Re: [RESULT][VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Steinar Bang]

> Jean-Baptiste Onofre :

> Hi,
> This vote passed with the following result:

> +1 (binding): François Papon, Achim Nierbeck, Grzegorz Grzybek, Freeman Fang, 
> Jamie Goodyear, JB Onofré
> +1 (non binding): Lukas Roedl, Romain Manni-Bucau, Matt Pavlovich, Robert 
> Varga, Steinar Bang, Oliver Lietz, Serge Huber

> I’m promoting the artifacts on Maven Central and dist.apache.org, I’m 
> updating Jira and I will prepare announcement (website and mailing lists).

A .deb package has been created for karaf 4.3.4 and has been deployed to
my APT archive:
 
https://steinar.bang.priv.no/2018/01/23/installing-apache-karaf-on-debian/#comment-15826

[RESULT][VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Jean-Baptiste Onofre]

Hi,

This vote passed with the following result:

+1 (binding): François Papon, Achim Nierbeck, Grzegorz Grzybek, Freeman Fang, 
Jamie Goodyear, JB Onofré
+1 (non binding): Lukas Roedl, Romain Manni-Bucau, Matt Pavlovich, Robert 
Varga, Steinar Bang, Oliver Lietz, Serge Huber

I’m promoting the artifacts on Maven Central and dist.apache.org, I’m updating 
Jira and I will prepare announcement (website and mailing lists).

Thanks all for your vote!

Regards
JB

> Le 15 déc. 2021 à 05:43, JB Onofré  a écrit :
> 
> Hi everyone,
> 
> I submit Apache Karaf runtime 4.3.4 to your vote (take #3). 
> 
> This release includes dependency upgrades, fixes, and improvements, 
> especially:
> 
> - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing important 
> security issue (CVE-2021-44228) and fixing JNDI issue
> - align dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
> 
> Please take a look on Release Notes for details !
> 
> Release Notes:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> 
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1165/
> 
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> 
> Git tag:
> karaf-4.3.4
> 
> Please vote to approve this release:
> 
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
> 
> This vote will be open for at least 72 hours.
> 
> Regards
> JB
> 

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Jean-Baptiste Onofre]

+1 (binding)

Regards
JB

> Le 15 déc. 2021 à 05:43, JB Onofré  a écrit :
> 
> Hi everyone,
> 
> I submit Apache Karaf runtime 4.3.4 to your vote (take #3). 
> 
> This release includes dependency upgrades, fixes, and improvements, 
> especially:
> 
> - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing important 
> security issue (CVE-2021-44228) and fixing JNDI issue
> - align dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
> 
> Please take a look on Release Notes for details !
> 
> Release Notes:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> 
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1165/
> 
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> 
> Git tag:
> karaf-4.3.4
> 
> Please vote to approve this release:
> 
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
> 
> This vote will be open for at least 72 hours.
> 
> Regards
> JB
> 

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Oliver Lietz]

On Wednesday, 15 December 2021 05:43:44 CET JB Onofré wrote:
> Hi everyone,
> 
> I submit Apache Karaf runtime 4.3.4 to your vote (take #3).
> 
> This release includes dependency upgrades, fixes, and improvements,
> especially:
> 
> - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing
> important security issue (CVE-2021-44228) and fixing JNDI issue - align
> dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
> 
> Please take a look on Release Notes for details !
> 
> Release Notes:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&ve
> rsion=12350547
> 
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1165/
> 
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> 
> Git tag:
> karaf-4.3.4

+1

O.

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Steinar Bang]

I have installed all of my active karaf applications on this 4.3.4
version as well.

No error messages on install, normal messages to the karaf.log,
applications seems to run.

+1 (non-bindingn)

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Jamie G.]

+1
Cheers,
Jamie

On Wed, Dec 15, 2021 at 1:48 PM Freeman Fang  wrote:
>
> +1 (binding)
>
> Thanks (again 😃) JB!
> Freeman
>
> On Tue, Dec 14, 2021 at 11:43 PM JB Onofré  wrote:
>
> > Hi everyone,
> >
> > I submit Apache Karaf runtime 4.3.4 to your vote (take #3).
> >
> > This release includes dependency upgrades, fixes, and improvements,
> > especially:
> >
> > - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing
> > important security issue (CVE-2021-44228) and fixing JNDI issue
> > - align dependencies versions between Karaf and Pax *
> > - fix missing system export packages
> > - fix on Karaf features json support
> > - fix features autoRefresh configuration handling
> > - fix on sshd session handling
> > - update to sshd 2.8.0
> > - lot of pax * updates
> > - and much more !
> >
> > Please take a look on Release Notes for details !
> >
> > Release Notes:
> >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> >
> > Staging Maven Repository:
> > https://repository.apache.org/content/repositories/orgapachekaraf-1165/
> >
> > Staging Dist Repository:
> > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> >
> > Git tag:
> > karaf-4.3.4
> >
> > Please vote to approve this release:
> >
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Regards
> > JB
> >
> >

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Freeman Fang]

+1 (binding)

Thanks (again 😃) JB!
Freeman

On Tue, Dec 14, 2021 at 11:43 PM JB Onofré  wrote:

> Hi everyone,
>
> I submit Apache Karaf runtime 4.3.4 to your vote (take #3).
>
> This release includes dependency upgrades, fixes, and improvements,
> especially:
>
> - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing
> important security issue (CVE-2021-44228) and fixing JNDI issue
> - align dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
>
> Please take a look on Release Notes for details !
>
> Release Notes:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
>
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1165/
>
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
>
> Git tag:
> karaf-4.3.4
>
> Please vote to approve this release:
>
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Regards
> JB
>
>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Robert Varga]

On 15/12/2021 05:43, JB Onofré wrote:

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)


+1, non-binding.

Thanks.
Robert


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Serge Huber]

Thanks for clarifying, +1 (non-binding) then !

cheers,
  Serge...

On Wed, Dec 15, 2021 at 3:22 PM Matt Pavlovich  wrote:

> +1 (non-binding)
>
> > On Dec 14, 2021, at 10:43 PM, JB Onofré  wrote:
> >
> > Hi everyone,
> >
> > I submit Apache Karaf runtime 4.3.4 to your vote (take #3).
> >
> > This release includes dependency upgrades, fixes, and improvements,
> especially:
> >
> > - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing
> important security issue (CVE-2021-44228) and fixing JNDI issue
> > - align dependencies versions between Karaf and Pax *
> > - fix missing system export packages
> > - fix on Karaf features json support
> > - fix features autoRefresh configuration handling
> > - fix on sshd session handling
> > - update to sshd 2.8.0
> > - lot of pax * updates
> > - and much more !
> >
> > Please take a look on Release Notes for details !
> >
> > Release Notes:
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> >
> > Staging Maven Repository:
> > https://repository.apache.org/content/repositories/orgapachekaraf-1165/
> >
> > Staging Dist Repository:
> > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> >
> > Git tag:
> > karaf-4.3.4
> >
> > Please vote to approve this release:
> >
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Regards
> > JB
> >
>
>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Matt Pavlovich]

+1 (non-binding)

> On Dec 14, 2021, at 10:43 PM, JB Onofré  wrote:
> 
> Hi everyone,
> 
> I submit Apache Karaf runtime 4.3.4 to your vote (take #3). 
> 
> This release includes dependency upgrades, fixes, and improvements, 
> especially:
> 
> - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing important 
> security issue (CVE-2021-44228) and fixing JNDI issue
> - align dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
> 
> Please take a look on Release Notes for details !
> 
> Release Notes:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> 
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1165/
> 
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> 
> Git tag:
> karaf-4.3.4
> 
> Please vote to approve this release:
> 
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
> 
> This vote will be open for at least 72 hours.
> 
> Regards
> JB
> 

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Grzegorz Grzybek]

+1 (binding)

regards
Grzegorz Grzybek

śr., 15 gru 2021 o 09:44 Achim Nierbeck 
napisał(a):

