[jira] [Commented] (OFBIZ-12456) Migrate Ofbiz bb 0.8 config to 3.2
[ https://issues.apache.org/jira/browse/OFBIZ-12456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466552#comment-17466552 ] ASF subversion and git services commented on OFBIZ-12456: - Commit 9020f03390b7d860e84a5e22c02a1379330c7d31 in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=9020f03 ] Improved: Migrate Ofbiz bb 0.8 config to 3.2 (OFBIZ-12456) No functional change (removes a space in VERSION file) to check last changes in new Buildbot config. I think I found the syntax issue, let's see > Migrate Ofbiz bb 0.8 config to 3.2 > -- > > Key: OFBIZ-12456 > URL: https://issues.apache.org/jira/browse/OFBIZ-12456 > Project: OFBiz > Issue Type: Task > Components: BuildBot >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Critical > > This is a clone of INFRA-22279 that says: > bq. Migrate all Ofbiz configs from ci.apache.org to c2.apache.org upgrading > the config from 0.8 to 3.2 and changing uploads of docs to go to > nightlies.apache.org/ofbiz instead of ci.apache.org/projects/ofbiz . > Currently we have an issue with XMLRPC tests with BuildBot. I believe it's > because the new BB config does not allow HTTP and/or the port 8080. > For more information see https://markmail.org/message/z6qfhcb2xnlqs2ji -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (OFBIZ-12456) Migrate Ofbiz bb 0.8 config to 3.2
[ https://issues.apache.org/jira/browse/OFBIZ-12456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466550#comment-17466550 ] ASF subversion and git services commented on OFBIZ-12456: - Commit dc9d71fe3bcf1f031f02ab9b15b8c7221e5e2c4f in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=dc9d71f ] Improved: Migrate Ofbiz bb 0.8 config to 3.2 (OFBIZ-12456) No functional change (adds a space in VERSION file) to check last changes in new Buildbot config. It seems there is a syntax issue somewhere... > Migrate Ofbiz bb 0.8 config to 3.2 > -- > > Key: OFBIZ-12456 > URL: https://issues.apache.org/jira/browse/OFBIZ-12456 > Project: OFBiz > Issue Type: Task > Components: BuildBot >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Critical > > This is a clone of INFRA-22279 that says: > bq. Migrate all Ofbiz configs from ci.apache.org to c2.apache.org upgrading > the config from 0.8 to 3.2 and changing uploads of docs to go to > nightlies.apache.org/ofbiz instead of ci.apache.org/projects/ofbiz . > Currently we have an issue with XMLRPC tests with BuildBot. I believe it's > because the new BB config does not allow HTTP and/or the port 8080. > For more information see https://markmail.org/message/z6qfhcb2xnlqs2ji -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (OFBIZ-12456) Migrate Ofbiz bb 0.8 config to 3.2
[ https://issues.apache.org/jira/browse/OFBIZ-12456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466544#comment-17466544 ] ASF subversion and git services commented on OFBIZ-12456: - Commit af7fde656b93b2b488aee7f26e70ba8e9d1ae74f in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=af7fde6 ] Revert "Improved: Migrate Ofbiz bb 0.8 config to 3.2 (OFBIZ-12456)" This reverts commit 14e31c16538f2eddd062ab9fff0b81bd8a70fae8. Got an issue while swithing to R18 > Migrate Ofbiz bb 0.8 config to 3.2 > -- > > Key: OFBIZ-12456 > URL: https://issues.apache.org/jira/browse/OFBIZ-12456 > Project: OFBiz > Issue Type: Task > Components: BuildBot >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Critical > > This is a clone of INFRA-22279 that says: > bq. Migrate all Ofbiz configs from ci.apache.org to c2.apache.org upgrading > the config from 0.8 to 3.2 and changing uploads of docs to go to > nightlies.apache.org/ofbiz instead of ci.apache.org/projects/ofbiz . > Currently we have an issue with XMLRPC tests with BuildBot. I believe it's > because the new BB config does not allow HTTP and/or the port 8080. > For more information see https://markmail.org/message/z6qfhcb2xnlqs2ji -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (OFBIZ-12456) Migrate Ofbiz bb 0.8 config to 3.2
