Mike,
Thanks for the update. I see your commits
https://github.com/apache/roller/commits/cee44785902ad75aa2ac13dd571489557fc5279f
Thanks
Naren
On Sat, Dec 18, 2021 at 6:31 PM Michael Bien <mbie...@gmail.com> wrote:
> its already in Apache Roller 6.1.0 rc2
>
> On 18.12.21 20:11, Naren wrote:
>
> Mike,
>
> I see Log4J version at 2.17.0 released.
>
>
> -
>
> https://www.google.com/amp/s/thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html%3Famp%3D1
>
>
>
> -
>
>
> - Last Published: 2021-12-17|
>
>
>
> - Version: 2.17.0
>
> https://logging.apache.org/log4j/2.x/download.html
>
> Thanks
> Naren
>
> On Fri, Dec 17, 2021 at 9:24 PM Naren <getna...@gmail.com> wrote:
>
>> Dave,
>>
>> Sure, you guys are awesome and helpful. Hope to get the 6.1.0
>> sooner.
>>
>> Thanks
>> Naren
>>
>> On Fri, Dec 17, 2021 at 5:58 PM Dave <snoopd...@gmail.com> wrote:
>>
>>> Hi Naren,
>>>
>>> Thanks for checking on this and keeping us honest :-)
>>>
>>> This later commit is where 2.16 was added:
>>>
>>>
>>> https://github.com/apache/roller/commit/4e7d63fd98180acedba62fb9abb5354ac8234898
>>>
>>> I think the current release candidate is good to go and since we have the
>>> votes, I hope to release it this weekend.
>>>
>>> Best regards,
>>> Dave
>>>
>>>
>>> On Fri, Dec 17, 2021 at 5:19 PM NAREN <getn...@gmail.com> wrote:
>>>
>>> > Dave,
>>> >
>>> > I was checking on Github :
>>> >
>>> >
>>> https://github.com/apache/roller/commit/e91676c5626316ac0eebd3758433f665e579cc52
>>> > <-- This shows 2.15.0 committed 7 days ago
>>> >
>>> > maven dependency updates
>>> >
>>> > highlights:
>>> > - log4j 2.15.0 (fixes CVE)
>>> > - lucene 9
>>> > - spring security 5.6
>>> > - jquery-ui 1.13 via webjar
>>> > - other minor version bumps
>>> >
>>> > <log4j2.version>2.15.0</log4j2.version>
>>> > <lucene.version>9.0.0</lucene.version>
>>> > =================
>>> > But when I do a search it shows 2.16
>>> >
>>> > https://github.com/apache/roller/search?q=log4j2.version
>>> > app/pom.xml
>>> > <
>>> >
>>> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml
>>> > >
>>> > 49
>>> > <
>>> >
>>> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L49
>>> > >
>>> > <log4j2.version>2.16.0</log4j2.version>
>>> > 50
>>> > <
>>> >
>>> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L50
>>> > >
>>> > <lucene.version>9.0.0</lucene.version>
>>> > 51
>>> > <
>>> >
>>> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L51
>>> > >
>>> > <oauth-core.version>20100527</oauth-core.version>
>>> > Hope this helps.
>>> >
>>> > Thanks
>>> > Naren
>>> >
>>> > On Fri, Dec 17, 2021 at 4:09 PM Dave <snoopd...@gmail.com> wrote:
>>> >
>>> > > Hi Naren,
>>> > >
>>> > > Please be specific: where do you see 2.15? I do not see that version
>>> in
>>> > the
>>> > > release files. I see the correct 2.16.0 version.
>>> > >
>>> > > Thanks,
>>> > > Dave
>>> > >
>>> > > On Fri, Dec 17, 2021 at 1:13 PM NAREN <getn...@gmail.com> wrote:
>>> > >
>>> > > > Dave,
>>> > > >
>>> > > > I see log4j version for Roller 6.1.0 at 2.15.0
>>> > > >
>>> > > > But fully updated fix should be at 2.16.0. Could you please
>>> request
>>> > this
>>> > > > update before release?
>>> > > >
>>> > > > https://logging.apache.org/log4j/2.x/
>>> > > >
>>> > > > Thanks
>>> > > > Nraa
>>> > > >
>>> > >
>>> >
>>>
>> --
>> Naren
>>
>> --
> Naren
>
>
> --
Naren
