Re: [VOTE] Release Apache Log4j 2.19.0-rc2
My +1 Note that this release has now been open for approximately 67 hours and only has 1 vote other than my own. Ralph > On Sep 13, 2022, at 1:49 PM, Ralph Goers wrote: > > This is a vote to release Log4j 2.19.0, the next version of the Log4j 2 > project. > > Note that the security page on the web site was updated to better describe > CVE-2021-44228 and CVE-2021-45046. Please review those changes. > > Please download, test, and cast your votes on the log4j developers list. > [] +1, release the artifacts > [] -1, don't release because... > > The vote will remain open for 72 hours. All votes are welcome and we > encourage everyone to test the release, but only Logging PMC votes are > “officially” counted. As always, at least 3 +1 votes and more positive than > negative votes are required. > > Changes in this version include: > > New Features > • LOG4J2-3583: Add support for SLF4J2 stack-valued MDC. Thanks to > Pierrick Terrettaz. > • LOG4J2-2975: Add implementation of SLF4J2 fluent API. Thanks to > Daniel Gray. > > Fixed Bugs > • LOG4J2-3578: Generate new SSL certs for testing. > • LOG4J2-3556: Make JsonTemplateLayout stack trace truncation operate > for each label block. Thanks to Arthur Gavlyukovskiy. > • LOG4J2-3550: SystemPropertyArbiter was assigning the value as the > name. Thanks to DongjianPeng. > • LOG4J2-3560: Logger$PrivateConfig.filter(Level, Marker, String) was > allocating empty varargs array. Thanks to David Schlosnagle. > • LOG4J2-3561: Allows a space separated list of style specifiers in the > %style pattern for consistency with %highlight. Thanks to Robert Papp. > • LOG4J2-3564: Fix NPE in log4j-to-jul in the case the root logger > level is null. > • LOG4J2-3545: Add correct manifest entries for OSGi to log4j-jcl > Thanks to Johan Compagner. > • LOG4J2-3565: Fix RollingRandomAccessFileAppender with > DirectWriteRolloverStrategy can't create the first log file of different > directory. > • LOG4J2-3579: Fix ServiceLoaderUtil behavior in the presence of a > SecurityManager. Thanks to Boris Unckel. > • LOG4J2-3559: Fix resolution of properties not starting with log4j2.. > Thanks to Gary Gregory. > • LOG4J2-3557: Fix recursion between Log4j 1.2 LogManager and Category. > Thanks to Andreas Leitgeb. > • LOG4J2-3587: Fix regression in Rfc5424Layout default values. Thanks > to Tomas Micko. > • LOG4J2-3548: Improve support for passwordless keystores. Thanks to > Kristof Farkas-Pall. > • LOG4J2-708: Add async support to Log4jServletFilter. > > Changes > • LOG4J2-3572: Add getExplicitLevel method to LoggerConfig. > • LOG4J2-3589: Allow Plugins to be injected with the LoggerContext > reference. > • LOG4J2-3588: Allow PropertySources to be added. > > Removed > • LOG4J2-3573: Removed build page in favor of a single build > instructions file. Thanks to Wolff Bock von Wuelfingen. > • LOG4J2-3590: Remove SLF4J 1.8.x binding. > > Tag: > a) for a new copy do "git clone https://github.com/apache/logging-log4j2.git > and then "git checkout tags/log4j-2.19.0-rc2” or just "git clone -b > log4j-2.19.0-rc2 https://github.com/apache/logging-log4j2.git"; > b) for an existing working copy to “git pull” and then “git checkout > tags/log4j-2.19.0-rc2” > > Web Site: https://logging.staged.apache.org/log4j/2.x/index.html. > > Maven Artifacts: > https://repository.apache.org/content/repositories/orgapachelogging-1089/ > > Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/ > > You may download all the Maven artifacts by executing: > wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate > https://repository.apache.org/content/repositories/orgapachelogging-1089/org/apache/logging/log4j/ > > Ralph
Re: [VOTE] Release Apache Log4j 2.19.0-rc2
