Il giorno mar 21 dic 2021 alle ore 11:49 Shivji Kumar Jha < shiv4...@gmail.com> ha scritto:
> Hi LinLin, > > Log4j version 2.16.0 has DDoS possibilities in some cases [1] . Can we move > to Log4j 2.17.0 in 2.8.2? > is it included https://github.com/apache/pulsar/tree/v2.8.2-candidate-2 Enrico > > Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not > > protect from uncontrolled recursion from self-referential lookups. This > > allows an attacker with control over Thread Context Map data to cause a > > denial of service when a crafted string is interpreted. This issue was > > fixed in Log4j 2.17.0 and 2.12.3. > > > > [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105 > > Regards, > Shivji Kumar Jha > http://www.shivjijha.com/ > +91 8884075512 > > > On Tue, 21 Dec 2021 at 14:42, Masahiro Sakamoto <massa...@yahoo-corp.jp> > wrote: > > > +1 (binding) > > > > - Checked checksums and signatures > > - Checked license headers using Apache Rat > > - Compiled the source > > - Ran the standalone server > > - Confirmed that producer and consumer work properly > > - Validated functions, connectors, and stateful functions > > > > Regards, > > > > Masahiro Sakamoto > > Yahoo Japan Corp. > > E-mail: massa...@yahoo-corp.jp > > > > -----Original Message----- > > From: Hiroyuki Sakai <hsa...@yahoo-corp.jp> > > Sent: Tuesday, December 21, 2021 1:07 PM > > To: dev@pulsar.apache.org > > Subject: Re: [VOTE] Apache Pulsar 2.8.2 candidate 2 > > > > +1 (binding) > > > > - check signatures/checksums > > - Built sources > > - Validate Pub/Sub and Java Functions > > - Validate Connectors > > - Validate Stateful Functions > > > > Regards, > > Hiroyuki > > > > > > ________________________________ > > From: linlin <lin...@apache.org> > > Sent: Monday, December 20, 2021 20:18 > > To: dev@pulsar.apache.org <dev@pulsar.apache.org> > > Subject: [VOTE] Apache Pulsar 2.8.2 candidate 2 > > > > This is the second release candidate for Apache Pulsar, version 2.8.2 > > > > It fixes the following issues: > > > > > https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fpulsar%2Fissues%3Fq%3Dlabel%253Acherry-picked%252Fbranch-2.8%2Blabel%253Arelease%252F2.8.2%2Bis%253Aclosed&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qYRCQ3Fohdy%2B6U2trDKNTO0w406ATKPZ6cPZExBQTJ4%3D&reserved=0 > > > > *** Please download, test and vote on this release. This vote will stay > > open > > for at least 72 hours *** > > > > Note that we are voting upon the source (tag), binaries are provided for > > convenience. > > Source and binary files: > > > > > https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdist.apache.org%2Frepos%2Fdist%2Fdev%2Fpulsar%2Fpulsar-2.8.2-candidate-2%2F&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=TfezF%2BDzswX5xpbXNM1GXzW8Msqj1GkjGt4ULF6xKZA%3D&reserved=0 > > > > SHA-512 checksums: > > > > > 59aa0a14188a766ce802ba30cbaa2584a1904d26d8f41f164d3f97ea1970aa1391e11755d8077c96aeb136d2b9d73bf8b768978de7fa7f71d69cb57e2c1fce8c > > apache-pulsar-2.8.2-bin.tar.gz > > > > > > > 82a1423fda4004297ca2867279077ed261c7149be96deca2c127ba5b91af08fec80dc4a8b15ee2ba8704e209efa577a0c7b4cfb78341d3a43a38bf476c894c5c > > apache-pulsar-2.8.2-src.tar.gz > > > > Maven staging repo: > > > > > https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Frepositories%2Forgapachepulsar-1129%2F&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=4TVSZI76N8xalmLLwJyvtUJkkpNC7T0s2Taj%2Fc5CKgg%3D&reserved=0 > > > > The tag to be voted upon: > > v2.8.2-candidate-2 (4b9cadcd57e41bc8eb95cc9b9917f938365b1cca) > > > > > https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fpulsar%2Freleases%2Ftag%2Fv2.8.2-candidate-2&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Ba6OsrGNvcCsuYFgPp%2Btg49yRHK%2FVBmWumN7haK%2Birw%3D&reserved=0 > > > > Pulsar's KEYS file containing PGP keys we use to sign the release: > > > > > https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdist.apache.org%2Frepos%2Fdist%2Fdev%2Fpulsar%2FKEYS&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=EyKfkM0wHvCOASccnZw4QN6yjtSp8lzDrKAO%2FnB3IXk%3D&reserved=0 > > > > Release notes draft: > > > > > https://jpn01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fpulsar%2Fpull%2F13400&data=04%7C01%7Cmassakam%40yahoo-corp.jp%7Cb6c6039ab7634eb56b9208d9c43769e6%7Ca208d369cd4e4f87b11998eaf31df2c3%7C1%7C0%7C637756565724741012%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=l1tCWGIinNawL%2B%2Bui0PwSLlBn0UmKT5nX8dmH1Wfidg%3D&reserved=0 > > > > Please download the source package, and follow the README to build > > and run the Pulsar standalone service. > > >
