The Apache Logging team is pleased to announce the Apache log4j 2.0-beta2
release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many of the
The Apache Logging team is pleased to announce the Apache log4j 2.0-beta4
release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many of the
The Apache Log4j 2 team is pleased to announce the Log4j 2.0-beta5 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many of the improvements
The Apache Log4j 2 team is pleased to announce the Log4j 2.0-beta6 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many of the improvements
The Apache Log4j 2 team is pleased to announce the Log4j 2.0-beta7 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many of the improvements
The Apache Log4j 2 team is pleased to announce the Log4j 2.0-beta8 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many of the improvements
The Apache Log4j 2 team is pleased to announce the Log4j 2.0-beta9 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many of the improvements
The Apache Log4j 2 team is pleased to announce the Log4j 2.0 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many of the improvements available
The Apache Log4j 2 team is pleased to announce the Log4j 2.1 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many of the improvements available
The Apache Log4j 2 team is pleased to announce the Log4j 2.2 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many other modern features such as
.
o LOG4J2-1008:
org.apache.logging.log4j.core.config.plugins.util.ResolverUtil.extractPath(URL)
incorrectly converts '+' characters to spaces. Thanks to Ralph Goers, Gary
Gregory.
o LOG4J2-1007: org.apache.logging.log4j.core.util#fileFromUri(URI uri)
incorrectly converts '+' characters
The Apache Log4j 2 team is pleased to announce the Log4j 2.4.1 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many other modern features such as
The Apache Log4j 2 team is pleased to announce the Log4j 2.4 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many other modern features such as
The Apache Log4j 2 team is pleased to announce the Log4j 2.5 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many other modern features such as
The Apache Log4j 2 team is pleased to announce the Log4j 2.7 release!
Apache Log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade
to Log4j that provides significant improvements over its predecessor, Log4j
1.x, and provides
many other modern features such as
The Apache Log4j 2 team is pleased to announce the Log4j 2.8.1 release!
Apache Log4j is a well known framework for logging application behavior.
Log4j 2 is an upgrade to Log4j that provides significant improvements
over its predecessor, Log4j 1.x, and provides many other modern features
such
The Apache Log4j 2 team is pleased to announce the Log4j 2.9.1 release!
Apache Log4j is a well known framework for logging application behavior. Log4j 2 is an
upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides many other modern features such
The Apache Log4j 2 team is pleased to announce the Log4j 2.9.0 release!
Apache Log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to Log4j that provides significant improvements over its
predecessor, Log4j 1.x, and provides many other modern features such as
The Apache Log4j 2 team is pleased to announce the Log4j 2.9.0 release!
Apache Log4j is a well known framework for logging application behavior.
Log4j 2 is an upgrade to Log4j that provides significant improvements
over its predecessor, Log4j 1.x, and provides many other modern features
such
The Apache Log4j 2 team is pleased to announce the Log4j 2.10.0 release!
Apache Log4j is a well known framework for logging application behavior.
Log4j 2 is an upgrade to Log4j that provides significant improvements
over its predecessor, Log4j 1.x, and providesmany other modern features
such
The Apache Log4j team is pleased to announce the Apache Log4j Audit
1.0.0 release!
Apache Log4j Audit provides a framework for defining audit events and
then logging them using Log4j. The framework focuses on defining the
events and providing an easy mechanism for applications to log them,
The Apache Log4j 2 team is pleased to announce the Log4j 2.11.0 release!
Apache Log4j is a well known framework for logging application behavior.
Log4j 2 is an upgrade to Log4j that provides significant improvements
over its predecessor, Log4j 1.x, and provides many other modern features
such
The Apache Log4j Audit team is pleased to announce the Log4j Audit 1.0.1
release!
Apache Log4j Audit is a framework for performing audit logging using a
predefined catalog of audit events. It provides a tool to create and
edit audit events. It also provides a REST service to perform the
The Apache Log4j 2 team is pleased to announce the Log4j 2.11.2 release!
Apache Log4j is a well known framework for logging application behavior.
Log4j 2 is an upgrade to Log4j that provides significant improvements
over its predecessor, Log4j 1.x, and provides many other modern features
such
The Apache Log4j 2 team is pleased to announce the Log4j 2.12.0 release!
Apache Log4j is a well known framework for logging application behavior.
Log4j 2 is an upgrade to Log4j that provides significant improvements
over its predecessor, Log4j 1.x, and provides many other modern features
such
The Apache Log4j 2 team is pleased to announce the Log4j 2.12.1 release!
Apache Log4j is a well known framework for logging application behavior.
Log4j 2 is an upgrade to Log4j that provides significant improvements
over its predecessor, Log4j 1.x, and provides many other modern features
such
The Apache Log4j 2 team is pleased to announce the Log4j 2.13.0 release!
Apache Log4j is a well known framework for logging application behavior.
Log4j 2 is an upgrade to Log4j that provides significant improvements
over its predecessor, Log4j 1.x, and provides many other modern features
such
The Apache Log4j 2 team is pleased to announce the Log4j 2.13.1 release!
Apache Log4j is a well known framework for logging application behavior.
Log4j 2 is an upgrade to Log4j that provides significant improvements
over its predecessor, Log4j 1.x, and provides many other modern features
such
The Apache Log4j 2 team is pleased to announce the Log4j 2.13.3 release!
