Hi Georg,
I am sure you saw they have already released log4j 2.16.0 - should we
wait and update to this before doing another vote? Also - kind of
confusing now how to update each fulcrum sub-module (each pom references
the parent individually) - not sure if there is an easier way so that
they are all referencing a single turbine-parent ?
And of course -we still rely on torque-5.0 (release) which is stuck at
log4j 2.14.x - I updated the pom.xml there, but I am heading out on
vacation in a day or two and unfortunately won't have internet until I
come back in January :-)
-
Jeff
On 12/14/21 6:38 AM, [email protected] wrote:
This is an automated email from the ASF dual-hosted git repository.
gk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/turbine-parent.git
commit 6ff3eaff7796e17ada95bd0618d2ea0076ef3bf1
Author: Georg Kallidis <[email protected]>
AuthorDate: Tue Dec 14 11:36:49 2021 +0100
Update parent for release, set dependency scan for profile apache-release
only
---
pom.xml | 8 ++++++--
src/changes/changes.xml | 11 ++++++++++-
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index a3e6ec9..fe9ea6c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -243,11 +243,12 @@
<jvm>${turbine.surefire.java}</jvm>
</configuration>
</plugin>
-
<plugin> <!-- Thanks to Apache Commons -->
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-scm-publish-plugin</artifactId>
<configuration>
+ <!-- mono-module doesn't require site:stage -->
+ <!--content>${project.build.directory}/staging</content-->
<content>${project.reporting.outputDirectory}</content>
<pubScmUrl>scm:git:${turbine.scmPubUrl}</pubScmUrl>
<checkoutDirectory>${turbine.scmPubCheckoutDirectory}</checkoutDirectory>
@@ -258,7 +259,7 @@
<executions>
<execution>
<id>scm-publish</id>
- <phase>site-deploy</phase><!-- deploy site with
maven-scm-publish-plugin -->
+ <phase>site-deploy</phase><!-- deploy site with mvn
scm-publish:publish-scm -->
<goals>
<goal>publish-scm</goal>
</goals>
@@ -396,6 +397,9 @@
to better suit the requirements of Apache Turbine. (Thanks to Apache
Commons) -->
<profile>
<id>apache-release</id>
+ <properties>
+ <dependency.check.skip>true</dependency.check.skip>
+ </properties>
<build>
<plugins>
<plugin>
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 51fa1cb..a23ed59 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -25,8 +25,17 @@
<body>
<release version="10" date="in version control">
+ <action dev="gk" type="update" date="2021-12-13">
+ - activate dependency check/scan in profile apache-release only.
+ </action>
+ <action dev="gk" type="update" date="2021-12-13">
+ - site with github banner
+ </action>
+ <action dev="gk" type="fix" date="2021-12-11">
+ - Security patch CVE-2021-44228, update log4j2 to 2.15.0
+ </action>
<action dev="gk" type="update" date="2021-12-08">
- - update apache pom v24, removed maven3 profile, disabled dependency
check/scan by default,
+ - update apache pom v24, removed maven3 profile, disable dependency
check/scan by default.
- updated site header
</action>
<action dev="gk" type="update" date="2021-11-04">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
