-
Notifications
You must be signed in to change notification settings - Fork 2
tmc meeting minutes 20211215
(18:00) <StephanR>Hi
(18:00) <stenger>Hi
(18:01) - copierrj joined
(18:01) <copierrj>hi
(18:01) <StephanR>Hi
(18:01) <StephanR>https://meet.google.com/swu-nqwc-pgz
(18:02) <tfr42>hi
(18:04) <tfr42>let's start
(18:04) <tfr42>what is on our agenda
(18:04) <tfr42>release 3.4.20 is out
(18:04) <tfr42>upgrade log4j v1 to v2
(18:04) <tfr42>open pull requests
(18:07) <tfr42>https://github.com/deegree/deegree3/releases/tag/deegree-3.4.20 has been published
(18:11) <tfr42>The wiki page contains an updated checklist for releasing deegree: https://github.com/deegree/deegree3/wiki/Releasing-deegree
(18:13) <tfr42>I will send out the email with the release note
(18:14) <tfr42>The urgend CVE about log4j
(18:15) <tfr42>https://github.com/deegree/deegree3/issues/976
(18:18) <tfr42>states that deegree webservices is not affected by CVE-2021-44228 but uses an outdated and not maintained log4j version
(18:20) <copierrj>(btw: new infra issue: https://github.com/deegree/infrastructure/issues/31, to be discussed in a later meeting)
(18:26) <StephanR>See also how geoserver handles their dependecy to log4j 1.2 see http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html
(18:27) <StephanR>Geoserver created a reduced dependency to log4j1.2 without remote classes
(18:43) <tfr42>The PR https://github.com/deegree/deegree3/pull/1247 contains the upgrade from log4j v1 to log4j v2 2.16.0
(18:46) <copierrj>new related issue: https://github.com/deegree/deegree3/issues/1248
(18:46) <copierrj>+1
(18:47) <tfr42>+1
(18:47) <StephanR>0
(18:47) <stenger>0
(18:47) <copierrj>merged
(18:48) <tfr42>PR https://github.com/deegree/deegree3/pull/1148
(18:49) <tfr42>upgrading HTTP client
(18:49) <copierrj>+1
(18:49) <tfr42>+1
(18:49) <StephanR>+1
(18:49) <stenger>+1
(18:49) <copierrj>merged
(18:50) <stenger>https://github.com/deegree/deegree3/pull/1243
(18:52) <copierrj>+1
(18:52) <stenger>+1
(18:52) <tfr42>+1
(18:52) <StephanR>+1
(18:52) <copierrj>merged
(18:52) <stenger>https://github.com/deegree/deegree3/pull/1244
(18:59) <copierrj>https://github.com/deegree/deegree3/pull/1249
(18:59) <copierrj>+1
(18:59) <stenger>+1
(18:59) <StephanR>+1
(18:59) <tfr42>+1
(18:59) <copierrj>now vote on https://github.com/deegree/deegree3/pull/1244
(18:59) <stenger>+1
(18:59) <tfr42>+1
(18:59) <copierrj>+1
(19:00) <StephanR>+1 (replaces #1243)
(19:00) <StephanR>merged
(19:01) <stenger>https://github.com/deegree/deegree3/pull/1239
(19:02) <StephanR>+1
(19:02) <tfr42>+1
(19:02) <stenger>+1
(19:03) <copierrj>+1
(19:03) <copierrj>merged
(19:04) <stenger>https://github.com/deegree/deegree3/pull/1240
(19:04) <copierrj>+1
(19:04) <StephanR>+1
(19:04) <stenger>+1
(19:04) <tfr42>+1
(19:05) <copierrj>merged
(19:05) <stenger>https://github.com/deegree/deegree3/pull/1241
(19:05) <tfr42>+1
(19:05) <copierrj>+1
(19:05) <StephanR>+1
(19:05) <stenger>+1
(19:05) <copierrj>merged
(19:06) <tfr42>shall we go for version 3.4.21?
(19:06) <stenger>+1
(19:06) <StephanR>+1
(19:06) <tfr42>+1
(19:06) <copierrj>+1
(19:07) <tfr42>Next meeting?
(19:08) <tfr42>5th January 2021, 18:00 CET
(19:08) <copierrj>+1
(19:08) <StephanR>+1
(19:09) <stenger>+1