You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@roller.apache.org by NAREN <ge...@gmail.com> on 2021/12/17 18:13:07 UTC
Log4J version
Dave,
I see log4j version for Roller 6.1.0 at 2.15.0
But fully updated fix should be at 2.16.0. Could you please request this
update before release?
https://logging.apache.org/log4j/2.x/
Thanks
Nraa
Re: Log4J version
Posted by Naren <ge...@gmail.com>.
Mike,
Thanks for the update. I see your commits
https://github.com/apache/roller/commits/cee44785902ad75aa2ac13dd571489557fc5279f
Thanks
Naren
On Sat, Dec 18, 2021 at 6:31 PM Michael Bien <mb...@gmail.com> wrote:
> its already in Apache Roller 6.1.0 rc2
>
> On 18.12.21 20:11, Naren wrote:
>
> Mike,
>
> I see Log4J version at 2.17.0 released.
>
>
> -
> https://www.google.com/amp/s/thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html%3Famp%3D1
>
>
>
> -
>
>
> - Last Published: 2021-12-17|
>
>
>
> - Version: 2.17.0
>
> https://logging.apache.org/log4j/2.x/download.html
>
> Thanks
> Naren
>
> On Fri, Dec 17, 2021 at 9:24 PM Naren <ge...@gmail.com> wrote:
>
>> Dave,
>>
>> Sure, you guys are awesome and helpful. Hope to get the 6.1.0
>> sooner.
>>
>> Thanks
>> Naren
>>
>> On Fri, Dec 17, 2021 at 5:58 PM Dave <sn...@gmail.com> wrote:
>>
>>> Hi Naren,
>>>
>>> Thanks for checking on this and keeping us honest :-)
>>>
>>> This later commit is where 2.16 was added:
>>>
>>>
>>> https://github.com/apache/roller/commit/4e7d63fd98180acedba62fb9abb5354ac8234898
>>>
>>> I think the current release candidate is good to go and since we have the
>>> votes, I hope to release it this weekend.
>>>
>>> Best regards,
>>> Dave
>>>
>>>
>>> On Fri, Dec 17, 2021 at 5:19 PM NAREN <ge...@gmail.com> wrote:
>>>
>>> > Dave,
>>> >
>>> > I was checking on Github :
>>> >
>>> >
>>> https://github.com/apache/roller/commit/e91676c5626316ac0eebd3758433f665e579cc52
>>> > <-- This shows 2.15.0 committed 7 days ago
>>> >
>>> > maven dependency updates
>>> >
>>> > highlights:
>>> > - log4j 2.15.0 (fixes CVE)
>>> > - lucene 9
>>> > - spring security 5.6
>>> > - jquery-ui 1.13 via webjar
>>> > - other minor version bumps
>>> >
>>> > <log4j2.version>2.15.0</log4j2.version>
>>> > <lucene.version>9.0.0</lucene.version>
>>> > =================
>>> > But when I do a search it shows 2.16
>>> >
>>> > https://github.com/apache/roller/search?q=log4j2.version
>>> > app/pom.xml
>>> > <
>>> >
>>> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml
>>> > >
>>> > 49
>>> > <
>>> >
>>> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L49
>>> > >
>>> > <log4j2.version>2.16.0</log4j2.version>
>>> > 50
>>> > <
>>> >
>>> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L50
>>> > >
>>> > <lucene.version>9.0.0</lucene.version>
>>> > 51
>>> > <
>>> >
>>> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L51
>>> > >
>>> > <oauth-core.version>20100527</oauth-core.version>
>>> > Hope this helps.
>>> >
>>> > Thanks
>>> > Naren
>>> >
>>> > On Fri, Dec 17, 2021 at 4:09 PM Dave <sn...@gmail.com> wrote:
>>> >
>>> > > Hi Naren,
>>> > >
>>> > > Please be specific: where do you see 2.15? I do not see that version
>>> in
>>> > the
>>> > > release files. I see the correct 2.16.0 version.
