+1
> On Dec 18, 2023, at 2:45 PM, Matt Sicker <m...@musigma.org> wrote:
>
> We can review this without doing a reproducibility check. The signatures of
> everything look good; just doing some final validations before voting.
>
>> On Dec 18, 2023, at 6:38 AM, Gary Gregory <garydgreg...@gmail.com> wrote:
>>
>> Since Piotr asked for a fix and Matt can reproduce the issue, I'm not going
>> to take the time.to review this RC.
>>
>> Gary
>>
>> On Mon, Dec 18, 2023, 3:21 AM Volkan Yazıcı <vol...@yazi.ci> wrote:
>>
>>> Even though the vote was intended for 72 hours, it has been 5 days and
>>> there hasn't been any official votes on the release. I will wait for
>>> another 24 hours and cancel the release. I will appreciate PMC members'
>>> participation in the voting.
>>>
>>> On Wed, Dec 13, 2023 at 4:26 PM Volkan Yazıcı <vol...@yazi.ci> wrote:
>>>
>>>> This is a vote to release the Apache Log4j 3.0.0-beta1.
>>>>
>>>> Website: https://logging.staged.apache.org/log4j
>>>> GitHub: https://github.com/apache/logging-log4j2
>>>> Commit: c5dbdcfeb0216e1e3e333436e9b4d04cc3b8e6fd
>>>> Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j
>>>> Nexus:
>>>> https://repository.apache.org/content/repositories/orgapachelogging-1246
>>>> Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0
>>>>
>>>> Please download, test, and cast your votes on this mailing list.
>>>>
>>>> [ ] +1, release the artifacts
>>>> [ ] -1, don't release, because...
>>>>
>>>> This vote is open for 72 hours and will pass unless getting a
>>>> net negative vote count. All votes are welcome and we encourage
>>>> everyone to test the release, but only the Logging Services PMC
>>>> votes are officially counted.
>>>>
>>>> == Review Kit
>>>>
>>>> The minimum set of steps needed to review the uploaded distribution
>>>> files in the Subversion repository can be summarized as follows:
>>>>
>>>> # Check out the distribution
>>>> svn co https://dist.apache.org/repos/... && cd $_
>>>>
>>>> # Verify checksums
>>>> shasum --check *.sha512
>>>>
>>>> # Verify signatures
>>>> wget -O - https://downloads.apache.org/logging/KEYS | gpg --import
>>>> for sigFile in *.asc; do gpg --verify $sigFile; done
>>>>
>>>> # Verify reproduciblity
>>>> umask 0022
>>>> unzip *-src.zip -d src
>>>> cd src
>>>> export NEXUS_REPO=https://repository.apache.org/content/...
>>>> sh mvnw -Prelease \
>>>> verify artifact:compare \
>>>> -Dreference.repo=$NEXUS_REPO \
>>>> -Dcyclonedx.skip
>>>>
>>>> Some SBOM discrepancy is causing reproducibility mismatch, hence the
>>>> `-Dcyclonedx.skip`. Since `2.x` and `main` are greatly diverged, I
>>> couldn't
>>>> figure out the missing piece yet.
>>>>
>>>> == Release Notes
>>>>
>>>> This is the first beta release of the upcoming major release, i.e.,
>>>> `3.0.0`.
>>>>
>>>> === Added
>>>>
>>>> * Add annotations for nullability. (LOG4J2-1477)
>>>> * Remove deprecated code. (LOG4J2-2493)
>>>> * Add a more generalized dependency injection system to plugins inspired
>>>> by JSR 330. (LOG4J2-2803)
>>>> * Add and enhance structured properties for per-context settings outside
>>>> configuration files. (1473)
>>>> * Automate artifact publishing and release preparation. (LOG4J2-3466)
>>>> * Add support for dependency injection of plugins into container types
>>>> such as `Optional<T>`, `Collection<T>`, `Set<T>`, `Stream<T>`, `List<T>`,
>>>> and `Map<String, T>`. (LOG4J2-3496)
>>>> * Add support for `ConstraintValidator` in plugin classes. (LOG4J2-3497)
>>>>
>>>> === Changed
>>>>
>>>> * Remove liquibase-log4j2 maven module (#1193)
>>>> * Make the output of annotation processing reproducible. (#1520)
>>>> * Replace `synchronized` blocks with locks for improved performance with
>>>> virtual threads. (#1532)
>>>> * Removes additional `isFiltered` checks in `AsyncLoggerConfig`. (#1550)
>>>> * Ignore exceptions thrown by PropertySources. Eliminate
>>>> ClassCastException when SimpleLoggerContext is used.
