Re: Log4J version

Fri, 17 Dec 2021 14:58:25 -0800 

Hi Naren,

Thanks for checking on this and keeping us honest :-)

This later commit is where 2.16 was added:

https://github.com/apache/roller/commit/4e7d63fd98180acedba62fb9abb5354ac8234898

I think the current release candidate is good to go and since we have the
votes, I hope to release it this weekend.

Best regards,
Dave


On Fri, Dec 17, 2021 at 5:19 PM NAREN <getn...@gmail.com> wrote:

> Dave,
>
>         I was checking on Github :
>
> https://github.com/apache/roller/commit/e91676c5626316ac0eebd3758433f665e579cc52
> <-- This shows 2.15.0 committed 7 days ago
>
> maven dependency updates
>
> highlights:
>  - log4j 2.15.0 (fixes CVE)
>  - lucene 9
>  - spring security 5.6
>  - jquery-ui 1.13 via webjar
>  - other minor version bumps
>
>  <log4j2.version>2.15.0</log4j2.version>
>  <lucene.version>9.0.0</lucene.version>
> =================
> But when I do a search it shows 2.16
>
> https://github.com/apache/roller/search?q=log4j2.version
> app/pom.xml
> <
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml
> >
> 49
> <
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L49
> >
> <log4j2.version>2.16.0</log4j2.version>
> 50
> <
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L50
> >
> <lucene.version>9.0.0</lucene.version>
> 51
> <
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L51
> >
> <oauth-core.version>20100527</oauth-core.version>
> Hope this helps.
>
> Thanks
> Naren
>
> On Fri, Dec 17, 2021 at 4:09 PM Dave <snoopd...@gmail.com> wrote:
>
> > Hi Naren,
> >
> > Please be specific: where do you see 2.15? I do not see that version in
> the
> > release files. I see the correct 2.16.0 version.
> >
> > Thanks,
> > Dave
> >
> > On Fri, Dec 17, 2021 at 1:13 PM NAREN <getn...@gmail.com> wrote:
> >
> > > Dave,
> > >
> > >          I see log4j version for Roller 6.1.0 at 2.15.0
> > >
> > > But fully updated fix should be at 2.16.0.  Could you please request
> this
> > > update before release?
> > >
> > > https://logging.apache.org/log4j/2.x/
> > >
> > > Thanks
> > > Nraa
> > >
> >
>

Reply via email to