> +1 (binding)
>
> regards, Achim
>
>
> Am Mi., 15. Dez. 2021 um 08:34 Uhr schrieb Romain Manni-Bucau <
> rmannibu...@gmail.com>:
>
> > +1
> >
> > Romain Manni-Bucau
> > @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> > <https://rmannibucau.metawerx.net/> | Old Blog
> > <http://rmannibucau.wordpress.com> | Github <
> > https://github.com/rmannibucau> |
> > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> > <
> >
> https://www.packtpub.com/application-development/java-ee-8-high-performance
> > >
> >
> >
> > Le mer. 15 déc. 2021 à 08:21, Roedl Lukas  a
> écrit
> > :
> >
> > > +1 (non-binding)
> > >
> > > regards,
> > > Lukas
> > >
> > > -Ursprüngliche Nachricht-
> > > Von: JB Onofré 
> > > Gesendet: Mittwoch, 15. Dezember 2021 05:44
> > > An: dev@karaf.apache.org
> > > Betreff: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)
> > >
> > > Hi everyone,
> > >
> > > I submit Apache Karaf runtime 4.3.4 to your vote (take #3).
> > >
> > > This release includes dependency upgrades, fixes, and improvements,
> > > especially:
> > >
> > > - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing
> > > important security issue (CVE-2021-44228) and fixing JNDI issue
> > > - align dependencies versions between Karaf and Pax *
> > > - fix missing system export packages
> > > - fix on Karaf features json support
> > > - fix features autoRefresh configuration handling
> > > - fix on sshd session handling
> > > - update to sshd 2.8.0
> > > - lot of pax * updates
> > > - and much more !
> > >
> > > Please take a look on Release Notes for details !
> > >
> > > Release Notes:
> > >
> > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> > >
> > > Staging Maven Repository:
> > >
> https://repository.apache.org/content/repositories/orgapachekaraf-1165/
> > >
> > > Staging Dist Repository:
> > > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> > >
> > > Git tag:
> > > karaf-4.3.4
> > >
> > > Please vote to approve this release:
> > >
> > > [ ] +1 Approve the release
> > > [ ] -1 Don't approve the release (please provide specific comments)
> > >
> > > This vote will be open for at least 72 hours.
> > >
> > > Regards
> > > JB
> > >
> > >
> >
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> Project Lead
> blog <http://notizblog.nierbeck.de/>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Achim Nierbeck]

+1 (binding)

regards, Achim


Am Mi., 15. Dez. 2021 um 08:34 Uhr schrieb Romain Manni-Bucau <
rmannibu...@gmail.com>:

> +1
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> <https://rmannibucau.metawerx.net/> | Old Blog
> <http://rmannibucau.wordpress.com> | Github <
> https://github.com/rmannibucau> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> <
> https://www.packtpub.com/application-development/java-ee-8-high-performance
> >
>
>
> Le mer. 15 déc. 2021 à 08:21, Roedl Lukas  a écrit
> :
>
> > +1 (non-binding)
> >
> > regards,
> > Lukas
> >
> > -Ursprüngliche Nachricht-----
> > Von: JB Onofré 
> > Gesendet: Mittwoch, 15. Dezember 2021 05:44
> > An: dev@karaf.apache.org
> > Betreff: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)
> >
> > Hi everyone,
> >
> > I submit Apache Karaf runtime 4.3.4 to your vote (take #3).
> >
> > This release includes dependency upgrades, fixes, and improvements,
> > especially:
> >
> > - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing
> > important security issue (CVE-2021-44228) and fixing JNDI issue
> > - align dependencies versions between Karaf and Pax *
> > - fix missing system export packages
> > - fix on Karaf features json support
> > - fix features autoRefresh configuration handling
> > - fix on sshd session handling
> > - update to sshd 2.8.0
> > - lot of pax * updates
> > - and much more !
> >
> > Please take a look on Release Notes for details !
> >
> > Release Notes:
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> >
> > Staging Maven Repository:
> > https://repository.apache.org/content/repositories/orgapachekaraf-1165/
> >
> > Staging Dist Repository:
> > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> >
> > Git tag:
> > karaf-4.3.4
> >
> > Please vote to approve this release:
> >
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Regards
> > JB
> >
> >
>


-- 

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Romain Manni-Bucau]

+1

Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>


Le mer. 15 déc. 2021 à 08:21, Roedl Lukas  a écrit :

> +1 (non-binding)
>
> regards,
> Lukas
>
> -Ursprüngliche Nachricht-
> Von: JB Onofré 
> Gesendet: Mittwoch, 15. Dezember 2021 05:44
> An: dev@karaf.apache.org
> Betreff: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)
>
> Hi everyone,
>
> I submit Apache Karaf runtime 4.3.4 to your vote (take #3).
>
> This release includes dependency upgrades, fixes, and improvements,
> especially:
>
> - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing
> important security issue (CVE-2021-44228) and fixing JNDI issue
> - align dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
>
> Please take a look on Release Notes for details !
>
> Release Notes:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
>
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1165/
>
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
>
> Git tag:
> karaf-4.3.4
>
> Please vote to approve this release:
>
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Regards
> JB
>
>

AW: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Roedl Lukas]

+1 (non-binding)

regards,
Lukas

-Ursprüngliche Nachricht-
Von: JB Onofré  
Gesendet: Mittwoch, 15. Dezember 2021 05:44
An: dev@karaf.apache.org
Betreff: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote (take #3). 

This release includes dependency upgrades, fixes, and improvements, especially:

- upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing important 
security issue (CVE-2021-44228) and fixing JNDI issue
- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547

Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1165/

Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[JB Onofré]

Sorry did a mistake in my previous email: pax logging 2.0.12 uses log4j 2.16.0. 
That’s exactly the purpose of this new take. 

> Le 15 déc. 2021 à 07:40, Grzegorz Grzybek  a écrit :
> 
> Hello
> 
> With https://github.com/ops4j/org.ops4j.pax.logging/issues/416, Pax Logging
> 2.0.12 and 1.11.11 already use Log4j2 2.16.0.
> 
> regards
> Grzegorz Grzybek
> 
> śr., 15 gru 2021 o 07:36 Serge Huber  napisał(a):
> 
>> Given that log2j 2.15.0 has been found to have a Denial of service should
>> we re-release with 2.16.0 ?
>> 
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
>> 
>> Note that previous mitigations involving configuration such as to set the
>> system property `log4j2.noFormatMsgLookup` to `true` do NOT mitigate this
>> specific vulnerability. Log4j 2.16.0 fixes this issue by removing support
>> for message lookup patterns and disabling JNDI functionality by default.
>> This issue can be mitigated in prior releases (<2.16.0) by removing the
>> JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar
>> org/apache/logging/log4j/core/lookup/JndiLookup.class).
>> 
>> Regards,
>>  Serge...
>> 
>> Serge Huber
>> CTO & Co-Founder
>> T +41 22 361 3424
>> 9 route des Jeunes | 1227 Acacias | Switzerland
>> jahia.com 
>> SKYPE | LINKEDIN  | TWITTER
>>  | VCARD
>> 
>> 
>> 
>>> JOIN OUR COMMUNITY  to evaluate, get trained and
>> to discover why Jahia is a leading User Experience Platform (UXP) for
>> Digital Transformation.
>> 
>> 
>>> On Wed, Dec 15, 2021 at 7:28 AM Francois Papon <
>>> francois.pa...@openobject.fr>
>>> wrote:
>>> 
>>> +1 (binding)
>>> 
>>> Thanks JB!
>>> 
>>> regards,
>>> 
>>> Francois
>>> 
>>> On 15/12/2021 05:43, JB Onofré wrote:
 Hi everyone,
 
 I submit Apache Karaf runtime 4.3.4 to your vote (take #3).
 
 This release includes dependency upgrades, fixes, and improvements,
>>> especially:
 
 - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing
>>> important security issue (CVE-2021-44228) and fixing JNDI issue
 - align dependencies versions between Karaf and Pax *
 - fix missing system export packages
 - fix on Karaf features json support
 - fix features autoRefresh configuration handling
 - fix on sshd session handling
 - update to sshd 2.8.0
 - lot of pax * updates
 - and much more !
 
 Please take a look on Release Notes for details !
 
 Release Notes:
 
>>> 
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
 
 Staging Maven Repository:
 
>> https://repository.apache.org/content/repositories/orgapachekaraf-1165/
 
 Staging Dist Repository:
 https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
 
 Git tag:
 karaf-4.3.4
 
 Please vote to approve this release:
 
 [ ] +1 Approve the release
 [ ] -1 Don't approve the release (please provide specific comments)
 
 This vote will be open for at least 72 hours.
 
