Re: Logback CVE-2021-42550
I’m closing current release votes, and I will update in Karaf to prepare new releases. Regards JB > Le 18 déc. 2021 à 20:25, Grzegorz Grzybek a écrit : > > Hello > > Done - I've released Pax Logging 1.11.12 and 2.0.13 with the Logback > update. Thanks Matt for the initial PR - I've checked that no other changes > are required. > > regards > Grzegorz Grzybek > > sob., 18 gru 2021 o 05:42 Jean-Baptiste Onofre napisał(a): > >> Thanks, >> >> However, the PR is not correct. >> >> We (Greg and I) will create a right PR and move forward on Pax Logging >> release. >> >> However, just a note for the users: this issue is largely less critical >> than log4j one. >> Anyway, I will cut maintenance release quickly. >> >> Regards >> JB >> >>> Le 17 déc. 2021 à 16:35, Matt Pavlovich a écrit : >>> >>> PR created for pax-logging against main: >> https://github.com/ops4j/org.ops4j.pax.logging/pull/425 < >> https://github.com/ops4j/org.ops4j.pax.logging/pull/425> >>> >>> On Dec 17, 2021, at 9:23 AM, Matt Pavlovich wrote: I summarized notes on the Logback CVE-2021-42550 . While significantly >> less critical, we probably need to consider another round of releases to >> address and bring in logback 1.2.9. notes here: https://issues.apache.org/jira/browse/KARAF-7299 < >> https://issues.apache.org/jira/browse/KARAF-7299> Thoughts? >>> >> >>
Re: Logback CVE-2021-42550
Hello Done - I've released Pax Logging 1.11.12 and 2.0.13 with the Logback update. Thanks Matt for the initial PR - I've checked that no other changes are required. regards Grzegorz Grzybek sob., 18 gru 2021 o 05:42 Jean-Baptiste Onofre napisał(a): > Thanks, > > However, the PR is not correct. > > We (Greg and I) will create a right PR and move forward on Pax Logging > release. > > However, just a note for the users: this issue is largely less critical > than log4j one. > Anyway, I will cut maintenance release quickly. > > Regards > JB > > > Le 17 déc. 2021 à 16:35, Matt Pavlovich a écrit : > > > > PR created for pax-logging against main: > https://github.com/ops4j/org.ops4j.pax.logging/pull/425 < > https://github.com/ops4j/org.ops4j.pax.logging/pull/425> > > > > > >> On Dec 17, 2021, at 9:23 AM, Matt Pavlovich wrote: > >> > >> I summarized notes on the Logback CVE-2021-42550 . While significantly > less critical, we probably need to consider another round of releases to > address and bring in logback 1.2.9. > >> > >> notes here: https://issues.apache.org/jira/browse/KARAF-7299 < > https://issues.apache.org/jira/browse/KARAF-7299> > >> > >> Thoughts? > > > >
[ANN] Pax Logging 2.0.13 and 1.11.12 released
Hello Pax Logging 2.0.13 and 1.11.12 have been released with two upgrades: - Log4j2 2.17.0 - Logback 1.2.9 These are the latest versions of the dependencies as of December 18th 2021. The changelogs are: - 2.0.13: https://github.com/ops4j/org.ops4j.pax.logging/milestone/75?closed=1 - 1.11.12: https://github.com/ops4j/org.ops4j.pax.logging/milestone/76?closed=1 kind regards Grzegorz Grzybek
[ANN] Pax Logging 1.10.8 released
Hello Pax Logging 1.10.8 has been released with Log4j2 upgrade to version 2.12.2. This is the version with CVE-2021-44228 fixed for people that still use JDK 7. Normally, Pax Logging 1.10.x is no longer maintaned (only 1.11.x and 2.0.x branches are for now), but for this CVE we've made an exception ;) The changelog is available at GitHub: https://github.com/ops4j/org.ops4j.pax.logging/milestone/77?closed=1 kind regards Grzegorz Grzybek
