Thanks JB, I think it's a good signal for all our downstream projects. Even if it's just rumors ;)
regards, Achim Am Di., 14. Dez. 2021 um 10:44 Uhr schrieb Jean-Baptiste Onofré < j...@nanthrax.net>: > Even if I agree with Romain, I cancelled this release and I'm moving > forward fast on new vote (later today). > > On 14/12/2021 10:32, Romain Manni-Bucau wrote: > >> What's the difference between cutting a new release right after the > >> release and just postponing this release (again) to include this log4j > >> version? > >> I'd rather have a 4.3.4 accepted by our consumers instead of everyone > just > >> waiting for the 4.3.5 ;) > > > > (just my 2cts and experience feedback about willing a perfect release) > > Consumers waiting for something unrelated to log4j2 can adopt it 1 week > > before ;), and as JB said, there is no security enhancement in 2.16 - and > > some other parts of the JVM/libs are way more dangerous :p - so guess it > is > > better to release and move forward than keeping postponing which can > delay > > for more than 1 month the adoption (keep in mind we are in the last work > > week in a lot of country since Xmas is coming ;)). > > > > Romain Manni-Bucau > > @rmannibucau <https://twitter.com/rmannibucau> | Blog > > <https://rmannibucau.metawerx.net/> | Old Blog > > <http://rmannibucau.wordpress.com> | Github < > https://github.com/rmannibucau> | > > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book > > < > https://www.packtpub.com/application-development/java-ee-8-high-performance > > > > > > > > Le mar. 14 déc. 2021 à 10:26, Jean-Baptiste Onofré <j...@nanthrax.net> a > > écrit : > > > >> OK, so, let me prepare Pax Logging 2.0.12 then and cancel this vote to > >> include this new Pax Logging version. > >> > >> Regards > >> JB > >> > >> On 14/12/2021 10:20, Achim Nierbeck wrote: > >>> tbh. What's the difference between cutting a new release right after > the > >>> release and just postponing this release (again) to include this log4j > >>> version? > >>> I'd rather have a 4.3.4 accepted by our consumers instead of everyone > >> just > >>> waiting for the 4.3.5 ;) > >>> > >>> my 2 cents :) > >>> > >>> regards, Achim > >>> > >>> > >>> Am Di., 14. Dez. 2021 um 10:09 Uhr schrieb Jean-Baptiste Onofré < > >>> j...@nanthrax.net>: > >>> > >>>> There's no big change between log4j 2.15 and 2.16 (in term of CVE). > So, > >>>> I would leave this vote running, and prepare Pax Logging/Karaf new > >>>> release after (pretty soon). > >>>> > >>>> Regards > >>>> JB > >>>> > >>>> On 14/12/2021 09:30, Bernd Eckenfels wrote: > >>>>> If you have any reason to delay it some more, a new pax logging with > >>>> log4j 2.0.16 should be close by ,) Log4j finally disabled JNDI and > >> removed > >>>> the lookup code. Otherwise another minor release would also be an > >> option. > >>>>> -- > >>>>> http://bernd.eckenfels.net > >>>>> ________________________________ > >>>>> Von: Francois Papon <francois.pa...@openobject.fr> > >>>>> Gesendet: Tuesday, December 14, 2021 8:49:24 AM > >>>>> An: dev@karaf.apache.org <dev@karaf.apache.org> > >>>>> Betreff: Re: [VOTE] Apache Karaf runtime 4.3.4 release (take #2) > >>>>> > >>>>> +1 (binding) > >>>>> > >>>>> Thanks JB! > >>>>> > >>>>> regards, > >>>>> > >>>>> Francois > >>>>> > >>>>> On 13/12/2021 16:24, Jean-Baptiste Onofré wrote: > >>>>>> Hi everyone, > >>>>>> > >>>>>> I submit Apache Karaf runtime 4.3.4 to your vote (take #2). > >>>>>> > >>>>>> This release includes dependency upgrades, fixes, and improvements, > >>>>>> especially: > >>>>>> > >>>>>> - upgrade to Pax Logging 2.0.11, upgrading to log4j2 2.0.15, fixing > >>>>>> important security issue (CVE-2021-44228) > >>>>>> - align dependencies versions between Karaf and Pax * > >>>>>> - fix missing system export packages > >>>>>> - fix on Karaf features json support > >>>>>> - fix features autoRefresh configuration handling > >>>>>> - fix on sshd session handling > >>>>>> - update to sshd 2.8.0 > >>>>>> - lot of pax * updates > >>>>>> - and much more ! > >>>>>> > >>>>>> Please take a look on Release Notes for details ! > >>>>>> > >>>>>> Release Notes: > >>>>>> > >>>> > >> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350547 > >>>>>> > >>>>>> > >>>>>> Staging Maven Repository: > >>>>>> > >> https://repository.apache.org/content/repositories/orgapachekaraf-1164/ > >>>>>> > >>>>>> Staging Dist Repository: > >>>>>> https://dist.apache.org/repos/dist/dev/karaf/4.3.4/ > >>>>>> > >>>>>> Git tag: > >>>>>> karaf-4.3.4 > >>>>>> > >>>>>> Please vote to approve this release: > >>>>>> > >>>>>> [ ] +1 Approve the release > >>>>>> [ ] -1 Don't approve the release (please provide specific comments) > >>>>>> > >>>>>> This vote will be open for at least 72 hours. > >>>>>> > >>>>>> Regards > >>>>>> JB > >>>>> > >>>> > >>> > >>> > >> > > > -- Apache Member Apache Karaf <http://karaf.apache.org/> Committer & PMC OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead blog <http://notizblog.nierbeck.de/> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
