Summary: Improper validation of certificate with host mismatch in
Log4j2 SMTP appender. This could allow an SMTPS connection to be
intercepted by a man-in-the-middle attack which could leak any log
messages sent through that appender.
Mitigation: Users should upgrade to Apache Log4j 2.13.2 which f
Hi
Quick question: what operating system does the available CI server run?
Even if docker is an option, the host system is matters.
Thanks
-d
Info about our existing infra is documented here:
https://cwiki.apache.org/confluence/display/INFRA/Jenkins
On Sat, 25 Apr 2020 at 13:38, Davyd McColl wrote:
>
> Hi
>
> Quick question: what operating system does the available CI server run?
> Even if docker is an option, the host system is matter
Thanks for the reply (:
Would external build systems like circleci be acceptable too?
-d
On April 25, 2020 21:03:01 Matt Sicker wrote:
Info about our existing infra is documented here:
https://cwiki.apache.org/confluence/display/INFRA/Jenkins
On Sat, 25 Apr 2020 at 13:38, Davyd McColl wr
The only external build systems that are set up for Apache right now
are Travis and some limited GitHub Action experiments. Other CI
systems may need to talk with Apache Infra.
On Sat, 25 Apr 2020 at 14:47, Davyd McColl wrote:
>
> Thanks for the reply (:
>
> Would external build systems like circ