[VOTE] Release Apache Log4j 2.17.0-rc1

Fri, 17 Dec 2021 19:18:49 -0800 

This is a vote to release Log4j 2.17.0, the next version of the Log4j 2 project.

Please download, test, and cast your votes on the log4j developers list.
[] +1, release the artifacts
[] -1, don't release because...

The vote will remain open for as short amount as time as required to vet the 
release. All votes are welcome and we encourage everyone to test the release, 
but only Logging PMC votes are “officially” counted. As always, at least 3 +1 
votes and more positive than negative votes are required.

Note that a pre-release version of this was distributed to all reporters of the 
issue covered by CVE-2021-45105 and all who tested confirmed the issue was 
addressed.

Changes in this version include:

Fixed Bugs

        • LOG4J2-3230: Fix string substitution recursion.
        • LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will remain 
disabled by default. Rename JNDI enablement property from 'log4j2.enableJndi' 
to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', and 
'log4j2.enableJndiContextSelector'.
        • LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will remain 
disabled by default. The enablement property has been renamed to 
'log4j2.enableJndiJava'
        • LOG4J2-3241: Do not declare log4j-api-java9 and log4j-core-java9 as 
dependencies as it causes problems with the Maven enforcer plugin.
        • LOG4J2-3247: PropertiesConfiguration.parseAppenderFilters NPE when 
parsing properties file filters.
        • LOG4J2-3249: Log4j 1.2 bridge for Syslog Appender defaults to port 
512 instead of 514.
        • LOG4J2-3237: Log4j 1.2 bridge API hard codes the Syslog protocol to 
TCP.

Tag: 
a)  for a new copy do "git clone https://github.com/apache/logging-log4j2.git 
and then "git checkout tags/log4j-2.17.0-rc1”  or just "git clone -b 
log4j-2.17.0-rc1 https://github.com/apache/logging-log4j2.git";
b) for an existing working copy to “git pull” and then “git checkout 
tags/log4j-2.17.0-rc1”

Web Site:  https://logging.staged.apache.org/log4j/2.x/index.html 

Maven Artifacts: 
https://repository.apache.org/content/repositories/orgapachelogging-1071

Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/ 

You may download all the Maven artifacts by executing:
wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate 
https://repository.apache.org/content/repositories/orgapachelogging-1071/org/apache/logging/log4j/

Ralph

Reply via email to