Re: [log4j] What is JPMS support and its state

On Tue, Nov 7, 2023, at 15:05, Matt Sicker wrote: > I’m not going to backport the DI system. It relies on Java 11 in all > sorts of random places, first of all. I had to update numerous plugins > and tests along the way, especially things that set up or manipulate > static state, much of whic

Re: Vulnerability Disclosure Report (VDR)

Very neat! Thanks for getting this started. > On Nov 8, 2023, at 9:49 AM, Volkan Yazıcı wrote: > > Today I have published the CycloneDX Vulnerability Disclosure Report (VDR) > Piotr and I have been working on. > This VDR is expected to contain all CVEs fi

Re: [VOTE][LAZY] Release Apache Logging Parent 10.3.0 (RC2)

We just figured a mistake in the VDR URL scheme. It should have been `uuid` instead of `cdx`, which requires a version. I cancel this vote. I will issue an RC3 promptly, though I will stick to the timeline of the RC2 vote. On Mon, Nov 6, 2023 at 11:32 AM Volkan Yazıcı wrote: > This is a lazy-vot

Vulnerability Disclosure Report (VDR)

Today I have published the CycloneDX Vulnerability Disclosure Report (VDR) Piotr and I have been working on. This VDR is expected to contain all CVEs filed by Logging Services. All our SBOMs will point to this one-and-only VDR file with the most recent `logg

Re: Deterministic formatter

On Wed, Nov 8, 2023, at 09:04, Volkan Yazıcı wrote: > I completely agree with Matt. With or without IDE plugins, we run `./mvnw > spotless:apply` anyway. Hence, lack of Eclipse support is not a blocker, > IMO. Gary is covered. > > +1 deterministic formatter (don't have an opinion on Palantir-vs-

Re: Deterministic formatter

I completely agree with Matt. With or without IDE plugins, we run `./mvnw spotless:apply` anyway. Hence, lack of Eclipse support is not a blocker, IMO. Gary is covered. +1 deterministic formatter (don't have an opinion on Palantir-vs-Google) Piotr, it has been two months or so since we are discus