Apache Log4j is a well known framework for logging application behavior. Log4j 2 is an
upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides many other modern features such
The Apache Log4j 2 team is pleased to announce the Log4j 2.14.0 release!
Apache Log4j is a well known framework for logging application behavior.
Log4j 2 is an upgrade to Log4j that provides significant improvements
over its predecessor, Log4j 1.x, and provides many other modern features
such
The Apache Log4j 2 team is pleased to announce the Log4j 2.14.1 release!
Apache Log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to Log4j that provides significant improvements over its
predecessor, Log4j 1.x, and provides many other modern features such
The Apache Log4j 2 team is pleased to announce the Log4j 2.12.3 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many other modern features such
The Apache Log4j 2 team is pleased to announce the Log4j 2.3.1 release!
Apache log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to
Log4j that provides significant improvements over its predecessor, Log4j 1.x,
and provides
many other modern features such as
The Apache Log4j 2 team is pleased to announce the Log4j 2.17.0 release!
Apache Log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to Log4j that provides significant improvements over its
predecessor, Log4j 1.x, and provides many other modern features such
The Apache Log4j 2 team is pleased to announce the Log4j 2.12.4 release!
Apache Log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to Log4j that provides significant improvements over its
predecessor, Log4j 1.x, and provides many other modern features such
Severity: critical
Description:
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and
parameters do not protect against attacker controlled LDAP and other JNDI
related endpoints. An attacker who can control log messages or log message
parameters can execute arbitrary
Description:
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data
when the attacker has write access to the Log4j configuration. The attacker can
provide TopicBindingName and TopicConnectionFactoryBindingName configurations
causing JMSAppender to perform JNDI requests
The Apache Log4j 2 team is pleased to announce the Log4j 2.15.0 release!
Apache Log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to Log4j that provides significant improvements over its
predecessor, Log4j 1.x, and provides many other modern features such
The Apache Log4j 2 team is pleased to announce the Log4j 2.17.2 release!
Apache Log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to Log4j that provides significant improvements over its
predecessor, Log4j 1.x, and provides many other modern features such
Severity: high
Description:
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a
configuration parameter where the values to be inserted are converters from
PatternLayout. The message converter, %m, is likely to always be included. This
allows attackers to manipulate the
Severity: high
Description:
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of
untrusted data when the attacker has write access to the Log4j configuration or
if the configuration references an LDAP service the attacker has access to. The
attacker can provide a
Severity: Critical
Description:
CVE-2020-9493 identified a deserialization issue that was present in Apache
Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x
where the same issue exists.
Mitigation:
Upgrade to Apache Log4j 2 and Apache Chainsaw 2.1.0.
Credit:
The Apache Log4j 2 team is pleased to announce the Log4j 2.18.0 release!
Apache Log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to Log4j that provides significant improvements over its
predecessor, Log4j 1.x, and provides many other modern features such
The Apache Flume team is pleased to announce the release of Flume version
1.10.0.
Flume is a distributed, reliable, and available service for efficiently
collecting, aggregating, and moving large amounts of log data.
Flume 1.10.0 fixes CVE-2022-25167, a vulnerability in Flume’s JMSSource
Severity, medium
Description:
Flume’s JMSSource class can be configured with a connection factory name. A
JNDI lookup is performed on this name without performing an validation. This
could result in untrusted data being deserialized.
Please see https://flume.apache.org/security.html for more
The Apache Flume team is pleased to announce the release of Flume version
1.10.1.
Flume is a distributed, reliable, and available service for efficiently
collecting, aggregating, and moving large amounts of log data.
Flume 1.10.1 fixes CVE-2022-34916, a vulnerability in Flume’s
Description:
Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code
execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP
data source URI when an attacker has control of the target LDAP server. This
issue is fixed by limiting JNDI to allow only the
The Apache Flume team is pleased to announce the release of Flume version
1.11.0.
Flume is a distributed, reliable, and available service for efficiently
collecting, aggregating, and moving large amounts of log data.
This release can be downloaded from the Flume download page at:
Severity, medium
Description:
Flume’s JMSSource class can be configured with a providerUrl parameter. A JNDI
lookup is performed on this name without performing an validation. This could
result in untrusted data being deserialized.
Mitigation
Upgrade to Flume 1.11.0.
In releases 1.4.0
The Apache Log4j 2 team is pleased to announce the Log4j 2.19.0 release!
Apache Log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to Log4j that provides significant improvements over its
predecessor, Log4j 1.x, and provides many other modern features such
P. Karwasz, Federico D’Ambrosio)
• Add PatternLayout support for abbreviating the name of all logger components
except the 2 rightmost (for LOG4J2-2785 by Ralph Goers, Markus Spann)
• Removes internal field that leaked into public API. (for LOG4J2-3615 by Piotr
P. Karwasz)
• Add a LogBuilder#logAndGe
The Apache Flume team is pleased to announce the Flume Spring Boot 2.0.0
release.
Flume is a distributed, reliable, and available service for efficiently
collecting, aggregating, and moving large amounts of event data. Flume Spring
Boot allows Flume, and Flume components, to be packaged and
ow plugins to be created through more flexible dependency injection
patterns. (for LOG4J2-1188 by Matt Sicker)
• Allow to force LOG4J2 to use TCCL only. (for LOG4J2-2171 by rmannibucau,
Ralph Goers)
• Allow web lookup to access more information. (for LOG4J2-2523 by Romain
Manni-Bucau, R
53 matches
Mail list logo