You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@karaf.apache.org by Jean-Baptiste Onofre <jb...@nanthrax.net> on 2021/12/29 06:55:37 UTC

[ANN] Apache Karaf runtime 4.3.5 has been released

The Apache Karaf team is pleased so announce Apache Karaf runtime 4.3.5 release.

This release is an important release on the Karaf 4.3.x series bringing security fixes (logshell) especially:

- upgrade to jolokia 1.7.1
- upgrade to pax-logging 2.0.12
- upgrade to log4j 2.17.0 fixing CVE-2021-45105 and CVE-2021-44228
- upgrade to logback 1.2.9 fixing CVE-2021-42550

The Release Notes are available here: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350856

Download: http://karaf.apache.org/download.html <http://karaf.apache.org/download.html>

Enjoy!
The Apache Karaf team

Re: [ANN] Apache Karaf runtime 4.3.5 has been released

Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.

Hi 

Yes, it’s already planned. The 4.3.6 and 4.2.15 releases will be in vote soon.

Regards
JB

> Le 30 déc. 2021 à 18:17, Robert Dean <Ro...@bd.com> a écrit :
> 
> Happy holidays everyone!
> 
> Log4j question: Will there need to be another release for the log4j 2.17.1 security fix?
> 
> Thank you,
> Joe Dean
> 
> 
> PTO Alert: None
> 
> On 12/28/21, 10:55 PM, "Jean-Baptiste Onofre" <jb...@nanthrax.net> wrote:
> 
>    EXTERNAL EMAIL - Use caution opening attachments and links.
> 
>    The Apache Karaf team is pleased so announce Apache Karaf runtime 4.3.5 release.
> 
>    This release is an important release on the Karaf 4.3.x series bringing security fixes (logshell) especially:
> 
>    - upgrade to jolokia 1.7.1
>    - upgrade to pax-logging 2.0.12
>    - upgrade to log4j 2.17.0 fixing CVE-2021-45105 and CVE-2021-44228
>    - upgrade to logback 1.2.9 fixing CVE-2021-42550
> 
>    The Release Notes are available here: https://urldefense.com/v3/__https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350856__;!!AMCWqqRremt4Wx4!FbnwTktvh0yfq-_FDRz1PJ4qUVHCiR1-d_HBoBOppcsDztH1QHnA71yc-pttrw$
> 
>    Download: https://urldefense.com/v3/__http://karaf.apache.org/download.html__;!!AMCWqqRremt4Wx4!FbnwTktvh0yfq-_FDRz1PJ4qUVHCiR1-d_HBoBOppcsDztH1QHnA71xZDuHNXg$  <https://urldefense.com/v3/__http://karaf.apache.org/download.html__;!!AMCWqqRremt4Wx4!FbnwTktvh0yfq-_FDRz1PJ4qUVHCiR1-d_HBoBOppcsDztH1QHnA71xZDuHNXg$ >
> 
>    Enjoy!
>    The Apache Karaf team
> 
> *******************************************************************
> IMPORTANT MESSAGE FOR RECIPIENTS IN THE U.S.A.:
> This message may constitute an advertisement of a BD group's products or services or a solicitation of interest in them. If this is such a message and you would like to opt out of receiving future advertisements or solicitations from this BD group, please forward this e-mail to optoutbygroup@bd.com. [BD.v1.0]
> *******************************************************************
> This message (which includes any attachments) is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to the attorney-client privilege or other confidentiality protections. If you are not a designated recipient, you may not review, use, copy or distribute this message. If you received this in error, please notify the sender by reply e-mail and delete this message. Thank you.
> *******************************************************************
> Corporate Headquarters Mailing Address: BD (Becton, Dickinson and Company) 1 Becton Drive Franklin Lakes, NJ 07417 U.S.A.

Re: [ANN] Apache Karaf runtime 4.3.5 has been released

Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.

Hi 

Yes, it’s already planned. The 4.3.6 and 4.2.15 releases will be in vote soon.

