[RESULT][VOTE] Apache Karaf runtime 4.3.4 release (take #3)

2021-12-17 Thread Jean-Baptiste Onofre
Hi, This vote passed with the following result: +1 (binding): François Papon, Achim Nierbeck, Grzegorz Grzybek, Freeman Fang, Jamie Goodyear, JB Onofré +1 (non binding): Lukas Roedl, Romain Manni-Bucau, Matt Pavlovich, Robert Varga, Steinar Bang, Oliver Lietz, Serge Huber I’m promoting the art

Re: [VOTE] Apache Karaf runtime 4.2.13 release

2021-12-17 Thread Jean-Baptiste Onofre
+1 (binding) Regards JB > Le 16 déc. 2021 à 15:02, Jean-Baptiste Onofré a écrit : > > Hi all, > > I submit Apache Karaf 4.2.13 to your vote. > > This version includes 8 fixes and improvements. Especially, it includes Pax > Logging 1.11.11 update, upgrading to log4j 2.16.0 fixing CVE-2021-442

Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #3)

2021-12-17 Thread Jean-Baptiste Onofre
+1 (binding) Regards JB > Le 15 déc. 2021 à 05:43, JB Onofré a écrit : > > Hi everyone, > > I submit Apache Karaf runtime 4.3.4 to your vote (take #3). > > This release includes dependency upgrades, fixes, and improvements, > especially: > > - upgrade to Pax Logging 2.0.12, upgrading to lo

Re: Logback CVE-2021-42550

2021-12-17 Thread Jean-Baptiste Onofre
Thanks, However, the PR is not correct. We (Greg and I) will create a right PR and move forward on Pax Logging release. However, just a note for the users: this issue is largely less critical than log4j one. Anyway, I will cut maintenance release quickly. Regards JB > Le 17 déc. 2021 à 16:35,

Re: Logback CVE-2021-42550

2021-12-17 Thread Matt Pavlovich
PR created for pax-logging against main: https://github.com/ops4j/org.ops4j.pax.logging/pull/425 > On Dec 17, 2021, at 9:23 AM, Matt Pavlovich wrote: > > I summarized notes on the Logback CVE-2021-42550 . While significantly less > cr

Logback CVE-2021-42550

2021-12-17 Thread Matt Pavlovich
I summarized notes on the Logback CVE-2021-42550 . While significantly less critical, we probably need to consider another round of releases to address and bring in logback 1.2.9. notes here: https://issues.apache.org/jira/browse/KARAF-7299 Th

Re: [VOTE] Apache Karaf runtime 4.2.13 release

2021-12-17 Thread Romain Manni-Bucau
+1 Romain Manni-Bucau @rmannibucau | Blog | Old Blog | Github | LinkedIn | Book

Re: [VOTE] Apache Karaf runtime 4.2.13 release

2021-12-17 Thread Matt Pavlovich
+1 (non-binding) > On Dec 16, 2021, at 8:02 AM, Jean-Baptiste Onofré wrote: > > Hi all, > > I submit Apache Karaf 4.2.13 to your vote. > > This version includes 8 fixes and improvements. Especially, it includes Pax > Logging 1.11.11 update, upgrading to log4j 2.16.0 fixing CVE-2021-44228 and