[ https://issues.apache.org/jira/browse/OFBIZ-12456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466543#comment-17466543 ] ASF subversion and git services commented on OFBIZ-12456: - Commit 14e31c16538f2eddd062ab9fff0b81bd8a70fae8 in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=14e31c1 ] Improved: Migrate Ofbiz bb 0.8 config to 3.2 (OFBIZ-12456) No functional change (adds a space in LICENSE file) to test R18 change in new Buildbot config > Migrate Ofbiz bb 0.8 config to 3.2 > -- > > Key: OFBIZ-12456 > URL: https://issues.apache.org/jira/browse/OFBIZ-12456 > Project: OFBiz > Issue Type: Task > Components: BuildBot >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Critical > > This is a clone of INFRA-22279 that says: > bq. Migrate all Ofbiz configs from ci.apache.org to c2.apache.org upgrading > the config from 0.8 to 3.2 and changing uploads of docs to go to > nightlies.apache.org/ofbiz instead of ci.apache.org/projects/ofbiz . > Currently we have an issue with XMLRPC tests with BuildBot. I believe it's > because the new BB config does not allow HTTP and/or the port 8080. > For more information see https://markmail.org/message/z6qfhcb2xnlqs2ji -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [ofbiz-framework] ieugen commented on pull request #355: Implemented: getEnvironmentProperty to allow environment variable configuration (OFBIZ-9498)
ieugen commented on pull request #355: URL: https://github.com/apache/ofbiz-framework/pull/355#issuecomment-1002655912 I will make some time these days to check the PR and add feedback on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@ofbiz.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (OFBIZ-9498) Improve DevOps using environment variable configuration
[ https://issues.apache.org/jira/browse/OFBIZ-9498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466490#comment-17466490 ] Ioan Eugen Stan edited comment on OFBIZ-9498 at 12/29/21, 3:42 PM: --- [~pgil] : I would keep JVM options inside the default Java env variables: JAVA_TOOLS_OPTIONS or JVM_OPTS (check this to be sure). It's usually straight forward to pass those env vars to an app or a container. I would NOT introduce new things like: {noformat} export OFB_MEM_XMS="-Xms256M" export OFB_MEM_XMX="-Xmx2048M"{noformat} For sensitive data (cc [~jleroux] ) , the practices for containers are to support another an extension to env variable properties. We add support for `OFB_POSTGRES_PASS` that will contain the actual secret and support also `OFB_POSTGRES_PASS_FILE` that will contain a path to a file that holds the sensitive data. Files can be made accessible only to the running application on most modern OS's Details of how this works for Docker Swarm is in the bellow document and other places online: [https://docs.docker.com/engine/swarm/secrets/] . Most container engines support handling secrets that are mounted as files in special memory file systems that don't reach disk and are even protected / encrypted (modern CPU's have this capability). See docker swarm secrets, kubernetes secrets, etc. was (Author: ieugen): [~pgil] : I would keep JVM options inside the default Java env variables: JAVA_TOOLS_OPTIONS or JVM_OPTS (check this to be sure). It's usually straight forward to pass those env vars to an app or a container. I would NOT introduce new things like: {noformat} export OFB_MEM_XMS="-Xms256M" export OFB_MEM_XMX="-Xmx2048M"{noformat} For sensitive data (cc [~jleroux] ) , the practices for containers are to support another an extension to env variable properties. We add support for `OFB_POSTGRES_PASS` that will contain the actual secret and support also `OFB_POSTGRES_PASS_FILE` that will contain the contents of the secret in a file. Details of how this works for Docker Swarm is in the bellow document and other places online: [https://docs.docker.com/engine/swarm/secrets/] . Most container engines support handling secrets that are mounted as files in special memory file systems that don't reach disk and are even protected / encrypted (modern CPU's have this capability). > Improve DevOps using environment variable configuration > --- > > Key: OFBIZ-9498 > URL: https://issues.apache.org/jira/browse/OFBIZ-9498 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Attachments: OFBIZ-9498.patch > > > Discussed in thread : https://s.apache.org/Mh3q > This Jira will present the improvment proposal giving a way to configure > OFBiz using environment variable. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Comment Edited] (OFBIZ-9498) Improve DevOps using environment variable configuration
