You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/03/01 07:11:00 UTC

[jira] [Commented] (WW-5171) Upgrade Apache Log4j 2.17.2

    [ https://issues.apache.org/jira/browse/WW-5171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17499359#comment-17499359 ] 

ASF subversion and git services commented on WW-5171:
-----------------------------------------------------

Commit 8b11a3873aef5db0a4771e5939bb9b9af055f1ad in struts's branch refs/heads/master from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=8b11a38 ]

WW-5171 Upgrades Log4j to version 2.17.2


> Upgrade Apache Log4j 2.17.2
> ---------------------------
>
>                 Key: WW-5171
>                 URL: https://issues.apache.org/jira/browse/WW-5171
>             Project: Struts 2
>          Issue Type: Dependency
>          Components: Core
>            Reporter: Lukasz Lenart
>            Priority: Trivial
>             Fix For: 2.6
>
>
> Log4j 2.17.2 has been released to:
> Over 50 improvements and fixes to the Log4j 1.x support. Continued testing has shown it is a suitable replacement for Log4j 1.x in most cases.
> Scripting now requires a system property be specified naming the languages the user wishes to allow. The scripting engine will not load if the property isn't set.
> By default, the only remote protocol allowed for loading configuration files is HTTPS. Users can specify a system property to allow others or prevent remote loading entirely.
> Variable resolution has been modified so that only properties defined as properties in the configuration file can be recursive. All other Lookups are now non-recursive. This addresses issues users were having resolving lookups specified in property definitions for use in the RoutingAppender and RollingFileAppender due to restrictions put in place in 2.17.1.
> Many other fixes and improvements.
> 2.17.2 (for Java 8) is a recommended upgrade.
> Log4j 2.17.2 is now available for production. While the normal API for Log4j 2 is not compatible with Log4j 1.x, an adapter is available to allow applications to continue to use the Log4j 1.x API and configuration files. Adapters are also available for Apache Commons Logging, SLF4J, and java.util.logging.
> Log4j 2.17.2 is the latest release of Log4j. As of Log4j 2.13.0 Log4j 2 requires Java 8 or greater at runtime. This release contains new features and fixes which can be found in the latest changes report.
> Log4j 2.17.2 maintains binary compatibility with previous releases.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)