You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Lukasz Lenart (Jira)" <ji...@apache.org> on 2022/03/01 07:11:00 UTC

[jira] [Resolved] (WW-5171) Upgrade Apache Log4j 2.17.2

     [ https://issues.apache.org/jira/browse/WW-5171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lukasz Lenart resolved WW-5171.
-------------------------------
    Resolution: Fixed

> Upgrade Apache Log4j 2.17.2
> ---------------------------
>
>                 Key: WW-5171
>                 URL: https://issues.apache.org/jira/browse/WW-5171
>             Project: Struts 2
>          Issue Type: Dependency
>          Components: Core
>            Reporter: Lukasz Lenart
>            Priority: Trivial
>             Fix For: 2.6
>
>
> Log4j 2.17.2 has been released to:
> Over 50 improvements and fixes to the Log4j 1.x support. Continued testing has shown it is a suitable replacement for Log4j 1.x in most cases.
> Scripting now requires a system property be specified naming the languages the user wishes to allow. The scripting engine will not load if the property isn't set.
> By default, the only remote protocol allowed for loading configuration files is HTTPS. Users can specify a system property to allow others or prevent remote loading entirely.
> Variable resolution has been modified so that only properties defined as properties in the configuration file can be recursive. All other Lookups are now non-recursive. This addresses issues users were having resolving lookups specified in property definitions for use in the RoutingAppender and RollingFileAppender due to restrictions put in place in 2.17.1.
> Many other fixes and improvements.
> 2.17.2 (for Java 8) is a recommended upgrade.
> Log4j 2.17.2 is now available for production. While the normal API for Log4j 2 is not compatible with Log4j 1.x, an adapter is available to allow applications to continue to use the Log4j 1.x API and configuration files. Adapters are also available for Apache Commons Logging, SLF4J, and java.util.logging.
> Log4j 2.17.2 is the latest release of Log4j. As of Log4j 2.13.0 Log4j 2 requires Java 8 or greater at runtime. This release contains new features and fixes which can be found in the latest changes report.
> Log4j 2.17.2 maintains binary compatibility with previous releases.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)