 Regards
 JB
 
>>> 
>> 

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Grzegorz Grzybek]

Hello

With https://github.com/ops4j/org.ops4j.pax.logging/issues/416, Pax Logging
2.0.12 and 1.11.11 already use Log4j2 2.16.0.

regards
Grzegorz Grzybek

śr., 15 gru 2021 o 07:36 Serge Huber  napisał(a):

> Given that log2j 2.15.0 has been found to have a Denial of service should
> we re-release with 2.16.0 ?
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
>
> Note that previous mitigations involving configuration such as to set the
> system property `log4j2.noFormatMsgLookup` to `true` do NOT mitigate this
> specific vulnerability. Log4j 2.16.0 fixes this issue by removing support
> for message lookup patterns and disabling JNDI functionality by default.
> This issue can be mitigated in prior releases (<2.16.0) by removing the
> JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar
> org/apache/logging/log4j/core/lookup/JndiLookup.class).
>
> Regards,
>   Serge...
>
> Serge Huber
> CTO & Co-Founder
> T +41 22 361 3424
> 9 route des Jeunes | 1227 Acacias | Switzerland
> jahia.com 
> SKYPE | LINKEDIN  | TWITTER
>  | VCARD
> 
>
>
> > JOIN OUR COMMUNITY  to evaluate, get trained and
> to discover why Jahia is a leading User Experience Platform (UXP) for
> Digital Transformation.
>
>
> On Wed, Dec 15, 2021 at 7:28 AM Francois Papon <
> francois.pa...@openobject.fr>
> wrote:
>
> > +1 (binding)
> >
> > Thanks JB!
> >
> > regards,
> >
> > Francois
> >
> > On 15/12/2021 05:43, JB Onofré wrote:
> > > Hi everyone,
> > >
> > > I submit Apache Karaf runtime 4.3.4 to your vote (take #3).
> > >
> > > This release includes dependency upgrades, fixes, and improvements,
> > especially:
> > >
> > > - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing
> > important security issue (CVE-2021-44228) and fixing JNDI issue
> > > - align dependencies versions between Karaf and Pax *
> > > - fix missing system export packages
> > > - fix on Karaf features json support
> > > - fix features autoRefresh configuration handling
> > > - fix on sshd session handling
> > > - update to sshd 2.8.0
> > > - lot of pax * updates
> > > - and much more !
> > >
> > > Please take a look on Release Notes for details !
> > >
> > > Release Notes:
> > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> > >
> > > Staging Maven Repository:
> > >
> https://repository.apache.org/content/repositories/orgapachekaraf-1165/
> > >
> > > Staging Dist Repository:
> > > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> > >
> > > Git tag:
> > > karaf-4.3.4
> > >
> > > Please vote to approve this release:
> > >
> > > [ ] +1 Approve the release
> > > [ ] -1 Don't approve the release (please provide specific comments)
> > >
> > > This vote will be open for at least 72 hours.
> > >
> > > Regards
> > > JB
> > >
> >
>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Serge Huber]

Given that log2j 2.15.0 has been found to have a Denial of service should
we re-release with 2.16.0 ?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046

Note that previous mitigations involving configuration such as to set the
system property `log4j2.noFormatMsgLookup` to `true` do NOT mitigate this
specific vulnerability. Log4j 2.16.0 fixes this issue by removing support
for message lookup patterns and disabling JNDI functionality by default.
This issue can be mitigated in prior releases (<2.16.0) by removing the
JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar
org/apache/logging/log4j/core/lookup/JndiLookup.class).

Regards,
  Serge...

Serge Huber
CTO & Co-Founder
T +41 22 361 3424
9 route des Jeunes | 1227 Acacias | Switzerland
jahia.com 
SKYPE | LINKEDIN  | TWITTER
 | VCARD



> JOIN OUR COMMUNITY  to evaluate, get trained and
to discover why Jahia is a leading User Experience Platform (UXP) for
Digital Transformation.


On Wed, Dec 15, 2021 at 7:28 AM Francois Papon 
wrote:

> +1 (binding)
>
> Thanks JB!
>
> regards,
>
> Francois
>
> On 15/12/2021 05:43, JB Onofré wrote:
> > Hi everyone,
> >
> > I submit Apache Karaf runtime 4.3.4 to your vote (take #3).
> >
> > This release includes dependency upgrades, fixes, and improvements,
> especially:
> >
> > - upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing
> important security issue (CVE-2021-44228) and fixing JNDI issue
> > - align dependencies versions between Karaf and Pax *
> > - fix missing system export packages
> > - fix on Karaf features json support
> > - fix features autoRefresh configuration handling
> > - fix on sshd session handling
> > - update to sshd 2.8.0
> > - lot of pax * updates
> > - and much more !
> >
> > Please take a look on Release Notes for details !
> >
> > Release Notes:
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> >
> > Staging Maven Repository:
> > https://repository.apache.org/content/repositories/orgapachekaraf-1165/
> >
> > Staging Dist Repository:
> > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> >
> > Git tag:
> > karaf-4.3.4
> >
> > Please vote to approve this release:
> >
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Regards
> > JB
> >
>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[Francois Papon]

+1 (binding)

Thanks JB!

regards,

Francois

On 15/12/2021 05:43, JB Onofré wrote:

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote (take #3).

This release includes dependency upgrades, fixes, and improvements, especially:

- upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing important 
security issue (CVE-2021-44228) and fixing JNDI issue
- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547

Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1165/

Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB

[VOTE] Apache Karaf runtime 4.3.4 release (take #3)

[JB Onofré]

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote (take #3). 

This release includes dependency upgrades, fixes, and improvements, especially:

- upgrade to Pax Logging 2.0.12, upgrading to log4j2 2.0.15, fixing important 
security issue (CVE-2021-44228) and fixing JNDI issue
- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547

Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1165/

Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB

Re: [CANCEL][VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[J Cabrerizo]

Yeah, you are right, that is probably for the best

Thank you for your response Romain

El mar, 14 dic 2021 a las 11:28, Romain Manni-Bucau ()
escribió:

> Hi Juan,
>
> No real way the vote is reduced cause ASF is distributed and all the PMC
> (at least) must be able to give their vote. (to be honest this is for the
> good to not be able to say "it is minor, let's do it in 1h", you can't
> imagine how many minor upgrades can break apps;)).
> This is one of the reason I think it is always better to move forward
> pending votes and redo a vote instead of rerolling if possible otherwise we
> get this delay which is quickly weeks.
>
>
> Just my 2 cts for future releases ;)
> Romain Manni-Bucau
> @rmannibucau  |  Blog
>  | Old Blog
>  | Github <
> https://github.com/rmannibucau> |
> LinkedIn  | Book
> <
> https://www.packtpub.com/application-development/java-ee-8-high-performance
> >
>
>
> Le mar. 14 déc. 2021 à 12:09, J Cabrerizo  a
> écrit :
>
> > Hi Jean-Baptiste
> >
> > I understand and I completely support the idea of canceling this vote and
> > starting a new one. At the same time I wonder if, in benefit of time, the
> > votation period could be reduced from the standard 72 hours as it's a
> minor
> > -but important- change and it should change the previous votes.
> >
> > Karaf is a key dependency of us in Apache Brooklyn as it is for many
> other
> > projects , as fast it can it bumped the better, and if we can do it this
> > week, it really will help us.
> >
> > Thanks again for all the great work in the project.
> >
> > Juan
> >
>

Re: [CANCEL][VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Romain Manni-Bucau]

Hi Juan,

No real way the vote is reduced cause ASF is distributed and all the PMC
(at least) must be able to give their vote. (to be honest this is for the
good to not be able to say "it is minor, let's do it in 1h", you can't
imagine how many minor upgrades can break apps;)).
This is one of the reason I think it is always better to move forward
pending votes and redo a vote instead of rerolling if possible otherwise we
get this delay which is quickly weeks.


Just my 2 cts for future releases ;)
Romain Manni-Bucau
@rmannibucau  |  Blog
 | Old Blog
 | Github  |
LinkedIn  | Book



Le mar. 14 déc. 2021 à 12:09, J Cabrerizo  a
écrit :

> Hi Jean-Baptiste
>
> I understand and I completely support the idea of canceling this vote and
> starting a new one. At the same time I wonder if, in benefit of time, the
> votation period could be reduced from the standard 72 hours as it's a minor
> -but important- change and it should change the previous votes.
>
> Karaf is a key dependency of us in Apache Brooklyn as it is for many other
> projects , as fast it can it bumped the better, and if we can do it this
> week, it really will help us.
>
> Thanks again for all the great work in the project.
>
> Juan
>

Re: [CANCEL][VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[J Cabrerizo]

Hi Jean-Baptiste

I understand and I completely support the idea of canceling this vote and
starting a new one. At the same time I wonder if, in benefit of time, the
votation period could be reduced from the standard 72 hours as it's a minor
-but important- change and it should change the previous votes.