[ https://issues.apache.org/jira/browse/OFBIZ-9498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466490#comment-17466490 ] Ioan Eugen Stan edited comment on OFBIZ-9498 at 12/29/21, 3:40 PM: --- [~pgil] : I would keep JVM options inside the default Java env variables: JAVA_TOOLS_OPTIONS or JVM_OPTS (check this to be sure). It's usually straight forward to pass those env vars to an app or a container. I would NOT introduce new things like: {noformat} export OFB_MEM_XMS="-Xms256M" export OFB_MEM_XMX="-Xmx2048M"{noformat} For sensitive data (cc [~jleroux] ) , the practices for containers are to support another an extension to env variable properties. We add support for `OFB_POSTGRES_PASS` that will contain the actual secret and support also `OFB_POSTGRES_PASS_FILE` that will contain the contents of the secret in a file. Details of how this works for Docker Swarm is in the bellow document and other places online: [https://docs.docker.com/engine/swarm/secrets/] . Most container engines support handling secrets that are mounted as files in special memory file systems that don't reach disk and are even protected / encrypted (modern CPU's have this capability). was (Author: ieugen): [~pgil] : I would keep JVM options inside the default Java env variables: JAVA_TOOLS_OPTIONS or JVM_OPTS (check this to be sure). It's usually straight forward to pass those env vars to an app or a container. I would NOT introduce new things like: {noformat} export OFB_MEM_XMS="-Xms256M" export OFB_MEM_XMX="-Xmx2048M"{noformat} > Improve DevOps using environment variable configuration > --- > > Key: OFBIZ-9498 > URL: https://issues.apache.org/jira/browse/OFBIZ-9498 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Attachments: OFBIZ-9498.patch > > > Discussed in thread : https://s.apache.org/Mh3q > This Jira will present the improvment proposal giving a way to configure > OFBiz using environment variable. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (OFBIZ-9498) Improve DevOps using environment variable configuration
[ https://issues.apache.org/jira/browse/OFBIZ-9498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466490#comment-17466490 ] Ioan Eugen Stan commented on OFBIZ-9498: [~pgil] : I would keep JVM options inside the default Java env variables: JAVA_TOOLS_OPTIONS or JVM_OPTS (check this to be sure). It's usually straight forward to pass those env vars to an app or a container. I would NOT introduce new things like: {noformat} export OFB_MEM_XMS="-Xms256M" export OFB_MEM_XMX="-Xmx2048M"{noformat} > Improve DevOps using environment variable configuration > --- > > Key: OFBIZ-9498 > URL: https://issues.apache.org/jira/browse/OFBIZ-9498 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Attachments: OFBIZ-9498.patch > > > Discussed in thread : https://s.apache.org/Mh3q > This Jira will present the improvment proposal giving a way to configure > OFBiz using environment variable. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (OFBIZ-9498) Improve DevOps using environment variable configuration
[ https://issues.apache.org/jira/browse/OFBIZ-9498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466489#comment-17466489 ] Ioan Eugen Stan commented on OFBIZ-9498: [~pgil] : Have you made any progress/changes on this? I would love to test it out in the near future, hopefully with a client use case (Docker deploy). That will bring valuable input and feedback that I would love to get back in OFBIz. > Improve DevOps using environment variable configuration > --- > > Key: OFBIZ-9498 > URL: https://issues.apache.org/jira/browse/OFBIZ-9498 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Attachments: OFBIZ-9498.patch > > > Discussed in thread : https://s.apache.org/Mh3q > This Jira will present the improvment proposal giving a way to configure > OFBiz using environment variable. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Reopened] (OFBIZ-10363) Improve Dutch translations
