+1
GNU signatures check ok.
Build passed with
maven clean install
Apache Maven 3.6.2 (40f52333136460af0dc0d7232c0dc0bcf0d9e117;
2019-08-28T00:06:16+09:00)
Maven home: C:\apps\apache-maven-3.6.2\bin\..
Java version: 1.8.0_202, vendor: Oracle Corporation, runtime:
C:\apps\jdk1.8.0_202\jre
Default locale: en_GB, platform encoding: MS932
OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
About the signatures:
I only see asc file, md5 and sha1 files; I was able to verify the GPG sigs
(asc), but not the md5 or sha1 files:
find . -type f -name *.sha1 -exec sha1sum -c {} \;
find . -type f -name *.md5 -exec md5sum -c {} \;
Both these commands give errors like "no properly formatted SHA1 checksum
lines found"... so not good.
But as per Apache guidelines we should not use md5 or sha1, so ignoring
that for now.
I cannot find any sha512 signatures anywhere though...
On Sat, Dec 18, 2021 at 1:16 PM Ron Grabowski
<rongrabow...@yahoo.com.invalid> wrote:
> +1
>
> mvn clean install
> mvn apache-rat:check
>
> Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537)
> Maven home: C:\projects\apache-maven-3.8.4
> Java version: 1.8.0_181, vendor: Oracle Corporation, runtime: C:\Program
> Files\Java\jdk1.8.0_181\jre
> Default locale: en_US, platform encoding: Cp1252
> OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
>
> On 12/17/2021 10:18 PM, Ralph Goers wrote:
> > This is a vote to release Log4j 2.17.0, the next version of the Log4j 2
> project.
> >
> > Please download, test, and cast your votes on the log4j developers list.
> > [] +1, release the artifacts
> > [] -1, don't release because...
> >
> > The vote will remain open for as short amount as time as required to vet
> the release. All votes are welcome and we encourage everyone to test the
> release, but only Logging PMC votes are “officially” counted. As always, at
> least 3 +1 votes and more positive than negative votes are required.
> >
> > Note that a pre-release version of this was distributed to all reporters
> of the issue covered by CVE-2021-45105 and all who tested confirmed the
> issue was addressed.
> >
> > Changes in this version include:
> >
> > Fixed Bugs
> >
> > • LOG4J2-3230: Fix string substitution recursion.
> > • LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will
> remain disabled by default. Rename JNDI enablement property from
> 'log4j2.enableJndi' to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms',
> and 'log4j2.enableJndiContextSelector'.
> > • LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will
> remain disabled by default. The enablement property has been renamed to
> 'log4j2.enableJndiJava'
> > • LOG4J2-3241: Do not declare log4j-api-java9 and log4j-core-java9
> as dependencies as it causes problems with the Maven enforcer plugin.
> > • LOG4J2-3247: PropertiesConfiguration.parseAppenderFilters NPE
> when parsing properties file filters.
> > • LOG4J2-3249: Log4j 1.2 bridge for Syslog Appender defaults to
> port 512 instead of 514.
> > • LOG4J2-3237: Log4j 1.2 bridge API hard codes the Syslog protocol
> to TCP.
> >
> > Tag:
> > a) for a new copy do "git clone
> https://github.com/apache/logging-log4j2.git and then "git checkout
> tags/log4j-2.17.0-rc1” or just "git clone -b log4j-2.17.0-rc1
> https://github.com/apache/logging-log4j2.git";
> > b) for an existing working copy to “git pull” and then “git checkout
> tags/log4j-2.17.0-rc1”
> >
> > Web Site: https://logging.staged.apache.org/log4j/2.x/index.html
> >
> > Maven Artifacts:
> https://repository.apache.org/content/repositories/orgapachelogging-1071
> >
> > Distribution archives:
> https://dist.apache.org/repos/dist/dev/logging/log4j/
> >
> > You may download all the Maven artifacts by executing:
> > wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate
> https://repository.apache.org/content/repositories/orgapachelogging-1071/org/apache/logging/log4j/
> >
> > Ralph
>
