Merge branch 'master' into #1583-NoAutoStart

qos-ch · Apr 11, 2024 · f8e77fb · f8e77fb
2 parents f66c0cf + a649c60
commit f8e77fb
Show file tree

Hide file tree

Showing 1,317 changed files with 28,318 additions and 69,331 deletions.
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -0,0 +1,2 @@
+tidelift: maven/ch.qos.logback:logback-classic
+github: qos-ch
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,47 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - '*'
+  pull_request:
+    branches:
+      - '*'
+
+# https://help.github.com/en/actions/automating-your-workflow-with-github-actions/software-installed-on-github-hosted-runners
+
+concurrency:
+  # On master/release, we don't want any jobs cancelled so the sha is used to name the group
+  # On PR branches, we cancel the job if new commits are pushed
+  # More info: https://stackoverflow.com/a/68422069/253468
+  group: ${{ (github.ref == 'refs/heads/branch_1.2.18' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/release' ) && format('ci-main-{0}', github.sha) || format('ci-main-{0}', github.ref) }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  Test:
+    name: JDK ${{ matrix.jdk }}, ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        jdk: [11, 17]
+        os: [ubuntu-latest, windows-latest, macos-latest]
+      fail-fast: true
+      max-parallel: 4
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 50
+    - name: Set up Java ${{ matrix.jdk }}
+      if: ${{ matrix.jdk != '8' }}
+      uses: actions/setup-java@v2
+      with:
+        distribution: 'temurin'
+        java-version: ${{ matrix.jdk }}
+    - name: Install
+      # download dependencies, etc, so test log looks better
+      run: mvn -B install
+
+
diff --git a/.gitignore b/.gitignore
@@ -12,3 +12,5 @@ logback-classic/jdbc:hsqldb:mem:test.log
 logback-classic/jdbc:hsqldb:mem:test.properties
 logback-classic/jdbc:hsqldb:mem:test.script
 cobertura.ser
+# ignore files with pound characters
+\#*\#
diff --git a/FUNDING.yml b/FUNDING.yml
@@ -0,0 +1 @@
+github: qos-ch
diff --git a/README.md b/README.md
@@ -8,6 +8,23 @@ The Logback documentation can be found on the [project
 web-site](https://logback.qos.ch/documentation.html) as well as under
 the docs/ folder of the logback distribution.
 
+# Java EE and Jakarta EE versions
+
+Given that downstream users are likely to depend on either Java EE (in
+the javax namespace) or on Jakarta EE (in the jakarta namespace) in
+their projects, it was deemed important for logback to support both EE
+alternatives.
+
+**Version 1.3.x supports Java EE, while version 1.4.x supports Jakarta EE.** 
+The two versions are feature identical.
+
+Both 1.3.x and 1.4.x series require SLF4J 2.0.x or later.
+
+The 1.3.x series requires Java 8 at runtime. If you wish to build
+logback from source, you will need Java 9. 
+
+The 1.4.x series requires Java 11 at build time and at runtime.
+
 # Building logback
 
 Version 1.3.x requires Java 9 to compile and build.
@@ -25,35 +42,47 @@ be useful to other users. Moreover, there are many knowledgeable users
 on the logback-user mailing lists who can quickly answer your
 questions.
 
+# Urgent issues
+
+For urgent issues do not hesitate to [champion a
+release](https://github.com/sponsors/qos-ch/sponsorships?tier_id=77436).
+In principle, most championed issues are solved within 3 business days
+followed up by a release.
 
 # Pull requests
 
 If you are interested in improving logback, great! The logback community
 looks forward to your contribution. Please follow this process:
 
 1. Please file a [bug
-   report](https://logback.qos.ch/bugreport.html). Pull requests with
-   an associated JIRA issue will get more attention.
-
+   report](https://logback.qos.ch/bugreport.html) before filing a pull requests. 
+   Note that pull requests wit an associated JIRA issue will get more attention. 
+   Moreover, your pull request is unlikely to be merged without an associated jira issue.
+
    Optional: Start a discussion on the [logback-dev mailing
    list](https://logback.qos.ch/mailinglist.html) about your proposed
    change.
 
