| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: log4j | Distribution: SUSE Linux Enterprise 15 |
| Version: 2.17.2 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 150200.4.27.45 | Build date: Wed Sep 27 20:18:43 2023 |
| Group: Unspecified | Build host: h04-ch1d |
| Size: 2753211 | Source RPM: log4j-2.17.2-150200.4.27.45.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: http://logging.apache.org/log4j | |
| Summary: Java logging package | |
Log4j is a tool to help the programmer output log statements to a variety of output targets.
Apache-2.0
* Wed Jun 15 2022 fstrba@suse.com
- Build also taglib, jmx-gui, bom, nosql and web modules, on
platforms where we have the dependencies
* Mon Jun 13 2022 fstrba@suse.com
- Do not package the *.zip artifacts whose content is part of the
multi-release jars already
- Added patch:
* log4j-java8compat.patch
+ maintain ByteBuffer and CharBuffer compatibility with java 8
* Mon Jun 13 2022 fstrba@suse.com
- Build as multi-release jar.
- Add some logging providers which we can build with the existing
dependencies and without cycles.
* Mon Apr 11 2022 fstrba@suse.com
- Add dependency on standalone javax.activation-api that is not
included in newer JDKs
* Thu Mar 10 2022 david.anes@suse.com
- Update to 2.17.2
* New Features
- Limit loading of configuration via a url to https by default.
- Require log4j2.Script.enableLanguages to be specified to
enable scripting for specific languages.
- Add TB support to FileSize.
- Add the log4j-to-jul JDK Logging Bridge.
- Add org.apache.logging.log4j.core.appender.AsyncAppender.getAppenders()
to more easily port from org.apache.log4j.AsyncAppender.getAllAppenders().
- Add Configurator.setLevel(Logger, Level),
setLevel(String, String), and setLevel(Class, Level).
- Add shorthand syntax for properties configuration format for
specifying a logger level and appender refs.
- Add optional additional fields to NoSQLAppender.
* Fixed Bugs
- Flag LogManager as initiialized if the LoggerFactory is
provided as a property.
- Fix DefaultConfiguration leak in PatternLayout.
- Document that the Spring Boot Lookup requires the
log4j-spring-boot dependency.
- Fix RoutingAppender backcompat and disallow recursive
evaluation of lookup results outside of configuration
properties.
- Fix ThreadContextDataInjector initialization deadlock.
- Fix substitutions when programmatic configuration is used.
- OptionConverter could cause a StackOverflowError.
- Log4j 1.2 bridge class ConsoleAppender should extend
WriterAppender and provide better compatibility with custom
appenders.
- Log4j 1.2 bridge method NDC.inherit(Stack) should not use
generics to provide source compatibility.
- Log4j 1.2 bridge class PatternLayout is missing constants
DEFAULT_CONVERSION_PATTERN and TTCC_CONVERSION_PATTERN.
- Log4j 1.2 bridge class PropertyConfigurator should implement
Configurator.
- Log4j 1.2 bridge interface Configurator doConfigure() methods
should use LoggerRepository, not LoggerContext.
- Log4j 1.2 bridge class OptionConverter is missing
selectAndConfigure() methods.
- Log4j 1.2 bridge class Category should implement
AppenderAttachable.
- Log4j 1.2 bridge method Category.exists(String) should be
static.
- Log4j 1.2 bridge methods missing in org.apache.log4j.Category:
getDefaultHierarchy(), getHierarchy(), getLoggerRepository().
- Log4j 1.2 bridge class LogManager default constructor should
be public.
- Log4j 1.2 bridge interface org.apache.log4j.spi.RendererSupport
was in the wrong package and incomplete.
- Log4j 1.2 bridge interfaces missing from package
org.apache.log4j.spi: ThrowableRenderer,
ThrowableRendererSupport, TriggeringEventEvaluator.
- Log4j 1.2 bridge missing class org.apache.log4j.or.RendererMap.
- Log4j 1.2 bridge PropertiesConfiguration.buildAppender not
adding filters to custom appender.
- Log4j 1.2 bridge should ignore case in properties file keys.
