This is an automated email from the ASF dual-hosted git repository.
rgoers pushed a commit to branch release-2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/release-2.x by this push:
new 511d552 update announcement
511d552 is described below
commit 511d552979ad7bbf2ccce08ab99d8af9f361b3ad
Author: Ralph Goers <[email protected]>
AuthorDate: Sat Dec 11 19:19:43 2021 -0700
update announcement
---
src/changes/announcement.vm | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/changes/announcement.vm b/src/changes/announcement.vm
index dca29f9..43d5199 100644
--- a/src/changes/announcement.vm
+++ b/src/changes/announcement.vm
@@ -65,7 +65,7 @@ temporary objects) while logging. In addition, Log4j 2 will
not lose events whil
The artifacts may be downloaded from
https://logging.apache.org/log4j/2.x/download.html.
-This release contains a number of bug fixes and minor enhancements which are
listed below.
+This release contains one change which is noted below.
Due to a break in compatibility in the SLF4J binding, Log4j now ships with two
versions of the SLF4J to Log4j adapters.
log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and
log4j-slf4j18-impl should be used with SLF4J 1.8.x and
@@ -74,7 +74,9 @@ https://jira.qos.ch/browse/SLF4J-511.
Some of the changes in Log4j 2.15.1 include:
-* Starting in version 2.15.1, JNDI functionality is disabled by default and
can be re-enabled via the
+* While release 2.15.0 removed the ability to resolve Lookups and log messages
and addressed issues with how JNDI
+is accessed, the Log4j team feels that having JNDI enabled by default
introduces an undue risk for our users.
+Starting in version 2.15.1, JNDI functionality is disabled by default and can
be re-enabled via the
`log4j2.enableJndi` system property. Use of JNDI in an unprotected context is
a large security risk and
should be treated as such in both this library and all other Java libraries
using JNDI.
* Prior to version 2.15.0, Log4j would automatically resolve Lookups contained
in the message or its parameters in the
