2021 at 6:06 AM Gary Gregory <garydgreg...@gmail.com>
> wrote:
> >
> >> After checking out the tag (git status says 'HEAD detached at
> >> log4j-2.12.2-rc1') and running 'mvn clean install' with Java 8 and Maven
> >> 3.8.4, I get:
> >> [INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed:
> >> 0.351 s - in org.apache.logging.log4j.MarkerMixInJsonTest
> >> [INFO]
> >> [INFO] Results:
> >> [INFO]
> >> [ERROR] Failures:
> >> [ERROR] YamlLayoutTest.testAdditionalFields:318 ---
> >> thread: "MyThreadName"
> >> level: "DEBUG"
> >> loggerName: "a.B"
> >> marker:
> >> name: "Marker1"
> >> parents:
> >> - name: "ParentMarker1"
> >> parents:
> >> - name: "GrandMotherMarker"
> >> - name: "GrandFatherMarker"
> >> - name: "ParentMarker2"
> >> message: "Msg"
> >> thrown:
> >> commonElementCount: 0
> >> localizedMessage: "testIOEx"
> >> message: "testIOEx"
> >> name: "java.io.IOException"
> >> cause:
> >> commonElementCount: 38
> >> localizedMessage: "testNPEx"
> >> message: "testNPEx"
> >> name: "java.lang.NullPointerException"
> >> suppressed:
> >> - commonElementCount: 0
> >> localizedMessage: "I am suppressed exception 1"
> >> message: "I am suppressed exception 1"
> >> name: "java.lang.IndexOutOfBoundsException"
> >> - commonElementCount: 0
> >> localizedMessage: "I am suppressed exception 2"
> >> message: "I am suppressed exception 2"
> >> name: "java.lang.IndexOutOfBoundsException"
> >> contextStack:
> >> - "stack_msg1"
> >> - "stack_msg2"
> >> endOfBatch: false
> >> loggerFqcn: "f.q.c.n"
> >> instant:
> >> epochSecond: 0
> >> nanoOfSecond: 1000000
> >> threadId: 1
> >> threadPriority: 5
> >> KEY1: "VALUE1"
> >> KEY2: "OpenJDK Runtime Environment (build
> >> 1.8.0_312-bre_2021_10_20_23_15-b00) from\
> >> \ Homebrew"
> >>
> >> [INFO]
> >> [ERROR] Tests run: 2063, Failures: 1, Errors: 0, Skipped: 21
> >>
> >> Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537)
> >> Maven home: /usr/local/Cellar/maven/3.8.4/libexec
> >> Java version: 1.8.0_312, vendor: Homebrew, runtime:
> >> /usr/local/Cellar/openjdk@8
> >> /1.8.0+312/libexec/openjdk.jdk/Contents/Home/jre
> >> Default locale: en_US, platform encoding: UTF-8
> >> OS name: "mac os x", version: "12.0.1", arch: "x86_64", family: "mac"
> >>
> >> I can reproduce this from Eclipse by running the one test class.
> >>
> >> The test uses a Java lookup here:
> >>
> https://github.com/apache/logging-log4j2/blob/ad361d2e517e765f69db464d9407ac2dd80bc93e/log4j-core/src/test/java/org/apache/logging/log4j/core/layout/YamlLayoutTest.java#L312
> >>
> >> And expects it to be present here:
> >>
> https://github.com/apache/logging-log4j2/blob/ad361d2e517e765f69db464d9407ac2dd80bc93e/log4j-core/src/test/java/org/apache/logging/log4j/core/layout/YamlLayoutTest.java#L318
> >>
> >> (1) Should this test pass or fail? I thought we disabled lookups
> _except_
> >> in configuration files.
> >> (2) If the test should pass, is _my_ failure due to some line length or
> >> line wrapping issue?
> >>
> >> TY and congrats to all of us for spending so much time on this,
> >> Gary
> >>
> >>
> >> On Tue, Dec 14, 2021 at 12:58 AM Ralph Goers <
> ralph.go...@dslextreme.com>
> >> wrote:
> >>
> >>> This is a vote to release Log4j 2.12.2, a security release for Java 7
> >>> users.
> >>>
> >>> Please download, test, and cast your votes on the log4j developers
> list.
> >>> [] +1, release the artifacts
> >>> [] -1, don't release because...
> >>>
> >>> The vote will remain open for as short amount as time as required to
> vet
> >>> the release. All votes are welcome and we encourage everyone to test
> the
> >>> release, but only Logging PMC votes are “officially” counted. As
> always, at
> >>> least 3 +1 votes and more positive than negative votes are required.
> >>>
> >>> Changes in this version include:
> >>>
> >>> Fixed Bugs
> >>>
> >>> • LOG4J-3220: Disable JNDI by default, remove JNDI Lookup,
> remove
> >>> message lookups. When enabled JNDI only supports the java protocol.
> >>>
> >>> Tag:
> >>> a) for a new copy do "git clone
> >>> https://github.com/apache/logging-log4j2.git"; and then "git checkout
> >>> tags/log4j-2.12.2-rc1” or just "git clone -b log4j-2.12.2-rc1
> >>> https://github.com/apache/logging-log4j2.git";
> >>> b) for an existing working copy to “git pull” and then “git checkout
> >>> tags/log4j-2.12.2-rc1”
> >>>
> >>> Web Site: No web site was generated for this release. The 2.16.0 web
> >>> site will be updated appropriately.
> >>>
> >>> Maven Artifacts:
> >>>
> https://repository.apache.org/content/repositories/orgapachelogging-1070
> >>>
> >>> Distribution archives:
> >>> https://dist.apache.org/repos/dist/dev/logging/log4j/
> >>>
> >>> You may download all the Maven artifacts by executing:
> >>> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate
> >>>
> https://repository.apache.org/content/repositories/orgapachelogging-1070/org/apache/logging/log4j/
> >>
> >>
>
>