Karaf is a key dependency of us in Apache Brooklyn as it is for many other
projects , as fast it can it bumped the better, and if we can do it this
week, it really will help us.

Thanks again for all the great work in the project.

Juan

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Achim Nierbeck]

Thanks JB,
I think it's a good signal for all our downstream projects.
Even if it's just rumors ;)

regards, Achim


Am Di., 14. Dez. 2021 um 10:44 Uhr schrieb Jean-Baptiste Onofré <
j...@nanthrax.net>:

> Even if I agree with Romain, I cancelled this release and I'm moving
> forward fast on new vote (later today).
>
> On 14/12/2021 10:32, Romain Manni-Bucau wrote:
> >> What's the difference between cutting a new release right after the
> >> release and just postponing this release (again) to include this log4j
> >> version?
> >> I'd rather have a 4.3.4 accepted by our consumers instead of everyone
> just
> >> waiting for the 4.3.5 ;)
> >
> > (just my 2cts and experience feedback about willing a perfect release)
> > Consumers waiting for something unrelated to log4j2 can adopt it 1 week
> > before ;), and as JB said, there is no security enhancement in 2.16 - and
> > some other parts of the JVM/libs are way more dangerous :p - so guess it
> is
> > better to release and move forward than keeping postponing which can
> delay
> > for more than 1 month the adoption (keep in mind we are in the last work
> > week in a lot of country since Xmas is coming ;)).
> >
> > Romain Manni-Bucau
> > @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> > <https://rmannibucau.metawerx.net/> | Old Blog
> > <http://rmannibucau.wordpress.com> | Github <
> https://github.com/rmannibucau> |
> > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> > <
> https://www.packtpub.com/application-development/java-ee-8-high-performance
> >
> >
> >
> > Le mar. 14 déc. 2021 à 10:26, Jean-Baptiste Onofré  a
> > écrit :
> >
> >> OK, so, let me prepare Pax Logging 2.0.12 then and cancel this vote to
> >> include this new Pax Logging version.
> >>
> >> Regards
> >> JB
> >>
> >> On 14/12/2021 10:20, Achim Nierbeck wrote:
> >>> tbh. What's the difference between cutting a new release right after
> the
> >>> release and just postponing this release (again) to include this log4j
> >>> version?
> >>> I'd rather have a 4.3.4 accepted by our consumers instead of everyone
> >> just
> >>> waiting for the 4.3.5 ;)
> >>>
> >>> my 2 cents :)
> >>>
> >>> regards, Achim
> >>>
> >>>
> >>> Am Di., 14. Dez. 2021 um 10:09 Uhr schrieb Jean-Baptiste Onofré <
> >>> j...@nanthrax.net>:
> >>>
> >>>> There's no big change between log4j 2.15 and 2.16 (in term of CVE).
> So,
> >>>> I would leave this vote running, and prepare Pax Logging/Karaf new
> >>>> release after (pretty soon).
> >>>>
> >>>> Regards
> >>>> JB
> >>>>
> >>>> On 14/12/2021 09:30, Bernd Eckenfels wrote:
> >>>>> If you have any reason to delay it some more, a new pax logging with
> >>>> log4j 2.0.16 should be close by ,) Log4j finally disabled JNDI and
> >> removed
> >>>> the lookup code. Otherwise another minor release would also be an
> >> option.
> >>>>> --
> >>>>> http://bernd.eckenfels.net
> >>>>> 
> >>>>> Von: Francois Papon 
> >>>>> Gesendet: Tuesday, December 14, 2021 8:49:24 AM
> >>>>> An: dev@karaf.apache.org 
> >>>>> Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)
> >>>>>
> >>>>> +1 (binding)
> >>>>>
> >>>>> Thanks JB!
> >>>>>
> >>>>> regards,
> >>>>>
> >>>>> Francois
> >>>>>
> >>>>> On 13/12/2021 16:24, Jean-Baptiste Onofré wrote:
> >>>>>> Hi everyone,
> >>>>>>
> >>>>>> I submit Apache Karaf runtime 4.3.4 to your vote (take #2).
> >>>>>>
> >>>>>> This release includes dependency upgrades, fixes, and improvements,
> >>>>>> especially:
> >>>>>>
> >>>>>> - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
> >>>>>> important security issue (CVE-2021-44228)
> >>>>>> - align dependencies versions between Karaf and Pax *
> >>>>>> - fix missing system export packages
> >>>>>&g

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Jean-Baptiste Onofré]

Even if I agree with Romain, I cancelled this release and I'm moving 
forward fast on new vote (later today).


On 14/12/2021 10:32, Romain Manni-Bucau wrote:

What's the difference between cutting a new release right after the
release and just postponing this release (again) to include this log4j
version?
I'd rather have a 4.3.4 accepted by our consumers instead of everyone just
waiting for the 4.3.5 ;)


(just my 2cts and experience feedback about willing a perfect release)
Consumers waiting for something unrelated to log4j2 can adopt it 1 week
before ;), and as JB said, there is no security enhancement in 2.16 - and
some other parts of the JVM/libs are way more dangerous :p - so guess it is
better to release and move forward than keeping postponing which can delay
for more than 1 month the adoption (keep in mind we are in the last work
week in a lot of country since Xmas is coming ;)).

Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>


Le mar. 14 déc. 2021 à 10:26, Jean-Baptiste Onofré  a
écrit :


OK, so, let me prepare Pax Logging 2.0.12 then and cancel this vote to
include this new Pax Logging version.

Regards
JB

On 14/12/2021 10:20, Achim Nierbeck wrote:

tbh. What's the difference between cutting a new release right after the
release and just postponing this release (again) to include this log4j
version?
I'd rather have a 4.3.4 accepted by our consumers instead of everyone

just

waiting for the 4.3.5 ;)

my 2 cents :)

regards, Achim


Am Di., 14. Dez. 2021 um 10:09 Uhr schrieb Jean-Baptiste Onofré <
j...@nanthrax.net>:


There's no big change between log4j 2.15 and 2.16 (in term of CVE). So,
I would leave this vote running, and prepare Pax Logging/Karaf new
release after (pretty soon).

Regards
JB

On 14/12/2021 09:30, Bernd Eckenfels wrote:

If you have any reason to delay it some more, a new pax logging with

log4j 2.0.16 should be close by ,) Log4j finally disabled JNDI and

removed

the lookup code. Otherwise another minor release would also be an

option.

--
http://bernd.eckenfels.net

Von: Francois Papon 
Gesendet: Tuesday, December 14, 2021 8:49:24 AM
An: dev@karaf.apache.org 
Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

+1 (binding)

Thanks JB!

regards,

Francois

On 13/12/2021 16:24, Jean-Baptiste Onofré wrote:

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote (take #2).

This release includes dependency upgrades, fixes, and improvements,
especially:

- upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
important security issue (CVE-2021-44228)
- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:




https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547



Staging Maven Repository:


https://repository.apache.org/content/repositories/orgapachekaraf-1164/


Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB

[CANCEL][VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Jean-Baptiste Onofré]

As discussed on the vote thread, I cancel this release to include Pax 
Logging 2.0.12 that will upgrade to log4j 2.0.16.


I will start a new vote asap.

Sorry about that,
Regards
JB

On 13/12/2021 16:24, Jean-Baptiste Onofré wrote:

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote (take #2).

This release includes dependency upgrades, fixes, and improvements, 
especially:


- upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing 
important security issue (CVE-2021-44228)

- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547 



Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1164/

Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Romain Manni-Bucau]

> What's the difference between cutting a new release right after the
> release and just postponing this release (again) to include this log4j
> version?
> I'd rather have a 4.3.4 accepted by our consumers instead of everyone just
> waiting for the 4.3.5 ;)

(just my 2cts and experience feedback about willing a perfect release)
Consumers waiting for something unrelated to log4j2 can adopt it 1 week
before ;), and as JB said, there is no security enhancement in 2.16 - and
some other parts of the JVM/libs are way more dangerous :p - so guess it is
better to release and move forward than keeping postponing which can delay
for more than 1 month the adoption (keep in mind we are in the last work
week in a lot of country since Xmas is coming ;)).

Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>


Le mar. 14 déc. 2021 à 10:26, Jean-Baptiste Onofré  a
écrit :

> OK, so, let me prepare Pax Logging 2.0.12 then and cancel this vote to
> include this new Pax Logging version.
>
> Regards
> JB
>
> On 14/12/2021 10:20, Achim Nierbeck wrote:
> > tbh. What's the difference between cutting a new release right after the
> > release and just postponing this release (again) to include this log4j
> > version?
> > I'd rather have a 4.3.4 accepted by our consumers instead of everyone
> just
> > waiting for the 4.3.5 ;)
> >
> > my 2 cents :)
> >
> > regards, Achim
> >
> >
> > Am Di., 14. Dez. 2021 um 10:09 Uhr schrieb Jean-Baptiste Onofré <
> > j...@nanthrax.net>:
> >
> >> There's no big change between log4j 2.15 and 2.16 (in term of CVE). So,
> >> I would leave this vote running, and prepare Pax Logging/Karaf new
> >> release after (pretty soon).
> >>
> >> Regards
> >> JB
> >>
> >> On 14/12/2021 09:30, Bernd Eckenfels wrote:
> >>> If you have any reason to delay it some more, a new pax logging with
> >> log4j 2.0.16 should be close by ,) Log4j finally disabled JNDI and
> removed
> >> the lookup code. Otherwise another minor release would also be an
> option.
> >>> --
> >>> http://bernd.eckenfels.net
> >>> 
> >>> Von: Francois Papon 
> >>> Gesendet: Tuesday, December 14, 2021 8:49:24 AM
> >>> An: dev@karaf.apache.org 
> >>> Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)
> >>>
> >>> +1 (binding)
> >>>
> >>> Thanks JB!
> >>>
> >>> regards,
> >>>
> >>> Francois
> >>>
> >>> On 13/12/2021 16:24, Jean-Baptiste Onofré wrote:
> >>>> Hi everyone,
> >>>>
> >>>> I submit Apache Karaf runtime 4.3.4 to your vote (take #2).
> >>>>
> >>>> This release includes dependency upgrades, fixes, and improvements,
> >>>> especially:
> >>>>
> >>>> - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
> >>>> important security issue (CVE-2021-44228)
> >>>> - align dependencies versions between Karaf and Pax *
> >>>> - fix missing system export packages
> >>>> - fix on Karaf features json support
> >>>> - fix features autoRefresh configuration handling
> >>>> - fix on sshd session handling
> >>>> - update to sshd 2.8.0
> >>>> - lot of pax * updates
> >>>> - and much more !
> >>>>
> >>>> Please take a look on Release Notes for details !
> >>>>
> >>>> Release Notes:
> >>>>
> >>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> >>>>
> >>>>
> >>>> Staging Maven Repository:
> >>>>
> https://repository.apache.org/content/repositories/orgapachekaraf-1164/
> >>>>
> >>>> Staging Dist Repository:
> >>>> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> >>>>
> >>>> Git tag:
> >>>> karaf-4.3.4
> >>>>
> >>>> Please vote to approve this release:
> >>>>
> >>>> [ ] +1 Approve the release
> >>>> [ ] -1 Don't approve the release (please provide specific comments)
> >>>>
> >>>> This vote will be open for at least 72 hours.
> >>>>
> >>>> Regards
> >>>> JB
> >>>
> >>
> >
> >
>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Bernd Eckenfels]

There are rumors/theories the Sysprop does not cover all Code path (not for 
structured log events). Therefore sooner or later the 2.16 is needed for 
compliance reasons.

Much appreciated that you roll another release, jb.


--
http://bernd.eckenfels.net

Von: Romain Manni-Bucau 
Gesendet: Tuesday, December 14, 2021 10:07:13 AM
An: dev 
Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

+1 (to release), in terms of actual security 2.15 or 2.16 does not change
much and karaf has some expected changes so let it go and redo one after if
wished IMHO

Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>


Le mar. 14 déc. 2021 à 09:30, Bernd Eckenfels  a
écrit :

> If you have any reason to delay it some more, a new pax logging with log4j
> 2.0.16 should be close by ,) Log4j finally disabled JNDI and removed the
> lookup code. Otherwise another minor release would also be an option.
> --
> http://bernd.eckenfels.net
> 
> Von: Francois Papon 
> Gesendet: Tuesday, December 14, 2021 8:49:24 AM
> An: dev@karaf.apache.org 
> Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)
>
> +1 (binding)
>
> Thanks JB!
>
> regards,
>
> Francois
>
> On 13/12/2021 16:24, Jean-Baptiste Onofré wrote:
> > Hi everyone,
> >
> > I submit Apache Karaf runtime 4.3.4 to your vote (take #2).
> >
> > This release includes dependency upgrades, fixes, and improvements,
> > especially:
> >
> > - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
> > important security issue (CVE-2021-44228)
> > - align dependencies versions between Karaf and Pax *
> > - fix missing system export packages
> > - fix on Karaf features json support
> > - fix features autoRefresh configuration handling
> > - fix on sshd session handling
> > - update to sshd 2.8.0
> > - lot of pax * updates
> > - and much more !
> >
> > Please take a look on Release Notes for details !
> >
> > Release Notes:
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> >
> >
> > Staging Maven Repository:
> > https://repository.apache.org/content/repositories/orgapachekaraf-1164/
> >
> > Staging Dist Repository:
> > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> >
> > Git tag:
> > karaf-4.3.4
> >
> > Please vote to approve this release:
> >
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Regards
> > JB
>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Jean-Baptiste Onofré]

OK, so, let me prepare Pax Logging 2.0.12 then and cancel this vote to 
include this new Pax Logging version.


Regards
JB

On 14/12/2021 10:20, Achim Nierbeck wrote:

tbh. What's the difference between cutting a new release right after the
release and just postponing this release (again) to include this log4j
version?
I'd rather have a 4.3.4 accepted by our consumers instead of everyone just
waiting for the 4.3.5 ;)

my 2 cents :)

regards, Achim


Am Di., 14. Dez. 2021 um 10:09 Uhr schrieb Jean-Baptiste Onofré <
j...@nanthrax.net>:


There's no big change between log4j 2.15 and 2.16 (in term of CVE). So,
I would leave this vote running, and prepare Pax Logging/Karaf new
release after (pretty soon).

Regards
JB

On 14/12/2021 09:30, Bernd Eckenfels wrote:

If you have any reason to delay it some more, a new pax logging with

log4j 2.0.16 should be close by ,) Log4j finally disabled JNDI and removed
the lookup code. Otherwise another minor release would also be an option.

--
http://bernd.eckenfels.net

Von: Francois Papon 
Gesendet: Tuesday, December 14, 2021 8:49:24 AM
An: dev@karaf.apache.org 
Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

+1 (binding)

Thanks JB!

regards,

Francois

On 13/12/2021 16:24, Jean-Baptiste Onofré wrote:

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote (take #2).

This release includes dependency upgrades, fixes, and improvements,
especially:

- upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
important security issue (CVE-2021-44228)
- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:


https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547



Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1164/

Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Achim Nierbeck]

tbh. What's the difference between cutting a new release right after the
release and just postponing this release (again) to include this log4j
version?
I'd rather have a 4.3.4 accepted by our consumers instead of everyone just
waiting for the 4.3.5 ;)

my 2 cents :)

regards, Achim


Am Di., 14. Dez. 2021 um 10:09 Uhr schrieb Jean-Baptiste Onofré <
j...@nanthrax.net>:

