Hi all,
Thanks a lot for being on this issue and helping us to fix this,
With kind regards
Christian Kleegrewe
Siemens AG
Technology
Research in Digitalization and Automation
Business Analytics & Monitoring
Semantic & Reasoning
T RDA BAM SMR-DE
Otto-Hahn-Ring 6
Perlach
81739 Munich, Germany
Phon
Hi Robert
Binaries are signed with my key, though I remember someone raising that my
key wasn't in a known area last time, so I'd appreciate help with that. I
had a key signing party with Ralph and Matt quite a long time ago, but
perhaps there's something I was supposed to do that I didn't ):
> I have updated staging docs and I _think_ I've done the right thing with
> respect to getting binaries and source up to the dev repo at
> https://dist.apache.org/repos/dist/dev/logging, but the download links on
> the staging docs point to the release download area, so I'm not sure if I
> should
I think this is a good idea - regardless of whether or not we do a
release of 1.2, having the git repo easily available for reference is
nice.
-Robert Middleton
On Thu, Dec 16, 2021 at 12:18 PM Matt Sicker wrote:
>
> I think migrating the repo to Git would make an eventual release easier to
> a
Issue tracking for Log4j 1 was handled in the ASF Bugzilla system. All the
issues are still there but I believe the issue tracker was frozen when it was
declared EOL.
Ralph
> On Dec 16, 2021, at 1:19 PM, Homer, Tony wrote:
>
> There has been some discussion about releasing a security update
There has been some discussion about releasing a security update for log4j 1.x
(1.2.18, perhaps), both here and on
https://github.com/apache/logging-log4j2/pull/608.
Is there a JIRA open for this work?
I'd like to provide some input, specifically that any security update should
consider all of t
I think migrating the repo to Git would make an eventual release easier to
accomplish. I’ll note that long ago before Log4j2 switched to Git, I was using
our Subversion repository via git-svn anyways, so that’s also an option (note
that it’s a little finicky as you can’t introduce complicated co
Hey Gary,
Thanks for your thoughts.
TL;DR: I actually share your preference! But: how? Also, progress notes.
In a "normal" situation I really think that the 99% drop in replacement
that is already there is plenty.
Especially from an ASF perspective where our primary deliverable is source
code to
Hi all
I'd like to raise a vote to release log4net 2.0.14. Changelog is up on the
pre-release page at
https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.14-rc1
I have updated staging docs and I _think_ I've done the right thing with
respect to getting binaries and source up to the
Migrating via compatibility layers is way harder for consumers, and it does
not sound like a proper plan for fixing RCE.
The scope of regression testing from 1.x to 2.x+compatibility would be much
more for the consumers than the scope of 1.2.17 -> 1.2.18, so it would be
way harder for them to test
Hi all
I'd like to raise a vote to release log4net 2.0.14. Changelog is up on the
pre-release page at
https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.14-rc1
I have updated staging docs and I _think_ I've done the right thing with
respect to getting binaries and source up to the de
Hi all,
[Reposting in a new thread]
Log4j 2 provides a compatibility layer for the 1.2 API and for some
configuration files. It is not a 100% drop in replacement, but it could be
made much better with some work. So, I would prefer that brain power for
1.x be applied in this direction, instead of
Let me also point out another aspect of the overall issue for Log4j 1 vs 2:
Log4j 2 provides a compatibility layer for 1, for the 1.2 API and for some
configuration files. It is not a 100% drop in replacement, but it could be
made much better with some work. So, I would prefer that brain power for
I am just voicing my opinion, others can still cause this to pass.
Gary
On Thu, Dec 16, 2021, 00:12 Vladimir Sitnikov
wrote:
> I thought there was an agreement on releasing 1.2.18 as "networkless"
> release.
> I think moving to Git (which is a no-op basically), would greatly simplify
> that.
>
14 matches
Mail list logo