- Log4j 1.2 bridge adds org.apache.log4j.component.helpers.Constants.
- Log4j 1.2 bridge adds org.apache.log4j.helpers.LogLog.
- Log4j 1.2 bridge adds org.apache.log4j.helpers.Loader.
- Log4j 1.2 bridge adds org.apache.log4j.spi.RootLogger.
- Log4j 1.2 bridge class Category is missing some protected
instance variables.
- Log4j 1.2 bridge adds org.apache.log4j.Hierarchy.
- Log4j 1.2 bridge methods Category.getChainedPriority() and
getEffectiveLevel() should not be final.
- Log4j 1.2 bridge adds org.apache.log4j.spi.NOPLoggerRepository
and NOPLogger.
- Log4j 1.2 bridge adds org.apache.log4j.spi.DefaultRepositorySelector.
- Log4j 1.2 bridge implements LogManager.getCurrentLoggers()
fully.
- Log4j 1.2 bridge fixes parsing filters in properties
configuration file #680.
- Log4j 1.2 bridge missing OptionConverter.instantiateByKey(
Properties, String, Class, Object).
- Log4j 1.2 bridge class org.apache.log4j.spi.LoggingEvent
missing constructors and public instance variable.
- Log4j 1.2 bridge does not support system properties in log4j.xml.
- Log4j 1.2 bridge now logs a warning instead of throwing an
NullPointerException when building a Syslog appender with a
missing "SyslogHost" param.
- Log4j 1.2 bridge should allow property and XML attributes to
start with either an upper-case or lower-case letter.
- Log4j 1.2 bridge uses the wrong default values for a
TTCCLayout.
- Log4j 1.2 bridge throws ClassCastException when using
SimpleLayout and others.
- Log4j 1.2 bridge uses the wrong file pattern for rolling file
appenders.
- Log4j 1.2 bridge throws ClassCastException when using
SimpleLayout and others.
- Log4j 1.2 bridge creates a SocketAppender instead of a
SyslogAppender.
- Log4j 1.2 bridge uses some incorrect default property values
in some appenders.
- Log4j 1.2 bridge supports the SocketAppender.
- Log4j 1.2 bridge missing DefaultThrowableRenderer.
- Log4j 1.2 bridge missing some ThrowableInformation constructors.
- Log4j 1.2 bridge missing some LocationInfo constructors.
- Log4j 1.2 bridge missed
- Log4j 1.2 bridge missed org.apache.log4j.pattern.FormattingInfo.
- Log4j 1.2 bridge missed org.apache.log4j.pattern.NameAbbreviator.
- Log4j 1.2 bridge missing UtilLoggingLevel.
- Log4j 1.2 bridge missing FormattingInfo.
- Log4j 1.2 bridge missing PatternConverter.
- Log4j 1.2 bridge missing PatternParser.
- Log4j 1.2 bridge issues with filters.
- Log4j 1.2 bridge implements most of DOMConfigurator.
- JndiManager reverts to 2.17.0 behavior: Read the system
property for each call.
- Configurator.setLevel not fetching the correct LoggerContext.
- Fix DTD error: Add missing ELEMENT for Marker.
- Fix log4j-jakarta-web service file.
- AppenderLoggingException logging any exception to a MongoDB
Appender.
- Possible NullPointerException in MongoDb4DocumentObject,
MongoDbDocumentObject, DefaultNoSqlObject.
- Trim whitespace before parsing a String into an Integer.
- Log4j 1.2 bridge throws a ClassCastException when logging a
Map with non-String keys.
- Log4j 1.2 bridge Check for non-existent appender when parsing
properties #761. Thanks to Kenny MacLeod.
- Log4j 1.2 bridge supports global threshold.
* Changes
- Change modifier of method
org.apache.logging.log4j.core.tools.Generate#generate to
public (was package private) to facilitate automated code
generation.
* Tue Feb 22 2022 fstrba@suse.com
- Remove alias log4j:log4j from log4j-1.2-api, since it is not a
drop-in replacement
* Wed Dec 29 2021 david.anes@suse.com
- Update to 2.17.1 [bsc#1194127, CVE-2021-44832]
* Fixed bugs:
- JdbcAppender now uses JndiManager to access JNDI resources.
