The Apache Log4j team is pleased to announce the 2.22.0 release. Apache Log4j is a versatile, industrial-strength Java logging framework composed of an API, its implementation, and components to assist the deployment for various use cases. For further information (support, download, etc.) see the project website[1].
[1] https://logging.apache.org/log4j == Release notes This release provides a CycloneDX Software Bill of Materials (SBOM)[2] along with each artifact and contains bug fixes addressing issues in the JPMS & OSGi infrastructure overhauled in `2.21.0`, dependency updates, and some other minor fixes and improvements. [2] https://cyclonedx.org/capabilities/sbom === CycloneDX Software Bill of Materials (SBOM) This is the first Log4j release that provides a CycloneDX Software Bill of Materials (SBOM)[2] along with each artifact. Generated SBOMs are attached as artifacts with `cyclonedx` classifier and XML extensions, that is, `<artifactId>-<version>-cyclonedx.xml`. They contain `vulnerability-assertion` references to a CycloneDX Vulnerability Disclosure Report (VDR)[3] that Apache Logging Services uses for all projects it maintains. This VDR is accessible through the following URL: https://logging.apache.org/cyclonedx/vdr.xml SBOM generation is streamlined by `logging-parent`, see its website[4] for details. [3] https://cyclonedx.org/capabilities/vdr [4] https://logging.apache.org/logging-parent/latest/#cyclonedx-sbom === Changed * Change the order of evaluation of `FormattedMessage` formatters. Messages are evaluated using `java.util.Format` only if they don't comply to the `java.text.MessageFormat` or `ParameterizedMessage` format. (#1223) * Change default encoding of HTTP Basic Authentication to UTF-8 and add `log4j2.configurationAuthorizationEncoding` property to overwrite it. (#1970) * Update `com.fasterxml.jackson:jackson-bom` to version `2.16.0` (#1974) * Update `com.github.luben:zstd-jni` to version `1.5.5-10` (#1940) * Update `com.google.guava:guava` to version `32.1.3-jre` (#1875) * Update `io.netty:netty-bom` to version `4.1.101.Final` (#1960) * Update `org.eclipse.persistence:org.eclipse.persistence.jpa` to version `2.7.13` (#1900) * Update `org.fusesource.jansi:jansi` to version `2.4.1` (#1907) * Update `org.mongodb:bson` to version `4.11.1` (#1957) * Update `org.springframework:spring-framework-bom` to version `5.3.30` * Update `org.springframework.boot:spring-boot` to version `2.7.17` (#1874) * Update `org.springframework:spring-framework-bom` to version `5.3.31` (#1973) * Update `org.zeromq:jeromq` to version `0.5.4` (#1878) === Removed * Removed unused `FastDateParser` which was causing unnecessary heap overhead (LOG4J2-3672, #1848) === Fixed * Fix MDC pattern converter causing issues for `%notEmpty` (#1922) * Export missing OSGi & JPMS modules in `log4j-layout-template-json` and `log4j-1.2-api` (#1895) * Fix `spring-test` dependency scope change (LOG4J2-3675) * Fix JPMS descriptors causing `jlink` issues (#1896) * Add missing `Implementation-` and `Specification-` entries to `MANIFEST.MF` (implemented by `logging-parent` version `10.3.0` update) (#1923) * Fix `NotSerializableException` thrown when `Logger` is serialized with a `ReusableMessageFactory` (#1884) --------------------------------------------------------------------- To unsubscribe, e-mail: log4j-user-unsubscr...@logging.apache.org For additional commands, e-mail: log4j-user-h...@logging.apache.org
