+1 (binding)
Just a side note, I think it's an upgrade to log4j 2.17.0 but it's just
an error in the voting mail because the release is ok.
Thanks JB!
regards,
Francois
On 20/12/2021 11:48, Jean-Baptiste Onofré wrote:
Hi all,
I submit Apache Karaf 4.2.14 to your vote.
This version upgrades to Pax Logging 1.11.12 with:
- logback 1.2.9 fixing CVE-2021-42550
- log4j 2.16.0 fixing CVE-2021-45105
Please take a look on Release Notes for details.
Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12351061
Staging Maven Repository:
https://repository.apache.org/content/repositories/orgapachekaraf-1168/
Staging Dist Repository:
https://dist.apache.org/repos/dist/dev/karaf/4.2.14/
Git tag:
karaf-4.2.14
Please vote to approve this release:
[ ] +1 Approve the release
[ ] -1 Don't approve the release (please provide specific comments)
This vote will be open for at least 72 hours.
Regards
JB
