Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

log4j-2.17.2-6.2 RPM for noarch

From OpenSuSE Tumbleweed for noarch

Name: log4j Distribution: openSUSE Tumbleweed
Version: 2.17.2 Vendor: openSUSE
Release: 6.2 Build date: Sun Mar 10 23:19:36 2024
Group: Unspecified Build host: reproducible
Size: 2975702 Source RPM: log4j-2.17.2-6.2.src.rpm
Packager: https://bugs.opensuse.org
Url: http://logging.apache.org/log4j
Summary: Java logging package
 
Log4j is a tool to help the programmer output log statements to a
variety of output targets.

Provides

Requires

License

Apache-2.0

Changelog

* Sun Mar 10 2024 Fridrich Strba <fstrba@suse.com>
  - Added patch:
    * log4j-jackson-databind.patch
      + do not use previously deprecated methods, removed in
      jackson-databind 2.16.x
* Wed Jun 15 2022 Fridrich Strba <fstrba@suse.com>
  - Build also taglib, jmx-gui, bom, nosql and web modules, on
    platforms where we have the dependencies
* Mon Jun 13 2022 Fridrich Strba <fstrba@suse.com>
  - Do not package the *.zip artifacts whose content is part of the
    multi-release jars already
  - Added patch:
    * log4j-java8compat.patch
      + maintain ByteBuffer and CharBuffer compatibility with java 8
* Mon Jun 13 2022 Fridrich Strba <fstrba@suse.com>
  - Build as multi-release jar.
  - Add some logging providers which we can build with the existing
    dependencies and without cycles.
* Mon Apr 11 2022 Fridrich Strba <fstrba@suse.com>
  - Add dependency on standalone javax.activation-api that is not
    included in newer JDKs
* Thu Mar 10 2022 David Anes <david.anes@suse.com>
  - Update to 2.17.2
    * New Features
    - Limit loading of configuration via a url to https by default.
    - Require log4j2.Script.enableLanguages to be specified to
      enable scripting for specific languages.
    - Add TB support to FileSize.
    - Add the log4j-to-jul JDK Logging Bridge.
    - Add org.apache.logging.log4j.core.appender.AsyncAppender.getAppenders()
      to more easily port from org.apache.log4j.AsyncAppender.getAllAppenders().
    - Add Configurator.setLevel(Logger, Level),
      setLevel(String, String), and setLevel(Class, Level).
    - Add shorthand syntax for properties configuration format for
      specifying a logger level and appender refs.
    - Add optional additional fields to NoSQLAppender.
    * Fixed Bugs
    - Flag LogManager as initiialized if the LoggerFactory is
      provided as a property.
    - Fix DefaultConfiguration leak in PatternLayout.
    - Document that the Spring Boot Lookup requires the
      log4j-spring-boot dependency.
    - Fix RoutingAppender backcompat and disallow recursive
      evaluation of lookup results outside of configuration
      properties.
    - Fix ThreadContextDataInjector initialization deadlock.
    - Fix substitutions when programmatic configuration is used.
    - OptionConverter could cause a StackOverflowError.
    - Log4j 1.2 bridge class ConsoleAppender should extend
      WriterAppender and provide better compatibility with custom
      appenders.
    - Log4j 1.2 bridge method NDC.inherit(Stack) should not use
      generics to provide source compatibility.
    - Log4j 1.2 bridge class PatternLayout is missing constants
      DEFAULT_CONVERSION_PATTERN and TTCC_CONVERSION_PATTERN.
    - Log4j 1.2 bridge class PropertyConfigurator should implement
      Configurator.
    - Log4j 1.2 bridge interface Configurator doConfigure() methods
      should use LoggerRepository, not LoggerContext.
    - Log4j 1.2 bridge class OptionConverter is missing
      selectAndConfigure() methods.
    - Log4j 1.2 bridge class Category should implement
      AppenderAttachable.
    - Log4j 1.2 bridge method Category.exists(String) should be
      static.
    - Log4j 1.2 bridge methods missing in org.apache.log4j.Category:
      getDefaultHierarchy(), getHierarchy(), getLoggerRepository().
    - Log4j 1.2 bridge class LogManager default constructor should
      be public.
    - Log4j 1.2 bridge interface org.apache.log4j.spi.RendererSupport
      was in the wrong package and incomplete.
    - Log4j 1.2 bridge interfaces missing from package
      org.apache.log4j.spi: ThrowableRenderer,
      ThrowableRendererSupport, TriggeringEventEvaluator.
    - Log4j 1.2 bridge missing class org.apache.log4j.or.RendererMap.
    - Log4j 1.2 bridge PropertiesConfiguration.buildAppender not
      adding filters to custom appender.
    - Log4j 1.2 bridge should ignore case in properties file keys.
    - Log4j 1.2 bridge adds org.apache.log4j.component.helpers.Constants.
    - Log4j 1.2 bridge adds org.apache.log4j.helpers.LogLog.
    - Log4j 1.2 bridge adds org.apache.log4j.helpers.Loader.
    - Log4j 1.2 bridge adds org.apache.log4j.spi.RootLogger.
    - Log4j 1.2 bridge class Category is missing some protected
      instance variables.
    - Log4j 1.2 bridge adds org.apache.log4j.Hierarchy.
    - Log4j 1.2 bridge methods Category.getChainedPriority() and
      getEffectiveLevel() should not be final.
    - Log4j 1.2 bridge adds org.apache.log4j.spi.NOPLoggerRepository
      and NOPLogger.
    - Log4j 1.2 bridge adds org.apache.log4j.spi.DefaultRepositorySelector.
    - Log4j 1.2 bridge implements LogManager.getCurrentLoggers()
      fully.
    - Log4j 1.2 bridge fixes parsing filters in properties
      configuration file #680.
    - Log4j 1.2 bridge missing OptionConverter.instantiateByKey(
      Properties, String, Class, Object).
    - Log4j 1.2 bridge class org.apache.log4j.spi.LoggingEvent
      missing constructors and public instance variable.
    - Log4j 1.2 bridge does not support system properties in log4j.xml.
    - Log4j 1.2 bridge now logs a warning instead of throwing an
      NullPointerException when building a Syslog appender with a
      missing "SyslogHost" param.
    - Log4j 1.2 bridge should allow property and XML attributes to
      start with either an upper-case or lower-case letter.
    - Log4j 1.2 bridge uses the wrong default values for a
      TTCCLayout.
    - Log4j 1.2 bridge throws ClassCastException when using
      SimpleLayout and others.
    - Log4j 1.2 bridge uses the wrong file pattern for rolling file
      appenders.
