updates for 3.2.1-rc2
diff --git a/site/_releases/3.2.0.md b/site/_releases/3.2.0.md
index df48258..7ec8b47 100644
--- a/site/_releases/3.2.0.md
+++ b/site/_releases/3.2.0.md
@@ -5,8 +5,7 @@
title: 3.2.0
date: 2021-12-06
summary: >
- Checksum and CRC capability via DFDL extensions and pluggable
- Jar files, Log4J support, miscellaneous bug fixes and improvements
+ WARNING: This release has been superceded. Use Release 3.2.1 instead.
artifact-root: "https://www.apache.org/dyn/closer.lua/daffodil/3.2.0/"
checksum-root: "https://downloads.apache.org/daffodil/3.2.0/"
@@ -24,6 +23,13 @@
scala-version: 2.12
---
+<div class="alert alert-danger">
+WARNING
+<p/>
+This release has been superceded by <a href="../3.2.1">Release 3.2.1</a> due to security issues.
+<p/>
+The release notes below are still useful for understanding the features and functionality which are also part of <a href="../3.2.1">Release 3.2.1</a>.
+</div>
#### New DFDL Language Extension Features
diff --git a/site/_releases/3.2.1.md b/site/_releases/3.2.1.md
index e202e1e..27f4317 100644
--- a/site/_releases/3.2.1.md
+++ b/site/_releases/3.2.1.md
@@ -3,15 +3,17 @@
released: false
apache: true
title: 3.2.1
-date: 2021-12-16
+date: 2021-12-19
summary: >
- Upgrade dependencies to fix CVE-2021-44228 (Log4J)
+ Patch release supercedes 3.2.0.
+ Provides updated dependencies to fix CVE-2021-44228 (Log4J), CVE-2021-45105 (Log4J),
and CVE-2021-33813 (JDOM).
- Fix unparse checksum and CRC capability (JIRA DAFFODIL-2609)
+ Fixes unparse checksum and CRC capability (JIRA DAFFODIL-2609)
+ Otherwise contains all the same functionality as Release 3.2.0 which it replaces.
-artifact-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/"
-checksum-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc1/"
+artifact-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc2/"
+checksum-root: "https://dist.apache.org/repos/dist/dev/daffodil/3.2.1-rc2/"
key-file: "https://downloads.apache.org/daffodil/KEYS"
@@ -27,11 +29,17 @@
scala-version: 2.12
---
+This release is a patch on top of [Release 3.2.0](../3.2.0) to improve security and fix a major functional bug.
+
+The [Release Notes for 3.2.0](../3.2.0)
+are still relevant to understand the features
+and functionality in this 3.2.1 patch release.
+
#### Security Improvements
-This release fixes two security CVEs by updating dependency versions.
+This release fixes three security CVEs by updating dependency versions.
-* {% jira 2610 %} Update log4J dependency to fix CVE-2021-44228
+* {% jira 2610 %} Update log4J dependency to fix CVE-2021-44228 and CVE-2021-45105
* {% jira 2611 %} Update JDOM dependency to fix CVE-2021-33813
#### Functional Improvements
@@ -61,8 +69,8 @@
**Core**
-* Log4j core 2.16.0 <small>(update)</small>
-* Log4j api 2.16.0 <small>(update)</small>
+* Log4j core 2.17.0 <small>(update)</small>
+* Log4j api 2.17.0 <small>(update)</small>
* JDOM2 2.0.6.1 <small>(update)</small>
**Code Generator (runtime2)**