+1 binding Sheng Wu(default) Kai Wan Wei Zhang
+1 no binding Yanlong He Let me forward this release. Sheng Wu 吴晟 Twitter, wusheng1108 Sheng Wu <[email protected]> 于2021年12月11日周六 20:42写道: > Hi team > > I may close this vote faster than it is as usual(72 hours). > Considering CVE-2021-44228 is widely known, even limited in specific > JDK(JNDI default ON, or manually set)(only on JDK versions below 6u211, > 7u201, 8u191 and 11.0.1)[1], people seem to feel scared(a little > overreacting) than a CVE usually should be. > > People keep asking, and as this patch release doesn't have any codes of > ourselves, but only 2 dependencies. > We should be fine to post it ASAP. > > [1] > https://securityboulevard.com/2021/12/critical-new-0-day-vulnerability-in-popular-log4j-library-discovered-with-evidence-of-mass-scanning-for-affected-applications/amp/ > > Sheng Wu 吴晟 > Twitter, wusheng1108 > > > Kai Wan <[email protected]> 于2021年12月11日周六 11:01写道: > >> +1 binding >> >> 1. .sha files are checked. >> 2. GPG signatures are signed by Sheng Wu. >> 3. License header in the source is checked. >> 4. Compilation passed. >> 5. Tags are correct. >> 6. Log4j version upgraded to 2.15.0 >> ————————— >> Kai Wan >> GitHub @wankai123 >> >> Yanlong He <[email protected]> 于2021年12月11日周六 09:25写道: >> > >> > +1 >> > >> > 1. version correct >> > 2. asc checked >> > 3. sha512 exist >> > 4. License and Notice exist >> > >> > >> > > 在 2021年12月11日,07:35,Wei Zhang <[email protected]> 写道: >> > > >> > > +1 binding >> > > >> > > 1. version correct >> > > 2. asc checked >> > > 3. sha512 exist >> > > 4. License and Notice exist >> >
