All,
I'm now -1 on this given that log4j 2.17.0 is available. I'm not
that troubled by the current security vuln found in 2.16.0, but I'd
like to avoid the communications between the PMC and our community and
between our community and their security scanners about why we aren't
on 2.17.0.
I'll respin today with some other minor upgrades.
Best,
Tim
On Sat, Dec 18, 2021 at 4:29 AM Tilman Hausherr <[email protected]> wrote:
>
> +1
>
> Tilman
>
> Am 17.12.2021 um 21:52 schrieb Tim Allison:
> > A candidate for the Tika 2.2.1 release is available at:
> > https://dist.apache.org/repos/dist/dev/tika/2.2.1
> >
> > The release candidate is a zip archive of the sources in:
> > https://github.com/apache/tika/tree/2.2.1-rc1/
> >
> > The SHA-512 checksum of the archive is
> > 88668ccae7549b469b2922d11ab8722bc7d20228fa3f27d49ae4ce84970839c7a1344cc2cab1abb3b9f69cf2821d35fccd13d514c646b29f2470dae423f50eab.
> >
> > In addition, a staged maven repository is available here:
> > https://repository.apache.org/content/repositories/orgapachetika-1075/org/apache/tika
> >
> > Please vote on releasing this package as Apache Tika 2.2.1.
> > The vote is open for the next 72 hours and passes if a majority of at
> > least three +1 Tika PMC votes are cast.
> >
> > [ ] +1 Release this package as Apache Tika 2.2.1
> > [ ] -1 Do not release this package because...
> >
> > Here's my +1
>
>
