We still need one more vote for the release to be finalized. Karl
On Wed, Dec 29, 2021 at 9:28 AM Karl Wright <daddy...@gmail.com> wrote: > Ran tests; +1 from me. > Karl > > > On Wed, Dec 29, 2021 at 8:00 AM Markus Schuch <markus_sch...@web.de> > wrote: > >> Hi, >> >> +1 from me >> >> Checked out the tag 2.21-rc0 and ran build and hsqldb based tests >> successfully >> Did a simple example based test crawl of a webpage with <base >> href="...">, ingest URIs are built correctly >> Checked the logs, found no errors or warnings >> Checked that mail notifications work (tested with mailhog) >> Travis ci reports green for the release tag: >> https://app.travis-ci.com/github/apache/manifoldcf/builds/243992093 >> Checked that Log4j 2.17 is contained in the built distribution >> >> Yesterday Log4J 2.17.1 was released due to >> https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 >> It is an RCE vulnerability, but only if the attacker has already the >> capability to modify the log4j configuration. >> I don't think that we have to respin the release for this one (base cvss >> score is 6.6). >> >> Many thanks for managing the release Karl and many thanks to all >> contributors. >> >> I wish everyone a happy new year 2022. >> >> Markus >> >> Am 26.12.2021 um 12:30 schrieb Karl Wright: >> > Hi, >> > >> > Please vote on whether to release Apache ManifoldCF 2.21, RC0. >> > The release candidate can be found at >> > >> https://dist.apache.org/repos/dist/dev/manifoldcf/apache-manifoldcf-2.21. >> > There is also a release tag at >> > https://svn.apache.org/repos/asf/manifoldcf/tags/release-2.21-RC0. >> > >> > As everyone is aware, this release updates log4j to version 2.17. It >> also >> > fixes numerous other build-related issues on Unix systems. Other >> changes >> > are listed in CHANGES.txt, as always. >> > >> > Karl >> > >> >