You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by rp...@apache.org on 2021/12/30 06:20:53 UTC
[logging-log4j-site] branch asf-staging updated: minor changes
This is an automated email from the ASF dual-hosted git repository.
rpopma pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 4681a77 minor changes
4681a77 is described below
commit 4681a77bdd27db5c49f9ca3e0269cd6d1eaa7361
Author: Remko Popma <re...@yahoo.com>
AuthorDate: Thu Dec 30 15:20:39 2021 +0900
minor changes
---
log4j-2.17.1/manual/migration.html | 2 +-
log4j-2.17.1/security.html | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/log4j-2.17.1/manual/migration.html b/log4j-2.17.1/manual/migration.html
index f734e56..f5e373f 100644
--- a/log4j-2.17.1/manual/migration.html
+++ b/log4j-2.17.1/manual/migration.html
@@ -164,7 +164,7 @@
-->
<section>
<h2><a name="Migrating_from_Log4j_1.x_to_2.x"></a>Migrating from Log4j 1.x to 2.x</h2>
-<p><a class="externalLink" href="http://logging.apache.org/log4j/1.2/">Log4j 1.x</a> has <a class="externalLink" href="https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces">reached End of Life</a> and is no longer supported.</p>
+<p><a class="externalLink" href="http://logging.apache.org/log4j/1.2/">Log4j 1.x</a> has <a class="externalLink" href="https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces">reached End of Life</a> in 2015 and is no longer supported.</p>
<p>This page explains how to migrate applications or libraries currently using the Log4j 1.x API to use Log4j v2 as their main logging framework.</p>
<p><a name="Log4j1.2Bridge"></a></p><section>
<h3><a name="Option_1:_use_the_Log4j_1.x_bridge_.28log4j-1.2-api.29"></a>Option 1: use the Log4j 1.x bridge (log4j-1.2-api)</h3>
diff --git a/log4j-2.17.1/security.html b/log4j-2.17.1/security.html
index 6935a1e..1207378 100644
--- a/log4j-2.17.1/security.html
+++ b/log4j-2.17.1/security.html
@@ -159,7 +159,7 @@
<h1>Apache Log4j Security Vulnerabilities</h1>
<p>This page lists all the security vulnerabilities fixed in released versions of Apache Log4j 2. Each vulnerability is given a <a href="#Security_Impact_Levels">security impact rating</a> by the <a class="externalLink" href="mailto:security@logging.apache.org">Apache Logging security team</a>. please note that this rating may vary from platform to platform. We also list the versions of Apache Log4j the flaw is known to affect, and where a flaw has not been verified list th [...]
<p>Note: Vulnerabilities that are not Log4j vulnerabilities but have either been incorrectly reported against Log4j or where Log4j provides a workaround are listed at the end of this page.</p>
- <p>Please note that <a class="externalLink" href="http://logging.apache.org/log4j/1.2/">Log4j 1.x</a> has <a class="externalLink" href="https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces">reached End of Life</a> and is no longer supported. Vulnerabilities reported after August 2015 against Log4j 1.x were not checked and will not be fixed. Users should upgrade to Log4j 2 to obtain security fixes.</p>
+ <p>Please note that <a class="externalLink" href="http://logging.apache.org/log4j/1.2/">Log4j 1.x</a> has <a class="externalLink" href="https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces">reached End of Life</a> in 2015 and is no longer supported. Vulnerabilities reported after August 2015 against Log4j 1.x were not checked and will not be fixed. Users should <a href="manual/migration.html">upgrade to Log4j 2</a> to obtain security fixes.</p>
<p>Please note that binary patches are never provided. If you need to apply a source code patch, use the building instructions for the Apache Log4j version that you are using. For Log4j 2 this is BUILDING.md. This file can be found in the root subdirectory of a source distributive.</p>
<p>If you need help on building or configuring Log4j or other help on following the instructions to mitigate the known vulnerabilities listed here, please <a class="externalLink" href="mailto:log4j-user-subscribe@logging.apache.org">subscribe to</a>, and send your questions to the public Log4j <a href="mail-lists.html">Users mailing list</a>.</p>
<p>If you have encountered an unlisted security vulnerability or other unexpected behaviour that has security impact, or if the descriptions here are incomplete, please report them privately to the <a class="externalLink" href="mailto:security@logging.apache.org">Log4j Security Team</a>. Thank you.</p>