2.x/_release-notes/_2.16.0.html - logging-log4j-site - Git at Google

 <!DOCTYPE html>


 <!--
  | Generated by Apache Maven Doxia Site Renderer 1.11.1 from target/generated-sources/site/asciidoc/_release-notes/_2.16.0.adoc at 2024-03-06
  | Rendered using Apache Maven Fluido Skin 1.11.2
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <meta name="generator" content="Apache Maven Doxia Site Renderer 1.11.1" />
     <title>Log4j &#x2013; </title>
     <link rel="stylesheet" href="../css/apache-maven-fluido-1.11.2.min.css" />
     <link rel="stylesheet" href="../css/site.css" />
     <link rel="stylesheet" href="../css/print.css" media="print" />
     <script src="../js/apache-maven-fluido-1.11.2.min.js"></script>
   </head>
   <body class="topBarDisabled">
     <div class="container-fluid">
       <header>
         <div id="banner">
           <div class="pull-left"><a href="../../.." id="bannerLeft"><img src="../images/ls-logo.jpg"  alt="" style="" /></a></div>
           <div class="pull-right"><a href=".././" id="bannerRight"><img src="../images/logo.png"  alt="" style="" /></a></div>
           <div class="clear"><hr/></div>
         </div>

         <div id="breadcrumbs">
           <ul class="breadcrumb">
         <li id="publishDate">Last Published: 2024-03-06<span class="divider">|</span>
 </li>
           <li id="projectVersion">Version: 2.23.1</li>
         <li class="pull-right"><span class="divider">|</span>
 <a href="https://github.com/apache/logging-log4j2" class="externalLink" title="GitHub">GitHub</a></li>
         <li class="pull-right"><span class="divider">|</span>
 <a href="../../../" title="Logging Services">Logging Services</a></li>
         <li class="pull-right"><span class="divider">|</span>
 <a href="https://www.apache.org/" class="externalLink" title="Apache">Apache</a></li>
         <li class="pull-right"><a href="https://cwiki.apache.org/confluence/display/LOGGING/Log4j" class="externalLink" title="Logging Wiki">Logging Wiki</a></li>
           </ul>
         </div>
       </header>
       <div class="row-fluid">
         <header id="leftColumn" class="span2">
           <nav class="well sidebar-nav">
   <ul class="nav nav-list">
    <li class="nav-header"><img class="imageLink" src="../img/glyphicons/home.png" alt="Apache Log4j™ 2" style="border: 0;" /> Apache Log4j™ 2</li>
     <li><a href="../index.html" title="About"><span class="none"></span>About</a></li>
     <li><a href="../download.html" title="Download"><span class="none"></span>Download</a></li>
     <li><a href="../support.html" title="Support"><span class="none"></span>Support</a></li>
     <li><a href="../maven-artifacts.html" title="Maven, Ivy, Gradle Artifacts"><span class="icon-chevron-right"></span>Maven, Ivy, Gradle Artifacts</a></li>
     <li><a href="../release-notes.html" title="Release Notes"><span class="none"></span>Release Notes</a></li>
     <li><a href="../faq.html" title="FAQ"><span class="none"></span>FAQ</a></li>
     <li><a href="../performance.html" title="Performance"><span class="icon-chevron-right"></span>Performance</a></li>
     <li><a href="../articles.html" title="Articles and Tutorials"><span class="none"></span>Articles and Tutorials</a></li>
     <li><a href="../security.html" title="Security"><span class="icon-chevron-right"></span>Security</a></li>
    <li class="nav-header"><img class="imageLink" src="../img/glyphicons/book.png" alt="Manual" style="border: 0;" /> Manual</li>
     <li><a href="../manual/index.html" title="Introduction"><span class="none"></span>Introduction</a></li>
     <li><a href="../manual/architecture.html" title="Architecture"><span class="none"></span>Architecture</a></li>
     <li><a href="../manual/api-separation.html" title="API Separation"><span class="none"></span>API Separation</a></li>
     <li><a href="../manual/migration.html" title="Log4j 1.x Migration"><span class="icon-chevron-right"></span>Log4j 1.x Migration</a></li>
     <li><a href="../manual/api.html" title="Java API"><span class="icon-chevron-right"></span>Java API</a></li>
     <li><a href="../../kotlin" title="Kotlin API"><span class="none"></span>Kotlin API</a></li>
     <li><a href="../../scala" title="Scala API"><span class="none"></span>Scala API</a></li>
