- Update to 2.17.2
* New Features
- Limit loading of configuration via a url to https by default.
- Require log4j2.Script.enableLanguages to be specified to
enable scripting for specific languages.
- Add TB support to FileSize.
- Add the log4j-to-jul JDK Logging Bridge.
- Add org.apache.logging.log4j.core.appender.AsyncAppender.getAppenders()
to more easily port from org.apache.log4j.AsyncAppender.getAllAppenders().
- Add Configurator.setLevel(Logger, Level),
setLevel(String, String), and setLevel(Class, Level).
- Add shorthand syntax for properties configuration format for
specifying a logger level and appender refs.
- Add optional additional fields to NoSQLAppender.
* Fixed Bugs
- Flag LogManager as initiialized if the LoggerFactory is
provided as a property.
- Fix DefaultConfiguration leak in PatternLayout.
- Document that the Spring Boot Lookup requires the
log4j-spring-boot dependency.
- Fix RoutingAppender backcompat and disallow recursive
evaluation of lookup results outside of configuration
properties.
- Fix ThreadContextDataInjector initialization deadlock.
- Fix substitutions when programmatic configuration is used.
- OptionConverter could cause a StackOverflowError.
- Log4j 1.2 bridge class ConsoleAppender should extend
WriterAppender and provide better compatibility with custom
appenders.
- Log4j 1.2 bridge method NDC.inherit(Stack) should not use
OBS-URL: https://build.opensuse.org/request/show/960753
OBS-URL: https://build.opensuse.org/package/show/Java:packages/log4j?expand=0&rev=60
- Update to 2.13.2 [bsc#1170535, CVE-2020-9488]
* Bugfixes and minor enhancements:
- CVE-2020-9488: Improper validation of certificate with host mismatch
in Apache Log4j SMTP appender.
- Implement requiresLocation in GelfLayout to reflect whether location
information is used in the message Pattern.
- Add option to restore printing timeMillis in the JsonLayout.
- Initialize pattern processor before triggering policy during reconfiguration.
- Add information about using a url in log4j.configurationFile.
- serializeToBytes was checking wrong variable for null.
- Fix Javadoc for ScriptPatternSelector.
- Allow trailing and leading spaces in log level.
- Correct JsonLayout timestamp sorting issue.
- Allow the file size action to parse the value without being sensitive
to the current locale.
- Make YamlLayoutTest more resiliant to environmental differences.
- Conditionally allocate PluginEntry during PluginCache loading.
- Add missing includeLocation parameter when creating AsyncLogger.
- Fix Exceptions when whitespace is in the file path and Java security
manager is used.
- Avoid NullPointerException when StackWalker returns null.
- TimeFilter did not handle daylight saving time transitions and did
not support a range over 2 days.
- Provide a Log4j implementation of System.Logger.
- Added EventLookup to retrieve fields from the log event.
* Changes:
- Allow the file extension in the file pattern to be modified during reconfiguration.
- Add support for specifying an SSL configuration for SmtpAppender.
- Allow servlet context path to be retrieved without "/".
- Allow Spring Lookup to return default and active profiles.
OBS-URL: https://build.opensuse.org/request/show/798213
OBS-URL: https://build.opensuse.org/package/show/Java:packages/log4j?expand=0&rev=47
- Update to 2.13.0 [bsc#1159646, CVE-2019-17571]
* Bugfixes and minor enhancements:
- CVE-2019-17571: Remote code execution: Deserialization of untrusted
data in SocketServer
- Log4j 2 now requires Java 8 or higher to build and run.
- Better integration with Spring Boot by providing access to Spring
variables in Log4j 2 configuration files and allowing Log4j 2 system
properties to be defined in the Spring configuration.
- Support for accessing Kubernetes information via a Log4j 2 Lookup.
- The Gelf Layout now allows the message to be formatted using a
PatternLayout pattern.
- Due to a break in compatibility in the SLF4J binding, Log4j now
ships with two versions of the SLF4J to Log4j adapters.
- log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and
log4j-slf4j18-impl should be used with SLF4J 1.8.x and later.
- Note that the XML, JSON and YAML formats changed in the 2.11.0 release:
they no longer have the "timeMillis" attribute and instead have an
"Instant" element with "epochSecond" and "nanoOfSecond" attributes.
- The Log4j 2.13.0 API, as well as many core components, maintains
binary compatibility with previous releases.
* New Features
- Add ThreadContext.putIfNotNull method.
- Add a Level Patttern Selector.
- Add experimental support for Log4j 1 configuration files.
- Add the ability to lookup Kubernetes attributes in the Log4j
configuration. Allow Log4j properties to be retrieved from the
Spring environment if it is available.
- Allow Spring Boot application properties to be accessed in the
Log4j 2 configuration. Add lower and upper case Lookups.
- Add builder pattern to Logger interface.
OBS-URL: https://build.opensuse.org/request/show/766063
OBS-URL: https://build.opensuse.org/package/show/Java:packages/log4j?expand=0&rev=43
* No short changelog provided - many small changes
- Try to avoid cycle between log4j and apache-common-loggings
- Remove obsoleted patch:
* log4j-jmx-Agent.patch
- Refresh patch to apply to new source:
* log4j-mx4j-tools.patch
- Version bump to 1.2.17 latest 1.2 series:
* No short changelog provided - many small changes
- Try to avoid cycle between log4j and apache-common-loggings
- Remove obsoleted patch:
* log4j-jmx-Agent.patch
- Refresh patch to apply to new source:
* log4j-mx4j-tools.patch
OBS-URL: https://build.opensuse.org/package/show/Java:packages/log4j?expand=0&rev=14
