This is an automated email from the ASF dual-hosted git repository.
github-actions[bot] pushed a commit to branch main-site-pro-out
in repository https://gitbox.apache.org/repos/asf/logging-site.git
The following commit(s) were added to refs/heads/main-site-pro-out by this push:
new 34ba496e Add website content generated from
`3dc5d3665dc95034a473574613c435666fede7d1`
34ba496e is described below
commit 34ba496e2fd3c28e62ec15437d1b461ac261c29e
Author: ASF Logging Services RM <[email protected]>
AuthorDate: Fri Jul 10 21:12:09 2026 +0000
Add website content generated from
`3dc5d3665dc95034a473574613c435666fede7d1`
---
cyclonedx/vdr.xml | 84 +++++++++++++++++++++++--
index.html | 2 +-
security.html | 181 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
sitemap.xml | 42 ++++++-------
team-list.html | 34 +++++-----
5 files changed, 298 insertions(+), 45 deletions(-)
diff --git a/cyclonedx/vdr.xml b/cyclonedx/vdr.xml
index f7f0739a..861e5d77 100644
--- a/cyclonedx/vdr.xml
+++ b/cyclonedx/vdr.xml
@@ -40,11 +40,11 @@
<bom xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://cyclonedx.org/schema/bom/1.6"
xsi:schemaLocation="http://cyclonedx.org/schema/bom/1.6
https://cyclonedx.org/schema/bom-1.6.xsd"
- version="7"
+ version="8"
serialNumber="urn:uuid:dfa35519-9734-4259-bba1-3e825cf4be06">
<metadata>
- <timestamp>2026-04-10T11:53:17Z</timestamp>
+ <timestamp>2026-07-10T20:53:31Z</timestamp>
<manufacturer>
<name>Apache Logging Services</name>
<url>https://logging.apache.org</url>
@@ -62,6 +62,12 @@
<name>Log4cxx</name>
<purl>pkg:conan/log4cxx</purl>
</component>
+ <component type="library" bom-ref="log4j-api">
+ <group>org.apache.logging.log4j</group>
+ <name>log4j-api</name>
+ <cpe>cpe:2.3:a:apache:log4j_api:*:*:*:*:*:*:*:*</cpe>
+ <purl>pkg:maven/org.apache.logging.log4j/log4j-api?type=jar</purl>
+ </component>
<component type="library" bom-ref="log4j-core">
<group>org.apache.logging.log4j</group>
<name>log4j-core</name>
@@ -89,6 +95,71 @@
<vulnerabilities>
+ <vulnerability>
+ <id>CVE-2026-49844</id>
+ <source>
+ <name>NVD</name>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2026-49844</url>
+ </source>
+ <ratings>
+ <rating>
+ <source>
+ <name>The Apache Software Foundation</name>
+ <url>
+
<![CDATA[https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N]]></url>
+ </source>
+ <score>6.3</score>
+ <severity>medium</severity>
+ <method>CVSSv4</method>
+
<vector>AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N</vector>
+ </rating>
+ </ratings>
+ <cwes>
+ <cwe>116</cwe>
+ </cwes>
+ <description><![CDATA[Improper encoding of non-finite floating-point
values during `MapMessage` JSON serialization in Apache Log4j API produces
output that is not valid JSON.
+This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version
2.26.0.
+
+The fix for CVE-2026-34481 did not cover all code paths: when a `MapMessage`
contains a non-finite IEEE 754 value (`NaN`, `Infinity`, or `-Infinity`),
`MapMessage.asJson()` emits the corresponding bare token.
+RFC 8259 does not permit these tokens, so a conformant parser rejects the
resulting document.
+
+The defect is reachable only when both of the following conditions hold:
+
+* The application uses the
+https://logging.apache.org/log4j/2.x/manual/json-template-layout.html#event-template-resolver-message[`message`
resolver]
+of `JsonTemplateLayout`, or any other layout that relies on
`MapMessage.asJson()` or `MapMessage.getFormattedMessage(new String[]
{"JSON"})`.
+* The application logs a `MapMessage` that contains an attacker-controlled
floating-point value.
