+1
Verified Signatures, hashes and ran the build on my Mac. Ralph > On Dec 28, 2021, at 6:59 PM, Matt Sicker <[email protected]> wrote: > > This is a vote to release Log4j 2.3.2, a security release for Java 6 users. > > Please download, test, and cast your votes on the log4j developers list. > [] +1, release the artifacts > [] -1, don't release because… > > The vote will remain open for as short amount as time as required to vet the > release. All votes are welcome and we encourage everyone to test the release, > but only Logging PMC votes are “officially” counted. As always, at least 3 +1 > votes and more positive than negative votes are required. > > Changes in this version include: > > Fixed Bugs > > Fixed Bugs: > o LOG4J2-3293: JDBC Appender should use JNDI Manager and JNDI access should > be limited. > Backport fix for CVE-2021-44832. > o LOG4J2-2819: Add support for specifying an SSL configuration for > SmtpAppender. > Backport fix for CVE-2020-9488 to allow SSL/TLS hostname verification. > > Tag: > a) for a new copy do "git clone https://github.com/apache/logging-log4j2.git > <https://github.com/apache/logging-log4j2.git>" and then "git checkout > tags/log4j-2.3.2-rc1” or just "git clone -b log4j-2.3.2-rc1 > https://github.com/apache/logging-log4j2.git > <https://github.com/apache/logging-log4j2.git>" > b) for an existing working copy to “git pull” and then “git checkout > tags/log4j-2.3.2-rc1” > > Web Site: [none published yet; need someone to stage a generated site] > > Maven Artifacts: > https://repository.apache.org/content/repositories/orgapachelogging-1081/ > > Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/ > <https://dist.apache.org/repos/dist/dev/logging/log4j/> > > You may download all the Maven artifacts by executing: > wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate > https://repository.apache.org/content/repositories/orgapachelogging-1081/org/apache/logging/log4j/ > > -- > Matt Sicker >
