[VOTE] Release Apache Log4j 3.0.0-beta1

Wed, 13 Dec 2023 07:26:45 -0800 

This is a vote to release the Apache Log4j 3.0.0-beta1.

Website: https://logging.staged.apache.org/log4j
GitHub: https://github.com/apache/logging-log4j2
Commit: c5dbdcfeb0216e1e3e333436e9b4d04cc3b8e6fd
Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j
Nexus:
https://repository.apache.org/content/repositories/orgapachelogging-1246
Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0

Please download, test, and cast your votes on this mailing list.

[ ] +1, release the artifacts
[ ] -1, don't release, because...

This vote is open for 72 hours and will pass unless getting a
net negative vote count. All votes are welcome and we encourage
everyone to test the release, but only the Logging Services PMC
votes are officially counted.

== Review Kit

The minimum set of steps needed to review the uploaded distribution
files in the Subversion repository can be summarized as follows:

    # Check out the distribution
    svn co https://dist.apache.org/repos/... && cd $_

    # Verify checksums
    shasum --check *.sha512

    # Verify signatures
    wget -O - https://downloads.apache.org/logging/KEYS | gpg --import
    for sigFile in *.asc; do gpg --verify $sigFile; done

    # Verify reproduciblity
    umask 0022
    unzip *-src.zip -d src
    cd src
    export NEXUS_REPO=https://repository.apache.org/content/...
    sh mvnw -Prelease \
        verify artifact:compare \
        -Dreference.repo=$NEXUS_REPO \
        -Dcyclonedx.skip

Some SBOM discrepancy is causing reproducibility mismatch, hence the
`-Dcyclonedx.skip`. Since `2.x` and `main` are greatly diverged, I couldn't
figure out the missing piece yet.

== Release Notes

This is the first beta release of the upcoming major release, i.e., `3.0.0`.

=== Added

* Add annotations for nullability. (LOG4J2-1477)
* Remove deprecated code. (LOG4J2-2493)
* Add a more generalized dependency injection system to plugins inspired by
JSR 330. (LOG4J2-2803)
* Add and enhance structured properties for per-context settings outside
configuration files. (1473)
* Automate artifact publishing and release preparation. (LOG4J2-3466)
* Add support for dependency injection of plugins into container types such
as `Optional<T>`, `Collection<T>`, `Set<T>`, `Stream<T>`, `List<T>`, and
`Map<String, T>`. (LOG4J2-3496)
* Add support for `ConstraintValidator` in plugin classes. (LOG4J2-3497)

=== Changed

* Remove liquibase-log4j2 maven module (#1193)
* Make the output of annotation processing reproducible. (#1520)
* Replace `synchronized` blocks with locks for improved performance with
virtual threads. (#1532)
* Removes additional `isFiltered` checks in `AsyncLoggerConfig`. (#1550)
* Ignore exceptions thrown by PropertySources. Eliminate ClassCastException
when SimpleLoggerContext is used. (spring-projects/spring-boot#33450, #1799)
* Update `com.lmax:disruptor` to version `4.0.0` (#1829)
* Migrate most tests to JUnit 5. This includes a more powerful set of test
extensions. (LOG4J2-2653)
* Make Log4j use its own BOM. (LOG4J2-3511)
* Change encoding of HTTP Basic Authentication to UTF-8. (#1970)
* Upgraded the required compiler version to Java 17
* Upgraded the required runtime version to Java 17
* Update `actions/checkout` to version `4.1.1` (#1869)
* Update `actions/setup-java` to version `3.13.0` (#1809)
* Update `actions/setup-python` to version `4.7.1` (#1831)
* Update `ch.qos.logback:logback-classic` to version `1.4.14` (#2028)
* Update `com.datastax.cassandra:cassandra-driver-core` to version `3.11.5`
(#1889)
* Update `com.fasterxml.jackson:jackson-bom` to version `2.16.0` (#1974)
* Update `com.github.luben:zstd-jni` to version `1.5.5-11` (#2032)
* Update `com.github.spotbugs:spotbugs-maven-plugin` to version `4.7.3.6`
(#1879)
* Update `com.github.tomakehurst:wiremock-jre8` to version `2.35.1` (#1765)
* Update `com.google.errorprone:error_prone_core` to version `2.23.0`
(#1871)
* Update `com.google.guava:guava-testlib` to version `32.1.3-jre` (#1934)
* Update `com.h2database:h2` to version `2.2.224` (#1917)
* Update `commons-codec:commons-codec` to version `1.16.0` (#2054)
* Update `commons-io:commons-io` to version `2.15.1` (#2035)
* Update `commons-logging:commons-logging` to version `1.3.0` (#2046)
* Update `de.flapdoodle.reverse:de.flapdoodle.reverse` to version `1.7.2`
(#2000)
* Update `io.netty:netty-bom` to version `4.1.101.Final` (#1999)
* Update `net.java.dev.jna:jna` to version `5.14.0` (#2082)
* Update `org.apache.aries.spifly:org.apache.aries.spifly.dynamic.bundle`
to version `1.3.7` (#2053)
* Update `org.apache.commons:commons-compress` to version `1.25.0` (#2055)
* Update `org.apache.commons:commons-csv` to version `1.10.0` (#2041)
* Update `org.apache.commons:commons-dbcp2` to version `2.11.0` (#2044)
* Update `org.apache.commons:commons-lang3` to version `3.14.0` (#2036)
* Update `org.apache.commons:commons-pool2` to version `2.12.0` (#2038)
* Update `org.apache.groovy:groovy-bom` to version `4.0.16` (#2039)
* Update `org.apache.maven:maven-core` to version `3.9.6` (#2049)
* Update `org.apache.maven.surefire:surefire-junit47` to version `3.2.2`
(#2051)
* Update `org.apache.tomcat:tomcat-juli` to version `10.1.16` (#2052)
* Update `org.codehaus.plexus:plexus-utils` to version `3.5.1` (#2061)
* Update `org.eclipse.jetty:jetty-bom` to version `9.4.53.v20231009` (#1931)
* Update `org.eclipse.persistence:org.eclipse.persistence.jpa` to version
`2.7.13` (#1933)
* Update `org.eclipse.platform:org.eclipse.osgi` to version `3.18.600`
(#2064)
* Update `org.elasticsearch.client:elasticsearch-rest-high-level-client` to
version `7.17.15` (#1996)
* Update `org.graalvm.truffle:truffle-api` to version `23.1.1` (#1872)
* Update `org.jctools:jctools-core` to version `4.0.2` (#1995)
* Update `org.jmdns:jmdns` to version `3.5.9` (#2069)
* Update `org.junit:junit-bom` to version `5.10.1` (#1993)
* Update `org.junit-pioneer:junit-pioneer` to version `2.2.0` (#1986)
* Update `org.mockito:mockito-bom` to version `5.8.0` (#2031)
* Update `org.mongodb:bson` to version `4.11.1` (#1991)
* Update `org.springframework.boot:spring-boot` to version `2.7.17` (#1902)
* Update `org.springframework.boot:spring-boot-dependencies` to version
`2.7.18` (#2002)
* Update `org.springframework:spring-framework-bom` to version `5.3.30`
(#1903)
* Update `org.springframework:spring-test` to version `5.3.31` (#1992)
* Update `org.xerial.snappy:snappy-java` to version `1.1.10.5` (#1877)
* Update `org.zeromq:jeromq` to version `0.5.4` (#1888)
* Update `uk.org.webcompere:system-stubs-core` to version `2.1.5` (#2001)
* Update OpenTest4J to version `1.3.0`

