Re: [VOTE] Release Apache Log4j 2.12.3-rc1
My +1 Ralph > On Dec 20, 2021, at 5:52 PM, Ralph Goers wrote: > > This is a vote to release Log4j 2.12.3, a security release for Java 7 users. > > Please download, test, and cast your votes on the log4j developers list. > [] +1, release the artifacts > [] -1, don't release because... > > The vote will remain open for as short amount as time as required to vet the > release. All votes are welcome and we encourage everyone to test the release, > but only Logging PMC votes are “officially” counted. As always, at least 3 +1 > votes and more positive than negative votes are required. > > Changes in this version include: > > Fixed Bugs > > • LOG4J2-3230: Fix string substitution recursion. > • LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will remain > disabled by default. Rename JNDI enablement property from 'log4j2.enableJndi' > to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', and > 'log4j2.enableJndiContextSelector’. >• LOG4J2-2819: Add support for specifying an SSL configuration for > SmtpAppender > > Tag: > a) for a new copy do "git clone > https://github.com/apache/logging-log4j2.git"; and then "git checkout > tags/log4j-2.12.3-rc1” or just "git clone -b log4j-2.12.3-rc1 > https://github.com/apache/logging-log4j2.git"; > b) for an existing working copy to “git pull” and then “git checkout > tags/log4j-2.12.3-rc1” > > Web Site: https://logging.staged.apache.org/log4j/log4j-2.12.3/index.html > > Maven Artifacts: > https://repository.apache.org/content/repositories/orgapachelogging-1074 > > Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/ > > You may download all the Maven artifacts by executing: > wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate > https://repository.apache.org/content/repositories/orgapachelogging-1074/org/apache/logging/log4j/.
Re: [VOTE] Release Apache Log4j 2.12.3-rc1
+1 then Gary On Mon, Dec 20, 2021 at 10:50 PM Ralph Goers wrote: > > There was a bug in the site build. I checked the fix in to the branch. It > doesn’t matter for the release. > > Ralph > > > On Dec 20, 2021, at 6:46 PM, Gary Gregory wrote: > > > > Building from the git tag for HEAD detached at log4j-2.12.3-rc1 (2b9359b23) > > > > - mvn apache-rat:check -DskipTests OK > > - mvn clean install OK except a JVM crash I always get in the > > Cassandra module tests, just like always. > > - mvn site -DskipTests fails with: > > > > [ERROR] Failed to execute goal > > org.apache.maven.plugins:maven-site-plugin:3.4:site (default-site) on > > project log4j: Error parsing > > '/Users/garydgregory/git/logging-log4j-2.12/src/site/xdoc/manual/appenders.xml': > > line [1713] Error parsing the model: end tag name must > > match start tag name from line 1533 (position: TEXT seen > > ...\n\n... @1713:22) -> [Help 1] > > > > Is that just me? > > > > Built with: > > > > openjdk version "1.8.0_312" > > OpenJDK Runtime Environment (build 1.8.0_312-bre_2021_10_20_23_15-b00) > > OpenJDK 64-Bit Server VM (build 25.312-b00, mixed mode) > > > > Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537) > > Maven home: /usr/local/Cellar/maven/3.8.4/libexec > > Java version: 1.8.0_312, vendor: Homebrew, runtime: > > /usr/local/Cellar/openjdk@8/1.8.0+312/libexec/openjdk.jdk/Contents/Home/jre > > Default locale: en_US, platform encoding: UTF-8 > > OS name: "mac os x", version: "12.1", arch: "x86_64", family: "mac" > > > > Darwin *** 21.2.0 Darwin Kernel Version 21.2.0: Sun Nov 28 20:28:54 > > PST 2021; root:xnu-8019.61.5~1/RELEASE_X86_64 x86_64 > > > > Gary > > > > On Mon, Dec 20, 2021 at 7:52 PM Ralph Goers > > wrote: > >> > >> This is a vote to release Log4j 2.12.3, a security release for Java 7 > >> users. > >> > >> Please download, test, and cast your votes on the log4j developers list. > >> [] +1, release