You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@logging.apache.org by Rainer Jung <ra...@kippdata.de> on 2021/12/14 23:05:58 UTC

Release announcement / download for Log4J 2.12.2

Hi there,

I saw the release announcement for 2.12.2 on this dev list (in the 
archive). It contains the following download link:

https://logging.apache.org/log4j/log4j-2.12.2/download.html

What is confusing is, that this URL redirects to

https://logging.apache.org/log4j/log4j-2.12.1/download.html

(2.12.1 instead of 2.12.2 in the URL) but that page then contains the 
text and links for 2.12.2. Users might get confused, whether that's 
right, which is a bit problematic in the context of a security release.

Furthermore lower down on that page, there is still the table of 
download links for version 2.12.1, before the next heading "Previous 
Releases" comes under which there is 2.3.

Probably someone forgot to delete the 2.12.1 table?

On the download page https://logging.apache.org/log4j/2.x/download.html 
for the curent version 2.16.0, under "Previous Releases" still only 
2.12.1 is mentioned, not 2.12.2 and the page refers to the archive under 
https://archive.apache.org/dist/logging/log4j/ to download previous 
versions. But in the archive 2.12.2 is not yet present.

I know that the last days were hard and very busy, but it might still 
help to do a little cleanup.

Znanks a lot and best regards,

Rainer

Re: Release announcement / download for Log4J 2.12.2

Posted by Matt Sicker <bo...@gmail.com>.

We made small changes to the 2.12.1 site to include information about
the 2.12.2 patch. The old 2.12.1 download links were left in place,
though it might be confusing. And the 2.12.2 releases are available
here: https://downloads.apache.org/logging/log4j/2.12.2/

On Tue, Dec 14, 2021 at 5:06 PM Rainer Jung <ra...@kippdata.de> wrote:
>
> Hi there,
>
> I saw the release announcement for 2.12.2 on this dev list (in the
> archive). It contains the following download link:
>
> https://logging.apache.org/log4j/log4j-2.12.2/download.html
>
> What is confusing is, that this URL redirects to
>
> https://logging.apache.org/log4j/log4j-2.12.1/download.html
>
> (2.12.1 instead of 2.12.2 in the URL) but that page then contains the
> text and links for 2.12.2. Users might get confused, whether that's
> right, which is a bit problematic in the context of a security release.
>
> Furthermore lower down on that page, there is still the table of
> download links for version 2.12.1, before the next heading "Previous
> Releases" comes under which there is 2.3.
>
> Probably someone forgot to delete the 2.12.1 table?
>
> On the download page https://logging.apache.org/log4j/2.x/download.html
> for the curent version 2.16.0, under "Previous Releases" still only
> 2.12.1 is mentioned, not 2.12.2 and the page refers to the archive under
> https://archive.apache.org/dist/logging/log4j/ to download previous
> versions. But in the archive 2.12.2 is not yet present.
>
> I know that the last days were hard and very busy, but it might still
> help to do a little cleanup.
>
> Znanks a lot and best regards,
>
> Rainer