| ## Licensed to the Apache Software Foundation (ASF) under one |
| ## or more contributor license agreements. See the NOTICE file |
| ## distributed with this work for additional information |
| ## regarding copyright ownership. The ASF licenses this file |
| ## to you under the Apache License, Version 2.0 (the |
| ## "License"); you may not use this file except in compliance |
| ## with the License. You may obtain a copy of the License at |
| ## |
| ## http://www.apache.org/licenses/LICENSE-2.0 |
| ## |
| ## Unless required by applicable law or agreed to in writing, |
| ## software distributed under the License is distributed on an |
| ## "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ## KIND, either express or implied. See the License for the |
| ## specific language governing permissions and limitations |
| ## under the License. |
| |
| #set($relVersion=$announceParameters.releaseVersion) |
| #set($relCount=$announceParameters.releaseCount) |
| Apache Log4j ${relVersion} RELEASE NOTES |
| |
| The ${developmentTeam} is pleased to announce the Log4j ${relVersion} release! |
| |
| Apache log4j is a well known framework for logging application behavior. Log4j 2 is an upgrade to |
| Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides |
| many other modern features such as support for Markers, property substitution using Lookups, and asynchronous |
| Loggers. In addition, Log4j 2 will not lose events while reconfiguring. |
| |
| The artifacts may be downloaded from https://logging.apache.org/log4j/log4j-$relVersion}/download.html. |
| |
| The major changes contained in this release include: |
| |
| * Address CVE-2021-45046 and CVE-2021-45105 by disabling recursive evaluation of Lookups during log event processing. Recursive evaluation is still allowed while generating the configuration. |
| * Adddress CVE-2021-44882 by removing processing of Lookups in the Message Pattern Converter of the Pattern Layout and |
| preventing JNDI operations to use any protocols other than java. |
| * The JndiLookup, JndiContextSelector, and JMSAppender now require individual system properties to be enabled. |
| |
| The JNDI components are now disabled by default and may separately be enabled with three individual properties; log4j2.enableJndiContextSelector, log4j2.enableJndiJms, and log4j2.enableJndiLookup. |
| |
| ## Hack to improve layout: replace all pairs of spaces with a single new-line |
| $release.description.replaceAll(" ", " |
| ") |
| |
| #if ($release.getActions().size() == 0) |
| No changes defined in this version. |
| #else |
| Changes in this version include: |
| |
| #if ($release.getActions('add').size() !=0) |
| New features: |
| #foreach($actionItem in $release.getActions('add')) |
| ## Use replaceAll to fix up LF-only line ends on Windows. |
| #set($action=$actionItem.getAction().replaceAll("\n"," |
| ")) |
| #if ($actionItem.getIssue()) |
| #set($issue=$actionItem.getIssue()) |
| #else |
| #set($issue="") |
| #end |
| #if ($actionItem.getDueTo()) |
| #set($dueto=$actionItem.getDueTo()) |
| #else |
| #set($dueto="") |
| #end |
| o#if($!issue != "") $issue: #end ${action} #if($!dueto != "")Thanks to $dueto. #end |
| |
| #set($issue="") |
| #set($dueto="") |
| #end |
| #end |
| |
| #if ($release.getActions('fix').size() !=0) |
| Fixed Bugs: |
| #foreach($actionItem in $release.getActions('fix')) |
| ## Use replaceAll to fix up LF-only line ends on Windows. |
| #set($action=$actionItem.getAction().replaceAll("\n"," |
| ")) |
| #if ($actionItem.getIssue()) |
| #set($issue=$actionItem.getIssue()) |
| #else |
| #set($issue="") |
| #end |
| #if ($actionItem.getDueTo()) |
| #set($dueto=$actionItem.getDueTo()) |
| #else |
| #set($dueto="") |
| #end |
| o#if($!issue != "") $issue: #end ${action} #if($!dueto != "")Thanks to $dueto. #end |
| |
| #set($issue="") |
| #set($dueto="") |
| #end |
| #end |
| |
| #if ($release.getActions('update').size() !=0) |
| Changes: |
| #foreach($actionItem in $release.getActions('update')) |
| ## Use replaceAll to fix up LF-only line ends on Windows. |
| #set($action=$actionItem.getAction().replaceAll("\n"," |
| ")) |
| #if ($actionItem.getIssue()) |
| #set($issue=$actionItem.getIssue()) |
| #else |
| #set($issue="") |
| #end |
| #if ($actionItem.getDueTo()) |
| #set($dueto=$actionItem.getDueTo()) |
| #else |
| #set($dueto="") |
| #end |
| o#if($!issue != "") $issue: #end ${action} #if($!dueto != "")Thanks to $dueto. #end |
| |
| #set($issue="") |
| #set($dueto="") |
| #end |
| #end |
| |
| #if ($release.getActions('remove').size() !=0) |
| Removed: |
| #foreach($actionItem in $release.getActions('remove')) |
| ## Use replaceAll to fix up LF-only line ends on Windows. |
| #set($action=$actionItem.getAction().replaceAll("\n"," |
| ")) |
| #if ($actionItem.getIssue()) |
| #set($issue=$actionItem.getIssue()) |
| #else |
| #set($issue="") |
| #end |
| #if ($actionItem.getDueTo()) |
| #set($dueto=$actionItem.getDueTo()) |
| #else |
| #set($dueto="") |
| #end |
| o#if($!issue != "") $issue. #end ${action} #if($!dueto != "")Thanks to $dueto. #end |
| |
| #set($issue="") |
| #set($dueto="") |
| #end |
| #end |
| ## End of main loop |
| #end |
| |
| Apache Log4j ${relVersion} requires a minimum of Java 6 to build and run. It is not expected that any future Java 6 |
| releases will be provided. |
| |
| Basic compatibility with Log4j 1.x is provided through the log4j-1.2-api component, however it does not implement some of the |
| very implementation specific classes and methods. The package names and Maven groupId have been changed to |
| org.apache.logging.log4j to avoid any conflicts with log4j 1.x. |
| |
| For complete information on ${project.name}, including instructions on how to submit bug reports, |
| patches, or suggestions for improvement, see the Apache ${project.name} website: |
| |
| ${project.url} |