We can review this without doing a reproducibility check. The signatures of everything look good; just doing some final validations before voting.
> On Dec 18, 2023, at 6:38 AM, Gary Gregory <garydgreg...@gmail.com> wrote: > > Since Piotr asked for a fix and Matt can reproduce the issue, I'm not going > to take the time.to review this RC. > > Gary > > On Mon, Dec 18, 2023, 3:21 AM Volkan Yazıcı <vol...@yazi.ci> wrote: > >> Even though the vote was intended for 72 hours, it has been 5 days and >> there hasn't been any official votes on the release. I will wait for >> another 24 hours and cancel the release. I will appreciate PMC members' >> participation in the voting. >> >> On Wed, Dec 13, 2023 at 4:26 PM Volkan Yazıcı <vol...@yazi.ci> wrote: >> >>> This is a vote to release the Apache Log4j 3.0.0-beta1. >>> >>> Website: https://logging.staged.apache.org/log4j >>> GitHub: https://github.com/apache/logging-log4j2 >>> Commit: c5dbdcfeb0216e1e3e333436e9b4d04cc3b8e6fd >>> Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j >>> Nexus: >>> https://repository.apache.org/content/repositories/orgapachelogging-1246 >>> Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 >>> >>> Please download, test, and cast your votes on this mailing list. >>> >>> [ ] +1, release the artifacts >>> [ ] -1, don't release, because... >>> >>> This vote is open for 72 hours and will pass unless getting a >>> net negative vote count. All votes are welcome and we encourage >>> everyone to test the release, but only the Logging Services PMC >>> votes are officially counted. >>> >>> == Review Kit >>> >>> The minimum set of steps needed to review the uploaded distribution >>> files in the Subversion repository can be summarized as follows: >>> >>> # Check out the distribution >>> svn co https://dist.apache.org/repos/... && cd $_ >>> >>> # Verify checksums >>> shasum --check *.sha512 >>> >>> # Verify signatures >>> wget -O - https://downloads.apache.org/logging/KEYS | gpg --import >>> for sigFile in *.asc; do gpg --verify $sigFile; done >>> >>> # Verify reproduciblity >>> umask 0022 >>> unzip *-src.zip -d src >>> cd src >>> export NEXUS_REPO=https://repository.apache.org/content/... >>> sh mvnw -Prelease \ >>> verify artifact:compare \ >>> -Dreference.repo=$NEXUS_REPO \ >>> -Dcyclonedx.skip >>> >>> Some SBOM discrepancy is causing reproducibility mismatch, hence the >>> `-Dcyclonedx.skip`. Since `2.x` and `main` are greatly diverged, I >> couldn't >>> figure out the missing piece yet. >>> >>> == Release Notes >>> >>> This is the first beta release of the upcoming major release, i.e., >>> `3.0.0`. >>> >>> === Added >>> >>> * Add annotations for nullability. (LOG4J2-1477) >>> * Remove deprecated code. (LOG4J2-2493) >>> * Add a more generalized dependency injection system to plugins inspired >>> by JSR 330. (LOG4J2-2803) >>> * Add and enhance structured properties for per-context settings outside >>> configuration files. (1473) >>> * Automate artifact publishing and release preparation. (LOG4J2-3466) >>> * Add support for dependency injection of plugins into container types >>> such as `Optional<T>`, `Collection<T>`, `Set<T>`, `Stream<T>`, `List<T>`, >>> and `Map<String, T>`. (LOG4J2-3496) >>> * Add support for `ConstraintValidator` in plugin classes. (LOG4J2-3497) >>> >>> === Changed >>> >>> * Remove liquibase-log4j2 maven module (#1193) >>> * Make the output of annotation processing reproducible. (#1520) >>> * Replace `synchronized` blocks with locks