You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by ma...@apache.org on 2021/12/13 05:33:44 UTC
[logging-log4j2] branch release-2.x updated: Update release notes
This is an automated email from the ASF dual-hosted git repository.
mattsicker pushed a commit to branch release-2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/release-2.x by this push:
new c34a080 Update release notes
c34a080 is described below
commit c34a08096cc8e5d942967dc2fe0e9e238b6b6980
Author: Matt Sicker <bo...@gmail.com>
AuthorDate: Sun Dec 12 23:33:27 2021 -0600
Update release notes
---
RELEASE-NOTES.md | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 6f95d96..7d8afb3 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -14,9 +14,9 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-# Apache Log4j 2.15.1 Release Notes
+# Apache Log4j 2.16.0 Release Notes
-The Apache Log4j 2 team is pleased to announce the Log4j 2.15.1 release!
+The Apache Log4j 2 team is pleased to announce the Log4j 2.16.0 release!
Apache Log4j is a well known framework for logging application behavior. Log4j 2 is an upgrade
to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides
@@ -34,19 +34,20 @@ log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and log4j-slf4j18-i
later. SLF4J-2.0.0 alpha releases are not fully supported. See https://issues.apache.org/jira/browse/LOG4J2-2975 and
https://jira.qos.ch/browse/SLF4J-511.
-Some of the changes in Log4j 2.15.1 include:
+Some of the changes in Log4j 2.16.0 include:
+* Remove Message Lookups.
* While release 2.15.0 removed the ability to resolve Lookups and log messages and addressed issues with how JNDI
is accessed, the Log4j team feels that having JNDI enabled by default introduces an undue risk for our users.
-Starting in version 2.15.1, JNDI functionality is disabled by default and can be re-enabled via the
+Starting in version 2.16.0, JNDI functionality is disabled by default and can be re-enabled via the
`log4j2.enableJndi` system property. Use of JNDI in an unprotected context is a large security risk and
should be treated as such in both this library and all other Java libraries using JNDI.
* Prior to version 2.15.0, Log4j would automatically resolve Lookups contained in the message or its parameters in the
Pattern Layout. This behavior is no longer the default and must be enabled by specifying %msg{lookup}.
-The Log4j 2.15.1 API, as well as many core components, maintains binary compatibility with previous releases.
+The Log4j 2.16.0 API, as well as many core components, maintains binary compatibility with previous releases.
-## GA Release 2.15.1
+## GA Release 2.16.0
Changes in this version include:
@@ -54,11 +55,13 @@ Changes in this version include:
### Fixed Bugs
* [LOG4J2-3208](https://issues.apache.org/jira/browse/LOG4J2-3208):
Disable JNDI by default. Require log4j2.enableJndi to be set to true to allow JNDI.
+* [LOG4J2-3211](https://issues.apache.org/jira/browse/LOG4J2-3211):
+Completely remove support for Message Lookups.
---
-Apache Log4j 2.15.1 requires a minimum of Java 8 to build and run. Log4j 2.12.1 is the last release to support
+Apache Log4j 2.16.0 requires a minimum of Java 8 to build and run. Log4j 2.12.1 is the last release to support
Java 7. Java 7 is not longer supported by the Log4j team.
For complete information on Apache Log4j 2, including instructions on how to submit bug