Skip to content
Permalink
Browse files
updates for 3.2.1-rc2
  • Loading branch information
mbeckerle committed Dec 20, 2021
1 parent 6e73f67 commit 4374c18078489d940375497662ad1099ac49117c
Showing 2 changed files with 25 additions and 11 deletions.
@@ -5,8 +5,7 @@ apache: true
title: 3.2.0
date: 2021-12-06
summary: >
Checksum and CRC capability via DFDL extensions and pluggable
Jar files, Log4J support, miscellaneous bug fixes and improvements
WARNING: This release has been superceded. Use Release 3.2.1 instead.
artifact-root: "https://www.apache.org/dyn/closer.lua/daffodil/3.2.0/"
checksum-root: "https://downloads.apache.org/daffodil/3.2.0/"
@@ -24,6 +23,13 @@ binary-dist:

scala-version: 2.12
---
<div class="alert alert-danger">
WARNING
<p/>
This release has been superceded by <a href="../3.2.1">Release 3.2.1</a> due to security issues.
<p/>
The release notes below are still useful for understanding the features and functionality which are also part of <a href="../3.2.1">Release 3.2.1</a>.
</div>

#### New DFDL Language Extension Features

@@ -3,15 +3,17 @@
released: false
apache: true
title: 3.2.1
date: 2021-12-16
date: 2021-12-19
summary: >
Upgrade dependencies to fix CVE-2021-44228 (Log4J)
Patch release supercedes 3.2.0.
Provides updated dependencies to fix CVE-2021-44228 (Log4J), CVE-2021-45105 (Log4J),
and CVE-2021-33813 (JDOM).
Fix unparse checksum and CRC capability (JIRA DAFFODIL-2609)
Fixes unparse checksum and CRC capability (JIRA DAFFODIL-2609)
Otherwise contains all the same functionality as Release 3.2.0 which it replaces.
artifact-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/"
checksum-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/"
artifact-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc2/"
checksum-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc2/"

key-file: "https://downloads.apache.org/daffodil/KEYS"

@@ -27,11 +29,17 @@ binary-dist:
scala-version: 2.12
---

This release is a patch on top of [Release 3.2.0](../3.2.0) to improve security and fix a major functional bug.

The [Release Notes for 3.2.0](../3.2.0)
are still relevant to understand the features
and functionality in this 3.2.1 patch release.

#### Security Improvements

This release fixes two security CVEs by updating dependency versions.
This release fixes three security CVEs by updating dependency versions.

* {% jira 2610 %} Update log4J dependency to fix CVE-2021-44228
* {% jira 2610 %} Update log4J dependency to fix CVE-2021-44228 and CVE-2021-45105
* {% jira 2611 %} Update JDOM dependency to fix CVE-2021-33813

#### Functional Improvements
@@ -61,8 +69,8 @@ The following dependencies have been added or updated

**Core**

* Log4j core 2.16.0 <small>(update)</small>
* Log4j api 2.16.0 <small>(update)</small>
* Log4j core 2.17.0 <small>(update)</small>
* Log4j api 2.17.0 <small>(update)</small>
* JDOM2 2.0.6.1 <small>(update)</small>

**Code Generator (runtime2)**

0 comments on commit 4374c18

Please sign in to comment.