the artifacts > >> [] -1, don't release because... > >> > >> The vote will remain open for as short amount as time as required to vet > >> the release. All votes are welcome and we encourage everyone to test the > >> release, but only Logging PMC votes are “officially” counted. As always, > >> at least 3 +1 votes and more positive than negative votes are required. > >> > >> Changes in this version include: > >> > >> Fixed Bugs > >> > >>• LOG4J2-3230: Fix string substitution recursion. > >>• LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will > >> remain disabled by default. Rename JNDI enablement property from > >> 'log4j2.enableJndi' to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', > >> and 'log4j2.enableJndiContextSelector’. > >>• LOG4J2-2819: Add support for specifying an SSL configuration for > >> SmtpAppender > >> > >> Tag: > >> a) for a new copy do "git clone > >> https://github.com/apache/logging-log4j2.git"; and then "git checkout > >> tags/log4j-2.12.3-rc1” or just "git clone -b log4j-2.12.3-rc1 > >> https://github.com/apache/logging-log4j2.git"; > >> b) for an existing working copy to “git pull” and then “git checkout > >> tags/log4j-2.12.3-rc1” > >> > >> Web Site: https://logging.staged.apache.org/log4j/log4j-2.12.3/index.html > >> > >> Maven Artifacts: > >> https://repository.apache.org/content/repositories/orgapachelogging-1074 > >> > >> Distribution archives: > >> https://dist.apache.org/repos/dist/dev/logging/log4j/ > >> > >> You may download all the Maven artifacts by executing: > >> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate > >> https://repository.apache.org/content/repositories/orgapachelogging-1074/org/apache/logging/log4j/. > > >
Re: [VOTE] Release Apache Log4j 2.12.3-rc1
+1 Remko On Tue, Dec 21, 2021 at 12:52 PM Carter Kozak wrote: > +1 > > -ck > > > On Dec 20, 2021, at 22:46, Matt Sicker wrote: > > > > +1 > > > > Notes on the release: > > * Sigs and checksums good > > * Builds and tests fine > > * Outdated copyright year in NOTICE.txt > > > > -- > > Matt Sicker > > > >> On Dec 20, 2021, at 18:52, Ralph Goers > wrote: > >> > >> This is a vote to release Log4j 2.12.3, a security release for Java 7 > users. > >> > >> Please download, test, and cast your votes on the log4j developers list. > >> [] +1, release the artifacts > >> [] -1, don't release because... > >> > >> The vote will remain open for as short amount as time as required to > vet the release. All votes are welcome and we encourage everyone to test > the release, but only Logging PMC votes are “officially” counted. As > always, at least 3 +1 votes and more positive than negative votes are > required. > >> > >> Changes in this version include: > >> > >> Fixed Bugs > >> > >>• LOG4J2-3230: Fix string substitution recursion. > >>• LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will > remain disabled by default. Rename JNDI enablement property from > 'log4j2.enableJndi' to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', > and 'log4j2.enableJndiContextSelector’. > >> • LOG4J2-2819: Add support for specifying an SSL configuration > for SmtpAppender > >> > >> Tag: > >> a) for a new copy do "git clone > https://github.com/apache/logging-log4j2.git"; and then "git checkout > tags/log4j-2.12.3-rc1” or just "git clone -b log4j-2.12.3-rc1 > https://github.com/apache/logging-log4j2.git"; > >> b) for an existing working copy to “git pull” and then “git checkout > tags/log4j-2.12.3-rc1” > >> > >> Web Site: > https://logging.staged.apache.org/log4j/log4j-2.12.3/index.html > >> > >> Maven Artifacts: > https://repository.apache.org/content/repositories/orgapachelogging-1074 > >> > >> Distribution archives: > https://dist.apache.org/repos/dist/dev/logging/log4j/ > >> > >> You may download all the Maven artifacts by executing: > >> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate > https://repository.apache.org/content/repositories/orgapachelogging-1074/org/apache/logging/log4j/ > . > > > >