>>> > >
>>> > > Thanks,
>>> > > Dave
>>> > >
>>> > > On Fri, Dec 17, 2021 at 1:13 PM NAREN <ge...@gmail.com> wrote:
>>> > >
>>> > > > Dave,
>>> > > >
>>> > > > I see log4j version for Roller 6.1.0 at 2.15.0
>>> > > >
>>> > > > But fully updated fix should be at 2.16.0. Could you please
>>> request
>>> > this
>>> > > > update before release?
>>> > > >
>>> > > > https://logging.apache.org/log4j/2.x/
>>> > > >
>>> > > > Thanks
>>> > > > Nraa
>>> > > >
>>> > >
>>> >
>>>
>> --
>> Naren
>>
>> --
> Naren
>
>
> --
Naren
Re: Log4J version
Posted by Michael Bien <mb...@gmail.com>.
its already in Apache Roller 6.1.0 rc2
On 18.12.21 20:11, Naren wrote:
> Mike,
>
> I see Log4J version at 2.17.0 released.
>
>#
> https://www.google.com/amp/s/thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html%3Famp%3D1
>
>#
>
>
> # Last Published: 2021-12-17|
> # Version: 2.17.0
> https://logging.apache.org/log4j/2.x/download.html
>
> Thanks
> Naren
>
> On Fri, Dec 17, 2021 at 9:24 PM Naren <ge...@gmail.com> wrote:
>
> Dave,
>
> Sure, you guys are awesome and helpful. Hope to get the
> 6.1.0 sooner.
>
> Thanks
> Naren
>
> On Fri, Dec 17, 2021 at 5:58 PM Dave <sn...@gmail.com> wrote:
>
> Hi Naren,
>
> Thanks for checking on this and keeping us honest :-)
>
> This later commit is where 2.16 was added:
>
> https://github.com/apache/roller/commit/4e7d63fd98180acedba62fb9abb5354ac8234898
>
> I think the current release candidate is good to go and since
> we have the
> votes, I hope to release it this weekend.
>
> Best regards,
> Dave
>
>
> On Fri, Dec 17, 2021 at 5:19 PM NAREN <ge...@gmail.com> wrote:
>
> > Dave,
> >
> > I was checking on Github :
> >
> >
> https://github.com/apache/roller/commit/e91676c5626316ac0eebd3758433f665e579cc52
> > <-- This shows 2.15.0 committed 7 days ago
> >
> > maven dependency updates
> >
> > highlights:
> > - log4j 2.15.0 (fixes CVE)
> > - lucene 9
> > - spring security 5.6
> > - jquery-ui 1.13 via webjar
> > - other minor version bumps
> >
> > <log4j2.version>2.15.0</log4j2.version>
> > <lucene.version>9.0.0</lucene.version>
> > =================
> > But when I do a search it shows 2.16
> >
> > https://github.com/apache/roller/search?q=log4j2.version
> > app/pom.xml
> > <
> >
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml
> > >
> > 49
> > <
> >
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L49
> > >
> > <log4j2.version>2.16.0</log4j2.version>
> > 50
> > <
> >
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L50
> > >
> > <lucene.version>9.0.0</lucene.version>
> > 51
> > <
> >
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L51
> > >
> > <oauth-core.version>20100527</oauth-core.version>
> > Hope this helps.
> >
> > Thanks
> > Naren
> >
> > On Fri, Dec 17, 2021 at 4:09 PM Dave <sn...@gmail.com>
> wrote:
> >
> > > Hi Naren,
> > >
> > > Please be specific: where do you see 2.15? I do not see
> that version in
> > the
> > > release files. I see the correct 2.16.0 version.
> > >
> > > Thanks,
> > > Dave
> > >
> > > On Fri, Dec 17, 2021 at 1:13 PM NAREN <ge...@gmail.com>
> wrote:
> > >
> > > > Dave,
> > > >
> > > > I see log4j version for Roller 6.1.0 at 2.15.0
> > > >
> > > > But fully updated fix should be at 2.16.0. Could you
> please request
> > this
> > > > update before release?
