There are rumors/theories the Sysprop does not cover all Code path (not for structured log events). Therefore sooner or later the 2.16 is needed for compliance reasons.
Much appreciated that you roll another release, jb. -- http://bernd.eckenfels.net ________________________________ Von: Romain Manni-Bucau <rmannibu...@gmail.com> Gesendet: Tuesday, December 14, 2021 10:07:13 AM An: dev <dev@karaf.apache.org> Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2) +1 (to release), in terms of actual security 2.15 or 2.16 does not change much and karaf has some expected changes so let it go and redo one after if wished IMHO Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://rmannibucau.metawerx.net/> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book <https://www.packtpub.com/application-development/java-ee-8-high-performance> Le mar. 14 déc. 2021 à 09:30, Bernd Eckenfels <e...@zusammenkunft.net> a écrit : > If you have any reason to delay it some more, a new pax logging with log4j > 2.0.16 should be close by ,) Log4j finally disabled JNDI and removed the > lookup code. Otherwise another minor release would also be an option. > -- > http://bernd.eckenfels.net > ________________________________ > Von: Francois Papon <francois.pa...@openobject.fr> > Gesendet: Tuesday, December 14, 2021 8:49:24 AM > An: dev@karaf.apache.org <dev@karaf.apache.org> > Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2) > > +1 (binding) > > Thanks JB! > > regards, > > Francois > > On 13/12/2021 16:24, Jean-Baptiste Onofré wrote: > > Hi everyone, > > > > I submit Apache Karaf runtime 4.3.4 to your vote (take #2). > > > > This release includes dependency upgrades, fixes, and improvements, > > especially: > > > > - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing > > important security issue (CVE-2021-44228) > > - align dependencies versions between Karaf and Pax * > > - fix missing system export packages > > - fix on Karaf features json support > > - fix features autoRefresh configuration handling > > - fix on sshd session handling > > - update to sshd 2.8.0 > > - lot of pax * updates > > - and much more ! > > > > Please take a look on Release Notes for details ! > > > > Release Notes: > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547 > > > > > > Staging Maven Repository: > > https://repository.apache.org/content/repositories/orgapachekaraf-1164/ > > > > Staging Dist Repository: > > https://dist.apache.org/repos/dist/dev/karaf/4.3.4/ > > > > Git tag: > > karaf-4.3.4 > > > > Please vote to approve this release: > > > > [ ] +1 Approve the release > > [ ] -1 Don't approve the release (please provide specific comments) > > > > This vote will be open for at least 72 hours. > > > > Regards > > JB >
