This is an automated email from the ASF dual-hosted git repository.
rgoers pushed a commit to branch log4j-2.12
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/log4j-2.12 by this push:
new 30bdb86 Update Release Notes
30bdb86 is described below
commit 30bdb864a1073bc62bfbc333e4774762b082e11c
Author: Ralph Goers <[email protected]>
AuthorDate: Mon Dec 13 22:17:24 2021 -0700
Update Release Notes
---
RELEASE-NOTES.md | 45 +++++++++++----------------------------------
1 file changed, 11 insertions(+), 34 deletions(-)
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 1d860fc..2854307 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -14,9 +14,9 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-# Apache Log4j 2.12.1 Release Notes
+# Apache Log4j 2.12.2 Release Notes
-The Apache Log4j 2 team is pleased to announce the Log4j 2.12.1 release!
+The Apache Log4j 2 team is pleased to announce the Log4j 2.12.2 release!
Apache Log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade
to Log4j that provides significant improvements over its predecessor, Log4j
1.x, and provides
@@ -33,48 +33,25 @@ Due to a break in compatibility in the SLF4J binding, Log4j
now ships with two v
log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and
log4j-slf4j18-impl should be used with SLF4J 1.8.x and
later.
-This release improves the performance of capturing location information, makes
log4j-core optional in the log4j 1.2
-bridge, and explicitly removes LoggerContext references from compoents that
keep track of them when the LoggerContext
-is shut down. More details on the new features and fixes are itemized below.
+This release addresses CVE-2021-44228 for users still using Java 7 by
disabling JNDI by default, only allowing the java
+protocol when JNDI is enabled, making the JNDI Lookup inoperable, and removing
the message lookup capability.
-Note that the XML, JSON and YAML formats changed in the 2.11.0 release: they
no longer have the "timeMillis" attribute
-and instead have an "Instant" element with "epochSecond" and "nanoOfSecond"
attributes.
+The Log4j 2.12.2 API, as well as many core components, maintains binary
compatibility with previous releases.
-The Log4j 2.12.1 API, as well as many core components, maintains binary
compatibility with previous releases.
-
-## GA Release 2.12.1
+## GA Release 2.12.2
Changes in this version include:
### Fixed Bugs
-* [LOG4J2-1946](https://issues.apache.org/jira/browse/LOG4J2-1946):
-Allow file renames to work when files are missing from the sequence. Thanks to
Igor Perelyotov.
-* [LOG4J2-2650](https://issues.apache.org/jira/browse/LOG4J2-2650):
-Support emulating a MAC address when using ipv6. Thanks to Mattia Bertorello.
-* [LOG4J2-2366](https://issues.apache.org/jira/browse/LOG4J2-2366):
-Remove references to LoggerContext when it is shutdown.
-* [LOG4J2-2644](https://issues.apache.org/jira/browse/LOG4J2-2644):
-Improve the performance of capturing location information.
-* [LOG4J2-2658](https://issues.apache.org/jira/browse/LOG4J2-2658):
-AbstractAction.reportException records a warning to the status logger,
providing more information when file
- based appenders fail to compress rolled data asynchronously.
-* [LOG4J2-2659](https://issues.apache.org/jira/browse/LOG4J2-2659):
-AbstractAction handles and records unchecked RuntimeException and Error in
addition to IOException.
-
-### Changes
-* [LOG4J2-2556](https://issues.apache.org/jira/browse/LOG4J2-2556):
-Make Log4j Core optional for Log4j 1.2 API.
-* [LOG4J2-2646](https://issues.apache.org/jira/browse/LOG4J2-2646):
-Update MongoDB 3 driver from 3.10.1 to 3.10.2.
-* [LOG4J2-2657](https://issues.apache.org/jira/browse/LOG4J2-2657):
-Improve exception messages in the JDBC appender.
-* [LOG4J2-2660](https://issues.apache.org/jira/browse/LOG4J2-2660):
-Retry when JDBC throws a java.sql.SQLTransactionRollbackException in
commitAndClose().
+* [LOG4J-3220](https://issues.apache.org/jira/browse/LOG4J-3220):
+Disable JNDI by default, remove JNDI Lookup, Remove Message Lookups. When
enabled JNDI only supports the
+ java protocol.
+
---
-Apache Log4j 2.12.1 requires a minimum of Java 7 to build and run. Log4j 2.3
was the
+Apache Log4j 2.12.2 requires a minimum of Java 7 to build and run. Log4j 2.3
was the
last release that supported Java 6.
Basic compatibility with Log4j 1.x is provided through the log4j-1.2-api
component, however it