You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jena.apache.org by Andy Seaborne <an...@apache.org> on 2021/12/13 17:03:17 UTC
[RESULT] Apache Jena 4.3.1 RC 1
The vote passes with 3 +1 votes from Aaron, Bruno, and Andy.
Special mention: Osma, for verifying the log4j2 for Fuseki.
Andy
On 10/12/2021 16:40, Andy Seaborne wrote:
> Hi,
>
> Here is a vote on the release of Apache Jena 4.3.1.
> This is the first proposed release candidate.
>
> The primary purpose of this release is to update log4j2:
> https://nvd.nist.gov/vuln/detail/CVE-2021-44228
>
> The deadline is Monday, 13 December 2021 at 17:00 UTC.
>
> Please vote to approve this release:
>
> [ ] +1 Approve the release
> [ ] 0 Don't care
> [ ] -1 Don't release, because ...
>
> ==== Items in this release
>
> JENA-2211: Upgrade to Log4j2 2.15.0
>
> JENA-2209, JENA-2210: xloader improvements
>
> JENA-2207: Fix for SERVICE
>
> ==== Release Vote
>
> Everyone, not just committers, is invited to test and vote.
> Please download and test the proposed release.
>
> Staging repository:
> https://repository.apache.org/content/repositories/orgapachejena-1046
>
> Proposed dist/ area:
> https://dist.apache.org/repos/dist/dev/jena/
>
> Keys:
> https://svn.apache.org/repos/asf/jena/dist/KEYS
>
> Git commit (browser URL):
> https://github.com/apache/jena/commit/7f47eaaf7c
> Git Commit Hash:
> 7f47eaaf7cc0029291ce64790da987ec2d29fdf5
> Git Commit Tag:
> jena-4.3.1
>
> This vote will be open until at least
>
> Monday, 13 December 2021 at 17:00 UTC.
>
> If you expect to check the release but the time limit does not work
> for you, please email within the schedule above with an expected time
> and we can extend the vote period.
>
> Thanks,
>
> Andy
>
> Checking needed:
>
> + are the GPG signatures fine?
> + are the checksums correct?
> + is there a source archive?
>
> + can the source archive be built?
> (NB This requires a "mvn install" first time)
> + is there a correct LICENSE and NOTICE file in each artifact
> (both source and binary artifacts)?
> + does the NOTICE file contain all necessary attributions?
> + have any licenses of dependencies changed due to upgrades?
> if so have LICENSE and NOTICE been upgraded appropriately?
> + does the tag/commit in the SCM contain reproducible sources?