=== Removed

* Remove `GelfLayout` (a GELF-compatible layout is still possible using
JSON Template Layout) (#1951)
* Remove `log4j-cassandra` (#1951)
* Remove `log4j-couchdb` (#1951)
* Remove Jackson-based JSON configuration support. JSON configuration files
are now handled through a built-in JSON parser.
* Moved Log4j Jakarta EE modules (`log4j-jakarta-jms`,
`log4j-jakarta-smtp`, and `log4j-jakarta-web`) to their own repository[1]
and website[2] (#1966)
* Removed all Java EE modules: `log4j-jms`, `log4j-jpa`, `log4j-smtp`,
`log4j-web` (#1966)
* Remove `log4j-jeromq` module (users are recommended to migrate to
loghublog4j2[3]) (#1951)
* Remove `log4j-kafka` (#1951)
* Remove `log4j-layout-jackson-json` module (it is superseded by JSON
Template Layout) (#1951)
* Remove `log4j-layout-jackson-yaml` module (#1951)
* Remove legacy OSGi integration. `ServiceLoader` mechanism should be used
instead.
* Remove `log4j-mongodb3` module (#1951)
* Remove support for `SecurityManager`. Starting in Java 21, a custom
`SecurityManager` cannot be used.
* Remove `log4j-spring-boot` module (its features are upstreamed to
`org.springframework.boot:spring-boot-starter-log4j2`) (#1951)

[1] https://github.com/apache/logging-log4j-jakarta
[2] https://logging.apache.org/log4j/jakarta
[3] https://github.com/fbacchella/loghublog4j2

=== Fixed

* Remove locale-dependent `toLowerCase/toUpperCase` calls. (#1281)
* Add environment variable arbiter. (#1312)
* Fixed logging of java.sql.Date objects by appending it before Log4J tries
to call java.util.Date.toInstant() on it. (#1366)
* Adapt the OSGi metadata of `log4j-api`, `log4j-core`, `log4j-slf4j-impl`
and `log4j-slf4j2-impl` to activate the bundle when it is accessed. To
achieve that set the `Bundle-ActivationPolicy` to `lazy` for the log4j
bundles. (#1367)
* Fix runtime dependencies documentation. (#1530)
* Allow to override fqcn in `Log4jEventBuilder` by implementing
`CallerBoundaryAware`. (#1533)
* Migrate MongoDB tests to JUnit 5 and Flapdoodle Embedded MongoDB 4.
(#1589)
* Fixed rollover strategy in the Log4j 1.x compatibility layer. (#1650)
* Only shutdown Log4j after last `Log4jServletContextListener` is executed.
(#1782)
* Fixes context data loss if `<AsyncLogger>` components are used with an
all async logger context. (#1786)
* AppenderLoggingException logging any exception to a MongoDB Appender.
(LOG4J2-3392)

Reply via email to