     <li><a href="../manual/configuration.html" title="Configuration"><span class="icon-chevron-right"></span>Configuration</a></li>
     <li><a href="../manual/usage.html" title="Usage"><span class="icon-chevron-right"></span>Usage</a></li>
     <li><a href="../manual/webapp.html" title="Web Applications and JSPs"><span class="icon-chevron-right"></span>Web Applications and JSPs</a></li>
     <li><a href="../manual/lookups.html" title="Lookups"><span class="icon-chevron-right"></span>Lookups</a></li>
     <li><a href="../manual/appenders.html" title="Appenders"><span class="icon-chevron-right"></span>Appenders</a></li>
     <li><a href="../manual/layouts.html" title="Layouts"><span class="icon-chevron-right"></span>Layouts</a></li>
     <li><a href="../manual/filters.html" title="Filters"><span class="icon-chevron-right"></span>Filters</a></li>
     <li><a href="../manual/async.html" title="Async Loggers"><span class="icon-chevron-right"></span>Async Loggers</a></li>
     <li><a href="../manual/garbagefree.html" title="Garbage-free Logging"><span class="icon-chevron-right"></span>Garbage-free Logging</a></li>
     <li><a href="../manual/jmx.html" title="JMX"><span class="none"></span>JMX</a></li>
     <li><a href="../manual/logsep.html" title="Logging Separation"><span class="none"></span>Logging Separation</a></li>
     <li><a href="../manual/extending.html" title="Extending Log4j"><span class="icon-chevron-right"></span>Extending Log4j</a></li>
     <li><a href="../manual/plugins.html" title="Plugins"><span class="icon-chevron-right"></span>Plugins</a></li>
     <li><a href="../manual/customconfig.html" title="Programmatic Log4j Configuration"><span class="icon-chevron-right"></span>Programmatic Log4j Configuration</a></li>
     <li><a href="../manual/customloglevels.html" title="Custom Log Levels"><span class="icon-chevron-right"></span>Custom Log Levels</a></li>
    <li class="nav-header"><img class="imageLink" src="../img/glyphicons/pencil.png" alt="For Contributors" style="border: 0;" /> For Contributors</li>
     <li><a href="../guidelines.html" title="Guidelines"><span class="none"></span>Guidelines</a></li>
     <li><a href="../javastyle.html" title="Style Guide"><span class="none"></span>Style Guide</a></li>
    <li class="nav-header"><img class="imageLink" src="../img/glyphicons/cog.png" alt="Components" style="border: 0;" /> Components</li>
     <li><a href="../log4j-api.html" title="API"><span class="none"></span>API</a></li>
     <li><a href="../log4j-jcl.html" title="Commons Logging Bridge"><span class="none"></span>Commons Logging Bridge</a></li>
     <li><a href="../log4j-1.2-api.html" title="Log4j 1.2 API"><span class="none"></span>Log4j 1.2 API</a></li>
     <li><a href="../log4j-slf4j-impl.html" title="SLF4J Binding"><span class="none"></span>SLF4J Binding</a></li>
     <li><a href="../log4j-jul.html" title="JUL Adapter"><span class="none"></span>JUL Adapter</a></li>
     <li><a href="../log4j-jpl.html" title="JDK Platform Logger"><span class="none"></span>JDK Platform Logger</a></li>
     <li><a href="../log4j-to-slf4j.html" title="Log4j 2 to SLF4J Adapter"><span class="none"></span>Log4j 2 to SLF4J Adapter</a></li>
     <li><a href="../log4j-flume-ng.html" title="Apache Flume Appender"><span class="none"></span>Apache Flume Appender</a></li>
     <li><a href="../log4j-taglib.html" title="Log4j Tag Library"><span class="none"></span>Log4j Tag Library</a></li>
     <li><a href="../log4j-jmx-gui.html" title="Log4j JMX GUI"><span class="none"></span>Log4j JMX GUI</a></li>
     <li><a href="../log4j-web.html" title="Log4j Web Application Support"><span class="none"></span>Log4j Web Application Support</a></li>
     <li><a href="../log4j-jakarta-web.html" title="Log4j Jakarta Web Application Support"><span class="none"></span>Log4j Jakarta Web Application Support</a></li>
     <li><a href="../log4j-appserver.html" title="Log4j Application Server Integration"><span class="none"></span>Log4j Application Server Integration</a></li>
     <li><a href="../log4j-couchdb.html" title="Log4j CouchDB appender"><span class="none"></span>Log4j CouchDB appender</a></li>
     <li><a href="../log4j-mongodb3.html" title="Log4j MongoDB3 appender"><span class="none"></span>Log4j MongoDB3 appender</a></li>
