Re: [VOTE] Release Apache Log4j 2.19.0-rc1

[Ralph Goers]

> On Sep 9, 2022, at 10:56 PM, Piotr P. Karwasz  wrote:
> 
> Hi Ralph,
> 
> On Sat, 10 Sept 2022 at 00:56, Ralph Goers  wrote:
>> Web Site:  https://logging.staged.apache.org/log4j/2.x/index.html.
> 
> I forgot to document the removal of `log4j-slf4j18-impl` and the new
> `log4j-slf4j2-impl`:
> https://logging.staged.apache.org/log4j/2.x/log4j-slf4j-impl/index.html

That is in RELEASE_NOTES.md and shows up in 
https://logging.staged.apache.org/log4j/2.x/changes-report.html#a2.19.0. 
I see your commit to the log4j-slf4j index. IMO that isn’t important enough to 
respin the release.

> 
> I pushed a patch to `release-2.x`.
> 
> I don't know if it is relevant, but the distribution jars and Maven
> repo jars have different hashes.

I thought someone figured out why that is happening and fixed it. In any case, 
all our releases are like that.

Ralph

Re: [VOTE] Release Apache Log4j 2.19.0-rc1

[Piotr P. Karwasz]

Hi,

On Sat, 10 Sept 2022 at 19:14, Ralph Goers  wrote:
> That is in RELEASE_NOTES.md and shows up in 
> https://logging.staged.apache.org/log4j/2.x/changes-report.html#a2.19.0.
> I see your commit to the log4j-slf4j index. IMO that isn’t important enough 
> to respin the release.

IMO this is also not important enough to ask somebody else to respin
the release. :-)

For me the release is Ok, +1.

Piotr

Re: [VOTE] Release Apache Log4j 2.19.0-rc1

[Gary Gregory]

Is the directory
https://dist.apache.org/repos/dist/dev/logging/log4j/kotlin/ empty on
purpose?

Gary

On Fri, Sep 9, 2022, 15:56 Ralph Goers  wrote:

> This is a vote to release Log4j 2.19.0, the next version of the Log4j 2
> project.
>
> Note that the security page on the web site was updated to better describe
> CVE-2021-44228 and CVE-2021-45046. Please review those changes.
>
> Please download, test, and cast your votes on the log4j developers list.
> [] +1, release the artifacts
> [] -1, don't release because...
>
> The vote will remain open for 72 hours. All votes are welcome and we
> encourage everyone to test the release, but only Logging PMC votes are
> “officially” counted. As always, at least 3 +1 votes and more positive than
> negative votes are required.
>
> Changes in this version include:
>
> New Features
> • LOG4J2-3583: Add support for SLF4J2 stack-valued MDC. Thanks to
> Pierrick Terrettaz.
> • LOG4J2-2975: Add implementation of SLF4J2 fluent API. Thanks to
> Daniel Gray.
> Fixed Bugs
> • LOG4J2-3578: Generate new SSL certs for testing.
> • LOG4J2-3556: Make JsonTemplateLayout stack trace truncation
> operate for each label block. Thanks to Arthur Gavlyukovskiy.
> • LOG4J2-3550: SystemPropertyArbiter was assigning the value as
> the name. Thanks to DongjianPeng.
> • LOG4J2-3560: Logger$PrivateConfig.filter(Level, Marker, String)
> was allocating empty varargs array. Thanks to David Schlosnagle.
> • LOG4J2-3561: Allows a space separated list of style specifiers
> in the %style pattern for consistency with %highlight. Thanks to Robert
> Papp.
> • LOG4J2-3564: Fix NPE in log4j-to-jul in the case the root logger
> level is null.
> • LOG4J2-3545: Add correct manifest entries for OSGi to log4j-jcl
> Thanks to Johan Compagner.
> • LOG4J2-3565: Fix RollingRandomAccessFileAppender with
> DirectWriteRolloverStrategy can't create the first log file of different
> directory.
> • LOG4J2-3579: Fix ServiceLoaderUtil behavior in the presence of a
> SecurityManager. Thanks to Boris Unckel.
> • LOG4J2-3559: Fix resolution of properties not starting with
> log4j2.. Thanks to Gary Gregory.
> • LOG4J2-3557: Fix recursion between Log4j 1.2 LogManager and
> Category. Thanks to Andreas Leitgeb.
> • LOG4J2-3587: Fix regression in Rfc5424Layout default values.
> Thanks to Tomas Micko.
> • LOG4J2-3548: Improve support for passwordless keystores. Thanks
> to Kristof Farkas-Pall.
> Changes
> • LOG4J2-3572: Add getExlicitLevel method to LoggerConfig.
> • LOG4J2-3589: Allow Plugins to be injected with the LoggerContext
> reference.
> • LOG4J2-3588: Allow PropertySources to be added.
> Removed
> • LOG4J2-3573: Removed build page in favor of a single build
> instructions file. Thanks to Wolff Bock von Wuelfingen.
> • LOG4J2-3590: Remove SLF4J 1.8.x binding.
>
> Tag:
> a)  for a new copy do "git clone
> https://github.com/apache/logging-log4j2.git and then "git checkout
> tags/log4j-2.19.0-rc1”  or just "git clone -b log4j-2.19.0-rc1
> https://github.com/apache/logging-log4j2.git";
> b) for an existing working copy to “git pull” and then “git checkout
> tags/log4j-2.19.0-rc1”
>
> Web Site:  https://logging.staged.apache.org/log4j/2.x/index.html.
>
> Maven Artifacts:
> https://repository.apache.org/content/repositories/orgapachelogging-1088/
>
> Distribution archives:
> https://dist.apache.org/repos/dist/dev/logging/log4j/
>
> You may download all the Maven artifacts by executing:
> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate
> https://repository.apache.org/content/repositories/orgapachelogging-1088/org/apache/logging/log4j/
>
> Ralph

Dist directories

[Ralph Goers]

I am not sure why you asked this in the vote thread.

It is empty because that is where the Kotlin releases would go while 
they are voted on and there is no vote open. That would mean they 
were moved to the release directory. Sometimes the artifacts are 
copied and then deleted when the next release comes along.

Ralph

> On Sep 10, 2022, at 4:29 PM, Gary Gregory  wrote:
> 
> Is the directory
> https://dist.apache.org/repos/dist/dev/logging/log4j/kotlin/ empty on
> purpose?
> 
> Gary
>