Hi Dominik I have had a long look over the changes (both via the PR and locally, as I contributed to help with some infra changes) and I'm happy -- there's been a lot of clean-up and simplification and in addition, tests are now run against all targets -- so that's a good thing. Some of these changes are required to resolve issues for netstandard2.0 users who have upgraded to 2.0.9. Community member NicholasNoise put in a lot of work on this.
If it helps, the original PR is here: https://github.com/apache/logging-log4net/pull/63 -- it makes viewing changes a lot simpler. Changes to a lot of the #ifdefs are updates from NETSTANDARD1_3 to simply NETSTANDARD as many of the changes required for netstandard2.0 are compatible. I contributed on that PR too, mainly around getting build to work as expected. You're welcome to use the npm-based build / test pipeline to verify: I've just updated master to automatically test across all platforms when running `npm test`, so it should be easy to verify that all things are functional: - install node if you don't have it yet (I suggest via nvm) - `npm ci` - `npm test` (assuming that you have all the required build targets -- there are helper .ps1 scripts to get the older targets -- netcore 1.1 and netfx35) -d On 2020/09/10 09:03:45, Dominik Psenner <dpsen...@gmail.com> wrote: Hi Sorry to not have responded earlier. Time is short and the days are busy. I looked at the diff and found several suspicious changes. Several hundred ifdefs have been removed/replaced along with tests. Therefore I have a bad feeling about those changes without further careful checking. I propose to release the cve fix alone and follow up a second release as soon as someone had the time to verify that the netstandard2 changes are ok. Best regards -- Sent from my phone. Typos are a kind gift to anyone who happens to find them. On Thu, Sep 10, 2020, 08:48 Davyd McColl wrote: > Hi > > Sorry to be a bother, but I haven't heard anything back on this apart from > Dominik's inquiry into netstandard 1.3 support. I'd really like to get this > out as: > a) it contains the CVE fix that has been asked about so much > b) it solves some issues affecting netstandard users > > Thanks > -d > > On 2020/09/06 20:51:38, Davyd McColl wrote: > Hi all > > I'd like to propose a vote to release 2.0.10 of log4net, with: > - updated netstandard 2.0 support from community member NicholasNoise > - cherry-picked fix for CVE-2018-1285 (I had to modify slightly since the > mechanism used there is outdated for netstandard 2.0, but the principle > stands > > I've created an RC release at GitHub: > https://github.com/apache/logging-log4net/releases/tag/v2.0.10-rc1 and > pushed updated site material to the `asf-staging` branch of the > logging-log4net-site repo. > > Thanks > -d