Re: [VOTE] Release Apache Log4j 2.12.3-rc1
+1 -ck > On Dec 20, 2021, at 22:46, Matt Sicker wrote: > > +1 > > Notes on the release: > * Sigs and checksums good > * Builds and tests fine > * Outdated copyright year in NOTICE.txt > > -- > Matt Sicker > >> On Dec 20, 2021, at 18:52, Ralph Goers wrote: >> >> This is a vote to release Log4j 2.12.3, a security release for Java 7 users. >> >> Please download, test, and cast your votes on the log4j developers list. >> [] +1, release the artifacts >> [] -1, don't release because... >> >> The vote will remain open for as short amount as time as required to vet the >> release. All votes are welcome and we encourage everyone to test the >> release, but only Logging PMC votes are “officially” counted. As always, at >> least 3 +1 votes and more positive than negative votes are required. >> >> Changes in this version include: >> >> Fixed Bugs >> >>• LOG4J2-3230: Fix string substitution recursion. >>• LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will remain >> disabled by default. Rename JNDI enablement property from >> 'log4j2.enableJndi' to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', >> and 'log4j2.enableJndiContextSelector’. >> • LOG4J2-2819: Add support for specifying an SSL configuration for >> SmtpAppender >> >> Tag: >> a) for a new copy do "git clone >> https://github.com/apache/logging-log4j2.git"; and then "git checkout >> tags/log4j-2.12.3-rc1” or just "git clone -b log4j-2.12.3-rc1 >> https://github.com/apache/logging-log4j2.git"; >> b) for an existing working copy to “git pull” and then “git checkout >> tags/log4j-2.12.3-rc1” >> >> Web Site: https://logging.staged.apache.org/log4j/log4j-2.12.3/index.html >> >> Maven Artifacts: >> https://repository.apache.org/content/repositories/orgapachelogging-1074 >> >> Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/ >> >> You may download all the Maven artifacts by executing: >> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate >> https://repository.apache.org/content/repositories/orgapachelogging-1074/org/apache/logging/log4j/. >
Re: [VOTE] Release Apache Log4j 2.12.3-rc1
There was a bug in the site build. I checked the fix in to the branch. It doesn’t matter for the release. Ralph > On Dec 20, 2021, at 6:46 PM, Gary Gregory wrote: > > Building from the git tag for HEAD detached at log4j-2.12.3-rc1 (2b9359b23) > > - mvn apache-rat:check -DskipTests OK > - mvn clean install OK except a JVM crash I always get in the > Cassandra module tests, just like always. > - mvn site -DskipTests fails with: > > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-site-plugin:3.4:site (default-site) on > project log4j: Error parsing > '/Users/garydgregory/git/logging-log4j-2.12/src/site/xdoc/manual/appenders.xml': > line [1713] Error parsing the model: end tag name must > match start tag name from line 1533 (position: TEXT seen > ...\n\n... @1713:22) -> [Help 1] > > Is that just me? > > Built with: > > openjdk version "1.8.0_312" > OpenJDK Runtime Environment (build 1.8.0_312-bre_2021_10_20_23_15-b00) > OpenJDK 64-Bit Server VM (build 25.312-b00, mixed mode) > > Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537) > Maven home: /usr/local/Cellar/maven/3.8.4/libexec > Java version: 1.8.0_312, vendor: Homebrew, runtime: > /usr/local/Cellar/openjdk@8/1.8.0+312/libexec/openjdk.jdk/Contents/Home/jre > Default locale: en_US, platform encoding: UTF-8 > OS name: "mac os x", version: "12.1", arch: "x86_64", family: "mac" > > Darwin *** 21.2.0 Darwin Kernel Version 21.2.0: Sun Nov 28 20:28:54 > PST 2021; root:xnu-8019.61.5~1/RELEASE_X86_64 x86_64 > > Gary > > On