Hi, I downloaded log4j 2.23.0 from https://logging.apache.org/log4j/2.x/download.html Specifically I downloaded https://www.apache.org/dyn/closer.lua/logging/log4j/2.23.0/apache-log4j-2.23.0-bin.zip
The checksum file https://www.apache.org/dist/logging/log4j/2.23.0/apache-log4j-2.23.0-bin.zip.sha512 contains a different checksum from what I get when I run shasum on the downloaded zip file: > shasum -a 512 apache-log4j-2.23.0-bin.zip 204d5b860a4169232e7ac7b41648a4167a8d11afc76e3457dd463bf28c3c0ca4d10c07e0970bc30a4d061c3e5dc869b1ac367a563eacd592d7bfff192e15852d apache-log4j-2.23.0-bin.zip > cat apache-log4j-2.23.0-bin.zip.sha512 > 4668362f8c339b48e0a82bce4031d981e930fa4317fca8c94ad51528f6f8680563e6bde04372fcfbb40c31b646a8309ccd2fc3d1eff68cccfd328e96472e6f31 > apache-log4j-2.23.0-bin.zip The signature of the zip file checks out OK, but I’m hesitant to use the zip file due to the checksum error. Piers -- Piers Uso Walter <piers.wal...@ilink.de> ilink Kommunikationssysteme GmbH
