You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jmeter.apache.org by Milamber <mi...@apache.org> on 2021/12/23 17:10:37 UTC
[VOTE] Release JMeter 5.4.3 RC1
Hello,
The first release candidate for JMeter 5.4.3 (b01f761463) has been
prepared, and your votes are solicited.
This release is only a vulnerabily fix release about the CVE-2021-45105:
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did
not protect from uncontrolled recursion from self-referential lookups.
This allows an attacker with control over Thread Context Map data to
cause a denial of service when a crafted string is interpreted.
Please, test this release candidate (with load tests and/or functional
tests) using Java 8+ on Linux/Windows/macOS, especially on the changes.
Feedback is very welcome within the next *24 hours*
You can read the New and Noteworthy section with some screenshots to
illustrate improvements and full list of changes at:
https://apache.github.io/jmeter-site-preview/site/changes.html
JMeter is a Java desktop application designed to load test functional
behavior and measure performance. The current version targets Java 8+
Download - Archives/hashes/sigs:
https://dist.apache.org/repos/dist/dev/jmeter/apache-jmeter-5.4.3-rc1
(dist revision 51735)
RAT report:
https://apache.github.io/jmeter-site-preview/rat/
SHA512 hashes of archives for this vote: see footnote [1]
Site preview is here:
https://apache.github.io/jmeter-site-preview/site/
JavaDoc API preview is here:
https://apache.github.io/jmeter-site-preview/site/api/
Maven staging repository is accessible here:
https://repository.apache.org/content/repositories/orgapachejmeter-1075/org/apache/jmeter/
Tag:
https://gitbox.apache.org/repos/asf?p=jmeter.git;a=tag;h=refs/tags/v5.4.3-rc1
Keys are here:
https://www.apache.org/dist/jmeter/KEYS
N.B.
To create the distribution and test JMeter: "./gradlew build -Prelease
-PskipSign".
JMeter 5.4.3 requires Java 8 or later to run.
The artifacts were built with
Java(TM) SE Runtime Environment Oracle Corporation (build 1.8.0_271-b09)
Java HotSpot(TM) 64-Bit Server VM Oracle Corporation (build
25.271-b09, mixed mode)
Some known issues and incompatible changes are listed on changes page.
https://apache.github.io/jmeter-site-preview/site/changes.html#Known%20problems%20and%20workarounds
All feedback and vote are welcome.
[ ] +1 I support this release
[ ] +0 I am OK with this release
[ ] -0 OK, but....
[ ] -1 I do not support this release (please indicate why)
The vote will remain open for 24 hours only (reason security release)
The PMC members please indicate the mention "(binding)" with your vote.
Note: If the vote passes, the intention is to release the archive files
and rename the RC tag as the release tag.
Thanks in advance!
Milamber
===
[1] SHA512 hashes of archives for this vote:
e88802cc0dfcd6a2c8554911ae4574d7cfafcc8c6be6ade810b4677b7351831b0680d81cf2b0fb5bb4b9b3cf437528a044d7da74214a1bee351b273dbb53e439
*apache-jmeter-5.4.3.tgz
1ebc2a179d724aa58ff8b8f1c2146204208aeeeb8ba2b53168d6700be2d516a204b7e65dd94a6a0e3b84906fd33a97fcf2f2e6e44fb9b8fafa017c0c1856e1d8
*apache-jmeter-5.4.3.zip
f7d19c486aad40a2313ab1fdde845dc5362000fbe25cb8f2236fcc684df7fe36970931d190a8be14ddb56dff36f4a96477b2c70420fdd0db62fe855d4c458c81
*apache-jmeter-5.4.3_src.tgz
8cd5c0e0c16015773d7fb49380d7d41d36412cbd785cfe393871df4fa409bfb3f8191d80c42e3f9b94fe43cec6b87cfaa7bc36c6063bdf167d8e076e5f45274b
*apache-jmeter-5.4.3_src.zip
[RESULT] [VOTE] Release JMeter 5.4.3 RC1
Posted by Milamber <mi...@apache.org>.
Hello,
I'm closing the vot, because 1/ at least 3 binding vote +1, 2/ this is a
minor security fix release.
Thanks very much to all who voted for this (special) release.
The votes were as follows:
=== +1 vote (with *: binding) ===
Vladimir Sitnikov (vladimirsitnikov)*
Philippe Mouawad (pmouawad)*
NaveenKumar Namachivayam
Bruno Demion (milamber)*
===
There were no other votes, so the vote passes.
I will prepare the delivery of the release for having an official announce.
Milamber
On 23/12/2021 18:10, Milamber wrote:
> Hello,
>
> The first release candidate for JMeter 5.4.3 (b01f761463) has been
> prepared, and your votes are solicited.
>
> This release is only a vulnerabily fix release about the
> CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0
> (excluding 2.12.3) did not protect from uncontrolled recursion from
> self-referential lookups. This allows an attacker with control over
> Thread Context Map data to cause a denial of service when a crafted
> string is interpreted.