[ https://issues.apache.org/jira/browse/OFBIZ-10363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pierre Smits reopened OFBIZ-10363: -- Ongoing > Improve Dutch translations > -- > > Key: OFBIZ-10363 > URL: https://issues.apache.org/jira/browse/OFBIZ-10363 > Project: OFBiz > Issue Type: Improvement > Components: accounting >Affects Versions: Trunk >Reporter: Pierre Smits >Assignee: Pierre Smits >Priority: Minor > Attachments: ofbiz-10363-AccountingUiLabels.xml.patch > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (OFBIZ-10363) Improve Dutch translations
[ https://issues.apache.org/jira/browse/OFBIZ-10363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pierre Smits updated OFBIZ-10363: - Summary: Improve Dutch translations (was: Improve Dutch UiLabels) > Improve Dutch translations > -- > > Key: OFBIZ-10363 > URL: https://issues.apache.org/jira/browse/OFBIZ-10363 > Project: OFBiz > Issue Type: Improvement > Components: accounting >Affects Versions: Trunk >Reporter: Pierre Smits >Assignee: Nicolas Malin >Priority: Minor > Attachments: ofbiz-10363-AccountingUiLabels.xml.patch > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Assigned] (OFBIZ-10363) Improve Dutch translations
[ https://issues.apache.org/jira/browse/OFBIZ-10363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pierre Smits reassigned OFBIZ-10363: Assignee: Pierre Smits (was: Nicolas Malin) > Improve Dutch translations > -- > > Key: OFBIZ-10363 > URL: https://issues.apache.org/jira/browse/OFBIZ-10363 > Project: OFBiz > Issue Type: Improvement > Components: accounting >Affects Versions: Trunk >Reporter: Pierre Smits >Assignee: Pierre Smits >Priority: Minor > Attachments: ofbiz-10363-AccountingUiLabels.xml.patch > > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[GitHub] [ofbiz-framework] sonarcloud[bot] commented on pull request #430: Improved: Dutch translations (OFBIZ-10363)
sonarcloud[bot] commented on pull request #430: URL: https://github.com/apache/ofbiz-framework/pull/430#issuecomment-1002471354 Kudos, SonarCloud Quality Gate passed! ![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed') [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=430&resolved=false&types=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=430&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=430&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=430&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=430&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=430&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework&pullRequest=430&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework&pullRequest=430&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_ofbiz-framework&pullRequest=430&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=430&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=430&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework&pullRequest=430&resolved=false&types=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework&pullRequest=430) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework&pullRequest=430&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework&pullRequest=430&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@ofbiz.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [ofbiz-framework] PierreSmits opened a new pull request #430: Improved: Dutch translations (OFBIZ-10363)
PierreSmits opened a new pull request #430: URL: https://github.com/apache/ofbiz-framework/pull/430 some cleanup (duplicate) and improved Dutch translations -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@ofbiz.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (OFBIZ-12456) Migrate Ofbiz bb 0.8 config to 3.2