JNDI is only enabled when system property log4j2.enableJndiJdbc
is set to true.
- Remove unused method.
- ExtendedLoggerWrapper.logMessage no longer double-logs when
location is requested.
- log4j-to-slf4j no longer re-interpolates formatted message
contents.
- Correct SpringLookup package name in Interpolator.
- log4j-to-slf4j takes the provided MessageFactory into account.
- Fix MapLookup to lookup MapMessage before DefaultMap.
- Buffered I/O checked had inverted logic in
RollingFileAppenderBuidler.
- Fix NPE when input is null in
StrSubstitutor.replace(String, Properties).
- Lookups with no prefix only read values from the configuration
properties as expected.
- Reduce ignored package scope of KafkaAppender.
* Sat Dec 18 2021 andreas.stieger@gmx.de
- add upstream signing key to verify source signature
* Sat Dec 18 2021 david.anes@suse.com
- Update to 2.17.0 [bsc#1193887, bsc#1193888, CVE-2021-45105]
* Fixed Bugs
- Fix string substitution recursion.
- Limit JNDI to the java protocol only. JNDI will remain disabled
by default. Rename JNDI enablement property from
'log4j2.enableJndi' to 'log4j2.enableJndiLookup',
'log4j2.enableJndiJms', and 'log4j2.enableJndiContextSelector'.
- Limit JNDI to the java protocol only. JNDI will remain disabled
by default. The enablement property has been renamed to
'log4j2.enableJndiJava'
- Do not declare log4j-api-java9 and log4j-core-java9 as
dependencies as it causes problems with the Maven enforcer
plugin.
- PropertiesConfiguration.parseAppenderFilters NPE when parsing
properties file filters.
- Log4j 1.2 bridge for Syslog Appender defaults to port 512
instead of 514.
- Log4j 1.2 bridge API hard codes the Syslog protocol to TCP.
* Wed Dec 15 2021 sflees@suse.de
- Update to 2.16.0 [bsc#1193743, CVE-2021-45046]
* Features
- Add JsonTemplateLayout.
- Create module log4j-mongodb4 to use new major version 4
MongoDB driver.
- More flexible configuration of the Disruptor WaitStrategy.
Thanks to Stepan Gorban.
* Bugfixes and minor enhancements
- It was found that the fix to address CVE-2021-44228 in Apache
Log4j 2.15.0 was incomplete in certain non-default
configurations.
This could allows attackers with control over Thread Context
Map (MDC) input data when the logging configuration uses a
Pattern Layout with either a Context Lookup (for example,
$${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or
%MDC) to craft malicious input data using a JNDI Lookup
pattern resulting in a denial of service (DOS) attack.
Log4j 2.15.0 restricts JNDI LDAP lookups to localhost by
default. Note that previous mitigations involving
configuration such as setting the system property
log4j2.noFormatMsgLookup to true do NOT mitigate this specific
vulnerability.
- Upstream initial fix for bsc#1193611, CVE-2021-44228
- Numerous other minor bugfixes
* Drop CVE-2021-44228.patch and disable-jndi-by-default.patch
included upstream
* To make the bots happy this stream isn't affected by
bsc#1193662 CVE-2021-4104 which is 1.X only
* Tue Dec 14 2021 psimons@suse.com
- Apply "disable-jndi-by-default.patch" to disable JNDI support by
default. There is evidence that the previous upstream fix for
CVE-2021-44228 did not solve the vulnerability entirely. Since
JNDI support is ususally not required, upstream recommends this
route to be completely safe. [bsc#1193611, CVE-2021-44228]
* Fri Dec 10 2021 psimons@suse.com
- Apply "CVE-2021-44228.patch" to fix a remote code execution
vulnerability that existed in the LDAP JNDI parser. [bsc#1193611,
CVE-2021-44228]
* Mon Apr 27 2020 fstrba@suse.com
- Do not build the log4j-jpl artifact, as to avoid java-11-only
features
* Mon Apr 27 2020 pmonrealgonzalez@suse.com
- Update to 2.13.2 [bsc#1170535, CVE-2020-9488]
* Bugfixes and minor enhancements:
- CVE-2020-9488: Improper validation of certificate with host mismatch
in Apache Log4j SMTP appender.
