Hi Jacques, Re: OFBiz R22, I would like to see PR355 implemented. Met vriendelijke groet,
Pierre Smits *Proud* *contributor** of* Apache OFBiz <https://ofbiz.apache.org/> since 2008 (without privileges) Proud contributor to the ASF since 2006 *Apache Directory <https://directory.apache.org>, PMC Member* On Fri, Dec 31, 2021 at 8:25 AM jler...@apache.org <jler...@apache.org> wrote: > Hi Jacopo, All, > > Ready to release 18.12.05? > > Also it'd be good to ASAP freeze 22.01. Then I'll adapt BuildBot config > and ask Infra to restart the demos. We will need to also trivially update > README.adoc. I'll put that in the freeze part of the release plan page in > wiki. > > TIA > > Happy holidays :) > > Jacques > > Le 29/12/2021 à 09:05, jler...@apache.org a écrit : > > This is an automated email from the ASF dual-hosted git repository. > > > > jleroux pushed a commit to branch trunk > > in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git > > > > > > The following commit(s) were added to refs/heads/trunk by this push: > > new a744965 Fixed: [SECURITY] CVE-2021-44832: Apache Log4j2 > (OFBIZ-12475) > > a744965 is described below > > > > commit a7449655678460ecd84ce6c04f7cc90bb55d1ea5 > > Author: Jacques Le Roux <jacques.le.r...@les7arts.com> > > AuthorDate: Wed Dec 29 08:51:55 2021 +0100 > > > > Fixed: [SECURITY] CVE-2021-44832: Apache Log4j2 (OFBIZ-12475) > > > > See complete explanation at > https://issues.apache.org/jira/browse/OFBIZ-12475 > > --- > > build.gradle | 14 +++++++------- > > 1 file changed, 7 insertions(+), 7 deletions(-) > > > > diff --git a/build.gradle b/build.gradle > > index 99206c3..0dc7486 100644 > > --- a/build.gradle > > +++ b/build.gradle > > @@ -217,8 +217,8 @@ dependencies { > > implementation > 'org.apache.geronimo.components:geronimo-transaction:3.1.4' > > implementation > 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1' > > implementation 'org.apache.httpcomponents:httpclient-cache:4.5.13' > > - implementation 'org.apache.logging.log4j:log4j-api:2.17.0' // the > API of log4j 2 > > - implementation 'org.apache.logging.log4j:log4j-core:2.17.0' // > Somehow needed by Buildbot to compile OFBizDynamicThresholdFilter.java > > + implementation 'org.apache.logging.log4j:log4j-api:2.17.1' // the > API of log4j 2 > > + implementation 'org.apache.logging.log4j:log4j-core:2.17.1' // > Somehow needed by Buildbot to compile OFBizDynamicThresholdFilter.java > > implementation 'org.apache.poi:poi:4.1.2' // > poi-ooxml-schemas-5.0.0.pom'. Received status code 401 from server > > implementation 'org.apache.pdfbox:pdfbox:2.0.24' > > implementation 'org.apache.shiro:shiro-core:1.8.0' > > @@ -256,11 +256,11 @@ dependencies { > > runtimeOnly 'org.apache.axis2:axis2-transport-local:1.7.9' // > Above: SOAPEventHandler.java:42: error: package > org.apache.axiom.om.impl.builder does not exist > > runtimeOnly 'org.apache.derby:derby:10.14.2.0' // So far we did > not update from 10.14.2.0 because of a compile issue. You may try w/ a > newer version than 10.15.1.3 > > runtimeOnly > 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:2.1' > > - runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.17.0' // for > external jars using the old log4j1.2: routes logging to log4j 2 > > - runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.17.0' // for > external jars using the java.util.logging: routes logging to log4j 2 > > - runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.17.0' // > for external jars using slf4j: routes logging to log4j 2 > > - runtimeOnly 'org.apache.logging.log4j:log4j-web:2.17.0' //??? > > - runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.17.0' // need to > constrain to version to avoid classpath conflict (ReflectionUtil) > > + runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.17.1' // for > external jars using the old log4j1.2: routes logging to log4j 2 > > + runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.17.1' // for > external jars using the java.util.logging: routes logging to log4j 2 > > + runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.17.1' // > for external jars using slf4j: routes logging to log4j 2 > > + runtimeOnly 'org.apache.logging.log4j:log4j-web:2.17.1' //??? > > + runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.17.1' // need to > constrain to version to avoid classpath conflict (ReflectionUtil) > > runtimeOnly > 'org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380' > > > > // Dependencies defined by the plugins >