Mike, I see Log4J version at 2.17.0 released.
- https://www.google.com/amp/s/thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html%3Famp%3D1 - - Last Published: 2021-12-17| - Version: 2.17.0 https://logging.apache.org/log4j/2.x/download.html Thanks Naren On Fri, Dec 17, 2021 at 9:24 PM Naren <[email protected]> wrote: > Dave, > > Sure, you guys are awesome and helpful. Hope to get the 6.1.0 > sooner. > > Thanks > Naren > > On Fri, Dec 17, 2021 at 5:58 PM Dave <[email protected]> wrote: > >> Hi Naren, >> >> Thanks for checking on this and keeping us honest :-) >> >> This later commit is where 2.16 was added: >> >> >> https://github.com/apache/roller/commit/4e7d63fd98180acedba62fb9abb5354ac8234898 >> >> I think the current release candidate is good to go and since we have the >> votes, I hope to release it this weekend. >> >> Best regards, >> Dave >> >> >> On Fri, Dec 17, 2021 at 5:19 PM NAREN <[email protected]> wrote: >> >> > Dave, >> > >> > I was checking on Github : >> > >> > >> https://github.com/apache/roller/commit/e91676c5626316ac0eebd3758433f665e579cc52 >> > <-- This shows 2.15.0 committed 7 days ago >> > >> > maven dependency updates >> > >> > highlights: >> > - log4j 2.15.0 (fixes CVE) >> > - lucene 9 >> > - spring security 5.6 >> > - jquery-ui 1.13 via webjar >> > - other minor version bumps >> > >> > <log4j2.version>2.15.0</log4j2.version> >> > <lucene.version>9.0.0</lucene.version> >> > ================= >> > But when I do a search it shows 2.16 >> > >> > https://github.com/apache/roller/search?q=log4j2.version >> > app/pom.xml >> > < >> > >> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml >> > > >> > 49 >> > < >> > >> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L49 >> > > >> > <log4j2.version>2.16.0</log4j2.version> >> > 50 >> > < >> > >> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L50 >> > > >> > <lucene.version>9.0.0</lucene.version> >> > 51 >> > < >> > >> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L51 >> > > >> > <oauth-core.version>20100527</oauth-core.version> >> > Hope this helps. >> > >> > Thanks >> > Naren >> > >> > On Fri, Dec 17, 2021 at 4:09 PM Dave <[email protected]> wrote: >> > >> > > Hi Naren, >> > > >> > > Please be specific: where do you see 2.15? I do not see that version >> in >> > the >> > > release files. I see the correct 2.16.0 version. >> > > >> > > Thanks, >> > > Dave >> > > >> > > On Fri, Dec 17, 2021 at 1:13 PM NAREN <[email protected]> wrote: >> > > >> > > > Dave, >> > > > >> > > > I see log4j version for Roller 6.1.0 at 2.15.0 >> > > > >> > > > But fully updated fix should be at 2.16.0. Could you please request >> > this >> > > > update before release? >> > > > >> > > > https://logging.apache.org/log4j/2.x/ >> > > > >> > > > Thanks >> > > > Nraa >> > > > >> > > >> > >> > -- > Naren > > -- Naren