     <li><a href="../log4j-mongodb4.html" title="Log4j MongoDB4 appender"><span class="none"></span>Log4j MongoDB4 appender</a></li>
     <li><a href="../log4j-cassandra.html" title="Log4j Cassandra appender"><span class="none"></span>Log4j Cassandra appender</a></li>
     <li><a href="../log4j-iostreams.html" title="Log4j IO Streams"><span class="none"></span>Log4j IO Streams</a></li>
     <li><a href="../log4j-docker.html" title="Log4j Docker Support"><span class="none"></span>Log4j Docker Support</a></li>
     <li><a href="../log4j-kubernetes.html" title="Log4j Kubernetes Support"><span class="none"></span>Log4j Kubernetes Support</a></li>
     <li><a href="../log4j-spring-boot.html" title="Log4j Spring Boot"><span class="none"></span>Log4j Spring Boot</a></li>
     <li><a href="../log4j-spring-cloud-config-client.html" title="Log4j Spring Cloud Config Client"><span class="none"></span>Log4j Spring Cloud Config Client</a></li>
    <li class="nav-header"><img class="imageLink" src="../img/glyphicons/tag.png" alt="Related Projects" style="border: 0;" /> Related Projects</li>
     <li><a href="../../../chainsaw/2.x/index.html" title="Chainsaw"><span class="none"></span>Chainsaw</a></li>
     <li><a href="../../../log4cxx/latest_stable/index.html" title="Log4Cxx"><span class="none"></span>Log4Cxx</a></li>
     <li><a href="../../../log4j-audit/latest/index.html" title="Log4j Audit"><span class="none"></span>Log4j Audit</a></li>
     <li><a href="../../kotlin" title="Log4j Kotlin"><span class="none"></span>Log4j Kotlin</a></li>
     <li><a href="../../scala" title="Log4j Scala"><span class="none"></span>Log4j Scala</a></li>
     <li><a href="../../transform" title="Log4j Transform"><span class="none"></span>Log4j Transform</a></li>
     <li><a href="../../../log4net/index.html" title="Log4Net"><span class="none"></span>Log4Net</a></li>
    <li class="nav-header"><img class="imageLink" src="../img/glyphicons/link.png" alt="Legacy Sites" style="border: 0;" /> Legacy Sites</li>
     <li><a href="../../log4j-2.12.4/" title="Log4j 2.12.4 - Java 7"><span class="none"></span>Log4j 2.12.4 - Java 7</a></li>
     <li><a href="../../log4j-2.3.2/" title="Log4j 2.3.2 - Java 6"><span class="none"></span>Log4j 2.3.2 - Java 6</a></li>
     <li><a href="../../1.2/" title="Log4j 1.2 - End of Life"><span class="none"></span>Log4j 1.2 - End of Life</a></li>
    <li class="nav-header"><img class="imageLink" src="../img/glyphicons/info.png" alt="Project Information" style="border: 0;" /> Project Information</li>
     <li><a href="../team.html" title="Project Team"><span class="none"></span>Project Team</a></li>
     <li><a href="https://www.apache.org/licenses/LICENSE-2.0" class="externalLink" title="Project License"><span class="none"></span>Project License</a></li>
     <li><a href="https://github.com/apache/logging-log4j2" class="externalLink" title="Source Repository"><span class="none"></span>Source Repository</a></li>
     <li><a href="../runtime-dependencies.html" title="Runtime Dependencies"><span class="none"></span>Runtime Dependencies</a></li>
     <li><a href="../javadoc.html" title="Javadoc"><span class="none"></span>Javadoc</a></li>
     <li><a href="../thanks.html" title="Thanks"><span class="none"></span>Thanks</a></li>
   </ul>
           </nav>
           <div class="well sidebar-nav">
             <div id="poweredBy">
               <div class="clear"></div>
               <div class="clear"></div>
               <div class="clear"></div>
 <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"><img class="builtBy" alt="Built by Maven" src="../images/logos/maven-feather.png" /></a>
             </div>
           </div>
         </header>
         <main id="bodyColumn"  class="span10" >
 <div class="sect1">
 <h2 id="release-notes-2-16-0">2.16.0</h2>
 <div class="sectionbody">
 <div class="dlist">
 <dl>
 <dt class="hdlist1">Release date</dt>
 <dd>
 <p>2021-12-13</p>
 </dd>
 </dl>
 </div>
 <div class="paragraph">
 <p>This release contains one change which is noted below.</p>
 </div>
 <div class="paragraph">
 <p>Due to a break in compatibility in the SLF4J binding, Log4j now ships with two versions of the SLF4J to Log4j adapters.