for improved performance with >>> virtual threads. (#1532) >>> * Removes additional `isFiltered` checks in `AsyncLoggerConfig`. (#1550) >>> * Ignore exceptions thrown by PropertySources. Eliminate >>> ClassCastException when SimpleLoggerContext is used. >>> (spring-projects/spring-boot#33450, #1799) >>> * Update `com.lmax:disruptor` to version `4.0.0` (#1829) >>> * Migrate most tests to JUnit 5. This includes a more powerful set of >> test >>> extensions. (LOG4J2-2653) >>> * Make Log4j use its own BOM. (LOG4J2-3511) >>> * Change encoding of HTTP Basic Authentication to UTF-8. (#1970) >>> * Upgraded the required compiler version to Java 17 >>> * Upgraded the required runtime version to Java 17 >>> * Update `actions/checkout` to version `4.1.1` (#1869) >>> * Update `actions/setup-java` to version `3.13.0` (#1809) >>> * Update `actions/setup-python` to version `4.7.1` (#1831) >>> * Update `ch.qos.logback:logback-classic` to version `1.4.14` (#2028) >>> * Update `com.datastax.cassandra:cassandra-driver-core` to version >>> `3.11.5` (#1889) >>> * Update `com.fasterxml.jackson:jackson-bom` to version `2.16.0` (#1974) >>> * Update `com.github.luben:zstd-jni` to version `1.5.5-11` (#2032) >>> * Update `com.github.spotbugs:spotbugs-maven-plugin` to version `4.7.3.6` >>> (#1879) >>> * Update `com.github.tomakehurst:wiremock-jre8` to version `2.35.1` >> (#1765) >>> * Update `com.google.errorprone:error_prone_core` to version `2.23.0` >>> (#1871) >>> * Update `com.google.guava:guava-testlib` to version `32.1.3-jre` (#1934) >>> * Update `com.h2database:h2` to version `2.2.224` (#1917) >>> * Update `commons-codec:commons-codec` to version `1.16.0` (#2054) >>> * Update `commons-io:commons-io` to version `2.15.1` (#2035) >>> * Update `commons-logging:commons-logging` to version `1.3.0` (#2046) >>> * Update `de.flapdoodle.reverse:de.flapdoodle.reverse` to version `1.7.2` >>> (#2000) >>> * Update `io.netty:netty-bom` to version `4.1.101.Final` (#1999) >>> * Update `net.java.dev.jna:jna` to version `5.14.0` (#2082) >>> * Update `org.apache.aries.spifly:org.apache.aries.spifly.dynamic.bundle` >>> to version `1.3.7` (#2053) >>> * Update `org.apache.commons:commons-compress` to version `1.25.0` >> (#2055) >>> * Update `org.apache.commons:commons-csv` to version `1.10.0` (#2041) >>> * Update `org.apache.commons:commons-dbcp2` to version `2.11.0` (#2044) >>> * Update `org.apache.commons:commons-lang3` to version `3.14.0` (#2036) >>> * Update `org.apache.commons:commons-pool2` to version `2.12.0` (#2038) >>> * Update `org.apache.groovy:groovy-bom` to version `4.0.16` (#2039) >>> * Update `org.apache.maven:maven-core` to version `3.9.6` (#2049) >>> * Update `org.apache.maven.surefire:surefire-junit47` to version `3.2.2` >>> (#2051) >>> * Update `org.apache.tomcat:tomcat-juli` to version `10.1.16` (#2052) >>> * Update `org.codehaus.plexus:plexus-utils` to version `3.5.1` (#2061) >>> * Update `org.eclipse.jetty:jetty-bom` to version `9.4.53.v20231009` >>> (#1931) >>> * Update `org.eclipse.persistence:org.eclipse.persistence.jpa` to version >>> `2.7.13` (#1933) >>> * Update `org.eclipse.platform:org.eclipse.osgi` to version `3.18.600` >>> (#2064) >>> * Update `org.elasticsearch.client:elasticsearch-rest-high-level-client` >>> to version `7.17.15` (#1996) >>> * Update `org.graalvm.truffle:truffle-api` to version `23.1.1` (#1872) >>> * Update `org.jctools:jctools-core` to version `4.0.2` (#1995) >>> * Update `org.jmdns:jmdns` to version `3.5.9` (#2069) >>> * Update `org.junit:junit-bom` to version `5.10.1` (#1993) >>> * Update `org.junit-pioneer:junit-pioneer` to version `2.2.0` (#1986) >>> * Update `org.mockito:mockito-bom` to version `5.8.0` (#2031) >>> * Update `org.mongodb:bson` to version `4.11.1` (#1991) >>> * Update `org.springframework.boot:spring-boot` to version `2.7.17` >> (#1902) >>> * Update `org.springframework.boot:spring-boot-dependencies` to version >>> `2.7.18` (#2002) >>> * Update `org.springframework:spring-framework-bom` to version `5.3.30` >>> (#1903) >>> * Update `org.springframework:spring-test` to version `5.3.31` (#1992) >>> * Update `org.xerial.snappy:snappy-java` to version `1.1.10.5` (#1877) >>> * Update `org.zeromq:jeromq` to version `0.5.4` (#1888) >>> * Update `uk.org.webcompere:system-stubs-core` to version `2.1.5` (#2001) >>> * Update OpenTest4J to version `1.3.0` >>> >>> === Removed >>> >>> * Remove `GelfLayout` (a GELF-compatible layout is still possible using >>> JSON Template Layout) (#1951) >>> * Remove `log4j-cassandra` (#1951) >>> * Remove `log4j-couchdb` (#1951) >>> * Remove Jackson-based JSON configuration support. JSON configuration >>> files are now handled through a built-in JSON parser. >>> * Moved Log4j Jakarta EE modules (`log4j-jakarta-jms`, >>> `log4j-jakarta-smtp`, and `log4j-jakarta-web`) to their own repository[1] >>> and website[2] (#1966) >>> * Removed all Java EE modules: `log4j-jms`, `log4j-jpa`, `log4j-smtp`, >>> `log4j-web` (#1966) >>> * Remove `log4j-jeromq` module (users are recommended to migrate to >>> loghublog4j2[3]) (#1951) >>> * Remove `log4j-kafka` (#1951) >>> * Remove `log4j-layout-jackson-json` module (it is superseded by JSON >>> Template Layout) (#1951) >>> * Remove `log4j-layout-jackson-yaml` module (#1951) >>> * Remove legacy OSGi integration. `ServiceLoader` mechanism should be >> used >>> instead. >>> * Remove `log4j-mongodb3` module (#1951) >>> * Remove support for `SecurityManager`. Starting in Java 21, a custom >>> `SecurityManager` cannot be used. >>> * Remove `log4j-spring-boot` module (its features are upstreamed to >>> `org.springframework.boot:spring-boot-starter-log4j2`) (#1951) >>> >>> [1] https://github.com/apache/logging-log4j-jakarta >>> [2] https://logging.apache.org/log4j/jakarta >>> [3] https://github.com/fbacchella/loghublog4j2 >>> >>> === Fixed >>> >>> * Remove locale-dependent `toLowerCase/toUpperCase` calls. (#1281) >>> * Add environment variable arbiter. (#1312) >>> * Fixed logging of java.sql.Date objects by appending it before Log4J >>> tries to call java.util.Date.toInstant() on it. (#1366) >>> * Adapt the OSGi metadata of `log4j-api`, `log4j-core`, >> `log4j-slf4j-impl` >>> and `log4j-slf4j2-impl` to activate the bundle when it is accessed. To >>> achieve that set the `Bundle-ActivationPolicy` to `lazy` for the log4j >>> bundles. (#1367) >>> * Fix runtime dependencies documentation. (#1530) >>> * Allow to override fqcn in `Log4jEventBuilder` by implementing >>> `CallerBoundaryAware`. (#1533) >>> * Migrate MongoDB tests to JUnit 5 and Flapdoodle Embedded MongoDB 4. >>> (#1589) >>> * Fixed rollover strategy in the Log4j 1.x compatibility layer. (#1650) >>> * Only shutdown Log4j after last `Log4jServletContextListener` is >>> executed. (#1782) >>> * Fixes context data loss if `<AsyncLogger>` components are used with an >>> all async logger context. (#1786) >>> * AppenderLoggingException logging any exception to a MongoDB Appender. >>> (LOG4J2-3392) >>> >>
