You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@roller.apache.org by Jennifer Oxelson Ganter <ox...@ucar.edu> on 2021/12/16 18:32:10 UTC

roller 6.1.0 release/log4j?

Hi all,

I see there is a 6.1.0 pending release that addresses the log4j exploits
named in CVE-2021-44228 and CVE-2021-45046.

https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml

When will that be available?

(Currently your downloads page still shows v6.0.2 as the best release.)

Thank you,
Jennifer

Re: roller 6.1.0 release/log4j?

Posted by Michael Bien <mb...@gmail.com>.

it is currently in the voting process.

more info and link to the candidate in that mail:
https://mail-archives.apache.org/mod_mbox/roller-dev/202112.mbox/%3CCAF1aazBVAwdj8wofDHt1Fj2LapBz%3Dfwgegs64EaA7qf-08ZdTQ%40mail.gmail.com%3E

feel free to test it and give feedback.

best regards,
michael

On 16.12.21 19:32, Jennifer Oxelson Ganter wrote:
> Hi all,
>
> I see there is a 6.1.0 pending release that addresses the log4j exploits
> named in CVE-2021-44228 and CVE-2021-45046.
>
> https://github.com/apache/roller/blob/8d5c6c4f8ffcd142e522204688a330a60665a666/app/pom.xml
>
> When will that be available?
>
> (Currently your downloads page still shows v6.0.2 as the best release.)
>
> Thank you,
> Jennifer
>