 <code>log4j-slf4j-impl</code> should be used with SLF4J 1.7.x and earlier and <code>log4j-slf4j18-impl</code> should be used with SLF4J 1.8.x and later.
 SLF4J-2.0.0 alpha releases are not fully supported.
 See <a href="https://issues.apache.org/jira/browse/LOG4J2-2975">LOG4J2-2975</a> and <a href="https://jira.qos.ch/browse/SLF4J-511">SLF4J-511</a>.</p>
 </div>
 <div class="paragraph">
 <p>Some of the changes in Log4j 2.16.0 include:</p>
 </div>
 <div class="ulist">
 <ul>
 <li>
 <p>Removed Message Lookups.
 This is a hardening related to changes made to prevent CVE-2021-44228.
 While this change is recommended, it is NOT required to fix CVE-2021-44228.</p>
 </li>
 <li>
 <p>While release 2.15.0 removed the ability to resolve Lookups and log messages and addressed issues with how JNDI is accessed, the Log4j team feels that having JNDI enabled by default introduces an undue risk for our users.
 Starting in version 2.16.0, JNDI functionality is disabled by default and can be re-enabled via the <code>log4j2.enableJndi</code> system property.
 Use of JNDI in an unprotected context is a large security risk and should be treated as such in both this library and all other Java libraries using JNDI.</p>
 </li>
 <li>
 <p>Prior to version 2.15.0, Log4j would automatically resolve Lookups contained in the message or its parameters in the Pattern Layout.
 This behavior is no longer the default and must be enabled by specifying <code>%msg{lookup}</code>.</p>
 </li>
 </ul>
 </div>
 <div class="paragraph">
 <p>The Log4j 2.16.0 API, as well as many core components, maintains binary compatibility with previous releases.</p>
 </div>
 <div class="paragraph">
 <p>Apache Log4j 2.16.0 requires a minimum of Java 8 to build and run.
 Log4j 2.12.1 is the last release to support Java 7.
 Java 7 is no longer supported by the Log4j team.</p>
 </div>
 <div class="paragraph">
 <p>For complete information on Apache Log4j 2, including instructions on how to submit bug reports, patches, or suggestions for improvement, see <a href="http://logging.apache.org/log4j/2.x/">the Apache Log4j 2 website</a>.</p>
 </div>
 <div class="sect2">
 <h3 id="release-notes-2-16-0-fixed">Fixed</h3>
 <div class="ulist">
 <ul>
 <li>
 <p>Disable JNDI by default. Require log4j2.enableJndi to be set to true to allow JNDI. (<a href="https://issues.apache.org/jira/browse/LOG4J2-3208">LOG4J2-3208</a>)</p>
 </li>
 <li>
 <p>Completely remove support for Message Lookups. (<a href="https://issues.apache.org/jira/browse/LOG4J2-3211">LOG4J2-3211</a>)</p>
 </li>
 </ul>
 </div>
 </div>
 </div>
 </div>
         </main>
       </div>
     </div>
     <hr/>
     <footer>
       <div class="container-fluid">
         <div class="row-fluid">
 <p align="center">Copyright &copy; 1999-2024 <a class="external" href="https://www.apache.org">The Apache Software Foundation</a>. All Rights Reserved.<br>
       Apache Logging, Apache Log4j, Log4j, Apache, the Apache feather logo, and the Apache Logging project logo are trademarks of The Apache Software Foundation.</p>
         </div>
       </div>
     </footer>
 <script>
 	if(anchors) {
 	  anchors.add();
 	}
 </script>
   </body>
 </html>
	<!DOCTYPE html>


	<!--
	\| Generated by Apache Maven Doxia Site Renderer 1.11.1 from target/generated-sources/site/asciidoc/_release-notes/_2.16.0.adoc at 2024-03-06
	\| Rendered using Apache Maven Fluido Skin 1.11.2
	-->
	<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
	<head>
	<meta charset="UTF-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1" />
	<meta name="generator" content="Apache Maven Doxia Site Renderer 1.11.1" />
	<title>Log4j – </title>
	<link rel="stylesheet" href="../css/apache-maven-fluido-1.11.2.min.css" />
	<link rel="stylesheet" href="../css/site.css" />
	<link rel="stylesheet" href="../css/print.css" media="print" />
