+1 Building from the git tag (tags/log4j-2.17.0-rc1 a19ef9bce) OK; running:
- mvn clean install - mvn site -DskipTests - mvn apache-rat:check -DskipTests openjdk version "1.8.0_312" OpenJDK Runtime Environment (build 1.8.0_312-bre_2021_10_20_23_15-b00) OpenJDK 64-Bit Server VM (build 25.312-b00, mixed mode) Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537) Maven home: /usr/local/Cellar/maven/3.8.4/libexec Java version: 1.8.0_312, vendor: Homebrew, runtime: /usr/local/Cellar/openjdk@8/1.8.0+312/libexec/openjdk.jdk/Contents/Home/jre Default locale: en_US, platform encoding: UTF-8 OS name: "mac os x", version: "12.1", arch: "x86_64", family: "mac" Darwin *** 21.2.0 Darwin Kernel Version 21.2.0: Sun Nov 28 20:28:54 PST 2021; root:xnu-8019.61.5~1/RELEASE_X86_64 x86_64 Gary On Fri, Dec 17, 2021 at 10:18 PM Ralph Goers <ralph.go...@dslextreme.com> wrote: > > This is a vote to release Log4j 2.17.0, the next version of the Log4j 2 > project. > > Please download, test, and cast your votes on the log4j developers list. > [] +1, release the artifacts > [] -1, don't release because... > > The vote will remain open for as short amount as time as required to vet the > release. All votes are welcome and we encourage everyone to test the release, > but only Logging PMC votes are “officially” counted. As always, at least 3 +1 > votes and more positive than negative votes are required. > > Note that a pre-release version of this was distributed to all reporters of > the issue covered by CVE-2021-45105 and all who tested confirmed the issue > was addressed. > > Changes in this version include: > > Fixed Bugs > > • LOG4J2-3230: Fix string substitution recursion. > • LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will remain > disabled by default. Rename JNDI enablement property from 'log4j2.enableJndi' > to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', and > 'log4j2.enableJndiContextSelector'. > • LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will remain > disabled by default. The enablement property has been renamed to > 'log4j2.enableJndiJava' > • LOG4J2-3241: Do not declare log4j-api-java9 and log4j-core-java9 as > dependencies as it causes problems with the Maven enforcer plugin. > • LOG4J2-3247: PropertiesConfiguration.parseAppenderFilters NPE when > parsing properties file filters. > • LOG4J2-3249: Log4j 1.2 bridge for Syslog Appender defaults to port > 512 instead of 514. > • LOG4J2-3237: Log4j 1.2 bridge API hard codes the Syslog protocol to > TCP. > > Tag: > a) for a new copy do "git clone https://github.com/apache/logging-log4j2.git > and then "git checkout tags/log4j-2.17.0-rc1” or just "git clone -b > log4j-2.17.0-rc1 https://github.com/apache/logging-log4j2.git"; > b) for an existing working copy to “git pull” and then “git checkout > tags/log4j-2.17.0-rc1” > > Web Site: https://logging.staged.apache.org/log4j/2.x/index.html > > Maven Artifacts: > https://repository.apache.org/content/repositories/orgapachelogging-1071 > > Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/ > > You may download all the Maven artifacts by executing: > wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate > https://repository.apache.org/content/repositories/orgapachelogging-1071/org/apache/logging/log4j/ > > Ralph
