You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jena.apache.org by Andy Seaborne <an...@apache.org> on 2021/12/13 17:03:17 UTC

[RESULT] Apache Jena 4.3.1 RC 1

The vote passes with 3 +1 votes from Aaron, Bruno, and Andy.

Special mention: Osma, for verifying the log4j2 for Fuseki.

     Andy

On 10/12/2021 16:40, Andy Seaborne wrote:
> Hi,
> 
> Here is a vote on the release of Apache Jena 4.3.1.
> This is the first proposed release candidate.
> 
> The primary purpose of this release is to update log4j2:
> https://nvd.nist.gov/vuln/detail/CVE-2021-44228
> 
> The deadline is Monday, 13 December 2021 at 17:00 UTC.
> 
> Please vote to approve this release:
> 
>          [ ] +1 Approve the release
>          [ ]  0 Don't care
>          [ ] -1 Don't release, because ...
> 
> ==== Items in this release
> 
> JENA-2211: Upgrade to Log4j2 2.15.0
> 
> JENA-2209, JENA-2210: xloader improvements
> 
> JENA-2207: Fix for SERVICE
> 
> ==== Release Vote
> 
> Everyone, not just committers, is invited to test and vote.
> Please download and test the proposed release.
> 
> Staging repository:
>    https://repository.apache.org/content/repositories/orgapachejena-1046
> 
> Proposed dist/ area:
>    https://dist.apache.org/repos/dist/dev/jena/
> 
> Keys:
>    https://svn.apache.org/repos/asf/jena/dist/KEYS
> 
> Git commit (browser URL):
>    https://github.com/apache/jena/commit/7f47eaaf7c
> Git Commit Hash:
>    7f47eaaf7cc0029291ce64790da987ec2d29fdf5
> Git Commit Tag:
>    jena-4.3.1
> 
> This vote will be open until at least
> 
>      Monday, 13 December 2021 at 17:00 UTC.
> 
> If you expect to check the release but the time limit does not work
> for you, please email within the schedule above with an expected time
> and we can extend the vote period.
> 
> Thanks,
> 
>        Andy
> 
> Checking needed:
> 
> + are the GPG signatures fine?
> + are the checksums correct?
> + is there a source archive?
> 
> + can the source archive be built?
>            (NB This requires a "mvn install" first time)
> + is there a correct LICENSE and NOTICE file in each artifact
>            (both source and binary artifacts)?
> + does the NOTICE file contain all necessary attributions?
> + have any licenses of dependencies changed due to upgrades?
>             if so have LICENSE and NOTICE been upgraded appropriately?
> + does the tag/commit in the SCM contain reproducible sources?