You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by ma...@apache.org on 2021/12/29 01:11:20 UTC
[logging-log4j2] branch log4j-2.3.x updated (ae4dc0c -> a0e49f4)
This is an automated email from the ASF dual-hosted git repository.
mattsicker pushed a change to branch log4j-2.3.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git.
from ae4dc0c Refactor to reuse existing code.
new 1678761 Prepare changelog and pom for 2.3.2
new a0e49f4 Update release notes for 2.3.2
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
RELEASE-NOTES.txt | 17 ++++++++---------
pom.xml | 12 +++++-------
src/changes/changes.xml | 6 +++++-
3 files changed, 18 insertions(+), 17 deletions(-)
[logging-log4j2] 02/02: Update release notes for 2.3.2
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mattsicker pushed a commit to branch log4j-2.3.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
commit a0e49f475948b6f4b1183556a637bac5b8b151d2
Author: Matt Sicker <ma...@apache.org>
AuthorDate: Tue Dec 28 19:11:06 2021 -0600
Update release notes for 2.3.2
---
RELEASE-NOTES.txt | 17 ++++++++---------
pom.xml | 2 +-
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt
index 4bfe621..6947d41 100644
--- a/RELEASE-NOTES.txt
+++ b/RELEASE-NOTES.txt
@@ -1,7 +1,7 @@
- Apache Log4j 2.3.1 RELEASE NOTES
+ Apache Log4j 2.3.2 RELEASE NOTES
-The Apache Log4j 2 team is pleased to announce the Log4j 2.3.1 release!
+The Apache Log4j 2 team is pleased to announce the Log4j 2.3.2 release!
Apache log4j is a well known framework for logging application behavior. Log4j 2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides
@@ -17,21 +17,20 @@ preventing JNDI operations to use any protocols other than java.
The JNDI components are now disabled by default and may separately be enabled with three individual properties; log4j2.enableJndiContextSelector, log4j2.enableJndiJms, and log4j2.enableJndiLookup.
-GA Release 2.3.1
+GA Release 2.3.2
Changes in this version include:
-New features:
-o LOG4J2-3198: Pattern layout no longer enables lookups within message text.
Fixed Bugs:
-o LOG4J2-3242: Limit JNDI to the java protocol only. JNDI will remain disabled by default. Rename JNDI enablement property from
- 'log4j2.enableJndi' to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', and 'log4j2.enableJndiContextSelector'.
-o LOG4J2-3230: Fix string substitution recursion.
+o LOG4J2-3293: JDBC Appender should use JNDI Manager and JNDI access should be limited.
+ Backport fix for CVE-2021-44832.
+o LOG4J2-2819: Add support for specifying an SSL configuration for SmtpAppender.
+ Backport fix for CVE-2020-9488 to allow SSL/TLS hostname verification.
-Apache Log4j 2.3.1 requires a minimum of Java 6 to build and run. It is not expected that any future Java 6
+Apache Log4j 2.3.2 requires a minimum of Java 6 to build and run. It is not expected that any future Java 6
releases will be provided.
Basic compatibility with Log4j 1.x is provided through the log4j-1.2-api component, however it does not implement some of the
diff --git a/pom.xml b/pom.xml
index 031c817..d36ab79 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@
<Log4jReleaseVersion>2.3.2</Log4jReleaseVersion>
<Log4jReleaseCount>next</Log4jReleaseCount>
<Log4jReleaseManager>Matt Sicker</Log4jReleaseManager>
- <Log4jReleaseKey>FA1C814D</Log4jReleaseKey> -->
+ <Log4jReleaseKey>FA1C814D</Log4jReleaseKey>
<Log4jSigningUserName>mattsicker@apache.org</Log4jSigningUserName>
<!-- note that any properties you want available in velocity templates must not use periods! -->
<slf4jVersion>1.7.12</slf4jVersion>
[logging-log4j2] 01/02: Prepare changelog and pom for 2.3.2
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mattsicker pushed a commit to branch log4j-2.3.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
commit 16787616652b6b195a536120249c8a31aae49ffa
Author: Matt Sicker <ma...@apache.org>
AuthorDate: Tue Dec 28 19:09:46 2021 -0600
Prepare changelog and pom for 2.3.2
---
pom.xml | 10 ++++------
src/changes/changes.xml | 6 +++++-
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/pom.xml b/pom.xml
index 2481ea5..031c817 100644
--- a/pom.xml
+++ b/pom.xml
@@ -154,13 +154,11 @@
<properties>
<!-- make sure to update these for each release! -->
<log4jParentDir>${basedir}</log4jParentDir>
- <Log4jReleaseVersion>2.3.1</Log4jReleaseVersion>
- <Log4jReleaseCount>eighteenth</Log4jReleaseCount>
- <Log4jReleaseManager>Ralph Goers</Log4jReleaseManager>
- <Log4jReleaseKey>B3D8E1BA</Log4jReleaseKey>
- <Log4jSigningUserName>rgoers@apache.org</Log4jSigningUserName>
- <!-- <Log4jReleaseManager>Matt Sicker</Log4jReleaseManager>
+ <Log4jReleaseVersion>2.3.2</Log4jReleaseVersion>
+ <Log4jReleaseCount>next</Log4jReleaseCount>
+ <Log4jReleaseManager>Matt Sicker</Log4jReleaseManager>
<Log4jReleaseKey>FA1C814D</Log4jReleaseKey> -->
+ <Log4jSigningUserName>mattsicker@apache.org</Log4jSigningUserName>
<!-- note that any properties you want available in velocity templates must not use periods! -->
<slf4jVersion>1.7.12</slf4jVersion>
<logbackVersion>1.1.3</logbackVersion>
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 4a8a8c7..a23324b 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -23,7 +23,11 @@
<title>Changes</title>
</properties>
<body>
- <release version="2.3.2" date="2021-12-xx" description="GA Release 2.3.2">
+ <release version="2.3.2" date="2021-12-28" description="GA Release 2.3.2">
+ <action issue="LOG4J2-3293" dev="ggregory" type="fix">
+ JDBC Appender should use JNDI Manager and JNDI access should be limited.
+ Backport fix for CVE-2021-44832.
+ </action>
<action issue="LOG4J2-2819" dev="mattsicker" type="fix">
Add support for specifying an SSL configuration for SmtpAppender.
Backport fix for CVE-2020-9488 to allow SSL/TLS hostname verification.