	<script src="../js/apache-maven-fluido-1.11.2.min.js"></script>
	</head>
	<body class="topBarDisabled">
	<div class="container-fluid">
	<header>
	<div id="banner">
	<div class="pull-left"><a href="../../.." id="bannerLeft"><img src="../images/ls-logo.jpg" alt="" style="" /></a></div>
	<div class="pull-right"><a href=".././" id="bannerRight"><img src="../images/logo.png" alt="" style="" /></a></div>
	<div class="clear"><hr/></div>
	</div>

	<div id="breadcrumbs">
	<ul class="breadcrumb">
	<li id="publishDate">Last Published: 2024-03-06<span class="divider">\|</span>
	</li>
	<li id="projectVersion">Version: 2.23.1</li>
	<li class="pull-right"><span class="divider">\|</span>
	<a href="https://github.com/apache/logging-log4j2" class="externalLink" title="GitHub">GitHub</a></li>
	<li class="pull-right"><span class="divider">\|</span>
	<a href="../../../" title="Logging Services">Logging Services</a></li>
	<li class="pull-right"><span class="divider">\|</span>
	<a href="https://www.apache.org/" class="externalLink" title="Apache">Apache</a></li>
	<li class="pull-right"><a href="https://cwiki.apache.org/confluence/display/LOGGING/Log4j" class="externalLink" title="Logging Wiki">Logging Wiki</a></li>
	</ul>
	</div>
	</header>
	<div class="row-fluid">
	<header id="leftColumn" class="span2">
	<nav class="well sidebar-nav">
	<ul class="nav nav-list">
	<li class="nav-header"><img class="imageLink" src="../img/glyphicons/home.png" alt="Apache Log4j™ 2" style="border: 0;" /> Apache Log4j™ 2</li>
	<li><a href="../index.html" title="About"><span class="none"></span>About</a></li>
	<li><a href="../download.html" title="Download"><span class="none"></span>Download</a></li>
	<li><a href="../support.html" title="Support"><span class="none"></span>Support</a></li>
	<li><a href="../maven-artifacts.html" title="Maven, Ivy, Gradle Artifacts"><span class="icon-chevron-right"></span>Maven, Ivy, Gradle Artifacts</a></li>
	<li><a href="../release-notes.html" title="Release Notes"><span class="none"></span>Release Notes</a></li>
	<li><a href="../faq.html" title="FAQ"><span class="none"></span>FAQ</a></li>
	<li><a href="../performance.html" title="Performance"><span class="icon-chevron-right"></span>Performance</a></li>
	<li><a href="../articles.html" title="Articles and Tutorials"><span class="none"></span>Articles and Tutorials</a></li>
	<li><a href="../security.html" title="Security"><span class="icon-chevron-right"></span>Security</a></li>
	<li class="nav-header"><img class="imageLink" src="../img/glyphicons/book.png" alt="Manual" style="border: 0;" /> Manual</li>
	<li><a href="../manual/index.html" title="Introduction"><span class="none"></span>Introduction</a></li>
	<li><a href="../manual/architecture.html" title="Architecture"><span class="none"></span>Architecture</a></li>
	<li><a href="../manual/api-separation.html" title="API Separation"><span class="none"></span>API Separation</a></li>
	<li><a href="../manual/migration.html" title="Log4j 1.x Migration"><span class="icon-chevron-right"></span>Log4j 1.x Migration</a></li>
	<li><a href="../manual/api.html" title="Java API"><span class="icon-chevron-right"></span>Java API</a></li>
	<li><a href="../../kotlin" title="Kotlin API"><span class="none"></span>Kotlin API</a></li>
	<li><a href="../../scala" title="Scala API"><span class="none"></span>Scala API</a></li>
	<li><a href="../manual/configuration.html" title="Configuration"><span class="icon-chevron-right"></span>Configuration</a></li>
	<li><a href="../manual/usage.html" title="Usage"><span class="icon-chevron-right"></span>Usage</a></li>
	<li><a href="../manual/webapp.html" title="Web Applications and JSPs"><span class="icon-chevron-right"></span>Web Applications and JSPs</a></li>
	<li><a href="../manual/lookups.html" title="Lookups"><span class="icon-chevron-right"></span>Lookups</a></li>
