Re: [VOTE] Release Apache Qpid ProtonJ2 1.0.0-M4

[Timothy Bish]

On Mon, Dec 20, 2021 at 3:03 PM Timothy Bish  wrote:
>
> Hi folks,
>
> I have put together a release candidate for a 1.0.0-M4 Qpid ProtonJ2
> release,
> please give it a test out and vote accordingly.
>
> The source and binary archives can be grabbed from:
> https://dist.apache.org/repos/dist/dev/qpid/protonj2/1.0.0-M4-rc1/
>
> The maven artifacts are also staged for now at:
> https://repository.apache.org/content/repositories/orgapacheqpid-1236
>
> The JIRAs assigned are:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313720&version=12350719
>
> Regards
>
> P.S. If you want to test it out using maven (e.g with the examples
> src, or your own things), you can temporarily add this to your poms to
> access the staging repo:
>
>
>  
>staging
> https://repository.apache.org/content/repositories/orgapacheqpid-1236
>  
>
>
> The dependency for the protocol engine or the client itself would then be:
>
>
>  org.apache.qpid
>  protonj2
>  1.0.0-M4
>
>
>  org.apache.qpid
>  protonj2-client
>  1.0.0-M4
>
>
> --
> Tim Bish
>


+1

* Validated signatures and checksums
* Verified license and notice files
* Verified source license headers with mvn apache-rat:check
* Built from source and ran the tests
* Ran the examples against a build of ActiveMQ Artemis
* Ran the examples against a build of ActiveMQ 5

-- 
--
Tim Bish

-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org

Re: QPID Dispatch Router Log4j vulnerable?

[Robbie Gemmell]

It is not, the router isnt written in Java.

On Tue, 21 Dec 2021, 20:25 , 
wrote:

> Apache,
>
> Could you inform me if QPID Dispatch Router is exposed to the Log4j
> vulnerability (CVE-2021-44228<
> https://nvd.nist.gov/vuln/detail/CVE-2021-44228>)?
>
> (2nd inquiry)
>
> Thanks,
>
> Doug Mathias
> Software Enablement Services (SES) | Product Portfolio Management
> (M) 313 318 1597
> douglas.c.math...@wellsfargo.com
>
> PTO: 12/23, 12/29
>
> Disclaimer: The information contained in this electronic message is
> confidential, proprietary, and intended only for the use of the owner of
> the email address listed as the recipient of this message. If you are not
> the intended recipient, you are hereby notified that any disclosure,
> dissemination, distribution, copying of this communication, or unauthorized
> use is strictly prohibited and subject to prosecution to the fullest extent
> of the law! If you are not the intended recipient, please delete this
> electronic message and DO NOT ACT UPON, FORWARD, COPY OR OTHERWISE
> DISSEMINIATE IT OR ITS CONTENTS.
>
>

QPID Dispatch Router Log4j vulnerable?

[Douglas.C.Mathias]

Apache,

Could you inform me if QPID Dispatch Router is exposed to the Log4j 
vulnerability (CVE-2021-44228)?

(2nd inquiry)

Thanks,

Doug Mathias
Software Enablement Services (SES) | Product Portfolio Management
(M) 313 318 1597
douglas.c.math...@wellsfargo.com

PTO: 12/23, 12/29

Disclaimer: The information contained in this electronic message is 
confidential, proprietary, and intended only for the use of the owner of the 
email address listed as the recipient of this message. If you are not the 
intended recipient, you are hereby notified that any disclosure, dissemination, 
distribution, copying of this communication, or unauthorized use is strictly 
prohibited and subject to prosecution to the fullest extent of the law! If you 
are not the intended recipient, please delete this electronic message and DO 
NOT ACT UPON, FORWARD, COPY OR OTHERWISE DISSEMINIATE IT OR ITS CONTENTS.

Re: [VOTE] Release Apache Qpid JMS 0.61.0

[Oleksandr Rudyy]

+1

* verified checksums and signatures
* built successfully client from source bundle with running all unit tests
* ran successfully all Qpid broker system tests using v0.61.0 staged artefacts

On Mon, 20 Dec 2021 at 18:54, Robbie Gemmell  wrote:
>
> Hi folks,
>
> I have put together a spin for a 0.61.0 Qpid JMS client release, please
> give it a test out and vote accordingly.
>
> The source and binary archives can be grabbed from:
> https://dist.apache.org/repos/dist/dev/qpid/jms/0.61.0-rc1/
>
> The maven artifacts are also staged for now at:
> https://repository.apache.org/content/repositories/orgapacheqpid-1235
>
> The JIRAs assigned are:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12314524&version=12351130
>
> Regards,
> Robbie
>
> P.S. If you want to test it out using maven (e.g with the examples
> src, or your own things), you can temporarily add this to your poms to
> access the staging repo:
>
>   
> 
>   staging
>   
> https://repository.apache.org/content/repositories/orgapacheqpid-1235
> 
>   
>
> The dependency for the client itself would then be:
>
>   
> org.apache.qpid
> qpid-jms-client
> 0.61.0
>   
>
> -
> To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
> For additional commands, e-mail: users-h...@qpid.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org

Re: [VOTE] Release Apache Qpid JMS 1.5.0

[Oleksandr Rudyy]

+1

* verified checksums and signatures
* built successfully client from source bundle with running all unit tests
* ran successfully all Qpid broker system tests using v1.5.0 staged artefacts

