This is an automated email from the ASF dual-hosted git repository. ckozak pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
commit 42949922fd66e321dd17bdd0df754354f7dc248c Author: Ralph Goers <[email protected]> AuthorDate: Fri Dec 17 17:42:39 2021 -0700 Update pages --- src/site/markdown/index.md.vm | 15 ++++++--------- src/site/xdoc/manual/appenders.xml | 2 +- src/site/xdoc/manual/lookups.xml | 2 +- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm index a157009..0e358bf 100644 --- a/src/site/markdown/index.md.vm +++ b/src/site/markdown/index.md.vm @@ -237,11 +237,13 @@ dependencies. $h2 News -Log4j 2.16.0 has been released solely to disable access to JNDI by default and completely remove the ability to use Lookups in messages. -The CVE noted below was fixed in the 2.15.0 release. -2.16.0 is a recommended upgrade to ensure that JNDI will not be abused and that message Lookups are no longer possible. +Log4j 2.17.0 has been released solely to: -$h3 Other News +* Address CVE-2021-45105. +* Require components that use JNDI to be enabled individually via system properties. +* Remove LDAP and LDAPS as supported protocols from JNDI. + +2.17.0 is a recommended upgrade to ensure that recursive lookups do not cause services to fail. Log4j $Log4jReleaseVersion is now available for production. The API for Log4j 2 is not compatible with Log4j 1.x, however an adapter is available to allow applications to continue to use the Log4j 1.x API. Adapters are also available for Apache Commons @@ -251,9 +253,4 @@ Log4j $Log4jReleaseVersion is the latest release of Log4j. As of Log4j 2.13.0 Lo runtime. This release contains new features and fixes which can be found in the latest [changes report](changes-report.html#a$Log4jReleaseVersion). -The changes in Log4j 2.16.0 are: - -* Disabling JNDI functionality by default. -* Removing Message Lookups. - Log4j $Log4jReleaseVersion maintains binary compatibility with previous releases. diff --git a/src/site/xdoc/manual/appenders.xml b/src/site/xdoc/manual/appenders.xml index d7035ab..bcde753 100644 --- a/src/site/xdoc/manual/appenders.xml +++ b/src/site/xdoc/manual/appenders.xml @@ -1540,7 +1540,7 @@ public class ConnectionFactory { <a name="JMSTopicAppender"/> <subsection name="JMS Appender"> <p>The JMS Appender sends the formatted log event to a JMS Destination.</p> - <p>The JMS Appender requires JNDI support so as of release 2.16.0 this appender will not function unless + <p>The JMS Appender requires JNDI support so as of release 2.17.0 this appender will not function unless <code>log4j2.enableJndiJms=true</code> is configured as a system property or environment variable. See the <a href="./configuration.html#enableJndiJms">enableJndiJms</a> system property.</p> <p> diff --git a/src/site/xdoc/manual/lookups.xml b/src/site/xdoc/manual/lookups.xml index 9bf6b80..82051de 100644 --- a/src/site/xdoc/manual/lookups.xml +++ b/src/site/xdoc/manual/lookups.xml @@ -267,7 +267,7 @@ <a name="JndiLookup"/> <subsection name="Jndi Lookup"> <p> - As of Log4j 2.16.0 JNDI operations require that <code>log4j2.enableJndiLookup=true</code> be set as a system + As of Log4j 2.17.0 JNDI operations require that <code>log4j2.enableJndiLookup=true</code> be set as a system property or the corresponding environment variable for this lookup to function. See the <a href="./configuration.html#enableJndiLookup">enableJndiLookup</a> system property. </p>