[ https://issues.apache.org/jira/browse/OFBIZ-12456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466346#comment-17466346 ] ASF subversion and git services commented on OFBIZ-12456: - Commit e2f9e021c7d9e58fbc5951795ea5a0ddef1d71dc in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=e2f9e02 ] Improved: Migrate Ofbiz bb 0.8 config to 3.2 (OFBIZ-12456) No functional change (removes a space in LICENSE file) to test a change in new Buildbot config > Migrate Ofbiz bb 0.8 config to 3.2 > -- > > Key: OFBIZ-12456 > URL: https://issues.apache.org/jira/browse/OFBIZ-12456 > Project: OFBiz > Issue Type: Task > Components: BuildBot >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Critical > > This is a clone of INFRA-22279 that says: > bq. Migrate all Ofbiz configs from ci.apache.org to c2.apache.org upgrading > the config from 0.8 to 3.2 and changing uploads of docs to go to > nightlies.apache.org/ofbiz instead of ci.apache.org/projects/ofbiz . > Currently we have an issue with XMLRPC tests with BuildBot. I believe it's > because the new BB config does not allow HTTP and/or the port 8080. > For more information see https://markmail.org/message/z6qfhcb2xnlqs2ji -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Closed] (OFBIZ-12475) [SECURITY] CVE-2021-44832: Apache Log4j2
[ https://issues.apache.org/jira/browse/OFBIZ-12475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux closed OFBIZ-12475. --- Resolution: Fixed > [SECURITY] CVE-2021-44832: Apache Log4j2 > > > Key: OFBIZ-12475 > URL: https://issues.apache.org/jira/browse/OFBIZ-12475 > Project: OFBiz > Issue Type: Sub-task > Components: ALL COMPONENTS >Affects Versions: 18.12.04 >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Blocker > Fix For: 18.12.05 > > > The Apache Log4j 2 team is pleased to announce the Log4j 2.17.1 release! > Apache Log4j is a well known framework for logging application > behavior. Log4j 2 is an upgrade to Log4j that provides significant > improvements over its predecessor, Log4j 1.x, and provides many other > modern features such as support for Markers, lambda expressions for > lazy logging, property substitution using Lookups, multiple patterns > on a PatternLayout and asynchronous Loggers. Another notable Log4j 2 > feature is the ability to be "garbage-free" (avoid allocating > temporary objects) while logging. In addition, Log4j 2 will not lose > events while reconfiguring. > The artifacts may be downloaded from > https://logging.apache.org/log4j/2.x/download.html. > This release contains the changes noted below: > Address CVE-2021-44832. > Other minor fixes. > Due to a break in compatibility in the SLF4J binding, Log4j now ships > with two versions of the SLF4J to Log4j adapters. log4j-slf4j-impl > should be used with SLF4J 1.7.x and earlier and log4j-slf4j18-impl > should be used with SLF4J 1.8.x and later. SLF4J-2.0.0 alpha releases > are not fully supported. See > https://issues.apache.org/jira/browse/LOG4J2-2975 and > https://jira.qos.ch/browse/SLF4J-511. > The Log4j 2.17.1 API, as well as many core components, maintains > binary compatibility with previous releases. > GA Release 2.17.1 > Changes in this version include: > Fixed Bugs > LOG4J2-3293: JdbcAppender now uses JndiManager to access JNDI > resources. JNDI is only enabled when system property > log4j2.enableJndiJdbc is set to true. > LOG4J2-3290: Remove unused method. > LOG4J2-3292: ExtendedLoggerWrapper.logMessage no longer double-logs > when location is requested. > LOG4J2-3289: log4j-to-slf4j no longer re-interpolates formatted > message contents. > LOG4J2-3204: Correct SpringLookup package name in Interpolator. Thanks > to Francis-FY. > LOG4J2-3284: log4j-to-slf4j takes the provided MessageFactory into > account Thanks to Michael Vorburger. > LOG4J2-3264: Fix MapLookup to lookup MapMessage before DefaultMap > Thanks to Yanming Zhou. > LOG4J2-3274: Buffered I/O checked had inverted logic in > RollingFileAppenderBuidler. Thanks to Faisal Khan Thayub Khan. > : Fix NPE when input is null in StrSubstitutor.replace(String, Properties). > LOG4J2-3270: Lookups with no prefix only read values from the > configuration properties as expected. > LOG4J2-3256: Reduce ignored package scope of KafkaAppender. Thanks to > Lee Dongjin. > > Apache Log4j 2.17.1 requires a minimum of Java 8 to build and run. > Log4j 2.12.1 is the last release to support Java 7. Java 7 is no > longer supported by the Log4j team. > For complete information on Apache Log4j 2, including instructions on > how to submit bug reports, patches, or suggestions for improvement, > see the Apache Apache Log4j 2 website: > https://logging.apache.org/log4j/2.x/ > -- > Matt Sicker > PMC Member, Logging Services, Apache Software Foundation -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (OFBIZ-12475) [SECURITY] CVE-2021-44832: Apache Log4j2
[ https://issues.apache.org/jira/browse/OFBIZ-12475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-12475: Parent: OFBIZ-1525 Issue Type: Sub-task (was: Bug) > [SECURITY] CVE-2021-44832: Apache Log4j2 > > > Key: OFBIZ-12475 > URL: https://issues.apache.org/jira/browse/OFBIZ-12475 > Project: OFBiz > Issue Type: Sub-task > Components: ALL COMPONENTS >Affects Versions: 18.12.04 >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Blocker > Fix For: 18.12.05 > > > The Apache Log4j 2 team is pleased to announce the Log4j 2.17.1 release! > Apache Log4j is a well known framework for logging application > behavior. Log4j 2 is an upgrade to Log4j that provides significant > improvements over its predecessor, Log4j 1.x, and provides many other > modern features such as support for Markers, lambda expressions for > lazy logging, property substitution using Lookups, multiple patterns > on a PatternLayout and asynchronous Loggers. Another notable Log4j 2 > feature is the ability to be "garbage-free" (avoid allocating > temporary objects) while logging. In addition, Log4j 2 will not lose > events while reconfiguring. > The artifacts may be downloaded from > https://logging.apache.org/log4j/2.x/download.html. > This release contains the changes noted below: > Address CVE-2021-44832. > Other minor fixes. > Due to a break in compatibility in the SLF4J binding, Log4j now ships > with two versions of the SLF4J to Log4j adapters. log4j-slf4j-impl > should be used with SLF4J 1.7.x and earlier and log4j-slf4j18-impl > should be used with SLF4J 1.8.x and later. SLF4J-2.0.0 alpha releases > are not fully supported. See > https://issues.apache.org/jira/browse/LOG4J2-2975 and > https://jira.qos.ch/browse/SLF4J-511. > The Log4j 2.17.1 API, as well as many core components, maintains > binary compatibility with previous releases. > GA Release 2.17.1 > Changes in this version include: > Fixed Bugs > LOG4J2-3293: JdbcAppender now uses JndiManager to access JNDI > resources. JNDI is only enabled when system property > log4j2.enableJndiJdbc is set to true. > LOG4J2-3290: Remove unused method. > LOG4J2-3292: ExtendedLoggerWrapper.logMessage no longer double-logs > when location is requested. > LOG4J2-3289: log4j-to-slf4j no longer re-interpolates formatted > message contents. > LOG4J2-3204: Correct SpringLookup package name in Interpolator. Thanks > to Francis-FY. > LOG4J2-3284: log4j-to-slf4j takes the provided MessageFactory into > account Thanks to Michael Vorburger. > LOG4J2-3264: Fix MapLookup to lookup MapMessage before DefaultMap > Thanks to Yanming Zhou. > LOG4J2-3274: Buffered I/O checked had inverted logic in > RollingFileAppenderBuidler. Thanks to Faisal Khan Thayub Khan. > : Fix NPE when input is null in StrSubstitutor.replace(String, Properties). > LOG4J2-3270: Lookups with no prefix only read values from the > configuration properties as expected. > LOG4J2-3256: Reduce ignored package scope of KafkaAppender. Thanks to > Lee Dongjin. > > Apache Log4j 2.17.1 requires a minimum of Java 8 to build and run. > Log4j 2.12.1 is the last release to support Java 7. Java 7 is no > longer supported by the Log4j team. > For complete information on Apache Log4j 2, including instructions on > how to submit bug reports, patches, or suggestions for improvement, > see the Apache Apache Log4j 2 website: > https://logging.apache.org/log4j/2.x/ > -- > Matt Sicker > PMC Member, Logging Services, Apache Software Foundation -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (OFBIZ-12475) [SECURITY] CVE-2021-44832: Apache Log4j2