+
+An attacker who can supply a non-finite value can cause the affected layout to
emit malformed JSON, which may corrupt the enclosing log record or disrupt
downstream log ingestion and parsing.]]></description>
+ <recommendation><![CDATA[Users are advised to upgrade to Apache Log4j
API version `2.25.5` or `2.26.1`, both of which emit RFC 8259-compliant JSON
for non-finite values.]]></recommendation>
+ <created>2026-07-10T20:53:31Z</created>
+ <published>2026-07-10T20:53:31Z</published>
+ <updated>2026-07-10T20:53:31Z</updated>
+ <credits>
+ <individuals>
+ <individual>
+ <name>Himanshu Anand</name>
+ </individual>
+ </individuals>
+ </credits>
+ <affects>
+ <target>
+ <ref>log4j-api</ref>
+ <versions>
+ <version>
+ <range><![CDATA[vers:maven/>=2.13.1|<2.25.5]]></range>
+ </version>
+ <version>
+ <range><![CDATA[vers:maven/>=2.26.0|<2.26.1]]></range>
+ </version>
+ <version>
+
<range><![CDATA[vers:maven/>=3.0.0-alpha1|<=3.0.0-beta2]]></range>
+ </version>
+ </versions>
+ </target>
+ </affects>
+ </vulnerability>
+
<vulnerability>
<id>CVE-2026-40023</id>
<source>
@@ -235,11 +306,14 @@ This may cause downstream log processing systems to
reject or fail to index affe
An attacker can exploit this issue only if both of the following conditions
are met:
* The application uses `JsonTemplateLayout`.
-* The application logs a `MapMessage` containing an attacker-controlled
floating-point value.]]></description>
- <recommendation><![CDATA[Users are advised to upgrade to Apache Log4j
JSON Template Layout version `2.25.4`, which corrects this
issue.]]></recommendation>
+* The application logs a `MapMessage`, or logs an object directly (e.g., via
`Logger.info(Object)`, which wraps it in an `ObjectMessage`), where the message
contains an attacker-controlled floating-point value.]]></description>
+ <recommendation><![CDATA[Users are advised to upgrade to Apache Log4j
JSON Template Layout version `2.25.4`, which corrects this issue.
+
+NOTE: The fix released in version `2.25.4` did not cover all affected code
paths.
+CVE-2026-49844 was assigned to the remaining issue, which concerns the
`MapMessage.asJson()` serialization in Apache Log4j API and is fixed in
versions `2.25.5` and `2.26.1`.]]></recommendation>
<created>2026-04-10T11:53:17Z</created>
<published>2026-04-10T11:53:17Z</published>
- <updated>2026-04-10T11:53:17Z</updated>
+ <updated>2026-07-10T20:53:31Z</updated>
<credits>
<individuals>
<individual>
diff --git a/index.html b/index.html
index d0f679c1..6f6dd8c3 100644
--- a/index.html
+++ b/index.html
@@ -201,7 +201,7 @@
<dd>
<p>A logging framework for C++ patterned after Log4j®.</p>
</dd>
-<dt class="hdlist1"><a
href="https://logging.apache.org/log4Net">Log4Net</a></dt>
+<dt class="hdlist1"><a
href="https://logging.apache.org/log4net">Log4net</a></dt>
<dd>
<p>A port of the Log4j® to the Microsoft .NET runtime.</p>
</dd>
diff --git a/security.html b/security.html
index f311b818..7d09a47b 100644
--- a/security.html
+++ b/security.html
@@ -384,6 +384,79 @@ Until that discussion concludes, this document classifies
only thread context <s
</div>
</div>
<div class="sect2">
+<h3 id="threat-common-sinks"><a class="anchor"
href="#threat-common-sinks"></a>Sinks</h3>
+<div class="paragraph">
+<p>Just as they read from sources, logging systems write to
<strong>sinks</strong>: the destinations to which an appender delivers a
formatted log event, such as files, consoles, sockets, databases, and message
brokers.
+Sinks are defined by the <strong>operator</strong> as part of the
configuration and are therefore <strong>trusted</strong>.
+This is the counterpart of the source classification above: sources range from
trusted configuration to untrusted content, but every sink is trusted, because
a sink exists only where the operator has configured an appender that writes to
it.</p>
+</div>
+<div class="sect3">
+<h4 id="threat-common-sinks-destination"><a class="anchor"
href="#threat-common-sinks-destination"></a>Destination integrity
(operator-controlled)</h4>
+<div class="paragraph">
+<p>The destination an appender writes to is chosen by the operator and is
trusted, including a destination created dynamically at runtime.
+For example, a <a
href="https://logging.apache.org/log4j/2.x/manual/appenders/delegating.html#RoutingAppender">Routing
appender</a> may open a file whose path is interpolated from a lookup:
selecting that destination is the operator’s decision, and the
trustworthiness of any value used to build it is the operator’s
responsibility (see <a href="security/faq.html#path-traversal" class="xref
page">the FAQ entry on path traversal</a>).</p>
+</div>
+<div class="paragraph">
+<p>It follows that:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>Ensuring that untrusted parties do not have write access to a log
destination, such as the directory or file a file appender writes to, is a
<strong>deployer responsibility</strong>, exactly as it is for configuration
resources (see <a href="#threat-common-sources-configuration">Configuration
(operator-controlled)</a>).</p>
+</li>
+<li>
+<p>An adversary who can write to a destination, for example by planting a
symbolic link where a file appender expects to create its output, can already
tamper with the logs directly by deleting, truncating, or rewriting them.