    - Log4j 1.2 bridge throws ClassCastException when using
      SimpleLayout and others.
    - Log4j 1.2 bridge creates a SocketAppender instead of a
      SyslogAppender.
    - Log4j 1.2 bridge uses some incorrect default property values
      in some appenders.
    - Log4j 1.2 bridge supports the SocketAppender.
    - Log4j 1.2 bridge missing DefaultThrowableRenderer.
    - Log4j 1.2 bridge missing some ThrowableInformation constructors.
    - Log4j 1.2 bridge missing some LocationInfo constructors.
    - Log4j 1.2 bridge missed
    - Log4j 1.2 bridge missed org.apache.log4j.pattern.FormattingInfo.
    - Log4j 1.2 bridge missed org.apache.log4j.pattern.NameAbbreviator.
    - Log4j 1.2 bridge missing UtilLoggingLevel.
    - Log4j 1.2 bridge missing FormattingInfo.
    - Log4j 1.2 bridge missing PatternConverter.
    - Log4j 1.2 bridge missing PatternParser.
    - Log4j 1.2 bridge issues with filters.
    - Log4j 1.2 bridge implements most of DOMConfigurator.
    - JndiManager reverts to 2.17.0 behavior: Read the system
      property for each call.
    - Configurator.setLevel not fetching the correct LoggerContext.
    - Fix DTD error: Add missing ELEMENT for Marker.
    - Fix log4j-jakarta-web service file.
    - AppenderLoggingException logging any exception to a MongoDB
      Appender.
    - Possible NullPointerException in MongoDb4DocumentObject,
      MongoDbDocumentObject, DefaultNoSqlObject.
    - Trim whitespace before parsing a String into an Integer.
    - Log4j 1.2 bridge throws a ClassCastException when logging a
      Map with non-String keys.
    - Log4j 1.2 bridge Check for non-existent appender when parsing
      properties #761. Thanks to Kenny MacLeod.
    - Log4j 1.2 bridge supports global threshold.
    * Changes
    - Change modifier of method
      org.apache.logging.log4j.core.tools.Generate#generate to
      public (was package private) to facilitate automated code
      generation.
* Tue Feb 22 2022 Fridrich Strba <fstrba@suse.com>
  - Remove alias log4j:log4j from log4j-1.2-api, since it is not a
    drop-in replacement
* Wed Dec 29 2021 David Anes <david.anes@suse.com>
  - Update to 2.17.1 [bsc#1194127, CVE-2021-44832]
    * Fixed bugs:
    - JdbcAppender now uses JndiManager to access JNDI resources.
      JNDI is only enabled when system property log4j2.enableJndiJdbc
      is set to true.
    - Remove unused method.
    - ExtendedLoggerWrapper.logMessage no longer double-logs when
      location is requested.
    - log4j-to-slf4j no longer re-interpolates formatted message
      contents.
    - Correct SpringLookup package name in Interpolator.
    - log4j-to-slf4j takes the provided MessageFactory into account.
    - Fix MapLookup to lookup MapMessage before DefaultMap.
    - Buffered I/O checked had inverted logic in
      RollingFileAppenderBuidler.
    - Fix NPE when input is null in
      StrSubstitutor.replace(String, Properties).
    - Lookups with no prefix only read values from the configuration
      properties as expected.
    - Reduce ignored package scope of KafkaAppender.
* Sat Dec 18 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - add upstream signing key to verify source signature
* Sat Dec 18 2021 David Anes <david.anes@suse.com>
  - Update to 2.17.0 [bsc#1193887, bsc#1193888, CVE-2021-45105]
    * Fixed Bugs
    - Fix string substitution recursion.
    - Limit JNDI to the java protocol only. JNDI will remain disabled
      by default. Rename JNDI enablement property from
      'log4j2.enableJndi' to 'log4j2.enableJndiLookup',
      'log4j2.enableJndiJms', and 'log4j2.enableJndiContextSelector'.
    - Limit JNDI to the java protocol only. JNDI will remain disabled
      by default. The enablement property has been renamed to
      'log4j2.enableJndiJava'
    - Do not declare log4j-api-java9 and log4j-core-java9 as
      dependencies as it causes problems with the Maven enforcer
      plugin.
    - PropertiesConfiguration.parseAppenderFilters NPE when parsing
      properties file filters.
    - Log4j 1.2 bridge for Syslog Appender defaults to port 512
      instead of 514.
    - Log4j 1.2 bridge API hard codes the Syslog protocol to TCP.
* Wed Dec 15 2021 Simon Lees <sflees@suse.de>
  - Update to 2.16.0 [bsc#1193743, CVE-2021-45046]
    * Features
    - Add JsonTemplateLayout.
    - Create module log4j-mongodb4 to use new major version 4
      MongoDB driver.
    - More flexible configuration of the Disruptor WaitStrategy.
      Thanks to Stepan Gorban.
    * Bugfixes and minor enhancements
    - It was found that the fix to address CVE-2021-44228 in Apache
      Log4j 2.15.0 was incomplete in certain non-default
      configurations.
      This could allows attackers with control over Thread Context
      Map (MDC) input data when the logging configuration uses a
      Pattern Layout with either a Context Lookup (for example,
      $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or
      %MDC) to craft malicious input data using a JNDI Lookup
      pattern resulting in a denial of service (DOS) attack.
      Log4j 2.15.0 restricts JNDI LDAP lookups to localhost by
      default. Note that previous mitigations involving
      configuration such as setting the system property
      log4j2.noFormatMsgLookup to true do NOT mitigate this specific
      vulnerability.
    - Upstream initial fix for bsc#1193611, CVE-2021-44228
    - Numerous other minor bugfixes
    * Drop CVE-2021-44228.patch and disable-jndi-by-default.patch
      included upstream
    * To make the bots happy this stream isn't affected by
      bsc#1193662 CVE-2021-4104 which is 1.X only
* Tue Dec 14 2021 Peter Simons <psimons@suse.com>
  - Apply "disable-jndi-by-default.patch" to disable JNDI support by
    default. There is evidence that the previous upstream fix for
    CVE-2021-44228 did not solve the vulnerability entirely. Since
    JNDI support is ususally not required, upstream recommends this
    route to be completely safe. [bsc#1193611, CVE-2021-44228]
* Fri Dec 10 2021 Peter Simons <psimons@suse.com>
  - Apply "CVE-2021-44228.patch" to fix a remote code execution
    vulnerability that existed in the LDAP JNDI parser. [bsc#1193611,
    CVE-2021-44228]