Regards
JB

> Le 30 déc. 2021 à 18:17, Robert Dean <Ro...@bd.com> a écrit :
> 
> Happy holidays everyone!
> 
> Log4j question: Will there need to be another release for the log4j 2.17.1 security fix?
> 
> Thank you,
> Joe Dean
> 
> 
> PTO Alert: None
> 
> On 12/28/21, 10:55 PM, "Jean-Baptiste Onofre" <jb...@nanthrax.net> wrote:
> 
>    EXTERNAL EMAIL - Use caution opening attachments and links.
> 
>    The Apache Karaf team is pleased so announce Apache Karaf runtime 4.3.5 release.
> 
>    This release is an important release on the Karaf 4.3.x series bringing security fixes (logshell) especially:
> 
>    - upgrade to jolokia 1.7.1
>    - upgrade to pax-logging 2.0.12
>    - upgrade to log4j 2.17.0 fixing CVE-2021-45105 and CVE-2021-44228
>    - upgrade to logback 1.2.9 fixing CVE-2021-42550
> 
>    The Release Notes are available here: https://urldefense.com/v3/__https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350856__;!!AMCWqqRremt4Wx4!FbnwTktvh0yfq-_FDRz1PJ4qUVHCiR1-d_HBoBOppcsDztH1QHnA71yc-pttrw$
> 
>    Download: https://urldefense.com/v3/__http://karaf.apache.org/download.html__;!!AMCWqqRremt4Wx4!FbnwTktvh0yfq-_FDRz1PJ4qUVHCiR1-d_HBoBOppcsDztH1QHnA71xZDuHNXg$  <https://urldefense.com/v3/__http://karaf.apache.org/download.html__;!!AMCWqqRremt4Wx4!FbnwTktvh0yfq-_FDRz1PJ4qUVHCiR1-d_HBoBOppcsDztH1QHnA71xZDuHNXg$ >
> 
>    Enjoy!
>    The Apache Karaf team
> 
> *******************************************************************
> IMPORTANT MESSAGE FOR RECIPIENTS IN THE U.S.A.:
> This message may constitute an advertisement of a BD group's products or services or a solicitation of interest in them. If this is such a message and you would like to opt out of receiving future advertisements or solicitations from this BD group, please forward this e-mail to optoutbygroup@bd.com. [BD.v1.0]
> *******************************************************************
> This message (which includes any attachments) is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to the attorney-client privilege or other confidentiality protections. If you are not a designated recipient, you may not review, use, copy or distribute this message. If you received this in error, please notify the sender by reply e-mail and delete this message. Thank you.
> *******************************************************************
> Corporate Headquarters Mailing Address: BD (Becton, Dickinson and Company) 1 Becton Drive Franklin Lakes, NJ 07417 U.S.A.

Re: [ANN] Apache Karaf runtime 4.3.5 has been released

Posted by Robert Dean <Ro...@bd.com>.

Happy holidays everyone!

Log4j question: Will there need to be another release for the log4j 2.17.1 security fix?

Thank you,
Joe Dean


PTO Alert: None

On 12/28/21, 10:55 PM, "Jean-Baptiste Onofre" <jb...@nanthrax.net> wrote:

    EXTERNAL EMAIL - Use caution opening attachments and links.

    The Apache Karaf team is pleased so announce Apache Karaf runtime 4.3.5 release.

    This release is an important release on the Karaf 4.3.x series bringing security fixes (logshell) especially:

    - upgrade to jolokia 1.7.1
    - upgrade to pax-logging 2.0.12
    - upgrade to log4j 2.17.0 fixing CVE-2021-45105 and CVE-2021-44228
    - upgrade to logback 1.2.9 fixing CVE-2021-42550

    The Release Notes are available here: https://urldefense.com/v3/__https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350856__;!!AMCWqqRremt4Wx4!FbnwTktvh0yfq-_FDRz1PJ4qUVHCiR1-d_HBoBOppcsDztH1QHnA71yc-pttrw$