	<li><a href="../manual/appenders.html" title="Appenders"><span class="icon-chevron-right"></span>Appenders</a></li>
	<li><a href="../manual/layouts.html" title="Layouts"><span class="icon-chevron-right"></span>Layouts</a></li>
	<li><a href="../manual/filters.html" title="Filters"><span class="icon-chevron-right"></span>Filters</a></li>
	<li><a href="../manual/async.html" title="Async Loggers"><span class="icon-chevron-right"></span>Async Loggers</a></li>
	<li><a href="../manual/garbagefree.html" title="Garbage-free Logging"><span class="icon-chevron-right"></span>Garbage-free Logging</a></li>
	<li><a href="../manual/jmx.html" title="JMX"><span class="none"></span>JMX</a></li>
	<li><a href="../manual/logsep.html" title="Logging Separation"><span class="none"></span>Logging Separation</a></li>
	<li><a href="../manual/extending.html" title="Extending Log4j"><span class="icon-chevron-right"></span>Extending Log4j</a></li>
	<li><a href="../manual/plugins.html" title="Plugins"><span class="icon-chevron-right"></span>Plugins</a></li>
	<li><a href="../manual/customconfig.html" title="Programmatic Log4j Configuration"><span class="icon-chevron-right"></span>Programmatic Log4j Configuration</a></li>
	<li><a href="../manual/customloglevels.html" title="Custom Log Levels"><span class="icon-chevron-right"></span>Custom Log Levels</a></li>
	<li class="nav-header"><img class="imageLink" src="../img/glyphicons/pencil.png" alt="For Contributors" style="border: 0;" /> For Contributors</li>
	<li><a href="../guidelines.html" title="Guidelines"><span class="none"></span>Guidelines</a></li>
	<li><a href="../javastyle.html" title="Style Guide"><span class="none"></span>Style Guide</a></li>
	<li class="nav-header"><img class="imageLink" src="../img/glyphicons/cog.png" alt="Components" style="border: 0;" /> Components</li>
	<li><a href="../log4j-api.html" title="API"><span class="none"></span>API</a></li>
	<li><a href="../log4j-jcl.html" title="Commons Logging Bridge"><span class="none"></span>Commons Logging Bridge</a></li>
	<li><a href="../log4j-1.2-api.html" title="Log4j 1.2 API"><span class="none"></span>Log4j 1.2 API</a></li>
	<li><a href="../log4j-slf4j-impl.html" title="SLF4J Binding"><span class="none"></span>SLF4J Binding</a></li>
	<li><a href="../log4j-jul.html" title="JUL Adapter"><span class="none"></span>JUL Adapter</a></li>
	<li><a href="../log4j-jpl.html" title="JDK Platform Logger"><span class="none"></span>JDK Platform Logger</a></li>
	<li><a href="../log4j-to-slf4j.html" title="Log4j 2 to SLF4J Adapter"><span class="none"></span>Log4j 2 to SLF4J Adapter</a></li>
	<li><a href="../log4j-flume-ng.html" title="Apache Flume Appender"><span class="none"></span>Apache Flume Appender</a></li>
	<li><a href="../log4j-taglib.html" title="Log4j Tag Library"><span class="none"></span>Log4j Tag Library</a></li>
	<li><a href="../log4j-jmx-gui.html" title="Log4j JMX GUI"><span class="none"></span>Log4j JMX GUI</a></li>
	<li><a href="../log4j-web.html" title="Log4j Web Application Support"><span class="none"></span>Log4j Web Application Support</a></li>
	<li><a href="../log4j-jakarta-web.html" title="Log4j Jakarta Web Application Support"><span class="none"></span>Log4j Jakarta Web Application Support</a></li>
	<li><a href="../log4j-appserver.html" title="Log4j Application Server Integration"><span class="none"></span>Log4j Application Server Integration</a></li>
	<li><a href="../log4j-couchdb.html" title="Log4j CouchDB appender"><span class="none"></span>Log4j CouchDB appender</a></li>
	<li><a href="../log4j-mongodb3.html" title="Log4j MongoDB3 appender"><span class="none"></span>Log4j MongoDB3 appender</a></li>
	<li><a href="../log4j-mongodb4.html" title="Log4j MongoDB4 appender"><span class="none"></span>Log4j MongoDB4 appender</a></li>