> There's no big change between log4j 2.15 and 2.16 (in term of CVE). So,
> I would leave this vote running, and prepare Pax Logging/Karaf new
> release after (pretty soon).
>
> Regards
> JB
>
> On 14/12/2021 09:30, Bernd Eckenfels wrote:
> > If you have any reason to delay it some more, a new pax logging with
> log4j 2.0.16 should be close by ,) Log4j finally disabled JNDI and removed
> the lookup code. Otherwise another minor release would also be an option.
> > --
> > http://bernd.eckenfels.net
> > 
> > Von: Francois Papon 
> > Gesendet: Tuesday, December 14, 2021 8:49:24 AM
> > An: dev@karaf.apache.org 
> > Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)
> >
> > +1 (binding)
> >
> > Thanks JB!
> >
> > regards,
> >
> > Francois
> >
> > On 13/12/2021 16:24, Jean-Baptiste Onofré wrote:
> >> Hi everyone,
> >>
> >> I submit Apache Karaf runtime 4.3.4 to your vote (take #2).
> >>
> >> This release includes dependency upgrades, fixes, and improvements,
> >> especially:
> >>
> >> - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
> >> important security issue (CVE-2021-44228)
> >> - align dependencies versions between Karaf and Pax *
> >> - fix missing system export packages
> >> - fix on Karaf features json support
> >> - fix features autoRefresh configuration handling
> >> - fix on sshd session handling
> >> - update to sshd 2.8.0
> >> - lot of pax * updates
> >> - and much more !
> >>
> >> Please take a look on Release Notes for details !
> >>
> >> Release Notes:
> >>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> >>
> >>
> >> Staging Maven Repository:
> >> https://repository.apache.org/content/repositories/orgapachekaraf-1164/
> >>
> >> Staging Dist Repository:
> >> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> >>
> >> Git tag:
> >> karaf-4.3.4
> >>
> >> Please vote to approve this release:
> >>
> >> [ ] +1 Approve the release
> >> [ ] -1 Don't approve the release (please provide specific comments)
> >>
> >> This vote will be open for at least 72 hours.
> >>
> >> Regards
> >> JB
> >
>


-- 

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Jean-Baptiste Onofré]

There's no big change between log4j 2.15 and 2.16 (in term of CVE). So, 
I would leave this vote running, and prepare Pax Logging/Karaf new 
release after (pretty soon).


Regards
JB

On 14/12/2021 09:30, Bernd Eckenfels wrote:

If you have any reason to delay it some more, a new pax logging with log4j 
2.0.16 should be close by ,) Log4j finally disabled JNDI and removed the lookup 
code. Otherwise another minor release would also be an option.
--
http://bernd.eckenfels.net

Von: Francois Papon 
Gesendet: Tuesday, December 14, 2021 8:49:24 AM
An: dev@karaf.apache.org 
Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

+1 (binding)

Thanks JB!

regards,

Francois

On 13/12/2021 16:24, Jean-Baptiste Onofré wrote:

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote (take #2).

This release includes dependency upgrades, fixes, and improvements,
especially:

- upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
important security issue (CVE-2021-44228)
- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547


Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1164/

Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Romain Manni-Bucau]

+1 (to release), in terms of actual security 2.15 or 2.16 does not change
much and karaf has some expected changes so let it go and redo one after if
wished IMHO

Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>


Le mar. 14 déc. 2021 à 09:30, Bernd Eckenfels  a
écrit :

> If you have any reason to delay it some more, a new pax logging with log4j
> 2.0.16 should be close by ,) Log4j finally disabled JNDI and removed the
> lookup code. Otherwise another minor release would also be an option.
> --
> http://bernd.eckenfels.net
> 
> Von: Francois Papon 
> Gesendet: Tuesday, December 14, 2021 8:49:24 AM
> An: dev@karaf.apache.org 
> Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)
>
> +1 (binding)
>
> Thanks JB!
>
> regards,
>
> Francois
>
> On 13/12/2021 16:24, Jean-Baptiste Onofré wrote:
> > Hi everyone,
> >
> > I submit Apache Karaf runtime 4.3.4 to your vote (take #2).
> >
> > This release includes dependency upgrades, fixes, and improvements,
> > especially:
> >
> > - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
> > important security issue (CVE-2021-44228)
> > - align dependencies versions between Karaf and Pax *
> > - fix missing system export packages
> > - fix on Karaf features json support
> > - fix features autoRefresh configuration handling
> > - fix on sshd session handling
> > - update to sshd 2.8.0
> > - lot of pax * updates
> > - and much more !
> >
> > Please take a look on Release Notes for details !
> >
> > Release Notes:
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> >
> >
> > Staging Maven Repository:
> > https://repository.apache.org/content/repositories/orgapachekaraf-1164/
> >
> > Staging Dist Repository:
> > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> >
> > Git tag:
> > karaf-4.3.4
> >
> > Please vote to approve this release:
> >
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Regards
> > JB
>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Bernd Eckenfels]

If you have any reason to delay it some more, a new pax logging with log4j 
2.0.16 should be close by ,) Log4j finally disabled JNDI and removed the lookup 
code. Otherwise another minor release would also be an option.
--
http://bernd.eckenfels.net

Von: Francois Papon 
Gesendet: Tuesday, December 14, 2021 8:49:24 AM
An: dev@karaf.apache.org 
Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

+1 (binding)

Thanks JB!

regards,

Francois

On 13/12/2021 16:24, Jean-Baptiste Onofré wrote:
> Hi everyone,
>
> I submit Apache Karaf runtime 4.3.4 to your vote (take #2).
>
> This release includes dependency upgrades, fixes, and improvements,
> especially:
>
> - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
> important security issue (CVE-2021-44228)
> - align dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
>
> Please take a look on Release Notes for details !
>
> Release Notes:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
>
>
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1164/
>
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
>
> Git tag:
> karaf-4.3.4
>
> Please vote to approve this release:
>
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Regards
> JB

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Francois Papon]

+1 (binding)

Thanks JB!

regards,

Francois

On 13/12/2021 16:24, Jean-Baptiste Onofré wrote:

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote (take #2).

This release includes dependency upgrades, fixes, and improvements, 
especially:


- upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing 
important security issue (CVE-2021-44228)

- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547 



Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1164/

Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Jamie G.]

+1

Cheers,
Jamie

On Mon, Dec 13, 2021 at 1:49 PM Achim Nierbeck
 wrote:
>
> +1 (binding)
>
> best regards, Achim
>
> Am Mo., 13. Dez. 2021 um 17:48 Uhr schrieb Roedl Lukas <
> lukas.ro...@ait.ac.at>:
>
> > +1 (non-binding)
> >
> > regards,
> > Lukas
> >
> > -Ursprüngliche Nachricht-
> > Von: Jean-Baptiste Onofré 
> > Gesendet: Montag, 13. Dezember 2021 16:24
> > An: dev@karaf.apache.org
> > Betreff: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)
> >
> > Hi everyone,
> >
> > I submit Apache Karaf runtime 4.3.4 to your vote (take #2).
> >
> > This release includes dependency upgrades, fixes, and improvements,
> > especially:
> >
> > - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
> > important security issue (CVE-2021-44228)
> > - align dependencies versions between Karaf and Pax *
> > - fix missing system export packages
> > - fix on Karaf features json support
> > - fix features autoRefresh configuration handling
> > - fix on sshd session handling
> > - update to sshd 2.8.0
> > - lot of pax * updates
> > - and much more !
> >
> > Please take a look on Release Notes for details !
> >
> > Release Notes:
> >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> >
> > Staging Maven Repository:
> > https://repository.apache.org/content/repositories/orgapachekaraf-1164/
> >
> > Staging Dist Repository:
> > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> >
> > Git tag:
> > karaf-4.3.4
> >
> > Please vote to approve this release:
> >
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Regards
> > JB
> >
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> Project Lead
> blog <http://notizblog.nierbeck.de/>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Achim Nierbeck]

+1 (binding)

best regards, Achim

Am Mo., 13. Dez. 2021 um 17:48 Uhr schrieb Roedl Lukas <
lukas.ro...@ait.ac.at>:

> +1 (non-binding)
>
> regards,
> Lukas
>
> -Ursprüngliche Nachricht-
> Von: Jean-Baptiste Onofré 
> Gesendet: Montag, 13. Dezember 2021 16:24
> An: dev@karaf.apache.org
> Betreff: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)
>
> Hi everyone,
>
> I submit Apache Karaf runtime 4.3.4 to your vote (take #2).
>
> This release includes dependency upgrades, fixes, and improvements,
> especially:
>
> - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
> important security issue (CVE-2021-44228)
> - align dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
>
> Please take a look on Release Notes for details !
>
> Release Notes:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
>
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1164/
>
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
>
> Git tag:
> karaf-4.3.4
>
> Please vote to approve this release:
>
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Regards
> JB
>


-- 

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>

AW: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Roedl Lukas]

+1 (non-binding)

regards,
Lukas

-Ursprüngliche Nachricht-
Von: Jean-Baptiste Onofré  
Gesendet: Montag, 13. Dezember 2021 16:24
An: dev@karaf.apache.org
Betreff: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote (take #2).