> > > >
> > > > https://logging.apache.org/log4j/2.x/
> > > >
> > > > Thanks
> > > > Nraa
> > > >
> > >
> >
>
> --
> Naren
>
> --
> Naren
>
Re: Log4J version
Posted by Naren <ge...@gmail.com>.
Mike,
I see Log4J version at 2.17.0 released.
-
https://www.google.com/amp/s/thehackernews.com/2021/12/apache-issues-3rd-patch-to-fix-new-high.html%3Famp%3D1
-
- Last Published: 2021-12-17|
- Version: 2.17.0
https://logging.apache.org/log4j/2.x/download.html
Thanks
Naren
On Fri, Dec 17, 2021 at 9:24 PM Naren <ge...@gmail.com> wrote:
> Dave,
>
> Sure, you guys are awesome and helpful. Hope to get the 6.1.0
> sooner.
>
> Thanks
> Naren
>
> On Fri, Dec 17, 2021 at 5:58 PM Dave <sn...@gmail.com> wrote:
>
>> Hi Naren,
>>
>> Thanks for checking on this and keeping us honest :-)
>>
>> This later commit is where 2.16 was added:
>>
>>
>> https://github.com/apache/roller/commit/4e7d63fd98180acedba62fb9abb5354ac8234898
>>
>> I think the current release candidate is good to go and since we have the
>> votes, I hope to release it this weekend.
>>
>> Best regards,
>> Dave
>>
>>
>> On Fri, Dec 17, 2021 at 5:19 PM NAREN <ge...@gmail.com> wrote:
>>
>> > Dave,
>> >
>> > I was checking on Github :
>> >
>> >
>> https://github.com/apache/roller/commit/e91676c5626316ac0eebd3758433f665e579cc52
>> > <-- This shows 2.15.0 committed 7 days ago
>> >
>> > maven dependency updates
>> >
>> > highlights:
>> > - log4j 2.15.0 (fixes CVE)
>> > - lucene 9
>> > - spring security 5.6
>> > - jquery-ui 1.13 via webjar
>> > - other minor version bumps
>> >
>> > <log4j2.version>2.15.0</log4j2.version>
>> > <lucene.version>9.0.0</lucene.version>
>> > =================
>> > But when I do a search it shows 2.16
>> >
>> > https://github.com/apache/roller/search?q=log4j2.version
>> > app/pom.xml
>> > <
>> >
>> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml
>> > >
>> > 49
>> > <
>> >
>> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L49
>> > >
>> > <log4j2.version>2.16.0</log4j2.version>
>> > 50
>> > <
>> >
>> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L50
>> > >
>> > <lucene.version>9.0.0</lucene.version>
>> > 51
>> > <
>> >
>> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L51
>> > >
>> > <oauth-core.version>20100527</oauth-core.version>
>> > Hope this helps.
>> >
>> > Thanks
>> > Naren
>> >
>> > On Fri, Dec 17, 2021 at 4:09 PM Dave <sn...@gmail.com> wrote:
>> >
>> > > Hi Naren,
>> > >
>> > > Please be specific: where do you see 2.15? I do not see that version
>> in
>> > the
>> > > release files. I see the correct 2.16.0 version.
>> > >
>> > > Thanks,
>> > > Dave
>> > >
>> > > On Fri, Dec 17, 2021 at 1:13 PM NAREN <ge...@gmail.com> wrote:
>> > >
>> > > > Dave,
>> > > >
>> > > > I see log4j version for Roller 6.1.0 at 2.15.0
>> > > >
>> > > > But fully updated fix should be at 2.16.0. Could you please request
>> > this
>> > > > update before release?
>> > > >
>> > > > https://logging.apache.org/log4j/2.x/
>> > > >
>> > > > Thanks
>> > > > Nraa
>> > > >
>> > >
>> >
>>
> --
> Naren
>
> --
Naren
Re: Log4J version
Posted by Naren <ge...@gmail.com>.
Dave,
Sure, you guys are awesome and helpful. Hope to get the 6.1.0 sooner.