	<li><a href="../log4j-cassandra.html" title="Log4j Cassandra appender"><span class="none"></span>Log4j Cassandra appender</a></li>
	<li><a href="../log4j-iostreams.html" title="Log4j IO Streams"><span class="none"></span>Log4j IO Streams</a></li>
	<li><a href="../log4j-docker.html" title="Log4j Docker Support"><span class="none"></span>Log4j Docker Support</a></li>
	<li><a href="../log4j-kubernetes.html" title="Log4j Kubernetes Support"><span class="none"></span>Log4j Kubernetes Support</a></li>
	<li><a href="../log4j-spring-boot.html" title="Log4j Spring Boot"><span class="none"></span>Log4j Spring Boot</a></li>
	<li><a href="../log4j-spring-cloud-config-client.html" title="Log4j Spring Cloud Config Client"><span class="none"></span>Log4j Spring Cloud Config Client</a></li>
	<li class="nav-header"><img class="imageLink" src="../img/glyphicons/tag.png" alt="Related Projects" style="border: 0;" /> Related Projects</li>
	<li><a href="../../../chainsaw/2.x/index.html" title="Chainsaw"><span class="none"></span>Chainsaw</a></li>
	<li><a href="../../../log4cxx/latest_stable/index.html" title="Log4Cxx"><span class="none"></span>Log4Cxx</a></li>
	<li><a href="../../../log4j-audit/latest/index.html" title="Log4j Audit"><span class="none"></span>Log4j Audit</a></li>
	<li><a href="../../kotlin" title="Log4j Kotlin"><span class="none"></span>Log4j Kotlin</a></li>
	<li><a href="../../scala" title="Log4j Scala"><span class="none"></span>Log4j Scala</a></li>
	<li><a href="../../transform" title="Log4j Transform"><span class="none"></span>Log4j Transform</a></li>
	<li><a href="../../../log4net/index.html" title="Log4Net"><span class="none"></span>Log4Net</a></li>
	<li class="nav-header"><img class="imageLink" src="../img/glyphicons/link.png" alt="Legacy Sites" style="border: 0;" /> Legacy Sites</li>
	<li><a href="../../log4j-2.12.4/" title="Log4j 2.12.4 - Java 7"><span class="none"></span>Log4j 2.12.4 - Java 7</a></li>
	<li><a href="../../log4j-2.3.2/" title="Log4j 2.3.2 - Java 6"><span class="none"></span>Log4j 2.3.2 - Java 6</a></li>
	<li><a href="../../1.2/" title="Log4j 1.2 - End of Life"><span class="none"></span>Log4j 1.2 - End of Life</a></li>
	<li class="nav-header"><img class="imageLink" src="../img/glyphicons/info.png" alt="Project Information" style="border: 0;" /> Project Information</li>
	<li><a href="../team.html" title="Project Team"><span class="none"></span>Project Team</a></li>
	<li><a href="https://www.apache.org/licenses/LICENSE-2.0" class="externalLink" title="Project License"><span class="none"></span>Project License</a></li>
	<li><a href="https://github.com/apache/logging-log4j2" class="externalLink" title="Source Repository"><span class="none"></span>Source Repository</a></li>
	<li><a href="../runtime-dependencies.html" title="Runtime Dependencies"><span class="none"></span>Runtime Dependencies</a></li>
	<li><a href="../javadoc.html" title="Javadoc"><span class="none"></span>Javadoc</a></li>
	<li><a href="../thanks.html" title="Thanks"><span class="none"></span>Thanks</a></li>
	</ul>
	</nav>
	<div class="well sidebar-nav">
	<div id="poweredBy">
	<div class="clear"></div>
	<div class="clear"></div>
	<div class="clear"></div>
	<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"><img class="builtBy" alt="Built by Maven" src="../images/logos/maven-feather.png" /></a>
	</div>
	</div>
	</header>
	<main id="bodyColumn" class="span10" >
	<div class="sect1">
	<h2 id="release-notes-2-16-0">2.16.0</h2>
	<div class="sectionbody">
	<div class="dlist">
	<dl>
	<dt class="hdlist1">Release date</dt>
	<dd>
	<p>2021-12-13</p>
	</dd>
	</dl>
	</div>
	<div class="paragraph">
	<p>This release contains one change which is noted below.</p>
	</div>
	<div class="paragraph">
	<p>Due to a break in compatibility in the SLF4J binding, Log4j now ships with two versions of the SLF4J to Log4j adapters.