- Implement requiresLocation in GelfLayout to reflect whether location
information is used in the message Pattern.
- Add option to restore printing timeMillis in the JsonLayout.
- Initialize pattern processor before triggering policy during reconfiguration.
- Add information about using a url in log4j.configurationFile.
- serializeToBytes was checking wrong variable for null.
- Fix Javadoc for ScriptPatternSelector.
- Allow trailing and leading spaces in log level.
- Correct JsonLayout timestamp sorting issue.
- Allow the file size action to parse the value without being sensitive
to the current locale.
- Make YamlLayoutTest more resiliant to environmental differences.
- Conditionally allocate PluginEntry during PluginCache loading.
- Add missing includeLocation parameter when creating AsyncLogger.
- Fix Exceptions when whitespace is in the file path and Java security
manager is used.
- Avoid NullPointerException when StackWalker returns null.
- TimeFilter did not handle daylight saving time transitions and did
not support a range over 2 days.
- Provide a Log4j implementation of System.Logger.
- Added EventLookup to retrieve fields from the log event.
* Changes:
- Allow the file extension in the file pattern to be modified during reconfiguration.
- Add support for specifying an SSL configuration for SmtpAppender.
- Allow servlet context path to be retrieved without "/".
- Allow Spring Lookup to return default and active profiles.
- Allow Spring Boot applications to use composite configuratons.
- Add ContextDataProviders as an alternative to having to implement a ContextDataInjector.
- [JDBC] Throw a AppenderLoggingException instead of an NPE in the JDBC database manager.
- Update to 2.13.1
- Prevent LoggerContext from being garbage collected while being created.
- Do not log an error if Files.move does not work.
- Rollover fails when file matches pattern but index is too large.
- Counter stuck at 10 and overwriting files when leading zeros used in the file pattern count.
- ClassLoaderContextSelector was not locating the LoggerContext during shutdown.
- JSON output wrong when using additonal fields.
- GraalVM does not allow use of MethodHandles.
- Allow Lookup keys with leading dashes by using a slash as an escape character.
- ServletContainerInitializer was obtaining the StatusLogger too soon.
- PluginProcessor should use Messager instead of System.out.
- MapMessage.getFormattedMesssage() would incorrectly format objects.
- Always write header on a new OutputStream.
- An error message in RollingFileAppender uses a placeholder for the name but does not
specify the name argument in the logging call.
- NullPointerException when using a custom DirectFileRolloverStrategy without a file name.
- Add mulit-parameter overloads to LogBuilder.
- Fixed NullPointerException after reconfiguring via JMX.
- RollingFileAppender was not rolling on startup if createOnDemand was set to true.
- Warn if pattern is missing on Routes element. Use default route.
- Fix lock contention in the classloader using new versions of slf4j without EventData
on slf4j logger creation.
- Rollover handles parallel file deletion gracefully.
- Remove unnecessary EventLogger references from log4j-slf4j18-impl due to removal from slf4j.
- Fix a memory leak using fully asynchronous logging when the queue is full using the 'discard'
asynchronous queue full strategy.
- Fix erroneous log4j-jul recursive logger detection resulting in some no-op JUL loggers and
'WARN Recursive call to getLogger' being reported by the status logger.
- PluginCache output is reproducible allowing the annotation processor to produce
deterministic results.
- Fix StackLocator.getCallerClass performance in cases where Reflection.getCallerClass
is not accessible.
- MutableLogEvent and RingBufferLogEvent avoid StringBuffer and parameter array allocation
unless reusable messages are used.
- LoaderUtil.getClassLoaders may discover additional loaders and no longer erroneously returns
a result with a null element in some environments.
- CronExpression.getBeforeTime() would sometimes return incorrect result.
