+0 no concerns, I'm just not at a machine where I can verify
On Wednesday, December 29, 2021, 01:40:50 PM EST, Matt Sicker
<[email protected]> wrote:
I’m waiting to see if Ron or any other PMC members wanted to review this
before I close the vote and continue with the release.
--
Matt Sicker
> On Dec 29, 2021, at 11:42, Matt Sicker <[email protected]> wrote:
>
> My +1
> --
> Matt Sicker
>
>> On Dec 29, 2021, at 10:35, Carter Kozak <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> +1
>>
>> $ mvn -version
>> Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537)
>> Maven home: /opt/homebrew/Cellar/maven/3.8.4/libexec
>> Java version: 1.8.0_312, vendor: Azul Systems, Inc., runtime:
>> /Users/ckozak/.tools/jdk/zulu8.58.0.13-ca-jdk8.0.312-macosx_aarch64/zulu-8.jdk/Contents/Home/jre
>> Default locale: en_US, platform encoding: UTF-8
>> OS name: "mac os x", version: "12.1", arch: "aarch64", family: "mac"
>>
>> build/tests/rat look good
>>
>> -ck
>>
>> On Tue, Dec 28, 2021, at 20:59, Matt Sicker wrote:
>>> This is a vote to release Log4j 2.3.2, a security release for Java 6 users.
>>>
>>> Please download, test, and cast your votes on the log4j developers list.
>>> [] +1, release the artifacts
>>> [] -1, don't release because…
>>>
>>> The vote will remain open for as short amount as time as required to vet
>>> the release. All votes are welcome and we encourage everyone to test the
>>> release, but only Logging PMC votes are “officially” counted. As always, at
>>> least 3 +1 votes and more positive than negative votes are required.
>>>
>>> Changes in this version include:
>>>
>>> Fixed Bugs
>>>
>>> Fixed Bugs:
>>> o LOG4J2-3293: JDBC Appender should use JNDI Manager and JNDI access
>>> should be limited.
>>> Backport fix for CVE-2021-44832.
>>> o LOG4J2-2819: Add support for specifying an SSL configuration for
>>> SmtpAppender.
>>> Backport fix for CVE-2020-9488 to allow SSL/TLS hostname
>>>verification.
>>>
>>> Tag:
>>> a) for a new copy do "git clone
>>> https://github.com/apache/logging-log4j2.git
>>> <https://github.com/apache/logging-log4j2.git>
>>> <https://github.com/apache/logging-log4j2.git
>>> <https://github.com/apache/logging-log4j2.git>>" and then "git checkout
>>> tags/log4j-2.3.2-rc1” or just "git clone -b log4j-2.3.2-rc1
>>> https://github.com/apache/logging-log4j2.git
>>> <https://github.com/apache/logging-log4j2.git>
>>> <https://github.com/apache/logging-log4j2.git
>>> <https://github.com/apache/logging-log4j2.git>>"
>>> b) for an existing working copy to “git pull” and then “git checkout
>>> tags/log4j-2.3.2-rc1”
>>>
>>> Web Site: [none published yet; need someone to stage a generated site]
>>>
>>> Maven Artifacts:
>>> https://repository.apache.org/content/repositories/orgapachelogging-1081/
>>> <https://repository.apache.org/content/repositories/orgapachelogging-1081/>
>>>
>>> Distribution archives:
>>> https://dist.apache.org/repos/dist/dev/logging/log4j/
>>> <https://dist.apache.org/repos/dist/dev/logging/log4j/>
>>> <https://dist.apache.org/repos/dist/dev/logging/log4j/
>>> <https://dist.apache.org/repos/dist/dev/logging/log4j/>>
>>>
>>> You may download all the Maven artifacts by executing:
>>> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate
>>> https://repository.apache.org/content/repositories/orgapachelogging-1081/org/apache/logging/log4j/
>>>
>>> <https://repository.apache.org/content/repositories/orgapachelogging-1081/org/apache/logging/log4j/>
>>>
>>> --
>>> Matt Sicker
>