Mon, Dec 20, 2021 at 7:52 PM Ralph Goers > wrote: >> >> This is a vote to release Log4j 2.12.3, a security release for Java 7 users. >> >> Please download, test, and cast your votes on the log4j developers list. >> [] +1, release the artifacts >> [] -1, don't release because... >> >> The vote will remain open for as short amount as time as required to vet the >> release. All votes are welcome and we encourage everyone to test the >> release, but only Logging PMC votes are “officially” counted. As always, at >> least 3 +1 votes and more positive than negative votes are required. >> >> Changes in this version include: >> >> Fixed Bugs >> >>• LOG4J2-3230: Fix string substitution recursion. >>• LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will remain >> disabled by default. Rename JNDI enablement property from >> 'log4j2.enableJndi' to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', >> and 'log4j2.enableJndiContextSelector’. >>• LOG4J2-2819: Add support for specifying an SSL configuration for >> SmtpAppender >> >> Tag: >> a) for a new copy do "git clone >> https://github.com/apache/logging-log4j2.git"; and then "git checkout >> tags/log4j-2.12.3-rc1” or just "git clone -b log4j-2.12.3-rc1 >> https://github.com/apache/logging-log4j2.git"; >> b) for an existing working copy to “git pull” and then “git checkout >> tags/log4j-2.12.3-rc1” >> >> Web Site: https://logging.staged.apache.org/log4j/log4j-2.12.3/index.html >> >> Maven Artifacts: >> https://repository.apache.org/content/repositories/orgapachelogging-1074 >> >> Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/ >> >> You may download all the Maven artifacts by executing: >> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate >> https://repository.apache.org/content/repositories/orgapachelogging-1074/org/apache/logging/log4j/. >
Re: [VOTE] Release Apache Log4j 2.12.3-rc1
+1 Notes on the release: * Sigs and checksums good * Builds and tests fine * Outdated copyright year in NOTICE.txt -- Matt Sicker > On Dec 20, 2021, at 18:52, Ralph Goers wrote: > > This is a vote to release Log4j 2.12.3, a security release for Java 7 users. > > Please download, test, and cast your votes on the log4j developers list. > [] +1, release the artifacts > [] -1, don't release because... > > The vote will remain open for as short amount as time as required to vet the > release. All votes are welcome and we encourage everyone to test the release, > but only Logging PMC votes are “officially” counted. As always, at least 3 +1 > votes and more positive than negative votes are required. > > Changes in this version include: > > Fixed Bugs > > • LOG4J2-3230: Fix string substitution recursion. > • LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will remain > disabled by default. Rename JNDI enablement property from 'log4j2.enableJndi' > to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', and > 'log4j2.enableJndiContextSelector’. >• LOG4J2-2819: Add support for specifying an SSL configuration for > SmtpAppender > > Tag: > a) for a new copy do "git clone > https://github.com/apache/logging-log4j2.git"; and then "git checkout > tags/log4j-2.12.3-rc1” or just "git clone -b log4j-2.12.3-rc1 > https://github.com/apache/logging-log4j2.git"; > b) for an existing working copy to “git pull” and then “git checkout > tags/log4j-2.12.3-rc1” > > Web Site: https://logging.staged.apache.org/log4j/log4j-2.12.3/index.html > > Maven Artifacts: > https://repository.apache.org/content/repositories/orgapachelogging-1074 > > Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/ > > You may download all the Maven artifacts by executing: > wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate > https://repository.apache.org/content/repositories/orgapachelogging-1074/org/apache/logging/log4j/.