- [JDBC] MS-SQL Server JDBC driver throws SQLServerException when inserting a null value
for a VARBINARY column.
- NullPointerException after reconfiguring via JMX.
- Implement ISO8601_PERIOD_MICROS fixed date format matching ISO8601_PERIOD with support
for microsecond precision.
* Changes:
- Conditionally perform status logging calculations in PluginRegistry.
- Use LinkedBlockingQueue instead of synchronized collction in StatusConfiguration.
- Add a retry count attribute to the KafkaAppender.
- Update log4j-slf4j18-impl slf4j version to 1.8.0-beta4 from 1.8.0-alpha2.
- Update dependencies.
- Remove patch fixed upstream:
* logging-log4j-LOG4J2-2745-LOG4J2-2744-slf4j.patch
* log4j-CVE-2020-9488.patch
- Refresh patch:
* logging-log4j-Remove-unsupported-EventDataConverter.patch
* Mon Apr 27 2020 pmonrealgonzalez@suse.com
- Security fix: [bsc#1170535, CVE-2020-9488]
* Improper validation of certificate with host mismatch in SMTP appender.
- Add log4j-CVE-2020-9488.patch
* Wed Feb 26 2020 fstrba@suse.com
- Added patches:
* logging-log4j-LOG4J2-2745-LOG4J2-2744-slf4j.patch
* logging-log4j-Remove-unsupported-EventDataConverter.patch
+ fix build with newer slf4j
* Tue Jan 21 2020 pmonrealgonzalez@suse.com
- Update to 2.13.0 [bsc#1159646, CVE-2019-17571]
* Bugfixes and minor enhancements:
- CVE-2019-17571: Remote code execution: Deserialization of untrusted
data in SocketServer
- Log4j 2 now requires Java 8 or higher to build and run.
- Better integration with Spring Boot by providing access to Spring
variables in Log4j 2 configuration files and allowing Log4j 2 system
properties to be defined in the Spring configuration.
- Support for accessing Kubernetes information via a Log4j 2 Lookup.
- The Gelf Layout now allows the message to be formatted using a
PatternLayout pattern.
- Due to a break in compatibility in the SLF4J binding, Log4j now
ships with two versions of the SLF4J to Log4j adapters.
- log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and
log4j-slf4j18-impl should be used with SLF4J 1.8.x and later.
- Note that the XML, JSON and YAML formats changed in the 2.11.0 release:
they no longer have the "timeMillis" attribute and instead have an
"Instant" element with "epochSecond" and "nanoOfSecond" attributes.
- The Log4j 2.13.0 API, as well as many core components, maintains
binary compatibility with previous releases.
* New Features
- Add ThreadContext.putIfNotNull method.
- Add a Level Patttern Selector.
- Add experimental support for Log4j 1 configuration files.
- Add the ability to lookup Kubernetes attributes in the Log4j
configuration. Allow Log4j properties to be retrieved from the
Spring environment if it is available.
- Allow Spring Boot application properties to be accessed in the
Log4j 2 configuration. Add lower and upper case Lookups.
- Add builder pattern to Logger interface.
* Fixed Bugs
- Prevent recursive calls to java.util.LogManager.getLogger().
- Added try/finally around event.execute() for RingBufferLogEventHandler
to clear memory correctly in case of exception/error.
- Wrong java version check in ThreadNameCachingStrategy.
- Use a less confusing name for the CompositeConfiguration source.
- Add setKey method to Kafka Appender Builder.
- ArrayIndexOutOfBoundsException could occur with MAC address longer
than 6 bytes.
- The rolling file appenders would fail to compress the file after
rollover if the file name matched the file pattern.
- @PluginValue does not support attribute names besides "value".
- Validation blocks definition of script in properties configuration.
- Set result of rename action to true if file was copied.
- Add automatic module names where missing.
- OutputStreamAppender.Builder ignores setFilter().
- Prevent a memory leak when async loggers throw errors.
* Changes
- Update Jackson to 2.9.10.
- Allow message portion of GELF layout to be formatted using a PatternLayout.
