+1 (to release), in terms of actual security 2.15 or 2.16 does not change much and karaf has some expected changes so let it go and redo one after if wished IMHO
Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://rmannibucau.metawerx.net/> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book <https://www.packtpub.com/application-development/java-ee-8-high-performance> Le mar. 14 déc. 2021 à 09:30, Bernd Eckenfels <e...@zusammenkunft.net> a écrit : > If you have any reason to delay it some more, a new pax logging with log4j > 2.0.16 should be close by ,) Log4j finally disabled JNDI and removed the > lookup code. Otherwise another minor release would also be an option. > -- > http://bernd.eckenfels.net > ________________________________ > Von: Francois Papon <francois.pa...@openobject.fr> > Gesendet: Tuesday, December 14, 2021 8:49:24 AM > An: dev@karaf.apache.org <dev@karaf.apache.org> > Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2) > > +1 (binding) > > Thanks JB! > > regards, > > Francois > > On 13/12/2021 16:24, Jean-Baptiste Onofré wrote: > > Hi everyone, > > > > I submit Apache Karaf runtime 4.3.4 to your vote (take #2). > > > > This release includes dependency upgrades, fixes, and improvements, > > especially: > > > > - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing > > important security issue (CVE-2021-44228) > > - align dependencies versions between Karaf and Pax * > > - fix missing system export packages > > - fix on Karaf features json support > > - fix features autoRefresh configuration handling > > - fix on sshd session handling > > - update to sshd 2.8.0 > > - lot of pax * updates > > - and much more ! > > > > Please take a look on Release Notes for details ! > > > > Release Notes: > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547 > > > > > > Staging Maven Repository: > > https://repository.apache.org/content/repositories/orgapachekaraf-1164/ > > > > Staging Dist Repository: > > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/ > > > > Git tag: > > karaf-4.3.4 > > > > Please vote to approve this release: > > > > [ ] +1 Approve the release > > [ ] -1 Don't approve the release (please provide specific comments) > > > > This vote will be open for at least 72 hours. > > > > Regards > > JB >
