You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@daffodil.apache.org by mb...@apache.org on 2021/12/16 20:19:35 UTC

[daffodil-site] branch main updated: Add 3.2.1 release page

This is an automated email from the ASF dual-hosted git repository.

mbeckerle pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/daffodil-site.git


The following commit(s) were added to refs/heads/main by this push:
     new a5d68cc  Add 3.2.1 release page
a5d68cc is described below

commit a5d68cc3999927a6a62b60f528ee81696917f8f3
Author: Michael Beckerle <mb...@apache.org>
AuthorDate: Thu Dec 16 14:51:42 2021 -0500

    Add 3.2.1 release page
---
 site/_releases/3.2.1.md | 72 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)

diff --git a/site/_releases/3.2.1.md b/site/_releases/3.2.1.md
new file mode 100644
index 0000000..38ccb5d
--- /dev/null
+++ b/site/_releases/3.2.1.md
@@ -0,0 +1,72 @@
+---
+
+released: false
+apache: true
+title: 3.2.1
+date: 2021-12-16
+summary: >
+    Upgrade dependencies to fix CVE-2021-44228 (Log4J)
+    and CVE-2021-33813 (JDOM).
+    Fix unparse checksum and CRC capability ({% jira 2609 %})
+
+
+artifact-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/"
+checksum-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/"
+
+key-file: "https://downloads.apache.org/daffodil/KEYS"
+
+source-dist:
+    - "apache-daffodil-3.2.1-src.zip"
+
+binary-dist:
+    - "apache-daffodil-3.2.1-bin.tgz"
+    - "apache-daffodil-3.2.1-bin.zip"
+    - "apache-daffodil-3.2.1-bin.msi"
+    - "apache-daffodil-3.2.1-1.noarch.rpm"
+
+scala-version: 2.12
+---
+
+#### Security Improvements
+
+This release fixes two security CVEs by updating dependency versions.
+
+* {% jira 2610 %} Update log4J dependency to fix CVE-2021-44228
+* {% jira 2611 %} Update JDOM dependency to fix CVE-2021-33813
+
+#### Functional Improvements
+
+A major feature, layering transforms with checksum/CRC capability, which was planned for the prior release (3.2.0) was found to be buggy when unparsing. 
+This has been fixed. 
+
+* {% jira 2608 %} PCAP fails with Daf 3.2.0 and IPv4 layers with checksum
+
+#### Miscellaneous Changes
+
+* {% jira 2577 %} remove Info message about compiler component counts
+* {% jira 2145 %} Add scalac warnings
+* {% jira 2592 %} Move the daffodil_program_version variable outside of generated_code.c
+* {% jira 2534 %} Update ICU version - verify Daffodil impact of bug issue identified by IBM
+* {% jira 2587 %} dfdlx:lookAhead compiler error if used in default value of dfdl:newVariableInstance
+* {% jira 2600 %} encoding varies with environment - UTF-8 not properly set somewhere
+* {% jira 2602 %} Daffodil uses different versions of log4j-api and log4j-core
+
+#### Deprecation/Compatibility
+
+There are no deprecations. This release is fully compatible with all functionality of the prior release.
+
+#### Dependency Changes
+
+The following dependencies have been added or updated
+
+**Core**
+
+* Log4j core 2.16.0 <small>(update)</small>
+* Log4j api 2.16.0 <small>(update)</small>
+* JDOM2 2.0.6.1 <small>(update)</small>
+
+**Code Generator (runtime2)**
+
+* OS-Lib 0.8.0 <small>(update)</small>
+
+