- Allow ThreadContext attributes to be explicitly included or excluded in the GelfLayout.
* Mon Jan 06 2020 fstrba@suse.com
- Obsolete log4j-mini, since on systems where this package is
installed, the log4j-mini is not supposed to exist, but the
compatibility version log4j12-mini/log4j12
* Mon Nov 04 2019 fstrba@suse.com
- Run fdupes on the javadoc
* Tue Oct 01 2019 fstrba@suse.com
- Upgrade to apache-log4j-2.11.1
- Drop the log4j vs. log4j-mini split
* the bootstrapping is done using the log4j12/log4j12-mini
compatibility packages
- Removed patches:
* log4j-javadoc-xlink.patch
* log4j-logfactor5-userdir.patch
* log4j-mx4j-tools.patch
* log4j-reproducible.patch
+ unnecessary with this version
* Tue Jan 22 2019 fstrba@suse.com
- Build against a generic javamail provider instead of against
classpathx-mail
* Tue Jan 15 2019 fstrba@suse.com
- Let log4j provide the log4j-mini and obsolete it too.
- Remove conflicts on each other
* Thu Dec 13 2018 fstrba@suse.com
- Depend on the generic xml-apis
* Thu Oct 18 2018 fstrba@suse.com
- Install and package the maven pom and metadata files for the
non-bootstrap log4j
* Wed Jul 25 2018 fstrba@suse.com
- Require at least java 8 for build
* Wed Jan 10 2018 bwiedemann@suse.com
- Add log4j-reproducible.patch to drop javadoc timestamps to make
package builds more reproducible (boo#1047218)
* Tue Sep 12 2017 fstrba@suse.com
- Specify java source and target level 1.6 to allow building with
jdk9
* Mon Mar 02 2015 tchvatal@suse.com
- Version bump to 1.2.17 latest 1.2 series:
* No short changelog provided - many small changes
- Try to avoid cycle between log4j and apache-common-loggings
- Remove obsoleted patch:
* log4j-jmx-Agent.patch
- Refresh patch to apply to new source:
* log4j-mx4j-tools.patch
* Mon Mar 02 2015 tchvatal@suse.com
- Cleanup with a spec-cleaner so I can understand what
is going around here.
/usr/share/doc/packages/log4j /usr/share/doc/packages/log4j/NOTICE.txt /usr/share/java/log4j /usr/share/java/log4j/log4j-1.2-api.jar /usr/share/java/log4j/log4j-api.jar /usr/share/java/log4j/log4j-core.jar /usr/share/java/log4j/log4j-docker.jar /usr/share/java/log4j/log4j-iostreams.jar /usr/share/java/log4j/log4j-jakarta-web.jar /usr/share/java/log4j/log4j-jpl.jar /usr/share/java/log4j/log4j-jul.jar /usr/share/java/log4j/log4j-layout-template-json.jar /usr/share/java/log4j/log4j-osgi.jar /usr/share/java/log4j/log4j-to-jul.jar /usr/share/licenses/log4j /usr/share/licenses/log4j/LICENSE.txt /usr/share/maven-metadata/log4j.xml /usr/share/maven-poms/log4j /usr/share/maven-poms/log4j/log4j-1.2-api.pom /usr/share/maven-poms/log4j/log4j-api-java9.pom /usr/share/maven-poms/log4j/log4j-api.pom /usr/share/maven-poms/log4j/log4j-core-java9.pom /usr/share/maven-poms/log4j/log4j-core.pom /usr/share/maven-poms/log4j/log4j-docker.pom /usr/share/maven-poms/log4j/log4j-iostreams.pom /usr/share/maven-poms/log4j/log4j-jakarta-web.pom /usr/share/maven-poms/log4j/log4j-jpl.pom /usr/share/maven-poms/log4j/log4j-jul.pom /usr/share/maven-poms/log4j/log4j-layout-template-json.pom /usr/share/maven-poms/log4j/log4j-osgi.pom /usr/share/maven-poms/log4j/log4j-to-jul.pom /usr/share/maven-poms/log4j/log4j.pom
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Apr 26 23:30:45 2024