>>>> (spring-projects/spring-boot#33450, #1799)
>>>> * Update `com.lmax:disruptor` to version `4.0.0` (#1829)
>>>> * Migrate most tests to JUnit 5. This includes a more powerful set of
>>> test
>>>> extensions. (LOG4J2-2653)
>>>> * Make Log4j use its own BOM. (LOG4J2-3511)
>>>> * Change encoding of HTTP Basic Authentication to UTF-8. (#1970)
>>>> * Upgraded the required compiler version to Java 17
>>>> * Upgraded the required runtime version to Java 17
>>>> * Update `actions/checkout` to version `4.1.1` (#1869)
>>>> * Update `actions/setup-java` to version `3.13.0` (#1809)
>>>> * Update `actions/setup-python` to version `4.7.1` (#1831)
>>>> * Update `ch.qos.logback:logback-classic` to version `1.4.14` (#2028)
>>>> * Update `com.datastax.cassandra:cassandra-driver-core` to version
>>>> `3.11.5` (#1889)
>>>> * Update `com.fasterxml.jackson:jackson-bom` to version `2.16.0` (#1974)
>>>> * Update `com.github.luben:zstd-jni` to version `1.5.5-11` (#2032)
>>>> * Update `com.github.spotbugs:spotbugs-maven-plugin` to version `4.7.3.6`
>>>> (#1879)
>>>> * Update `com.github.tomakehurst:wiremock-jre8` to version `2.35.1`
>>> (#1765)
>>>> * Update `com.google.errorprone:error_prone_core` to version `2.23.0`
>>>> (#1871)
>>>> * Update `com.google.guava:guava-testlib` to version `32.1.3-jre` (#1934)
>>>> * Update `com.h2database:h2` to version `2.2.224` (#1917)
>>>> * Update `commons-codec:commons-codec` to version `1.16.0` (#2054)
>>>> * Update `commons-io:commons-io` to version `2.15.1` (#2035)
>>>> * Update `commons-logging:commons-logging` to version `1.3.0` (#2046)
>>>> * Update `de.flapdoodle.reverse:de.flapdoodle.reverse` to version `1.7.2`
>>>> (#2000)
>>>> * Update `io.netty:netty-bom` to version `4.1.101.Final` (#1999)
>>>> * Update `net.java.dev.jna:jna` to version `5.14.0` (#2082)
>>>> * Update `org.apache.aries.spifly:org.apache.aries.spifly.dynamic.bundle`
>>>> to version `1.3.7` (#2053)
>>>> * Update `org.apache.commons:commons-compress` to version `1.25.0`
>>> (#2055)
>>>> * Update `org.apache.commons:commons-csv` to version `1.10.0` (#2041)
>>>> * Update `org.apache.commons:commons-dbcp2` to version `2.11.0` (#2044)
>>>> * Update `org.apache.commons:commons-lang3` to version `3.14.0` (#2036)
>>>> * Update `org.apache.commons:commons-pool2` to version `2.12.0` (#2038)
>>>> * Update `org.apache.groovy:groovy-bom` to version `4.0.16` (#2039)
>>>> * Update `org.apache.maven:maven-core` to version `3.9.6` (#2049)
>>>> * Update `org.apache.maven.surefire:surefire-junit47` to version `3.2.2`
>>>> (#2051)
>>>> * Update `org.apache.tomcat:tomcat-juli` to version `10.1.16` (#2052)
>>>> * Update `org.codehaus.plexus:plexus-utils` to version `3.5.1` (#2061)
>>>> * Update `org.eclipse.jetty:jetty-bom` to version `9.4.53.v20231009`
>>>> (#1931)
>>>> * Update `org.eclipse.persistence:org.eclipse.persistence.jpa` to version
>>>> `2.7.13` (#1933)
>>>> * Update `org.eclipse.platform:org.eclipse.osgi` to version `3.18.600`
>>>> (#2064)
>>>> * Update `org.elasticsearch.client:elasticsearch-rest-high-level-client`
>>>> to version `7.17.15` (#1996)
>>>> * Update `org.graalvm.truffle:truffle-api` to version `23.1.1` (#1872)
>>>> * Update `org.jctools:jctools-core` to version `4.0.2` (#1995)
>>>> * Update `org.jmdns:jmdns` to version `3.5.9` (#2069)
>>>> * Update `org.junit:junit-bom` to version `5.10.1` (#1993)
>>>> * Update `org.junit-pioneer:junit-pioneer` to version `2.2.0` (#1986)
