"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/changes/announcement.vm" between
apache-log4j-2.12.3-src.tar.gz and apache-log4j-2.12.4-src.tar.gz

About: Apache Log4j 2 is a logging library for Java. Source distribution (Java).
Caution: Release 2.12.3 is the last 2.x release to support Java 7 (Java 8 users should use 2.17.0 or greater) and have fixed a critical remote code execution vulnerability (CVE-2021-44228).

announcement.vm  (apache-log4j-2.12.3-src):announcement.vm  (apache-log4j-2.12.4-src)
skipping to change at line 68 skipping to change at line 68
Apache Log4j is a well known framework for logging application behavior. Log4j 2 is an upgrade Apache Log4j is a well known framework for logging application behavior. Log4j 2 is an upgrade
to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides
many other modern features such as support for Markers, lambda expressions for l azy logging, many other modern features such as support for Markers, lambda expressions for l azy logging,
property substitution using Lookups, multiple patterns on a PatternLayout and as ynchronous property substitution using Lookups, multiple patterns on a PatternLayout and as ynchronous
Loggers. Another notable Log4j 2 feature is the ability to be "garbage-free" (av oid allocating Loggers. Another notable Log4j 2 feature is the ability to be "garbage-free" (av oid allocating
temporary objects) while logging. In addition, Log4j 2 will not lose events whil e reconfiguring. temporary objects) while logging. In addition, Log4j 2 will not lose events whil e reconfiguring.
The artifacts may be downloaded from https://logging.apache.org/log4j/2.x/downlo ad.html. The artifacts may be downloaded from https://logging.apache.org/log4j/2.x/downlo ad.html.
This release contains bugfixes and minor enhancements. This release contains the changes noted below:
Due to a break in compatibility in the SLF4J binding, Log4j now ships with two v * Address CVE-2021-44832.
ersions of the SLF4J to Log4j adapters.
log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and log4j-slf4j18-i
mpl should be used with SLF4J 1.8.x and
later.
This release addresses CVE-2021-44228 for users still using Java 7 by disabling This release addresses CVE-2021-44832 for users still using Java 7.
JNDI by default, only allowing the java
protocol when JNDI is enabled, making the JNDI Lookup inoperable, and removing t
he message lookup capability.
The Log4j ${relVersion} API, as well as many core components, maintains binary c ompatibility with previous releases. The Log4j ${relVersion} API, as well as many core components, maintains binary c ompatibility with previous releases.
## Hack to improve layout: replace all pairs of spaces with a single new-line ## Hack to improve layout: replace all pairs of spaces with a single new-line
$h2 $release.description.replaceAll(" ", " $h2 $release.description.replaceAll(" ", "
") ")
#if ($release.actions.size() == 0) #if ($release.actions.size() == 0)
No changes defined in this version. No changes defined in this version.
#else #else
 End of changes. 3 change blocks. 
10 lines changed or deleted 3 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)