Hi Gary,
I have not done a Windows version of "validate-release" yet. It requires
deciding whether I rely on vcpkg or learn power-shell stuff to install
dependencies.
The web-site (https://logging.apache.org/log4cxx/1.3.0/build-cmake.html)
has some commands for Windows. But they assume you have m
Hi Stephen,
+1
I verified the signatures and ran the tests successful under Linux (Ubuntu
22.04.5).
Regards.
Jan
Thursday, November 28, 2024, 1:14:39 AM, you wrote:
> This is a vote to release the Apache Log4cxx 1.3.1.
> Website: https://logging.staged.apache.org/log4cxx/1.3.1/changelog.htm
This is beyond confusing and a new kind of "soft" jar hell IMO.
I read this twice and I have no idea how a user would make sense of this.
Log4j 2.x should be all in sync, all jars should be released with each
version and match. Period. IMO.
Gary
On Thu, Nov 28, 2024, 9:52 AM Piotr P. Karwasz
w
Hi Ralph,
On 14.11.2024 19:46, Ralph Goers wrote:
Log4j core has a version compatibility comparison just for this reason. If core
is updated to require some new feature in the API then the version it checks
for needs to be updated and Log4j-API needs to update its version when it adds
new fea
Hi Stephen,
With the src zip file, ASC and SHA512 are OK.
Since there is no Windows version of validate-release.sh, I tried to run "cmake
-B ." but it failed. Any advice?
C:\Users\ggregory\rc\cxx\apache-log4cxx-1.3.1>cmake -B .
-- Building for: Visual Studio 17 2022
-- Selecting Windows SDK ver
I don't think we should provide BOTH 256 AND 512 SHA files. 512 is enough. NOt
a blocker obviously.
Gary
On 2024/11/28 00:14:39 Stephen Webb wrote:
> This is a vote to release the Apache Log4cxx 1.3.1.
>
> Website: https://logging.staged.apache.org/log4cxx/1.3.1/changelog.html
> GitHub: https:/
> I really don't think we need to point to non-log4j projects on this page.
That is so true. If only there was a way to release log4j 1.x with CVE
fixes. Sure it would make third-party mentions irrelevant.
Vladimir
Hi Gary,
On 16.11.2024 19:42, Gary Gregory wrote:
Note that the statement on the EOL site is incorrect:
"The reload4j project provides a drop-in replacement for Log4j 1.x with
maintenance and security fixes."
It certainly is not a "drop-in replacement" because it ripped out public
classes and
Hi Gary,
On 19.11.2024 19:47, Gary D. Gregory wrote:
I don't want to not loose support for "root" (lower-case) in the Log4j 1
configuration properties bridge since that's a documented feature in 1.x. I still have a
product that uses 1.x style properties files, and converting converting our ins
