Ran tests; +1 from me.
Karl
On Wed, Dec 29, 2021 at 8:00 AM Markus Schuch wrote:
> Hi,
>
> +1 from me
>
> Checked out the tag 2.21-rc0 and ran build and hsqldb based tests
> successfully
> Did a simple example based test crawl of a webpage with href="...">, ingest URIs are built correctly
> Checked the logs, found no errors or warnings
> Checked that mail notifications work (tested with mailhog)
> Travis ci reports green for the release tag:
> https://app.travis-ci.com/github/apache/manifoldcf/builds/243992093
> Checked that Log4j 2.17 is contained in the built distribution
>
> Yesterday Log4J 2.17.1 was released due to
> https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832
> It is an RCE vulnerability, but only if the attacker has already the
> capability to modify the log4j configuration.
> I don't think that we have to respin the release for this one (base cvss
> score is 6.6).
>
> Many thanks for managing the release Karl and many thanks to all
> contributors.
>
> I wish everyone a happy new year 2022.
>
> Markus
>
> Am 26.12.2021 um 12:30 schrieb Karl Wright:
> > Hi,
> >
> > Please vote on whether to release Apache ManifoldCF 2.21, RC0.
> > The release candidate can be found at
> > https://dist.apache.org/repos/dist/dev/manifoldcf/apache-manifoldcf-2.21
> .
> > There is also a release tag at
> > https://svn.apache.org/repos/asf/manifoldcf/tags/release-2.21-RC0.
> >
> > As everyone is aware, this release updates log4j to version 2.17. It
> also
> > fixes numerous other build-related issues on Unix systems. Other changes
> > are listed in CHANGES.txt, as always.
> >
> > Karl
> >
>
