Ran tests; +1 from me. Karl
On Wed, Dec 29, 2021 at 8:00 AM Markus Schuch <[email protected]> wrote: > Hi, > > +1 from me > > Checked out the tag 2.21-rc0 and ran build and hsqldb based tests > successfully > Did a simple example based test crawl of a webpage with <base > href="...">, ingest URIs are built correctly > Checked the logs, found no errors or warnings > Checked that mail notifications work (tested with mailhog) > Travis ci reports green for the release tag: > https://app.travis-ci.com/github/apache/manifoldcf/builds/243992093 > Checked that Log4j 2.17 is contained in the built distribution > > Yesterday Log4J 2.17.1 was released due to > https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 > It is an RCE vulnerability, but only if the attacker has already the > capability to modify the log4j configuration. > I don't think that we have to respin the release for this one (base cvss > score is 6.6). > > Many thanks for managing the release Karl and many thanks to all > contributors. > > I wish everyone a happy new year 2022. > > Markus > > Am 26.12.2021 um 12:30 schrieb Karl Wright: > > Hi, > > > > Please vote on whether to release Apache ManifoldCF 2.21, RC0. > > The release candidate can be found at > > https://dist.apache.org/repos/dist/dev/manifoldcf/apache-manifoldcf-2.21 > . > > There is also a release tag at > > https://svn.apache.org/repos/asf/manifoldcf/tags/release-2.21-RC0. > > > > As everyone is aware, this release updates log4j to version 2.17. It > also > > fixes numerous other build-related issues on Unix systems. Other changes > > are listed in CHANGES.txt, as always. > > > > Karl > > >