On Mon, 20 Dec 2021 at 18:07, Robbie Gemmell  wrote:
>
> Hi folks,
>
> I have put together a spin for a 1.5.0 Qpid JMS client release, please
> give it a test out and vote accordingly.
>
> The source and binary archives can be grabbed from:
> https://dist.apache.org/repos/dist/dev/qpid/jms/1.5.0-rc1/
>
> The maven artifacts are also staged for now at:
> https://repository.apache.org/content/repositories/orgapacheqpid-1234
>
> The JIRAs assigned are:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12314524&version=12351054
>
> Regards,
> Robbie
>
> P.S. If you want to test it out using maven (e.g with the examples
> src, or your own things), you can temporarily add this to your poms to
> access the staging repo:
>
>   
> 
>   staging
>   
> https://repository.apache.org/content/repositories/orgapacheqpid-1234
> 
>   
>
> The dependency for the client itself would then be:
>
>   
> org.apache.qpid
> qpid-jms-client
> 1.5.0
>   
>
> -
> To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
> For additional commands, e-mail: users-h...@qpid.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org

Re: [VOTE] Release Apache Qpid ProtonJ2 1.0.0-M4

[Robbie Gemmell]

On Mon, 20 Dec 2021 at 20:03, Timothy Bish  wrote:
>
> Hi folks,
>
> I have put together a release candidate for a 1.0.0-M4 Qpid ProtonJ2
> release,
> please give it a test out and vote accordingly.
>
> The source and binary archives can be grabbed from:
> https://dist.apache.org/repos/dist/dev/qpid/protonj2/1.0.0-M4-rc1/
>
> The maven artifacts are also staged for now at:
> https://repository.apache.org/content/repositories/orgapacheqpid-1236
>
> The JIRAs assigned are:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313720&version=12350719
>
> Regards
>
> P.S. If you want to test it out using maven (e.g with the examples
> src, or your own things), you can temporarily add this to your poms to
> access the staging repo:
>
>
>  
>staging
> https://repository.apache.org/content/repositories/orgapacheqpid-1236
>  
>
>
> The dependency for the protocol engine or the client itself would then be:
>
>
>  org.apache.qpid
>  protonj2
>  1.0.0-M4
>
>
>  org.apache.qpid
>  protonj2-client
>  1.0.0-M4
>
>
> --
> Tim Bish
>
>

+1

I checked things over as follows:
- Verified the signature + checksum files.
- Checked for LICENCE + NOTICE files in the archives.
- Used "mvn apache-rat:check" to verify headers in the source archive.
- Ran the source build and tests.
- Ran HelloWorld using staged client bits against Dispatch 1.18.0.

Robbie

-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org

Re: [VOTE] Release Apache Qpid JMS 1.5.0

[Robbie Gemmell]

On Mon, 20 Dec 2021 at 18:07, Robbie Gemmell  wrote:
>
> Hi folks,
>
> I have put together a spin for a 1.5.0 Qpid JMS client release, please
> give it a test out and vote accordingly.
>
> The source and binary archives can be grabbed from:
> https://dist.apache.org/repos/dist/dev/qpid/jms/1.5.0-rc1/
>
> The maven artifacts are also staged for now at:
> https://repository.apache.org/content/repositories/orgapacheqpid-1234
>
> The JIRAs assigned are:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12314524&version=12351054
>
> Regards,
> Robbie
>
> P.S. If you want to test it out using maven (e.g with the examples
> src, or your own things), you can temporarily add this to your poms to
> access the staging repo:
>
>   
> 
>   staging
>   
> https://repository.apache.org/content/repositories/orgapacheqpid-1234
> 
>   
>
> The dependency for the client itself would then be:
>
>   
> org.apache.qpid
> qpid-jms-client
> 1.5.0
>   

+1

I checked things over as follows:
- Verified the signature and checksum files.
- Checked for LICENCE + NOTICE files in the archives.
- Used "mvn apache-rat:check" to check headers in the source archive.
- Ran the build and tests from the source archive on JDK11.
- Built Qpid Broker-J 8.0.6 using staged client, ran systests, on JDK11.
- Built ActiveMQ Artemis main using staged client, ran AMQP tests, on JDK11.
- Built Quarkus extension for Qpid JMS using staged client and tested
on JDK11 and 17.
- Ran HelloWorld example against Dispatch 1.18.0, on JDK11.

Robbie

-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org

Re: [VOTE] Release Apache Qpid JMS 0.61.0

[Robbie Gemmell]

On Mon, 20 Dec 2021 at 18:54, Robbie Gemmell  wrote:
>
> Hi folks,
>
> I have put together a spin for a 0.61.0 Qpid JMS client release, please
> give it a test out and vote accordingly.
>
> The source and binary archives can be grabbed from:
> https://dist.apache.org/repos/dist/dev/qpid/jms/0.61.0-rc1/
>
> The maven artifacts are also staged for now at:
> https://repository.apache.org/content/repositories/orgapacheqpid-1235
>
> The JIRAs assigned are:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12314524&version=12351130
>
> Regards,
> Robbie
>
> P.S. If you want to test it out using maven (e.g with the examples
> src, or your own things), you can temporarily add this to your poms to
> access the staging repo:
>
>   
> 
>   staging
>   
> https://repository.apache.org/content/repositories/orgapacheqpid-1235
> 
>   
>
> The dependency for the client itself would then be:
>
>   
> org.apache.qpid
> qpid-jms-client
> 0.61.0
>   

+1

I checked things out as follows:
- Verified the signature + checksum files.
- Checked for LICENCE and NOTICE files in the archives.
- Ran "mvn apache-rat:check" to check headers in the source archive.
- Ran the build and tests from the source archive on JDK8.
- Built Qpid Broker-J 8.0.6 using staged client, ran systests, on JDK8.
- Built ActiveMQ Artemis main using staged client, ran AMQP tests, on JDK11.
- Built Quarkus extension for Qpid JMS using staged client and tested
on JDK11 and 17.
- Ran HelloWorld example against Dispatch 1.18.0, on JDK 8.

Robbie

-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org