I'll review this later tonight. On Fri, Sep 16, 2022 at 10:41 AM Ralph Goers wrote: > > My +1 > > Note that this release has now been open for approximately 67 hours and only > has 1 vote other than my own. > > Ralph > > > On Sep 13, 2022, at 1:49 PM, Ralph Goers wrote: > > > > This is a vote to release Log4j 2.19.0, the next version of the Log4j 2 > > project. > > > > Note that the security page on the web site was updated to better describe > > CVE-2021-44228 and CVE-2021-45046. Please review those changes. > > > > Please download, test, and cast your votes on the log4j developers list. > > [] +1, release the artifacts > > [] -1, don't release because... > > > > The vote will remain open for 72 hours. All votes are welcome and we > > encourage everyone to test the release, but only Logging PMC votes are > > “officially” counted. As always, at least 3 +1 votes and more positive than > > negative votes are required. > > > > Changes in this version include: > > > > New Features > > • LOG4J2-3583: Add support for SLF4J2 stack-valued MDC. Thanks to > > Pierrick Terrettaz. > > • LOG4J2-2975: Add implementation of SLF4J2 fluent API. Thanks to > > Daniel Gray. > > > > Fixed Bugs > > • LOG4J2-3578: Generate new SSL certs for testing. > > • LOG4J2-3556: Make JsonTemplateLayout stack trace truncation operate > > for each label block. Thanks to Arthur Gavlyukovskiy. > > • LOG4J2-3550: SystemPropertyArbiter was assigning the value as the > > name. Thanks to DongjianPeng. > > • LOG4J2-3560: Logger$PrivateConfig.filter(Level, Marker, String) was > > allocating empty varargs array. Thanks to David Schlosnagle. > > • LOG4J2-3561: Allows a space separated list of style specifiers in > > the %style pattern for consistency with %highlight. Thanks to Robert Papp. > > • LOG4J2-3564: Fix NPE in log4j-to-jul in the case the root logger > > level is null. > > • LOG4J2-3545: Add correct manifest entries for OSGi to log4j-jcl > > Thanks to Johan Compagner. > > • LOG4J2-3565: Fix RollingRandomAccessFileAppender with > > DirectWriteRolloverStrategy can't create the first log file of different > > directory. > > • LOG4J2-3579: Fix ServiceLoaderUtil behavior in the presence of a > > SecurityManager. Thanks to Boris Unckel. > > • LOG4J2-3559: Fix resolution of properties not starting with > > log4j2.. Thanks to Gary Gregory. > > • LOG4J2-3557: Fix recursion between Log4j 1.2 LogManager and > > Category. Thanks to Andreas Leitgeb. > > • LOG4J2-3587: Fix regression in Rfc5424Layout default values. Thanks > > to Tomas Micko. > > • LOG4J2-3548: Improve support for passwordless keystores. Thanks to > > Kristof Farkas-Pall. > > • LOG4J2-708: Add async support to Log4jServletFilter. > > > > Changes > > • LOG4J2-3572: Add getExplicitLevel method to LoggerConfig. > > • LOG4J2-3589: Allow Plugins to be injected with the LoggerContext > > reference. > > • LOG4J2-3588: Allow PropertySources to be added. > > > > Removed > > • LOG4J2-3573: Removed build page in favor of a single build > > instructions file. Thanks to Wolff Bock von Wuelfingen. > > • LOG4J2-3590: Remove SLF4J 1.8.x binding. > > > > Tag: > > a) for a new copy do "git clone > > https://github.com/apache/logging-log4j2.git and then "git checkout > > tags/log4j-2.19.0-rc2” or just "git clone -b log4j-2.19.0-rc2 > > https://github.com/apache/logging-log4j2.git"; > > b) for an existing working copy to “git pull” and then “git checkout > > tags/log4j-2.19.0-rc2” > > > > Web Site: https://logging.staged.apache.org/log4j/2.x/index.html. > > > > Maven Artifacts: > > https://repository.apache.org/content/repositories/orgapachelogging-1089/ > > > > Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/ > > > > You may download all the Maven artifacts by executing: > > wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate > > https://repository.apache.org/content/repositories/orgapachelogging-1089/org/apache/logging/log4j/ > > > > Ralph >