This release includes dependency upgrades, fixes, and improvements,
especially:

- upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing important 
security issue (CVE-2021-44228)
- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547

Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1164/

Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Grzegorz Grzybek]

+1

regards
Grzegorz Grzybek

pon., 13 gru 2021 o 17:17 Freeman Fang  napisał(a):

> +1(binding)
>
> Thanks!
> Freeman
>
> On Mon, Dec 13, 2021 at 10:24 AM Jean-Baptiste Onofré 
> wrote:
>
> > Hi everyone,
> >
> > I submit Apache Karaf runtime 4.3.4 to your vote (take #2).
> >
> > This release includes dependency upgrades, fixes, and improvements,
> > especially:
> >
> > - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
> > important security issue (CVE-2021-44228)
> > - align dependencies versions between Karaf and Pax *
> > - fix missing system export packages
> > - fix on Karaf features json support
> > - fix features autoRefresh configuration handling
> > - fix on sshd session handling
> > - update to sshd 2.8.0
> > - lot of pax * updates
> > - and much more !
> >
> > Please take a look on Release Notes for details !
> >
> > Release Notes:
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> >
> > Staging Maven Repository:
> > https://repository.apache.org/content/repositories/orgapachekaraf-1164/
> >
> > Staging Dist Repository:
> > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> >
> > Git tag:
> > karaf-4.3.4
> >
> > Please vote to approve this release:
> >
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Regards
> > JB
> >
>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Freeman Fang]

+1(binding)

Thanks!
Freeman

On Mon, Dec 13, 2021 at 10:24 AM Jean-Baptiste Onofré 
wrote:

> Hi everyone,
>
> I submit Apache Karaf runtime 4.3.4 to your vote (take #2).
>
> This release includes dependency upgrades, fixes, and improvements,
> especially:
>
> - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing
> important security issue (CVE-2021-44228)
> - align dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
>
> Please take a look on Release Notes for details !
>
> Release Notes:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
>
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1164/
>
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
>
> Git tag:
> karaf-4.3.4
>
> Please vote to approve this release:
>
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Regards
> JB
>

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Robert Varga]

On 13/12/2021 16:24, Jean-Baptiste Onofré wrote:


Please vote to approve this release:

[ ] +1 Approve the release


OpenDaylight basics seem to be okay with this release, +1 (non-binding).

Thanks,
Robert


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Steinar Bang]

> Jean-Baptiste Onofré :

> Hi everyone,
> I submit Apache Karaf runtime 4.3.4 to your vote (take #2).
[snip!]
> Please vote to approve this release:

> [X] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)

> This vote will be open for at least 72 hours.

All of my karaf applications installed without error messages and seems
to be running normally.

+1 from me (non-binding)

[VOTE] Apache Karaf runtime 4.3.4 release (take #2)

[Jean-Baptiste Onofré]

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote (take #2).

This release includes dependency upgrades, fixes, and improvements, 
especially:


- upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing 
important security issue (CVE-2021-44228)

- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547

Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1164/

Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB

Re: [CANCEL][VOTE] Apache Karaf runtime 4.3.4 release

[Steinar Bang]

> Jean-Baptiste Onofre :

> Hi guys;
> I cancel this vote to:
> 1. Upgrade to pax-logging 2.0.11 which includes important log4j2 CVE fix

+1 on that!

(I just dropped by today to check if there were any discissions on karaf and 
log4j...)

[CANCEL][VOTE] Apache Karaf runtime 4.3.4 release

[Jean-Baptiste Onofre]

Hi guys;

I cancel this vote to:
1. Upgrade to pax-logging 2.0.11 which includes important log4j2 CVE fix
2. Include a quick fix in the features service and autoRefresh flag (populated 
in the cfg file)

I will submit a new take to vote later today.

Sorry about that.

Regards
JB

> Le 7 déc. 2021 à 05:55, Jean-Baptiste Onofré  a écrit :
> 
> Hi everyone,
> 
> I submit Apache Karaf runtime 4.3.4 to your vote.
> 
> This release includes dependency upgrades, fixes, and improvements, 
> especially:
> 
> - align dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
> 
> Please take a look on Release Notes for details !
> 
> Release Notes:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> 
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1162/
> 
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> 
> Git tag:
> karaf-4.3.4
> 
> Please vote to approve this release:
> 
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
> 
> This vote will be open for at least 72 hours.
> 
> Regards
> JB

AW: [VOTE] Apache Karaf runtime 4.3.4 release

[Roedl Lukas]

+1 (non-binding)

regards,
Lukas

-Ursprüngliche Nachricht-
Von: Jean-Baptiste Onofré  
Gesendet: Dienstag, 7. Dezember 2021 05:55
An: dev@karaf.apache.org
Betreff: [VOTE] Apache Karaf runtime 4.3.4 release

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote.

This release includes dependency upgrades, fixes, and improvements, 
especially:

- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547

Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1162/

Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB

Re: [VOTE] Apache Karaf runtime 4.3.4 release

[Jamie G.]

+1

Cheers,
Jamie

On Tue, Dec 7, 2021 at 12:51 PM Freeman Fang  wrote:
>
> +1 (binding)
>
> Thanks!
> Freeman
>
> On Mon, Dec 6, 2021 at 11:55 PM Jean-Baptiste Onofré 
> wrote:
>
> > Hi everyone,
> >
> > I submit Apache Karaf runtime 4.3.4 to your vote.
> >
> > This release includes dependency upgrades, fixes, and improvements,
> > especially:
> >
> > - align dependencies versions between Karaf and Pax *
> > - fix missing system export packages
> > - fix on Karaf features json support
> > - fix features autoRefresh configuration handling
> > - fix on sshd session handling
> > - update to sshd 2.8.0
> > - lot of pax * updates
> > - and much more !
> >
> > Please take a look on Release Notes for details !
> >
> > Release Notes:
> >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> >
> > Staging Maven Repository:
> > https://repository.apache.org/content/repositories/orgapachekaraf-1162/
> >
> > Staging Dist Repository:
> > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> >
> > Git tag:
> > karaf-4.3.4
> >
> > Please vote to approve this release:
> >
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Regards
> > JB
> >

Re: [VOTE] Apache Karaf runtime 4.3.4 release

[Freeman Fang]

+1 (binding)

Thanks!
Freeman

On Mon, Dec 6, 2021 at 11:55 PM Jean-Baptiste Onofré 
wrote:

> Hi everyone,
>
> I submit Apache Karaf runtime 4.3.4 to your vote.
>
> This release includes dependency upgrades, fixes, and improvements,
> especially:
>
> - align dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
>
> Please take a look on Release Notes for details !
>
> Release Notes:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
>
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1162/
>
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
>
> Git tag:
> karaf-4.3.4
>
> Please vote to approve this release:
>
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Regards
> JB
>

Re: [VOTE] Apache Karaf runtime 4.3.4 release

[Matt Pavlovich]

+1 (non-binding)

[x] Verified sha512 sum 
[x] Started, added staging repo, installed a few features including ActiveMQ 
5.16.3
[x] Verified ssh acces

Thanks JB!

Matt Pavlovich

> On Dec 6, 2021, at 10:55 PM, Jean-Baptiste Onofré  wrote:
> 
> Hi everyone,
> 
> I submit Apache Karaf runtime 4.3.4 to your vote.
> 
> This release includes dependency upgrades, fixes, and improvements, 
> especially:
> 
> - align dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
> 
> Please take a look on Release Notes for details !
> 
> Release Notes:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> 
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1162/
> 
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> 
> Git tag:
> karaf-4.3.4
> 
> Please vote to approve this release:
> 
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
> 
> This vote will be open for at least 72 hours.
> 
> Regards
> JB

Re: [VOTE] Apache Karaf runtime 4.3.4 release

[Francois Papon]

+1 (binding)

local tests ok!

regards,

Francois

On 07/12/2021 05:55, Jean-Baptiste Onofré wrote:

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote.

This release includes dependency upgrades, fixes, and improvements, 
especially:


- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547 



Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1162/

Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB

Re: [VOTE] Apache Karaf runtime 4.3.4 release

[Romain Manni-Bucau]

+1 looks good on my apps.