    Download: https://urldefense.com/v3/__http://karaf.apache.org/download.html__;!!AMCWqqRremt4Wx4!FbnwTktvh0yfq-_FDRz1PJ4qUVHCiR1-d_HBoBOppcsDztH1QHnA71xZDuHNXg$  <https://urldefense.com/v3/__http://karaf.apache.org/download.html__;!!AMCWqqRremt4Wx4!FbnwTktvh0yfq-_FDRz1PJ4qUVHCiR1-d_HBoBOppcsDztH1QHnA71xZDuHNXg$ >

    Enjoy!
    The Apache Karaf team

*******************************************************************
IMPORTANT MESSAGE FOR RECIPIENTS IN THE U.S.A.:
This message may constitute an advertisement of a BD group's products or services or a solicitation of interest in them. If this is such a message and you would like to opt out of receiving future advertisements or solicitations from this BD group, please forward this e-mail to optoutbygroup@bd.com. [BD.v1.0]
*******************************************************************
This message (which includes any attachments) is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to the attorney-client privilege or other confidentiality protections. If you are not a designated recipient, you may not review, use, copy or distribute this message. If you received this in error, please notify the sender by reply e-mail and delete this message. Thank you.
*******************************************************************
Corporate Headquarters Mailing Address: BD (Becton, Dickinson and Company) 1 Becton Drive Franklin Lakes, NJ 07417 U.S.A.

Re: [ANN] Apache Karaf runtime 4.3.5 has been released

Posted by Robert Dean <Ro...@bd.com>.

Happy holidays everyone!

Log4j question: Will there need to be another release for the log4j 2.17.1 security fix?

Thank you,
Joe Dean


PTO Alert: None

On 12/28/21, 10:55 PM, "Jean-Baptiste Onofre" <jb...@nanthrax.net> wrote:

    EXTERNAL EMAIL - Use caution opening attachments and links.

    The Apache Karaf team is pleased so announce Apache Karaf runtime 4.3.5 release.

    This release is an important release on the Karaf 4.3.x series bringing security fixes (logshell) especially:

    - upgrade to jolokia 1.7.1
    - upgrade to pax-logging 2.0.12
    - upgrade to log4j 2.17.0 fixing CVE-2021-45105 and CVE-2021-44228
    - upgrade to logback 1.2.9 fixing CVE-2021-42550

    The Release Notes are available here: https://urldefense.com/v3/__https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12350856__;!!AMCWqqRremt4Wx4!FbnwTktvh0yfq-_FDRz1PJ4qUVHCiR1-d_HBoBOppcsDztH1QHnA71yc-pttrw$

    Download: https://urldefense.com/v3/__http://karaf.apache.org/download.html__;!!AMCWqqRremt4Wx4!FbnwTktvh0yfq-_FDRz1PJ4qUVHCiR1-d_HBoBOppcsDztH1QHnA71xZDuHNXg$  <https://urldefense.com/v3/__http://karaf.apache.org/download.html__;!!AMCWqqRremt4Wx4!FbnwTktvh0yfq-_FDRz1PJ4qUVHCiR1-d_HBoBOppcsDztH1QHnA71xZDuHNXg$ >

    Enjoy!
    The Apache Karaf team

*******************************************************************
IMPORTANT MESSAGE FOR RECIPIENTS IN THE U.S.A.:
This message may constitute an advertisement of a BD group's products or services or a solicitation of interest in them. If this is such a message and you would like to opt out of receiving future advertisements or solicitations from this BD group, please forward this e-mail to optoutbygroup@bd.com. [BD.v1.0]
*******************************************************************
This message (which includes any attachments) is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to the attorney-client privilege or other confidentiality protections. If you are not a designated recipient, you may not review, use, copy or distribute this message. If you received this in error, please notify the sender by reply e-mail and delete this message. Thank you.
*******************************************************************
Corporate Headquarters Mailing Address: BD (Becton, Dickinson and Company) 1 Becton Drive Franklin Lakes, NJ 07417 U.S.A.