Re: [VOTE] Release Apache Log4j 2.19.0-rc2
Ralph, You have my +1 of course. I built from the source distribution with: Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537) Maven home: /home/piotr/.m2/wrapper/dists/apache-maven-3.8.4-bin/52ccbt68d252mdldqsfsn03jlf/apache-maven-3.8.4 Java version: 1.8.0_312, vendor: Temurin, runtime: /usr/lib/jvm/jdk8u312-b07/jre Default locale: pl_PL, platform encoding: UTF-8 OS name: "linux", version: "5.10.0-18-amd64", arch: "amd64", family: "unix" Piotr
Re: [VOTE] Release Apache Log4j 2.19.0-rc2
FYI, as a sanity check, you should also check the ASC and SHA512 file for the zip or tar you validated. Gary On Fri, Sep 16, 2022, 12:34 Piotr P. Karwasz wrote: > Ralph, > > You have my +1 of course. I built from the source distribution with: > > Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537) > Maven home: > /home/piotr/.m2/wrapper/dists/apache-maven-3.8.4-bin/52ccbt68d252mdldqsfsn03jlf/apache-maven-3.8.4 > Java version: 1.8.0_312, vendor: Temurin, runtime: > /usr/lib/jvm/jdk8u312-b07/jre > Default locale: pl_PL, platform encoding: UTF-8 > OS name: "linux", version: "5.10.0-18-amd64", arch: "amd64", family: "unix" > > > Piotr >
Re: [VOTE] Release Apache Log4j 2.19.0-rc2
Hi Gary, On Fri, 16 Sept 2022 at 20:30, Gary Gregory wrote: > FYI, as a sanity check, you should also check the ASC and SHA512 file for > the zip or tar you validated. Yes, I verified the hash before compiling, but I didn't have Ralph's GPG key in my keyring, so I verified the signature only now. Piotr
Re: [VOTE] Release Apache Log4j 2.19.0-rc2
+1 Git tag log4j-2.19.0-rc2 tested with Apache Maven 3.8.5 (3599d3414f046de2324203b78ddcf9b5e4388aa0) Maven home: /opt/maven Java version: 1.8.0_345, vendor: Temurin, runtime: /usr/lib/jvm/temurin-8-jdk/jre Default locale: de_DE, platform encoding: UTF-8 OS name: "linux", version: "5.19.8-200.fc36.x86_64", arch: "amd64", family: "unix" Apache Maven 3.8.6 (84538c9988a25aec085021c365c560670ad80f63) Maven home: c:\VHVEntw\apache-maven-3.8.6 Java version: 1.8.0_345, vendor: Temurin, runtime: c:\Program Files\jdk8u345-b01\jre Default locale: de_DE, platform encoding: Cp1252 OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows" WinVer 21H2 Build 19044.2006 Maven artifacts orgapachelogging-1089 tested against * SHA1 checked * WildFly Core main with -DallTests ( https://github.com/wildfly/wildfly-core/ ) * JBoss Logging 3.4 branch ( https://github.com/jboss-logging/jboss-logging/tree/3.4 ) * Log4j2 JBoss Logmanager main( https://github.com/jboss-logging/log4j2-jboss-logmanager ) all with Apache Maven 3.8.5 (3599d3414f046de2324203b78ddcf9b5e4388aa0) Maven home: /opt/maven Java version: 11.0.16.1, vendor: Eclipse Adoptium, runtime: /usr/lib/jvm/temurin-11-jdk Default locale: de_DE, platform encoding: UTF-8 OS name: "linux", version: "5.19.8-200.fc36.x86_64", arch: "amd64", family: "unix" Regards Boris > Ralph Goers hat am 13.09.2022 22:49 CEST > geschrieben: > > > This is a vote to release Log4j 2.19.0, the next version of the Log4j 2 > project. > [] > Tag: > a) for a new copy do "git clone https://github.com/apache/logging-log4j2.git > and then "git checkout tags/log4j-2.19.0-rc2” or just "git clone -b > log4j-2.19.0-rc2 https://github.com/apache/logging-log4j2.git"; > b) for an existing working copy to “git pull” and then “git checkout > tags/log4j-2.19.0-rc2” > > Web Site: https://logging.staged.apache.org/log4j/2.x/index.html. > > Maven Artifacts: > https://repository.apache.org/content/repositories/orgapachelogging-1089/
[RESULT][VOTE] Release Log4j 2.19.0-rc2
This vote passes with binding +1 votes from Gary Gregory, Ralph Goers, and Piotr Karwasz along with a non-binding +1 from Boris Unckel. Thanks to all who voted on the release. I will now continue with the release process. Ralph
