You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by ck...@apache.org on 2021/12/18 01:24:45 UTC
[logging-log4j2] 12/16: Update pages
This is an automated email from the ASF dual-hosted git repository.
ckozak pushed a commit to branch release-2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
commit 42949922fd66e321dd17bdd0df754354f7dc248c
Author: Ralph Goers <rg...@apache.org>
AuthorDate: Fri Dec 17 17:42:39 2021 -0700
Update pages
---
src/site/markdown/index.md.vm | 15 ++++++---------
src/site/xdoc/manual/appenders.xml | 2 +-
src/site/xdoc/manual/lookups.xml | 2 +-
3 files changed, 8 insertions(+), 11 deletions(-)
diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm
index a157009..0e358bf 100644
--- a/src/site/markdown/index.md.vm
+++ b/src/site/markdown/index.md.vm
@@ -237,11 +237,13 @@ dependencies.
$h2 News
-Log4j 2.16.0 has been released solely to disable access to JNDI by default and completely remove the ability to use Lookups in messages.
-The CVE noted below was fixed in the 2.15.0 release.
-2.16.0 is a recommended upgrade to ensure that JNDI will not be abused and that message Lookups are no longer possible.
+Log4j 2.17.0 has been released solely to:
-$h3 Other News
+* Address CVE-2021-45105.
+* Require components that use JNDI to be enabled individually via system properties.
+* Remove LDAP and LDAPS as supported protocols from JNDI.
+
+2.17.0 is a recommended upgrade to ensure that recursive lookups do not cause services to fail.
Log4j $Log4jReleaseVersion is now available for production. The API for Log4j 2 is not compatible with Log4j 1.x, however an adapter is
available to allow applications to continue to use the Log4j 1.x API. Adapters are also available for Apache Commons
@@ -251,9 +253,4 @@ Log4j $Log4jReleaseVersion is the latest release of Log4j. As of Log4j 2.13.0 Lo
runtime. This release contains new features and fixes which can be found
in the latest [changes report](changes-report.html#a$Log4jReleaseVersion).
-The changes in Log4j 2.16.0 are:
-
-* Disabling JNDI functionality by default.
-* Removing Message Lookups.
-
Log4j $Log4jReleaseVersion maintains binary compatibility with previous releases.
diff --git a/src/site/xdoc/manual/appenders.xml b/src/site/xdoc/manual/appenders.xml
index d7035ab..bcde753 100644
--- a/src/site/xdoc/manual/appenders.xml
+++ b/src/site/xdoc/manual/appenders.xml
@@ -1540,7 +1540,7 @@ public class ConnectionFactory {
<a name="JMSTopicAppender"/>
<subsection name="JMS Appender">
<p>The JMS Appender sends the formatted log event to a JMS Destination.</p>
- <p>The JMS Appender requires JNDI support so as of release 2.16.0 this appender will not function unless
+ <p>The JMS Appender requires JNDI support so as of release 2.17.0 this appender will not function unless
<code>log4j2.enableJndiJms=true</code> is configured as a system property or environment
variable. See the <a href="./configuration.html#enableJndiJms">enableJndiJms</a> system property.</p>
<p>
diff --git a/src/site/xdoc/manual/lookups.xml b/src/site/xdoc/manual/lookups.xml
index 9bf6b80..82051de 100644
--- a/src/site/xdoc/manual/lookups.xml
+++ b/src/site/xdoc/manual/lookups.xml
@@ -267,7 +267,7 @@
<a name="JndiLookup"/>
<subsection name="Jndi Lookup">
<p>
- As of Log4j 2.16.0 JNDI operations require that <code>log4j2.enableJndiLookup=true</code> be set as a system
+ As of Log4j 2.17.0 JNDI operations require that <code>log4j2.enableJndiLookup=true</code> be set as a system
property or the corresponding environment variable for this lookup to function. See the
<a href="./configuration.html#enableJndiLookup">enableJndiLookup</a> system property.
</p>