The RAT check (mvn apache-rat:check) fails on: src/site/resources/js/jquery.min.js src/site/resources/js/jquery.js
If it is indeed ok to ship these files, then the RAT check should exclude these files and the NOTICE file be updated with an appropriate entry. I know this is not the runtime, it's the site, but we still include the files, so might as well be neat and today about it. Also, why ship BOTH the plain and "min" versions? In one of the files, I see "Dual licensed under the MIT or GPL Version 2 licenses." I'm pretty sure GPL part is not OK but MIT might be, the comment in the RAT exclusion should say so if these are OK to ship. Thoughts? Gary On Mon, Dec 20, 2021 at 11:02 PM Matt Sicker <boa...@gmail.com> wrote: > This is a vote to release Log4j Kotlin API version 1.2.0, the next version > of the Kotlin facade for Log4j2. > > Please download, test, and cast your votes on the log4j developers list. > [] +1, release the artifacts > [] -1, don't release because... > > The vote will remain open for 24 hours (or more if required). All votes > are welcome and we encourage everyone to test the release, but only Logging > PMC votes are “officially” counted. As always, at least 3 +1 votes and more > positive than negative votes are required. > > Changes in this release include: > > * LOG4J2-3218: Update Log4j dependency to 2.17.0. > > This is primarily provided to help upgrade transitive dependencies on > log4j-core which was recently updated to fix CVE-2021-44228, > CVE-2021-45046, and CVE-2021-45105. > > Tag: > a) for a new copy do "git clone > https://github.com/apache/logging-log4j-kotlin.git < > https://github.com/apache/logging-log4j-kotlin.git>” and then "git > checkout tags/log4j-api-kotlin-1.2.0-rc3” or just "git clone -b > log4j-api-kotlin-1.2.0-rc3 > https://github.com/apache/logging-log4j-kotlin.git < > https://github.com/apache/logging-log4j-kotlin.git>" > b) for an existing working copy to “git pull” and then “git checkout > tags/log4j-api-kotlin-1.2.0-rc3” > > Web Site: https://logging.staged.apache.org/log4j/kotlin/index.html < > https://logging.staged.apache.org/log4j/kotlin/index.html> > > Maven Artifacts: > https://repository.apache.org/content/repositories/orgapachelogging-1075/ > > Distribution archives: > https://dist.apache.org/repos/dist/dev/logging/log4j/kotlin/ < > https://dist.apache.org/repos/dist/dev/logging/log4j/kotlin/> > > You may download all the Maven artifacts by executing: > wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate > https://repository.apache.org/content/repositories/orgapachelogging-1075/org/apache/logging/log4j/ > < > https://repository.apache.org/content/repositories/orgapachelogging-1075/org/apache/logging/log4j/ > > > > -- > Matt Sicker > >
