This is an automated email from the ASF dual-hosted git repository.
mbeckerle pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/daffodil-site.git
The following commit(s) were added to refs/heads/main by this push:
new 4374c18 updates for 3.2.1-rc2
4374c18 is described below
commit 4374c18078489d940375497662ad1099ac49117c
Author: Michael Beckerle <[email protected]>
AuthorDate: Mon Dec 20 12:36:08 2021 -0500
updates for 3.2.1-rc2
---
site/_releases/3.2.0.md | 10 ++++++++--
site/_releases/3.2.1.md | 26 +++++++++++++++++---------
2 files changed, 25 insertions(+), 11 deletions(-)
diff --git a/site/_releases/3.2.0.md b/site/_releases/3.2.0.md
index df48258..7ec8b47 100644
--- a/site/_releases/3.2.0.md
+++ b/site/_releases/3.2.0.md
@@ -5,8 +5,7 @@ apache: true
title: 3.2.0
date: 2021-12-06
summary: >
- Checksum and CRC capability via DFDL extensions and pluggable
- Jar files, Log4J support, miscellaneous bug fixes and improvements
+ WARNING: This release has been superceded. Use Release 3.2.1 instead.
artifact-root: "https://www.apache.org/dyn/closer.lua/daffodil/3.2.0/";
checksum-root: "https://downloads.apache.org/daffodil/3.2.0/";
@@ -24,6 +23,13 @@ binary-dist:
scala-version: 2.12
---
+<div class="alert alert-danger">
+WARNING
+<p/>
+This release has been superceded by <a href="../3.2.1">Release 3.2.1</a> due
to security issues.
+<p/>
+The release notes below are still useful for understanding the features and
functionality which are also part of <a href="../3.2.1">Release 3.2.1</a>.
+</div>
#### New DFDL Language Extension Features
diff --git a/site/_releases/3.2.1.md b/site/_releases/3.2.1.md
index e202e1e..27f4317 100644
--- a/site/_releases/3.2.1.md
+++ b/site/_releases/3.2.1.md
@@ -3,15 +3,17 @@
released: false
apache: true
title: 3.2.1
-date: 2021-12-16
+date: 2021-12-19
summary: >
- Upgrade dependencies to fix CVE-2021-44228 (Log4J)
+ Patch release supercedes 3.2.0.
+ Provides updated dependencies to fix CVE-2021-44228 (Log4J),
CVE-2021-45105 (Log4J),
and CVE-2021-33813 (JDOM).
- Fix unparse checksum and CRC capability (JIRA DAFFODIL-2609)
+ Fixes unparse checksum and CRC capability (JIRA DAFFODIL-2609)
+ Otherwise contains all the same functionality as Release 3.2.0 which it
replaces.
-artifact-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/";
-checksum-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/";
+artifact-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc2/";
+checksum-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc2/";
key-file: "https://downloads.apache.org/daffodil/KEYS";
@@ -27,11 +29,17 @@ binary-dist:
scala-version: 2.12
---
+This release is a patch on top of [Release 3.2.0](../3.2.0) to improve
security and fix a major functional bug.
+
+The [Release Notes for 3.2.0](../3.2.0)
+are still relevant to understand the features
+and functionality in this 3.2.1 patch release.
+
#### Security Improvements
-This release fixes two security CVEs by updating dependency versions.
+This release fixes three security CVEs by updating dependency versions.
-* {% jira 2610 %} Update log4J dependency to fix CVE-2021-44228
+* {% jira 2610 %} Update log4J dependency to fix CVE-2021-44228 and
CVE-2021-45105
* {% jira 2611 %} Update JDOM dependency to fix CVE-2021-33813
#### Functional Improvements
@@ -61,8 +69,8 @@ The following dependencies have been added or updated
**Core**
-* Log4j core 2.16.0 <small>(update)</small>
-* Log4j api 2.16.0 <small>(update)</small>
+* Log4j core 2.17.0 <small>(update)</small>
+* Log4j api 2.17.0 <small>(update)</small>
* JDOM2 2.0.6.1 <small>(update)</small>
**Code Generator (runtime2)**