>>>> * Update `org.mockito:mockito-bom` to version `5.8.0` (#2031)
>>>> * Update `org.mongodb:bson` to version `4.11.1` (#1991)
>>>> * Update `org.springframework.boot:spring-boot` to version `2.7.17`
>>> (#1902)
>>>> * Update `org.springframework.boot:spring-boot-dependencies` to version
>>>> `2.7.18` (#2002)
>>>> * Update `org.springframework:spring-framework-bom` to version `5.3.30`
>>>> (#1903)
>>>> * Update `org.springframework:spring-test` to version `5.3.31` (#1992)
>>>> * Update `org.xerial.snappy:snappy-java` to version `1.1.10.5` (#1877)
>>>> * Update `org.zeromq:jeromq` to version `0.5.4` (#1888)
>>>> * Update `uk.org.webcompere:system-stubs-core` to version `2.1.5` (#2001)
>>>> * Update OpenTest4J to version `1.3.0`
>>>>
>>>> === Removed
>>>>
>>>> * Remove `GelfLayout` (a GELF-compatible layout is still possible using
>>>> JSON Template Layout) (#1951)
>>>> * Remove `log4j-cassandra` (#1951)
>>>> * Remove `log4j-couchdb` (#1951)
>>>> * Remove Jackson-based JSON configuration support. JSON configuration
>>>> files are now handled through a built-in JSON parser.
>>>> * Moved Log4j Jakarta EE modules (`log4j-jakarta-jms`,
>>>> `log4j-jakarta-smtp`, and `log4j-jakarta-web`) to their own repository[1]
>>>> and website[2] (#1966)
>>>> * Removed all Java EE modules: `log4j-jms`, `log4j-jpa`, `log4j-smtp`,
>>>> `log4j-web` (#1966)
>>>> * Remove `log4j-jeromq` module (users are recommended to migrate to
>>>> loghublog4j2[3]) (#1951)
>>>> * Remove `log4j-kafka` (#1951)
>>>> * Remove `log4j-layout-jackson-json` module (it is superseded by JSON
>>>> Template Layout) (#1951)
>>>> * Remove `log4j-layout-jackson-yaml` module (#1951)
>>>> * Remove legacy OSGi integration. `ServiceLoader` mechanism should be
>>> used
>>>> instead.
>>>> * Remove `log4j-mongodb3` module (#1951)
>>>> * Remove support for `SecurityManager`. Starting in Java 21, a custom
>>>> `SecurityManager` cannot be used.
>>>> * Remove `log4j-spring-boot` module (its features are upstreamed to
>>>> `org.springframework.boot:spring-boot-starter-log4j2`) (#1951)
>>>>
>>>> [1] https://github.com/apache/logging-log4j-jakarta
>>>> [2] https://logging.apache.org/log4j/jakarta
>>>> [3] https://github.com/fbacchella/loghublog4j2
>>>>
>>>> === Fixed
>>>>
>>>> * Remove locale-dependent `toLowerCase/toUpperCase` calls. (#1281)
>>>> * Add environment variable arbiter. (#1312)
>>>> * Fixed logging of java.sql.Date objects by appending it before Log4J
>>>> tries to call java.util.Date.toInstant() on it. (#1366)
>>>> * Adapt the OSGi metadata of `log4j-api`, `log4j-core`,
>>> `log4j-slf4j-impl`
>>>> and `log4j-slf4j2-impl` to activate the bundle when it is accessed. To
>>>> achieve that set the `Bundle-ActivationPolicy` to `lazy` for the log4j
>>>> bundles. (#1367)
>>>> * Fix runtime dependencies documentation. (#1530)
>>>> * Allow to override fqcn in `Log4jEventBuilder` by implementing
>>>> `CallerBoundaryAware`. (#1533)
>>>> * Migrate MongoDB tests to JUnit 5 and Flapdoodle Embedded MongoDB 4.
>>>> (#1589)
>>>> * Fixed rollover strategy in the Log4j 1.x compatibility layer. (#1650)
>>>> * Only shutdown Log4j after last `Log4jServletContextListener` is
>>>> executed. (#1782)
>>>> * Fixes context data loss if `<AsyncLogger>` components are used with an
>>>> all async logger context. (#1786)
>>>> * AppenderLoggingException logging any exception to a MongoDB Appender.
>>>> (LOG4J2-3392)
>>>>
>>>
>