[ https://issues.apache.org/jira/browse/OFBIZ-12475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466342#comment-17466342 ] ASF subversion and git services commented on OFBIZ-12475: - Commit a7449655678460ecd84ce6c04f7cc90bb55d1ea5 in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=a744965 ] Fixed: [SECURITY] CVE-2021-44832: Apache Log4j2 (OFBIZ-12475) See complete explanation at https://issues.apache.org/jira/browse/OFBIZ-12475 > [SECURITY] CVE-2021-44832: Apache Log4j2 > > > Key: OFBIZ-12475 > URL: https://issues.apache.org/jira/browse/OFBIZ-12475 > Project: OFBiz > Issue Type: Bug > Components: ALL COMPONENTS >Affects Versions: 18.12.04 >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Blocker > Fix For: 18.12.05 > > > The Apache Log4j 2 team is pleased to announce the Log4j 2.17.1 release! > Apache Log4j is a well known framework for logging application > behavior. Log4j 2 is an upgrade to Log4j that provides significant > improvements over its predecessor, Log4j 1.x, and provides many other > modern features such as support for Markers, lambda expressions for > lazy logging, property substitution using Lookups, multiple patterns > on a PatternLayout and asynchronous Loggers. Another notable Log4j 2 > feature is the ability to be "garbage-free" (avoid allocating > temporary objects) while logging. In addition, Log4j 2 will not lose > events while reconfiguring. > The artifacts may be downloaded from > https://logging.apache.org/log4j/2.x/download.html. > This release contains the changes noted below: > Address CVE-2021-44832. > Other minor fixes. > Due to a break in compatibility in the SLF4J binding, Log4j now ships > with two versions of the SLF4J to Log4j adapters. log4j-slf4j-impl > should be used with SLF4J 1.7.x and earlier and log4j-slf4j18-impl > should be used with SLF4J 1.8.x and later. SLF4J-2.0.0 alpha releases > are not fully supported. See > https://issues.apache.org/jira/browse/LOG4J2-2975 and > https://jira.qos.ch/browse/SLF4J-511. > The Log4j 2.17.1 API, as well as many core components, maintains > binary compatibility with previous releases. > GA Release 2.17.1 > Changes in this version include: > Fixed Bugs > LOG4J2-3293: JdbcAppender now uses JndiManager to access JNDI > resources. JNDI is only enabled when system property > log4j2.enableJndiJdbc is set to true. > LOG4J2-3290: Remove unused method. > LOG4J2-3292: ExtendedLoggerWrapper.logMessage no longer double-logs > when location is requested. > LOG4J2-3289: log4j-to-slf4j no longer re-interpolates formatted > message contents. > LOG4J2-3204: Correct SpringLookup package name in Interpolator. Thanks > to Francis-FY. > LOG4J2-3284: log4j-to-slf4j takes the provided MessageFactory into > account Thanks to Michael Vorburger. > LOG4J2-3264: Fix MapLookup to lookup MapMessage before DefaultMap > Thanks to Yanming Zhou. > LOG4J2-3274: Buffered I/O checked had inverted logic in > RollingFileAppenderBuidler. Thanks to Faisal Khan Thayub Khan. > : Fix NPE when input is null in StrSubstitutor.replace(String, Properties). > LOG4J2-3270: Lookups with no prefix only read values from the > configuration properties as expected. > LOG4J2-3256: Reduce ignored package scope of KafkaAppender. Thanks to > Lee Dongjin. > > Apache Log4j 2.17.1 requires a minimum of Java 8 to build and run. > Log4j 2.12.1 is the last release to support Java 7. Java 7 is no > longer supported by the Log4j team. > For complete information on Apache Log4j 2, including instructions on > how to submit bug reports, patches, or suggestions for improvement, > see the Apache Apache Log4j 2 website: > https://logging.apache.org/log4j/2.x/ > -- > Matt Sicker > PMC Member, Logging Services, Apache Software Foundation -- This message was sent by Atlassian Jira (v8.20.1#820001)