Hi, +1 from me
Checked out the tag 2.21-rc0 and ran build and hsqldb based tests successfully Did a simple example based test crawl of a webpage with <base href="...">, ingest URIs are built correctly Checked the logs, found no errors or warnings Checked that mail notifications work (tested with mailhog) Travis ci reports green for the release tag: https://app.travis-ci.com/github/apache/manifoldcf/builds/243992093 Checked that Log4j 2.17 is contained in the built distribution Yesterday Log4J 2.17.1 was released due to https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 It is an RCE vulnerability, but only if the attacker has already the capability to modify the log4j configuration. I don't think that we have to respin the release for this one (base cvss score is 6.6). Many thanks for managing the release Karl and many thanks to all contributors. I wish everyone a happy new year 2022. Markus Am 26.12.2021 um 12:30 schrieb Karl Wright:
Hi, Please vote on whether to release Apache ManifoldCF 2.21, RC0. The release candidate can be found at https://dist.apache.org/repos/dist/dev/manifoldcf/apache-manifoldcf-2.21. There is also a release tag at https://svn.apache.org/repos/asf/manifoldcf/tags/release-2.21-RC0. As everyone is aware, this release updates log4j to version 2.17. It also fixes numerous other build-related issues on Unix systems. Other changes are listed in CHANGES.txt, as always. Karl