Riemann 0.3.8 released!
18 views
Skip to first unread message
James Turnbull
Dec 13, 2021, 5:58:26 PM12/13/21
to rieman...@googlegroups.com
Hi all
Riemann 0.3.8 has been released. It’s a quick maintenance release made in an abundance of caution with the recent log4j issue.
https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
We do not believe Riemann is vulnerable but we’ve updated:
Riemann 0.3.8 has been released. It’s a quick maintenance release made in an abundance of caution with the recent log4j issue.
https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
We do not believe Riemann is vulnerable but we’ve updated:
- slf4j-over-log4j to 1.7.32 (although we use Logback internally - which is not vulnerable to the log4j issue)
- clojure/tools.logging to 1.2.1 (which pulls in a later and secure version of log4j in as a dependency)
https://github.com/riemann/riemann/releases/tag/0.3.8
Docker and Clojars have also been updated.
Please let me know if you find any issues.
Thanks
James Turnbull
Docker and Clojars have also been updated.
Please let me know if you find any issues.
Thanks
James Turnbull
Dave Cottlehuber
Dec 14, 2021, 2:53:03 PM12/14/21
to rieman...@googlegroups.com
On Mon, 13 Dec 2021, at 22:58, James Turnbull wrote:
> Hi all
>
> Riemann 0.3.8 has been released. It’s a quick maintenance release made
> in an abundance of caution with the recent log4j issue.
thanks James,
> Hi all
>
> Riemann 0.3.8 has been released. It’s a quick maintenance release made
> in an abundance of caution with the recent log4j issue.
I really appreciate you taking the time to bake another delicious release
for us all!
I'm concerned that the published 0.3.8 tarball appears to have changed, do you
know why this might be? specifically, this URL:
https://github.com/riemann/riemann/releases/download/0.3.8/riemann-0.3.8.tar.bz2
Since I did the first FreeBSD ports release, it has diverged:
-rw-r--r-- 1 dch wheel 91007774 Dec 13 22:37 riemann-0.3.8.tar.bz2
-rw-r--r-- 1 dch wheel 91010548 Dec 14 13:36 riemann-0.3.8.tar.bz2
obviously both size & checksums are different, and the unpacked riemann.jar is also different inside, not that I can tell the significance of it.
Did you need to re-upload assets? or is there some other process that might cause this to change, such as a renamed branch, for example?
thanks
Dave
James Turnbull
Dec 14, 2021, 4:16:18 PM12/14/21
to rieman...@googlegroups.com
Yes - I replaced the artifacts because I (stupidly) forgot to update Docker to build x86 when I moved to arm.
https://github.com/riemann/riemann/issues/1002
I had planned to send an email out but on holidays so moving slowly.
Regards
James
https://github.com/riemann/riemann/issues/1002
I had planned to send an email out but on holidays so moving slowly.
Regards
James
--
You received this message because you are subscribed to the Google Groups "Riemann Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to riemann-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/riemann-users/73e8fa0a-8666-4073-9179-397785291a3c%40www.fastmail.com.
Reply all
Reply to author
Forward
0 new messages