RE: does the master branch compile?

t; api\src\test\java\org\apache\logging\log4j\LogManagerTest.java:[52,5] > > > >> [exports] class Test in module is not exported > > > >> > > > > > > > > In `master` there is a separate `log4j-api-test` project and > > > > `log4j-api/src/test` should be empty. That is why cherry-picking from > > > > `release-2.x` to `master` often gives conflicts on tests. > > > > > > > > Piotr > > > -- Jason Pyeron | Architect PD Inc| Certified SBA 8(a) 10 w 24th St | Certified SBA HUBZone Baltimore, MD | CAGE Code: 1WVR6 .mil: jason.j.pyeron@mail.mil .com: jpye...@pdinc.us tel : 202-741-9397

RE: Maven published jars not matching jars downloaded from apache.org?

Specification-Title: Apache Log4j Core Log4jReleaseManager: Matt Sicker > -- > Matt Sicker > > > On Dec 29, 2021, at 11:57, Jason Pyeron wrote: > > > > We have noticed that many of the jars (almost all) when fetched by maven > > are different from the ones

RE: [LOG4J 1] standardizing the Maven build

ouble verifying and voting on a release down > the line. How can my office help? Note - our (support) customers are unable (willing?) to upgrade. v/r, Jason Pyeron -- Jason Pyeron | Architect Contractor| PD Inc| Certified SBA 8(a) 10 w 24th St | Certified SBA HUBZone Balt

RE: [VOTE] CVE creation process

> -Original Message- > From: Xeno Amess > Sent: Monday, January 3, 2022 10:40 AM > > +0 > > I just worried several things. > > 1. Will it make the cve's fix come out more slowly? > A vote means waiting for 72 hours usually. > > 2. Do all PMC who enter the vote always have enough ability

Maven published jars not matching jars downloaded from apache.org?

68d793940c28ddff6670be703690dfdf9e77315970c42c4af40ca7261a8570fa from apache-log4j-2.14.0-bin.zip Thoughts? Jason Pyeron | Architect PD Inc| Certified SBA 8(a) 10 w 24th St | Certified SBA HUBZone Baltimore, MD | CAGE Code: 1WVR6 .mil: <mailto:jason.j.pyeron@mail.mil> jason.j.pyeron@mail.mil .com: <ma

RE: CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration

> -Original Message- > From: Gary Gregory > Sent: Tuesday, December 28, 2021 3:02 PM > > > 2.12.4 and 2.3.2 are brewing. I see, are they in git? If so, what commit? -Jason

RE: CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration

ease-plugin] prepare release log4j-2.12.3-rc1 rgo...@apache.org -Jason -- Jason Pyeron | Architect Contractor| PD Inc| Certified SBA 8(a) 10 w 24th St | Certified SBA HUBZone Baltimore, MD | CAGE Code: 1WVR6 .mil: jason.j.pyeron@mail.mil .com: jpye...@pdinc.us tel : 202-741-9397

RE: CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration

ta source names > to the java > protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. > > This issue is being tracked as LOG4J2-3293, > > References: > > https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 > https://issues.apache.org/jira/browse/LO