>
> Please, test this release candidate (with load tests and/or functional
> tests) using Java 8+ on Linux/Windows/macOS, especially on the changes.
> Feedback is very welcome within the next *24 hours*
>
> You can read the New and Noteworthy section with some screenshots to
> illustrate improvements and full list of changes at:
> https://apache.github.io/jmeter-site-preview/site/changes.html
>
> JMeter is a Java desktop application designed to load test functional
> behavior and measure performance. The current version targets Java 8+
>
> Download - Archives/hashes/sigs:
> https://dist.apache.org/repos/dist/dev/jmeter/apache-jmeter-5.4.3-rc1
> (dist revision 51735)
>
> RAT report:
> https://apache.github.io/jmeter-site-preview/rat/
>
> SHA512 hashes of archives for this vote: see footnote [1]
>
> Site preview is here:
> https://apache.github.io/jmeter-site-preview/site/
>
> JavaDoc API preview is here:
> https://apache.github.io/jmeter-site-preview/site/api/
>
> Maven staging repository is accessible here:
> https://repository.apache.org/content/repositories/orgapachejmeter-1075/org/apache/jmeter/
>
>
> Tag:
> https://gitbox.apache.org/repos/asf?p=jmeter.git;a=tag;h=refs/tags/v5.4.3-rc1
>
>
> Keys are here:
> https://www.apache.org/dist/jmeter/KEYS
>
> N.B.
> To create the distribution and test JMeter: "./gradlew build -Prelease
> -PskipSign".
>
> JMeter 5.4.3 requires Java 8 or later to run.
>
> The artifacts were built with
> Java(TM) SE Runtime Environment Oracle Corporation (build
> 1.8.0_271-b09)
> Java HotSpot(TM) 64-Bit Server VM Oracle Corporation (build
> 25.271-b09, mixed mode)
>
> Some known issues and incompatible changes are listed on changes page.
> https://apache.github.io/jmeter-site-preview/site/changes.html#Known%20problems%20and%20workarounds
>
>
>
> All feedback and vote are welcome.
>
> [ ] +1 I support this release
> [ ] +0 I am OK with this release
> [ ] -0 OK, but....
> [ ] -1 I do not support this release (please indicate why)
>
> The vote will remain open for 24 hours only (reason security release)
>
> The PMC members please indicate the mention "(binding)" with your vote.
>
>
> Note: If the vote passes, the intention is to release the archive files
> and rename the RC tag as the release tag.
>
> Thanks in advance!
>
> Milamber
>
> ===
> [1] SHA512 hashes of archives for this vote:
>
> e88802cc0dfcd6a2c8554911ae4574d7cfafcc8c6be6ade810b4677b7351831b0680d81cf2b0fb5bb4b9b3cf437528a044d7da74214a1bee351b273dbb53e439
>
> *apache-jmeter-5.4.3.tgz
> 1ebc2a179d724aa58ff8b8f1c2146204208aeeeb8ba2b53168d6700be2d516a204b7e65dd94a6a0e3b84906fd33a97fcf2f2e6e44fb9b8fafa017c0c1856e1d8
>
> *apache-jmeter-5.4.3.zip
> f7d19c486aad40a2313ab1fdde845dc5362000fbe25cb8f2236fcc684df7fe36970931d190a8be14ddb56dff36f4a96477b2c70420fdd0db62fe855d4c458c81
>
> *apache-jmeter-5.4.3_src.tgz
> 8cd5c0e0c16015773d7fb49380d7d41d36412cbd785cfe393871df4fa409bfb3f8191d80c42e3f9b94fe43cec6b87cfaa7bc36c6063bdf167d8e076e5f45274b
>
> *apache-jmeter-5.4.3_src.zip
>
>
>
>
>
>
Re: [VOTE] Release JMeter 5.4.3 RC1
Posted by Milamber <mi...@apache.org>.
My vote: +1 (binding)
On 23/12/2021 18:10, Milamber wrote:
> Hello,
>
> The first release candidate for JMeter 5.4.3 (b01f761463) has been
> prepared, and your votes are solicited.
>
> This release is only a vulnerabily fix release about the
> CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0
> (excluding 2.12.3) did not protect from uncontrolled recursion from
> self-referential lookups. This allows an attacker with control over
> Thread Context Map data to cause a denial of service when a crafted
> string is interpreted.
>
> Please, test this release candidate (with load tests and/or functional
> tests) using Java 8+ on Linux/Windows/macOS, especially on the changes.
> Feedback is very welcome within the next *24 hours*
>
> You can read the New and Noteworthy section with some screenshots to
> illustrate improvements and full list of changes at:
> https://apache.github.io/jmeter-site-preview/site/changes.html
>
> JMeter is a Java desktop application designed to load test functional
> behavior and measure performance. The current version targets Java 8+
>
> Download - Archives/hashes/sigs:
> https://dist.apache.org/repos/dist/dev/jmeter/apache-jmeter-5.4.3-rc1
> (dist revision 51735)
>
> RAT report:
> https://apache.github.io/jmeter-site-preview/rat/
>
> SHA512 hashes of archives for this vote: see footnote [1]
>
> Site preview is here:
> https://apache.github.io/jmeter-site-preview/site/
>
> JavaDoc API preview is here:
> https://apache.github.io/jmeter-site-preview/site/api/
>
> Maven staging repository is accessible here:
> https://repository.apache.org/content/repositories/orgapachejmeter-1075/org/apache/jmeter/
>
>
> Tag:
> https://gitbox.apache.org/repos/asf?p=jmeter.git;a=tag;h=refs/tags/v5.4.3-rc1
>
>
> Keys are here:
> https://www.apache.org/dist/jmeter/KEYS
>
> N.B.