Files

/usr/share/doc/packages/log4j
/usr/share/doc/packages/log4j/NOTICE.txt
/usr/share/java/log4j
/usr/share/java/log4j/log4j-1.2-api.jar
/usr/share/java/log4j/log4j-api.jar
/usr/share/java/log4j/log4j-core.jar
/usr/share/java/log4j/log4j-docker.jar
/usr/share/java/log4j/log4j-iostreams.jar
/usr/share/java/log4j/log4j-jakarta-web.jar
/usr/share/java/log4j/log4j-jpl.jar
/usr/share/java/log4j/log4j-jul.jar
/usr/share/java/log4j/log4j-layout-template-json.jar
/usr/share/java/log4j/log4j-osgi.jar
/usr/share/java/log4j/log4j-to-jul.jar
/usr/share/licenses/log4j
/usr/share/licenses/log4j/LICENSE.txt
/usr/share/maven-metadata/log4j.xml
/usr/share/maven-poms/log4j
/usr/share/maven-poms/log4j/log4j-1.2-api.pom
/usr/share/maven-poms/log4j/log4j-api-java9.pom
/usr/share/maven-poms/log4j/log4j-api.pom
/usr/share/maven-poms/log4j/log4j-core-java9.pom
/usr/share/maven-poms/log4j/log4j-core.pom
/usr/share/maven-poms/log4j/log4j-docker.pom
/usr/share/maven-poms/log4j/log4j-iostreams.pom
/usr/share/maven-poms/log4j/log4j-jakarta-web.pom
/usr/share/maven-poms/log4j/log4j-jpl.pom
/usr/share/maven-poms/log4j/log4j-jul.pom
/usr/share/maven-poms/log4j/log4j-layout-template-json.pom
/usr/share/maven-poms/log4j/log4j-osgi.pom
/usr/share/maven-poms/log4j/log4j-to-jul.pom
/usr/share/maven-poms/log4j/log4j.pom

Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Apr 29 23:22:28 2024