Thanks
Naren
On Fri, Dec 17, 2021 at 5:58 PM Dave <sn...@gmail.com> wrote:
> Hi Naren,
>
> Thanks for checking on this and keeping us honest :-)
>
> This later commit is where 2.16 was added:
>
>
> https://github.com/apache/roller/commit/4e7d63fd98180acedba62fb9abb5354ac8234898
>
> I think the current release candidate is good to go and since we have the
> votes, I hope to release it this weekend.
>
> Best regards,
> Dave
>
>
> On Fri, Dec 17, 2021 at 5:19 PM NAREN <ge...@gmail.com> wrote:
>
> > Dave,
> >
> > I was checking on Github :
> >
> >
> https://github.com/apache/roller/commit/e91676c5626316ac0eebd3758433f665e579cc52
> > <-- This shows 2.15.0 committed 7 days ago
> >
> > maven dependency updates
> >
> > highlights:
> > - log4j 2.15.0 (fixes CVE)
> > - lucene 9
> > - spring security 5.6
> > - jquery-ui 1.13 via webjar
> > - other minor version bumps
> >
> > <log4j2.version>2.15.0</log4j2.version>
> > <lucene.version>9.0.0</lucene.version>
> > =================
> > But when I do a search it shows 2.16
> >
> > https://github.com/apache/roller/search?q=log4j2.version
> > app/pom.xml
> > <
> >
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml
> > >
> > 49
> > <
> >
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L49
> > >
> > <log4j2.version>2.16.0</log4j2.version>
> > 50
> > <
> >
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L50
> > >
> > <lucene.version>9.0.0</lucene.version>
> > 51
> > <
> >
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L51
> > >
> > <oauth-core.version>20100527</oauth-core.version>
> > Hope this helps.
> >
> > Thanks
> > Naren
> >
> > On Fri, Dec 17, 2021 at 4:09 PM Dave <sn...@gmail.com> wrote:
> >
> > > Hi Naren,
> > >
> > > Please be specific: where do you see 2.15? I do not see that version in
> > the
> > > release files. I see the correct 2.16.0 version.
> > >
> > > Thanks,
> > > Dave
> > >
> > > On Fri, Dec 17, 2021 at 1:13 PM NAREN <ge...@gmail.com> wrote:
> > >
> > > > Dave,
> > > >
> > > > I see log4j version for Roller 6.1.0 at 2.15.0
> > > >
> > > > But fully updated fix should be at 2.16.0. Could you please request
> > this
> > > > update before release?
> > > >
> > > > https://logging.apache.org/log4j/2.x/
> > > >
> > > > Thanks
> > > > Nraa
> > > >
> > >
> >
>
--
Naren
Re: Log4J version
Posted by Dave <sn...@gmail.com>.
Hi Naren,
Thanks for checking on this and keeping us honest :-)
This later commit is where 2.16 was added:
https://github.com/apache/roller/commit/4e7d63fd98180acedba62fb9abb5354ac8234898
I think the current release candidate is good to go and since we have the
votes, I hope to release it this weekend.
Best regards,
Dave
On Fri, Dec 17, 2021 at 5:19 PM NAREN <ge...@gmail.com> wrote:
> Dave,
>
> I was checking on Github :
>
> https://github.com/apache/roller/commit/e91676c5626316ac0eebd3758433f665e579cc52
> <-- This shows 2.15.0 committed 7 days ago
>
> maven dependency updates
>
> highlights:
> - log4j 2.15.0 (fixes CVE)
> - lucene 9
> - spring security 5.6
> - jquery-ui 1.13 via webjar
> - other minor version bumps
>
> <log4j2.version>2.15.0</log4j2.version>
> <lucene.version>9.0.0</lucene.version>
> =================
> But when I do a search it shows 2.16
>
> https://github.com/apache/roller/search?q=log4j2.version
> app/pom.xml
> <
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml
> >
> 49
> <
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L49
> >
> <log4j2.version>2.16.0</log4j2.version>
> 50
> <
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L50
> >
> <lucene.version>9.0.0</lucene.version>
> 51
> <
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L51
> >
> <oauth-core.version>20100527</oauth-core.version>
> Hope this helps.
