You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2021/12/19 15:17:18 UTC
[karaf] branch karaf-4.3.x updated: Update RELEASE-NOTES.md for 4.3.5 release
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch karaf-4.3.x
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/karaf-4.3.x by this push:
new 9804b6a Update RELEASE-NOTES.md for 4.3.5 release
9804b6a is described below
commit 9804b6aae3252ac8c26569640a15138b124ec80a
Author: Jean-Baptiste Onofré <jb...@apache.org>
AuthorDate: Sun Dec 19 16:16:52 2021 +0100
Update RELEASE-NOTES.md for 4.3.5 release
---
RELEASE-NOTES.md | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index d311a26..3e4c144 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -17,6 +17,19 @@
under the License.
-->
+## Apache Karaf 4.3.5
+
+Apache Karaf 4.3.5 is a maintenance release on 4.3.x series. It's an important release because it updated to Pax Logging 2.0.12:
+- upgrade to logback 1.2.9, addressing CVE-2021-42550
+- upgrade to log4j 2.17.0, addressing CVE-2021-45105
+We strongly invite users to update to this version.
+
+### ChangeLog
+
+#### Dependency upgrade
+ * [KARAF-7296] - Upgrade Jolokia to 1.7.1
+ * [KARAF-7300] - Upgrade to Pax Logging 2.0.13
+
## Apache Karaf 4.3.4
Apache Karaf 4.3.4 is a maintenance release on 4.3.x series. It contains major fixes and update, especially Pax Logging 2.0.11 update