Re: Log4J version

Michael Bien Sat, 18 Dec 2021 15:31:47 -0800

its already in Apache Roller 6.1.0 rc2

On 18.12.21 20:11, Naren wrote:

Mike,


I see Log4J version at 2.17.0 released.

#
https://www.google.com/amp/s/thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html%3Famp%3D1

#


# Last Published: 2021-12-17|
# Version: 2.17.0
https://logging.apache.org/log4j/2.x/download.html

Thanks
Naren

On Fri, Dec 17, 2021 at 9:24 PM Naren <getna...@gmail.com> wrote:

    Dave,

           Sure, you guys are awesome and helpful. Hope to get the
    6.1.0 sooner.

    Thanks
    Naren

    On Fri, Dec 17, 2021 at 5:58 PM Dave <snoopd...@gmail.com> wrote:

        Hi Naren,

        Thanks for checking on this and keeping us honest :-)

        This later commit is where 2.16 was added:

        
https://github.com/apache/roller/commit/4e7d63fd98180acedba62fb9abb5354ac8234898

        I think the current release candidate is good to go and since
        we have the
        votes, I hope to release it this weekend.

        Best regards,
        Dave


        On Fri, Dec 17, 2021 at 5:19 PM NAREN <getn...@gmail.com> wrote:

        > Dave,
        >
        >         I was checking on Github :
        >
        >
        
https://github.com/apache/roller/commit/e91676c5626316ac0eebd3758433f665e579cc52
        > <-- This shows 2.15.0 committed 7 days ago
        >
        > maven dependency updates
        >
        > highlights:
        >  - log4j 2.15.0 (fixes CVE)
        >  - lucene 9
        >  - spring security 5.6
        >  - jquery-ui 1.13 via webjar
        >  - other minor version bumps
        >
        > <log4j2.version>2.15.0</log4j2.version>
        > <lucene.version>9.0.0</lucene.version>
        > =================
        > But when I do a search it shows 2.16
        >
        > https://github.com/apache/roller/search?q=log4j2.version
        > app/pom.xml
        > <
        >
        
https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml
        > >
        > 49
        > <
        >
        
https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L49
        > >
        > <log4j2.version>2.16.0</log4j2.version>
        > 50
        > <
        >
        
https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L50
        > >
        > <lucene.version>9.0.0</lucene.version>
        > 51
        > <
        >
        
https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L51
        > >
        > <oauth-core.version>20100527</oauth-core.version>
        > Hope this helps.
        >
        > Thanks
        > Naren
        >
        > On Fri, Dec 17, 2021 at 4:09 PM Dave <snoopd...@gmail.com>
        wrote:
        >
        > > Hi Naren,
        > >
        > > Please be specific: where do you see 2.15? I do not see
        that version in
        > the
        > > release files. I see the correct 2.16.0 version.
        > >
        > > Thanks,
        > > Dave
        > >
        > > On Fri, Dec 17, 2021 at 1:13 PM NAREN <getn...@gmail.com>
        wrote:
        > >
        > > > Dave,
        > > >
        > > >          I see log4j version for Roller 6.1.0 at 2.15.0
        > > >
        > > > But fully updated fix should be at 2.16.0.  Could you
        please request
        > this
        > > > update before release?
        > > >
        > > > https://logging.apache.org/log4j/2.x/
        > > >
        > > > Thanks
        > > > Nraa
        > > >
        > >
        >

--Naren


--
Naren

Re: Log4J version

Reply via email to