>
> Thanks
> Naren
>
> On Fri, Dec 17, 2021 at 4:09 PM Dave <sn...@gmail.com> wrote:
>
> > Hi Naren,
> >
> > Please be specific: where do you see 2.15? I do not see that version in
> the
> > release files. I see the correct 2.16.0 version.
> >
> > Thanks,
> > Dave
> >
> > On Fri, Dec 17, 2021 at 1:13 PM NAREN <ge...@gmail.com> wrote:
> >
> > > Dave,
> > >
> > > I see log4j version for Roller 6.1.0 at 2.15.0
> > >
> > > But fully updated fix should be at 2.16.0. Could you please request
> this
> > > update before release?
> > >
> > > https://logging.apache.org/log4j/2.x/
> > >
> > > Thanks
> > > Nraa
> > >
> >
>
Re: Log4J version
Posted by NAREN <ge...@gmail.com>.
Dave,
I was checking on Github :
https://github.com/apache/roller/commit/e91676c5626316ac0eebd3758433f665e579cc52
<-- This shows 2.15.0 committed 7 days ago
maven dependency updates
highlights:
- log4j 2.15.0 (fixes CVE)
- lucene 9
- spring security 5.6
- jquery-ui 1.13 via webjar
- other minor version bumps
<log4j2.version>2.15.0</log4j2.version>
<lucene.version>9.0.0</lucene.version>
=================
But when I do a search it shows 2.16
https://github.com/apache/roller/search?q=log4j2.version
app/pom.xml
<https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml>
49
<https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L49>
<log4j2.version>2.16.0</log4j2.version>
50
<https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L50>
<lucene.version>9.0.0</lucene.version>
51
<https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml#L51>
<oauth-core.version>20100527</oauth-core.version>
Hope this helps.
Thanks
Naren
On Fri, Dec 17, 2021 at 4:09 PM Dave <sn...@gmail.com> wrote:
> Hi Naren,
>
> Please be specific: where do you see 2.15? I do not see that version in the
> release files. I see the correct 2.16.0 version.
>
> Thanks,
> Dave
>
> On Fri, Dec 17, 2021 at 1:13 PM NAREN <ge...@gmail.com> wrote:
>
> > Dave,
> >
> > I see log4j version for Roller 6.1.0 at 2.15.0
> >
> > But fully updated fix should be at 2.16.0. Could you please request this
> > update before release?
> >
> > https://logging.apache.org/log4j/2.x/
> >
> > Thanks
> > Nraa
> >
>
Re: Log4J version
Posted by Dave <sn...@gmail.com>.
Hi Naren,
Please be specific: where do you see 2.15? I do not see that version in the
release files. I see the correct 2.16.0 version.
Thanks,
Dave
On Fri, Dec 17, 2021 at 1:13 PM NAREN <ge...@gmail.com> wrote:
> Dave,
>
> I see log4j version for Roller 6.1.0 at 2.15.0
>
> But fully updated fix should be at 2.16.0. Could you please request this
> update before release?
>
> https://logging.apache.org/log4j/2.x/
>
> Thanks
> Nraa
>
Re: Log4J version
Posted by Michael Bien <mb...@gmail.com>.
cd apache-roller-6.1.0/webapp
unzip roller.war
....
find roller -name "*log4j*"
apache-roller-6.1.0/webapp/roller/WEB-INF/classes/log4j2.xml
apache-roller-6.1.0/webapp/roller/WEB-INF/lib/log4j-api-2.16.0.jar
apache-roller-6.1.0/webapp/roller/WEB-INF/lib/log4j-core-2.16.0.jar
apache-roller-6.1.0/webapp/roller/WEB-INF/lib/log4j-slf4j-impl-2.16.0.jar
I can't find 2.15 anywhere in the roller 6.1.0 release candidate.
best regards,
michael
On 17.12.21 19:13, NAREN wrote:
> Dave,
>
> I see log4j version for Roller 6.1.0 at 2.15.0
>
> But fully updated fix should be at 2.16.0. Could you please request this
> update before release?
>
> https://logging.apache.org/log4j/2.x/
>
> Thanks
> Nraa
>