Romain Manni-Bucau
@rmannibucau  |  Blog
 | Old Blog
 | Github  |
LinkedIn  | Book



Le mar. 7 déc. 2021 à 08:16, Grzegorz Grzybek  a
écrit :

> Hello
>
> +1 (binding)
>
> BTW - here’s how Karaf 4.3.4 works with Pax Web 8 (soon in Karaf 4.4):
>
> karaf@root()> install -s mvn:io.hawt/hawtio-osgi/2.14.1/war
> Bundle ID: 76
>
> karaf@root()> web:wab-list
> Context Path │ Bundle ID │ Symbolic Name   │ State│ Base URL
>
> ─┼───┼─┼──┼─
> /hawtio  │ 76│ io.hawt.hawtio-osgi │ Deployed │
> http://127.0.0.1:8181/hawtio
>
> karaf@root()> web:context-list
> Bundle ID │ Symbolic Name │ Context
> Path │ Context Name │ Rank │ Service ID │ Type   │ Scope   │
> Registration Properties
>
> ──┼───┼──┼──┼──┼┼┼─┼──
> 70│ org.ops4j.pax.web.pax-web-extender-whiteboard │ /
>   │ default  │ 0│ 0  │ Whiteboard │ static* │
> osgi.http.whiteboard.context.name=default
>   │   │
>   │  │  │││ │
> osgi.http.whiteboard.context.path=/
> 76│ io.hawt.hawtio-osgi   │ /hawtio
>   │ /hawtio  │ MAX  │ 0  │ WAB│ static* │
> osgi.http.whiteboard.context.path=/hawtio
>
> *) This context is using ServletContextHelper/HttpContext without
> resolving an org.osgi.framework.ServiceReference.
>
> karaf@root()> web:servlet-list
> Bundle ID │ Name  │ Class
>│ Context Path(s) │ URLs │ Type │
> Context Filter
>
> ──┼───┼───┼─┼──┼──┼───
> 76│ default   │
> org.ops4j.pax.web.service.jetty.internal.web.JettyResourceServlet │
> /hawtio │ /│ WAB  │ -
> 76│ jolokia-agent │
> io.hawt.web.servlets.JolokiaConfiguredAgentServlet │
> /hawtio │ /jolokia/*   │ WAB  │ -
> 76│ jolokia-proxy │ io.hawt.web.proxy.ProxyServlet
>│ /hawtio │ /proxy/* │ WAB  │ -
> 76│ keycloak  │ io.hawt.web.auth.keycloak.KeycloakServlet
>│ /hawtio │ /keycloak/*  │ WAB  │ -
> 76│ login │ io.hawt.web.auth.LoginServlet
>│ /hawtio │ /auth/login  │ WAB  │ -
> 76│ logout│ io.hawt.web.auth.LogoutServlet
>│ /hawtio │ /auth/logout │ WAB  │ -
> 76│ plugin│ io.hawt.web.plugin.PluginServlet
>│ /hawtio │ /plugin/*│ WAB  │ -
> 76│ user  │
> io.hawt.web.auth.keycloak.KeycloakUserServlet │
> /hawtio │ /user/*  │ WAB  │ -
>
> regards
> Grzegorz Grzybek
>
> wt., 7 gru 2021 o 05:59 Jean-Baptiste Onofré  napisał(a):
>
> > Hi everyone,
> >
> > I submit Apache Karaf runtime 4.3.4 to your vote.
> >
> > This release includes dependency upgrades, fixes, and improvements,
> > especially:
> >
> > - align dependencies versions between Karaf and Pax *
> > - fix missing system export packages
> > - fix on Karaf features json support
> > - fix features autoRefresh configuration handling
> > - fix on sshd session handling
> > - update to sshd 2.8.0
> > - lot of pax * updates
> > - and much more !
> >
> > Please take a look on Release Notes for details !
> >
> > Release Notes:
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
> >
> > Staging Maven Repository:
> > https://repository.apache.org/content/repositories/orgapachekaraf-1162/
> >
> > Staging Dist Repository:
> > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
> >
> > Git tag:
> > karaf-4.3.4
> >
> > Please vote to approve this release:
> >
> > [ ] +1 Approve the release
> > [ ] -1 Don't approve the release (please provide specific comments)
> >
> > This vote will be open for at least 72 hours.
> >
> > Regards
> > JB
> >
>

Re: [VOTE] Apache Karaf runtime 4.3.4 release

[Grzegorz Grzybek]

Hello

+1 (binding)

BTW - here’s how Karaf 4.3.4 works with Pax Web 8 (soon in Karaf 4.4):

karaf@root()> install -s mvn:io.hawt/hawtio-osgi/2.14.1/war
Bundle ID: 76

karaf@root()> web:wab-list
Context Path │ Bundle ID │ Symbolic Name   │ State│ Base URL
─┼───┼─┼──┼─
/hawtio  │ 76│ io.hawt.hawtio-osgi │ Deployed │
http://127.0.0.1:8181/hawtio

karaf@root()> web:context-list
Bundle ID │ Symbolic Name │ Context
Path │ Context Name │ Rank │ Service ID │ Type   │ Scope   │
Registration Properties
──┼───┼──┼──┼──┼┼┼─┼──
70│ org.ops4j.pax.web.pax-web-extender-whiteboard │ /
  │ default  │ 0│ 0  │ Whiteboard │ static* │
osgi.http.whiteboard.context.name=default
  │   │
  │  │  │││ │
osgi.http.whiteboard.context.path=/
76│ io.hawt.hawtio-osgi   │ /hawtio
  │ /hawtio  │ MAX  │ 0  │ WAB│ static* │
osgi.http.whiteboard.context.path=/hawtio

*) This context is using ServletContextHelper/HttpContext without
resolving an org.osgi.framework.ServiceReference.

karaf@root()> web:servlet-list
Bundle ID │ Name  │ Class
   │ Context Path(s) │ URLs │ Type │
Context Filter
──┼───┼───┼─┼──┼──┼───
76│ default   │
org.ops4j.pax.web.service.jetty.internal.web.JettyResourceServlet │
/hawtio │ /│ WAB  │ -
76│ jolokia-agent │
io.hawt.web.servlets.JolokiaConfiguredAgentServlet │
/hawtio │ /jolokia/*   │ WAB  │ -
76│ jolokia-proxy │ io.hawt.web.proxy.ProxyServlet
   │ /hawtio │ /proxy/* │ WAB  │ -
76│ keycloak  │ io.hawt.web.auth.keycloak.KeycloakServlet
   │ /hawtio │ /keycloak/*  │ WAB  │ -
76│ login │ io.hawt.web.auth.LoginServlet
   │ /hawtio │ /auth/login  │ WAB  │ -
76│ logout│ io.hawt.web.auth.LogoutServlet
   │ /hawtio │ /auth/logout │ WAB  │ -
76│ plugin│ io.hawt.web.plugin.PluginServlet
   │ /hawtio │ /plugin/*│ WAB  │ -
76│ user  │
io.hawt.web.auth.keycloak.KeycloakUserServlet │
/hawtio │ /user/*  │ WAB  │ -

regards
Grzegorz Grzybek

wt., 7 gru 2021 o 05:59 Jean-Baptiste Onofré  napisał(a):

> Hi everyone,
>
> I submit Apache Karaf runtime 4.3.4 to your vote.
>
> This release includes dependency upgrades, fixes, and improvements,
> especially:
>
> - align dependencies versions between Karaf and Pax *
> - fix missing system export packages
> - fix on Karaf features json support
> - fix features autoRefresh configuration handling
> - fix on sshd session handling
> - update to sshd 2.8.0
> - lot of pax * updates
> - and much more !
>
> Please take a look on Release Notes for details !
>
> Release Notes:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547
>
> Staging Maven Repository:
> https://repository.apache.org/content/repositories/orgapachekaraf-1162/
>
> Staging Dist Repository:
> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/
>
> Git tag:
> karaf-4.3.4
>
> Please vote to approve this release:
>
> [ ] +1 Approve the release
> [ ] -1 Don't approve the release (please provide specific comments)
>
> This vote will be open for at least 72 hours.
>
> Regards
> JB
>

[VOTE] Apache Karaf runtime 4.3.4 release

[Jean-Baptiste Onofré]

Hi everyone,

I submit Apache Karaf runtime 4.3.4 to your vote.

This release includes dependency upgrades, fixes, and improvements, 
especially:


- align dependencies versions between Karaf and Pax *
- fix missing system export packages
- fix on Karaf features json support
- fix features autoRefresh configuration handling
- fix on sshd session handling
- update to sshd 2.8.0
- lot of pax * updates
- and much more !

Please take a look on Release Notes for details !

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547

Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1162/

Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.3.4/

Git tag:
karaf-4.3.4

Please vote to approve this release:

[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)

This vote will be open for at least 72 hours.

Regards
JB