Dave,
I was checking on Github :
https://github.com/apache/roller/commit/e91676c5626316ac0eebd3758433f665e579cc52
<-- This shows 2.15.0 committed 7 days ago
maven dependency updates
highlights:
- log4j 2.15.0 (fixes CVE)
- lucene 9
- spring security 5.6
- jquery-ui 1.13 via webjar
- other minor version bumps
<log4j2.version>2.15.0</log4j2.version>
<lucene.version>9.0.0</lucene.version>
=================
But when I do a search it shows 2.16
https://github.com/apache/roller/search?q=log4j2.version
app/pom.xml
<https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml>
49
<https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L49>
<log4j2.version>2.16.0</log4j2.version>
50
<https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L50>
<lucene.version>9.0.0</lucene.version>
51
<https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L51>
<oauth-core.version>20100527</oauth-core.version>
Hope this helps.
Thanks
Naren
On Fri, Dec 17, 2021 at 4:09 PM Dave <snoopd...@gmail.com> wrote:
> Hi Naren,
>
> Please be specific: where do you see 2.15? I do not see that version in the
> release files. I see the correct 2.16.0 version.
>
> Thanks,
> Dave
>
> On Fri, Dec 17, 2021 at 1:13 PM NAREN <getn...@gmail.com> wrote:
>
> > Dave,
> >
> > I see log4j version for Roller 6.1.0 at 2.15.0
> >
> > But fully updated fix should be at 2.16.0. Could you please request this
> > update before release?
> >
> > https://logging.apache.org/log4j/2.x/
> >
> > Thanks
> > Nraa
> >
>
