+1
Hashes and signatures OK,
build OK:
Apache Maven 3.6.2 (40f52333136460af0dc0d7232c0dc0bcf0d9e117;
2019-08-28T00:06:16+09:00)
Maven home: C:\apps\apache-maven-3.6.2\bin\..
Java version: 1.8.0_202, vendor: Oracle Corporation, runtime:
C:\apps\jdk1.8.0_202\jre
Default locale: en_GB, platform encoding: MS932
OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
-----------------------
Hashed/sigs verified with:
for a in 1 256 512; do
for f in `find . -type f -name "*.sha${a}"`; do
claim=`cat $f |cut -d' ' -f1`;
actual=`shasum ${f%.sha*} -a ${a} |cut -d' ' -f1`;
if [[ "$claim" == "$actual" ]]; then echo " OK $f" ; else echo " FAIL
$f"; fi;
done
done
for f in `find . -type f -name "*.asc"`; do if gpg 2>&1 --verify $f |grep
-q "Good sig" ; then echo " OK $f" ; else echo " FAIL $f"; fi ; done
On Wed, Dec 29, 2021 at 2:25 PM Ralph Goers <[email protected]>
wrote:
> +1
>
>
> Verified Signatures, hashes and ran the build on my Mac.
>
> Ralph
>
> > On Dec 28, 2021, at 6:59 PM, Matt Sicker <[email protected]> wrote:
> >
> > This is a vote to release Log4j 2.3.2, a security release for Java 6
> users.
> >
> > Please download, test, and cast your votes on the log4j developers list.
> > [] +1, release the artifacts
> > [] -1, don't release because…
> >
> > The vote will remain open for as short amount as time as required to vet
> the release. All votes are welcome and we encourage everyone to test the
> release, but only Logging PMC votes are “officially” counted. As always, at
> least 3 +1 votes and more positive than negative votes are required.
> >
> > Changes in this version include:
> >
> > Fixed Bugs
> >
> > Fixed Bugs:
> > o LOG4J2-3293: JDBC Appender should use JNDI Manager and JNDI access
> should be limited.
> > Backport fix for CVE-2021-44832.
> > o LOG4J2-2819: Add support for specifying an SSL configuration for
> SmtpAppender.
> > Backport fix for CVE-2020-9488 to allow SSL/TLS hostname
> verification.
> >
> > Tag:
> > a) for a new copy do "git clone
> https://github.com/apache/logging-log4j2.git <
> https://github.com/apache/logging-log4j2.git>" and then "git checkout
> tags/log4j-2.3.2-rc1” or just "git clone -b log4j-2.3.2-rc1
> https://github.com/apache/logging-log4j2.git <
> https://github.com/apache/logging-log4j2.git>"
> > b) for an existing working copy to “git pull” and then “git checkout
> tags/log4j-2.3.2-rc1”
> >
> > Web Site: [none published yet; need someone to stage a generated site]
> >
> > Maven Artifacts:
> https://repository.apache.org/content/repositories/orgapachelogging-1081/
> >
> > Distribution archives:
> https://dist.apache.org/repos/dist/dev/logging/log4j/ <
> https://dist.apache.org/repos/dist/dev/logging/log4j/>
> >
> > You may download all the Maven artifacts by executing:
> > wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate
> https://repository.apache.org/content/repositories/orgapachelogging-1081/org/apache/logging/log4j/
> >
> > --
> > Matt Sicker
> >
>
>