Re: [VOTE] Release Apache Log4j 2.12.3-rc1
Building from the git tag for HEAD detached at log4j-2.12.3-rc1 (2b9359b23) - mvn apache-rat:check -DskipTests OK - mvn clean install OK except a JVM crash I always get in the Cassandra module tests, just like always. - mvn site -DskipTests fails with: [ERROR] Failed to execute goal org.apache.maven.plugins:maven-site-plugin:3.4:site (default-site) on project log4j: Error parsing '/Users/garydgregory/git/logging-log4j-2.12/src/site/xdoc/manual/appenders.xml': line [1713] Error parsing the model: end tag name must match start tag name from line 1533 (position: TEXT seen ...\n\n... @1713:22) -> [Help 1] Is that just me? Built with: openjdk version "1.8.0_312" OpenJDK Runtime Environment (build 1.8.0_312-bre_2021_10_20_23_15-b00) OpenJDK 64-Bit Server VM (build 25.312-b00, mixed mode) Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537) Maven home: /usr/local/Cellar/maven/3.8.4/libexec Java version: 1.8.0_312, vendor: Homebrew, runtime: /usr/local/Cellar/openjdk@8/1.8.0+312/libexec/openjdk.jdk/Contents/Home/jre Default locale: en_US, platform encoding: UTF-8 OS name: "mac os x", version: "12.1", arch: "x86_64", family: "mac" Darwin *** 21.2.0 Darwin Kernel Version 21.2.0: Sun Nov 28 20:28:54 PST 2021; root:xnu-8019.61.5~1/RELEASE_X86_64 x86_64 Gary On Mon, Dec 20, 2021 at 7:52 PM Ralph Goers wrote: > > This is a vote to release Log4j 2.12.3, a security release for Java 7 users. > > Please download, test, and cast your votes on the log4j developers list. > [] +1, release the artifacts > [] -1, don't release because... > > The vote will remain open for as short amount as time as required to vet the > release. All votes are welcome and we encourage everyone to test the release, > but only Logging PMC votes are “officially” counted. As always, at least 3 +1 > votes and more positive than negative votes are required. > > Changes in this version include: > > Fixed Bugs > > • LOG4J2-3230: Fix string substitution recursion. > • LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will remain > disabled by default. Rename JNDI enablement property from 'log4j2.enableJndi' > to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', and > 'log4j2.enableJndiContextSelector’. > • LOG4J2-2819: Add support for specifying an SSL configuration for > SmtpAppender > > Tag: > a) for a new copy do "git clone > https://github.com/apache/logging-log4j2.git"; and then "git checkout > tags/log4j-2.12.3-rc1” or just "git clone -b log4j-2.12.3-rc1 > https://github.com/apache/logging-log4j2.git"; > b) for an existing working copy to “git pull” and then “git checkout > tags/log4j-2.12.3-rc1” > > Web Site: https://logging.staged.apache.org/log4j/log4j-2.12.3/index.html > > Maven Artifacts: > https://repository.apache.org/content/repositories/orgapachelogging-1074 > > Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/ > > You may download all the Maven artifacts by executing: > wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate > https://repository.apache.org/content/repositories/orgapachelogging-1074/org/apache/logging/log4j/.
[VOTE] Release Apache Log4j 2.12.3-rc1
This is a vote to release Log4j 2.12.3, a security release for Java 7 users. Please download, test, and cast your votes on the log4j developers list. [] +1, release the artifacts [] -1, don't release because... The vote will remain open for as short amount as time as required to vet the release. All votes are welcome and we encourage everyone to test the release, but only Logging PMC votes are “officially” counted. As always, at least 3 +1 votes and more positive than negative votes are required. Changes in this version include: Fixed Bugs • LOG4J2-3230: Fix string substitution recursion. • LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will remain disabled by default. Rename JNDI enablement property from 'log4j2.enableJndi' to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', and 'log4j2.enableJndiContextSelector’. • LOG4J2-2819: Add support for specifying an SSL configuration for SmtpAppender Tag: a) for a new copy do "git clone https://github.com/apache/logging-log4j2.git"; and then "git checkout tags/log4j-2.12.3-rc1” or just "git clone -b log4j-2.12.3-rc1 https://github.com/apache/logging-log4j2.git"; b) for an existing working copy to “git pull” and then “git checkout tags/log4j-2.12.3-rc1” Web Site: https://logging.staged.apache.org/log4j/log4j-2.12.3/index.html Maven Artifacts: https://repository.apache.org/content/repositories/orgapachelogging-1074 Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/ You may download all the Maven artifacts by executing: wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate https://repository.apache.org/content/repositories/orgapachelogging-1074/org/apache/logging/log4j/.