You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by ma...@apache.org on 2021/12/29 01:11:22 UTC

[logging-log4j2] 02/02: Update release notes for 2.3.2

This is an automated email from the ASF dual-hosted git repository.

mattsicker pushed a commit to branch log4j-2.3.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git

commit a0e49f475948b6f4b1183556a637bac5b8b151d2
Author: Matt Sicker <ma...@apache.org>
AuthorDate: Tue Dec 28 19:11:06 2021 -0600

    Update release notes for 2.3.2
---
 RELEASE-NOTES.txt | 17 ++++++++---------
 pom.xml           |  2 +-
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt
index 4bfe621..6947d41 100644
--- a/RELEASE-NOTES.txt
+++ b/RELEASE-NOTES.txt
@@ -1,7 +1,7 @@
 
-              Apache Log4j 2.3.1 RELEASE NOTES
+              Apache Log4j 2.3.2 RELEASE NOTES
 
-The Apache Log4j 2 team is pleased to announce the Log4j 2.3.1 release!
+The Apache Log4j 2 team is pleased to announce the Log4j 2.3.2 release!
 
 Apache log4j is a well known framework for logging application behavior. Log4j 2 is an upgrade to
 Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides
@@ -17,21 +17,20 @@ preventing JNDI operations to use any protocols other than java.
 
 The JNDI components are now disabled by default and may separately be enabled with three individual properties; log4j2.enableJndiContextSelector, log4j2.enableJndiJms, and log4j2.enableJndiLookup.
 
-GA Release 2.3.1
+GA Release 2.3.2
 
 Changes in this version include:
 
-New features:
-o LOG4J2-3198:  Pattern layout no longer enables lookups within message text. 
 
 Fixed Bugs:
-o LOG4J2-3242:  Limit JNDI to the java protocol only. JNDI will remain disabled by default. Rename JNDI enablement property from
-        'log4j2.enableJndi' to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', and 'log4j2.enableJndiContextSelector'. 
-o LOG4J2-3230:  Fix string substitution recursion. 
+o LOG4J2-3293:  JDBC Appender should use JNDI Manager and JNDI access should be limited.
+        Backport fix for CVE-2021-44832. 
+o LOG4J2-2819:  Add support for specifying an SSL configuration for SmtpAppender.
+        Backport fix for CVE-2020-9488 to allow SSL/TLS hostname verification. 
 
 
 
-Apache Log4j 2.3.1 requires a minimum of Java 6 to build and run. It is not expected that any future Java 6
+Apache Log4j 2.3.2 requires a minimum of Java 6 to build and run. It is not expected that any future Java 6
 releases will be provided.
 
 Basic compatibility with Log4j 1.x is provided through the log4j-1.2-api component, however it does not implement some of the
diff --git a/pom.xml b/pom.xml
index 031c817..d36ab79 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@
     <Log4jReleaseVersion>2.3.2</Log4jReleaseVersion>
     <Log4jReleaseCount>next</Log4jReleaseCount>
     <Log4jReleaseManager>Matt Sicker</Log4jReleaseManager>
-    <Log4jReleaseKey>FA1C814D</Log4jReleaseKey> -->
+    <Log4jReleaseKey>FA1C814D</Log4jReleaseKey>
     <Log4jSigningUserName>mattsicker@apache.org</Log4jSigningUserName>
     <!-- note that any properties you want available in velocity templates must not use periods! -->
     <slf4jVersion>1.7.12</slf4jVersion>