> To create the distribution and test JMeter: "./gradlew build -Prelease
> -PskipSign".
>
> JMeter 5.4.3 requires Java 8 or later to run.
>
> The artifacts were built with
> Java(TM) SE Runtime Environment Oracle Corporation (build
> 1.8.0_271-b09)
> Java HotSpot(TM) 64-Bit Server VM Oracle Corporation (build
> 25.271-b09, mixed mode)
>
> Some known issues and incompatible changes are listed on changes page.
> https://apache.github.io/jmeter-site-preview/site/changes.html#Known%20problems%20and%20workarounds
>
>
>
> All feedback and vote are welcome.
>
> [ ] +1 I support this release
> [ ] +0 I am OK with this release
> [ ] -0 OK, but....
> [ ] -1 I do not support this release (please indicate why)
>
> The vote will remain open for 24 hours only (reason security release)
>
> The PMC members please indicate the mention "(binding)" with your vote.
>
>
> Note: If the vote passes, the intention is to release the archive files
> and rename the RC tag as the release tag.
>
> Thanks in advance!
>
> Milamber
>
> ===
> [1] SHA512 hashes of archives for this vote:
>
> e88802cc0dfcd6a2c8554911ae4574d7cfafcc8c6be6ade810b4677b7351831b0680d81cf2b0fb5bb4b9b3cf437528a044d7da74214a1bee351b273dbb53e439
>
> *apache-jmeter-5.4.3.tgz
> 1ebc2a179d724aa58ff8b8f1c2146204208aeeeb8ba2b53168d6700be2d516a204b7e65dd94a6a0e3b84906fd33a97fcf2f2e6e44fb9b8fafa017c0c1856e1d8
>
> *apache-jmeter-5.4.3.zip
> f7d19c486aad40a2313ab1fdde845dc5362000fbe25cb8f2236fcc684df7fe36970931d190a8be14ddb56dff36f4a96477b2c70420fdd0db62fe855d4c458c81
>
> *apache-jmeter-5.4.3_src.tgz
> 8cd5c0e0c16015773d7fb49380d7d41d36412cbd785cfe393871df4fa409bfb3f8191d80c42e3f9b94fe43cec6b87cfaa7bc36c6063bdf167d8e076e5f45274b
>
> *apache-jmeter-5.4.3_src.zip
>
>
>
>
>
>
Re: [VOTE] Release JMeter 5.4.3 RC1
Posted by NaveenKumar Namachivayam <ca...@gmail.com>.
+1 I support this release
On Thu, Dec 23, 2021 at 12:21 PM Philippe Mouawad <
p.mouawad@ubik-ingenierie.com> wrote:
> Hello,
> Thanks to RM
>
> +1 I support this release.
>
> Happy holidays
> Regards
>
> On Thursday, December 23, 2021, Vladimir Sitnikov <
> sitnikov.vladimir@gmail.com> wrote:
>
> > [ ] +1 I support this release.
> >
> > Thank you,
> >
> > Vladimir
> >
>
>
> --
> Cordialement
> Philippe M.
> Ubik-Ingenierie
>
--
[image: photo]
NaveenKumar Namachivayam
Performance Engineer, QAInsights
<http://github.com/qainsights> <http://youtube.com/qainsights>
<http://us.linkedin.com/in/naveenkumarn> <http://twitter.com/qainsights>
<http://facebook.com/naveenkumar%5C.namachivayam>
naveenkumar@hey.com
https://qainsights.com
Cincinnati, OH
Latest article What to do if you cannot upgrade to JMeter 5.4.2 for Log4j
Vulnerability?
<https://qainsights.com/what-to-do-if-you-cannot-upgrade-to-jmeter-5-4-2-for-log4j-vulnerability/>
Re: [VOTE] Release JMeter 5.4.3 RC1
Posted by Philippe Mouawad <p....@ubik-ingenierie.com>.
Hello,
Thanks to RM
+1 I support this release.
Happy holidays
Regards
On Thursday, December 23, 2021, Vladimir Sitnikov <
sitnikov.vladimir@gmail.com> wrote:
> [ ] +1 I support this release.
>
> Thank you,
>
> Vladimir
>
--
Cordialement
Philippe M.
Ubik-Ingenierie
Re: [VOTE] Release JMeter 5.4.3 RC1
Posted by Vladimir Sitnikov <si...@gmail.com>.
[ ] +1 I support this release.
Thank you,
Vladimir