	<code>log4j-slf4j-impl</code> should be used with SLF4J 1.7.x and earlier and <code>log4j-slf4j18-impl</code> should be used with SLF4J 1.8.x and later.
	SLF4J-2.0.0 alpha releases are not fully supported.
	See <a href="https://issues.apache.org/jira/browse/LOG4J2-2975">LOG4J2-2975</a> and <a href="https://jira.qos.ch/browse/SLF4J-511">SLF4J-511</a>.</p>
	</div>
	<div class="paragraph">
	<p>Some of the changes in Log4j 2.16.0 include:</p>
	</div>
	<div class="ulist">
	<ul>
	<li>
	<p>Removed Message Lookups.
	This is a hardening related to changes made to prevent CVE-2021-44228.
	While this change is recommended, it is NOT required to fix CVE-2021-44228.</p>
	</li>
	<li>
	<p>While release 2.15.0 removed the ability to resolve Lookups and log messages and addressed issues with how JNDI is accessed, the Log4j team feels that having JNDI enabled by default introduces an undue risk for our users.
	Starting in version 2.16.0, JNDI functionality is disabled by default and can be re-enabled via the <code>log4j2.enableJndi</code> system property.
	Use of JNDI in an unprotected context is a large security risk and should be treated as such in both this library and all other Java libraries using JNDI.</p>
	</li>
	<li>
	<p>Prior to version 2.15.0, Log4j would automatically resolve Lookups contained in the message or its parameters in the Pattern Layout.
	This behavior is no longer the default and must be enabled by specifying <code>%msg{lookup}</code>.</p>
	</li>
	</ul>
	</div>
	<div class="paragraph">
	<p>The Log4j 2.16.0 API, as well as many core components, maintains binary compatibility with previous releases.</p>
	</div>
	<div class="paragraph">
	<p>Apache Log4j 2.16.0 requires a minimum of Java 8 to build and run.
	Log4j 2.12.1 is the last release to support Java 7.
	Java 7 is no longer supported by the Log4j team.</p>
	</div>
	<div class="paragraph">
	<p>For complete information on Apache Log4j 2, including instructions on how to submit bug reports, patches, or suggestions for improvement, see <a href="http://logging.apache.org/log4j/2.x/">the Apache Log4j 2 website</a>.</p>
	</div>
	<div class="sect2">
	<h3 id="release-notes-2-16-0-fixed">Fixed</h3>
	<div class="ulist">
	<ul>
	<li>
	<p>Disable JNDI by default. Require log4j2.enableJndi to be set to true to allow JNDI. (<a href="https://issues.apache.org/jira/browse/LOG4J2-3208">LOG4J2-3208</a>)</p>
	</li>
	<li>
	<p>Completely remove support for Message Lookups. (<a href="https://issues.apache.org/jira/browse/LOG4J2-3211">LOG4J2-3211</a>)</p>
	</li>
	</ul>
	</div>
	</div>
	</div>
	</div>
	</main>
	</div>
	</div>
	<hr/>
	<footer>
	<div class="container-fluid">
	<div class="row-fluid">
	<p align="center">Copyright © 1999-2024 <a class="external" href="https://www.apache.org">The Apache Software Foundation</a>. All Rights Reserved.<br>
	Apache Logging, Apache Log4j, Log4j, Apache, the Apache feather logo, and the Apache Logging project logo are trademarks of The Apache Software Foundation.</p>
	</div>
	</div>
	</footer>
	<script>
	if(anchors) {
	anchors.add();
	}
	</script>
	</body>
	</html>