 2. Fork qos-ch/logback. Ideally, create a new branch from your fork for
    your contribution to make it easier to merge your changes back.
 
-3. Make your changes on the branch you hopefuly created in Step 2. Be
+3. Make your changes on the branch you hopefully created in Step 2. Be
    sure that your code passes existing unit tests.
 
 4. Please add unit tests for your work if appropriate. It usually is.
 
-5. Push your changes to your fork/branch in github. Don't push it to
+5. Push your changes to your fork/branch in GitHub. Don't push it to
    your master! If you do it will make it harder to submit new changes
    later.
 
-6. Submit a pull request to logback from from your commit page on
-   github.
+6. Submit a pull request to logback from your commit page on GitHub.
+
+
+# Continuous integration build status
+
+| Branch | Last results |
+| ------ | -------------|
+| master | ![CI master](https://github.com/qos-ch/logback/actions/workflows/main.yml/badge.svg) |
+| 1.3 branch | ![CI 1.3 branch](https://github.com/qos-ch/logback/actions/workflows/main.yml/badge.svg?branch=branch_1.3.x) |
 
 
-# Build Status
-[![Build Status](https://travis-ci.org/qos-ch/slf4j.png)](https://travis-ci.org/qos-ch/slf4j)
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,68 @@
+
+## Reporting security issues
+
+Please report security issues related to the logback project to the
+following email address:
+
+   support(at)qos.ch
+
+
+## Verifying contents
+
+All logback project artifacts published on Maven central are signed. For each
+artifact, there is an associated signature file with the .asc suffix.
+
+The cryptographic key was updated 2022-08-08 to use a more modern
+Elliptic curve algorithm instead of RSA previously.
+
+### After 2022-08-08
+
+To verify the signature use [this public key](https://www.slf4j.org/public-keys/60200AC4AE761F1614D6C46766D68DAA073BE985.gpg). Here is its fingerprint:
+```
+pub   nistp521 2022-08-08 [SC]
+      60200AC4AE761F1614D6C46766D68DAA073BE985
+uid   Ceki Gulcu <ceki@qos.ch>
+sub   nistp521 2022-08-08 [E]
+```
+
+A copy of this key is stored on the
+[keys.openpgp.org](https://keys.openpgp.org) keyserver. To add it to
+your public key ring use the following command:
+
+```
+> FINGER_PRINT=60200AC4AE761F1614D6C46766D68DAA073BE985
+> gpg  --keyserver hkps://keys.openpgp.org --recv-keys $FINGER_PRINT
+```
+
+### Before 2022-08-08
+
+To verify the signature use [this public key](https://www.slf4j.org/public-keys/ceki-public-key.pgp). Here is its fingerprint:
+```
+pub   2048R/A511E325 2012-04-26
+Key fingerprint = 475F 3B8E 59E6 E63A A780  6748 2C7B 12F2 A511 E325
+uid   Ceki Gulcu <ceki@qos.ch>
+sub   2048R/7FBFA159 2012-04-26
+```
+
+A copy of this key is stored on the
+[keys.openpgp.org](https://keys.openpgp.org) keyserver. To add it to
+your public key ring use the following command:
+
+```
+> FINGER_PRINT=475F3B8E59E6E63AA78067482C7B12F2A511E325
+> gpg  --keyserver hkps://keys.openpgp.org --recv-keys $FINGER_PRINT
+```
+
+
+## Preventing commit history overwrite
+
+In order to prevent loss of commit history, developers of the project
+are highly encouraged to deny branch deletions or history overwrites
+by invoking the following two commands on their local copy of the
+repository.
+
+
+```
+git config receive.denyDelete true
+git config receive.denyNonFastForwards true
+```