Re: Logback CVE-2021-42550
I’m closing current release votes, and I will update in Karaf to prepare new releases. Regards JB > Le 18 déc. 2021 à 20:25, Grzegorz Grzybek a écrit : > > Hello > > Done - I've released Pax Logging 1.11.12 and 2.0.13 with the Logback > update. Thanks Matt for the initial PR - I've checked that no other changes > are required. > > regards > Grzegorz Grzybek > > sob., 18 gru 2021 o 05:42 Jean-Baptiste Onofre napisał(a): > >> Thanks, >> >> However, the PR is not correct. >> >> We (Greg and I) will create a right PR and move forward on Pax Logging >> release. >> >> However, just a note for the users: this issue is largely less critical >> than log4j one. >> Anyway, I will cut maintenance release quickly. >> >> Regards >> JB >> >>> Le 17 déc. 2021 à 16:35, Matt Pavlovich a écrit : >>> >>> PR created for pax-logging against main: >> https://github.com/ops4j/org.ops4j.pax.logging/pull/425 < >> https://github.com/ops4j/org.ops4j.pax.logging/pull/425> >>> >>> >>>> On Dec 17, 2021, at 9:23 AM, Matt Pavlovich wrote: >>>> >>>> I summarized notes on the Logback CVE-2021-42550 . While significantly >> less critical, we probably need to consider another round of releases to >> address and bring in logback 1.2.9. >>>> >>>> notes here: https://issues.apache.org/jira/browse/KARAF-7299 < >> https://issues.apache.org/jira/browse/KARAF-7299> >>>> >>>> Thoughts? >>> >> >>
Re: Logback CVE-2021-42550
Hello Done - I've released Pax Logging 1.11.12 and 2.0.13 with the Logback update. Thanks Matt for the initial PR - I've checked that no other changes are required. regards Grzegorz Grzybek sob., 18 gru 2021 o 05:42 Jean-Baptiste Onofre napisał(a): > Thanks, > > However, the PR is not correct. > > We (Greg and I) will create a right PR and move forward on Pax Logging > release. > > However, just a note for the users: this issue is largely less critical > than log4j one. > Anyway, I will cut maintenance release quickly. > > Regards > JB > > > Le 17 déc. 2021 à 16:35, Matt Pavlovich a écrit : > > > > PR created for pax-logging against main: > https://github.com/ops4j/org.ops4j.pax.logging/pull/425 < > https://github.com/ops4j/org.ops4j.pax.logging/pull/425> > > > > > >> On Dec 17, 2021, at 9:23 AM, Matt Pavlovich wrote: > >> > >> I summarized notes on the Logback CVE-2021-42550 . While significantly > less critical, we probably need to consider another round of releases to > address and bring in logback 1.2.9. > >> > >> notes here: https://issues.apache.org/jira/browse/KARAF-7299 < > https://issues.apache.org/jira/browse/KARAF-7299> > >> > >> Thoughts? > > > >
Re: Logback CVE-2021-42550
Thanks, However, the PR is not correct. We (Greg and I) will create a right PR and move forward on Pax Logging release. However, just a note for the users: this issue is largely less critical than log4j one. Anyway, I will cut maintenance release quickly. Regards JB > Le 17 déc. 2021 à 16:35, Matt Pavlovich a écrit : > > PR created for pax-logging against main: > https://github.com/ops4j/org.ops4j.pax.logging/pull/425 > <https://github.com/ops4j/org.ops4j.pax.logging/pull/425> > > >> On Dec 17, 2021, at 9:23 AM, Matt Pavlovich wrote: >> >> I summarized notes on the Logback CVE-2021-42550 . While significantly less >> critical, we probably need to consider another round of releases to address >> and bring in logback 1.2.9. >> >> notes here: https://issues.apache.org/jira/browse/KARAF-7299 >> <https://issues.apache.org/jira/browse/KARAF-7299> >> >> Thoughts? >
Re: Logback CVE-2021-42550
PR created for pax-logging against main: https://github.com/ops4j/org.ops4j.pax.logging/pull/425 <https://github.com/ops4j/org.ops4j.pax.logging/pull/425> > On Dec 17, 2021, at 9:23 AM, Matt Pavlovich wrote: > > I summarized notes on the Logback CVE-2021-42550 . While significantly less > critical, we probably need to consider another round of releases to address > and bring in logback 1.2.9. > > notes here: https://issues.apache.org/jira/browse/KARAF-7299 > <https://issues.apache.org/jira/browse/KARAF-7299> > > Thoughts?
Logback CVE-2021-42550
I summarized notes on the Logback CVE-2021-42550 . While significantly less critical, we probably need to consider another round of releases to address and bring in logback 1.2.9. notes here: https://issues.apache.org/jira/browse/KARAF-7299 <https://issues.apache.org/jira/browse/KARAF-7299> Thoughts?