+The frameworks therefore do <strong>not</strong> attempt to defend a
destination they have been configured to trust, and a report that assumes such
write access is <strong>out of scope</strong>.</p>
+</li>
+</ul>
+</div>
+</div>
+<div class="sect3">
+<h4 id="threat-common-sinks-passive-active"><a class="anchor"
href="#threat-common-sinks-passive-active"></a>Passive and active sinks</h4>
+<div class="paragraph">
+<p>A logging framework is responsible for producing output that is
<strong>well-formed in the format the configured layout emits</strong>: plain
text for an unstructured layout such as the Pattern layout, and a structured
document for a structured layout such as the XML, JSON, RFC 5424, or HTML
layouts.
+Whether a defect observed at a sink is our responsibility depends on what the
destination does with that output.</p>
+</div>
+<div class="dlist">
+<dl>
+<dt class="hdlist1">Passive sink</dt>
+<dd>
+<div class="paragraph">
+<p>A passive sink consumes the output <strong>as the format the layout
produced</strong>: it stores the bytes in a file, transmits them over a socket,
or renders the document the layout emitted.
+For structured layouts, the frameworks <strong>must</strong> ensure that
untrusted content cannot break the structure of that document; this is the
log-injection commitment stated in <a href="#threat-common-threat">Threats</a>.
+A failure to escape a metacharacter for the format we emit is a defect we
<strong>own</strong>.
+For instance, <a
href="https://www.cve.org/CVERecord?id=CVE-2025-54812">CVE-2025-54812</a> was
fixed in Log4cxx because its HTML layout produced malformed HTML: the layout
emits HTML, so it must emit <strong>safe</strong> HTML.</p>
+</div>
+</dd>
+<dt class="hdlist1">Active sink</dt>
+<dd>
+<div class="paragraph">
+<p>An active sink <strong>re-interprets</strong> our output in a language we
did not produce and acts on that interpretation: a terminal that executes ANSI
escape sequences embedded in plain text, a spreadsheet that evaluates formula
syntax in a field, or a shell that expands metacharacters.
+The frameworks do not emit terminal control language, spreadsheet formulas, or
shell scripts, and they cannot enumerate, let alone neutralize, every way a
downstream consumer might re-interpret well-formed output.
+Defending against an active sink is therefore <strong>out of scope</strong>.
+This is why we do not treat the console ANSI-escape-sequence issue, the class
of <a href="https://www.cve.org/CVERecord?id=CVE-2025-55754">CVE-2025-55754</a>
as reported against Apache Tomcat, as a vulnerability in our projects: our
Pattern layout emits correct plain text, and an ANSI-interpreting console is an
active sink whose behavior, and the choice to view logs through it, belong to
the operator.</p>
+</div>
+</dd>
+</dl>
+</div>
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+<div class="paragraph">
+<p>The boundary is whether the framework emitted output that is malformed
<strong>in its own format</strong> (a defect we own) or well-formed output that
a downstream sink chose to re-interpret in another language (out of scope).
+Unstructured layouts such as the Pattern layout make <strong>no</strong>
injection guarantee even for a passive sink, because they are meant for human
consumption; see <a href="#threat-common-threat">Threats</a>.</p>
+</div>
+</td>
+</tr>
+</table>
+</div>
+</div>
+</div>
+<div class="sect2">
<h3 id="threat-common-adversary"><a class="anchor"
href="#threat-common-adversary"></a>Adversary capabilities</h3>
<div class="paragraph">
<p>The threats listed below are evaluated against an adversary with a
well-defined and limited set of capabilities.
@@ -438,6 +511,12 @@ The logging frameworks trust that logged objects can be
safely converted to a st
<p>A malicious destination of an appender (e.g. a hostile database, message
broker, or mail server).
Appender destinations are configured by trusted users and are treated as an
extension of the deployer.</p>
</li>
+<li>
+<p>An adversary with write access to a log destination, such as the directory
or file a file appender writes to, or the ability to plant a symbolic link
there: log destinations are operator-controlled and trusted (see <a
href="#threat-common-sinks-destination">Destination integrity
(operator-controlled)</a>).</p>
+</li>
+<li>
+<p>An adversary who relies on an <strong>active sink</strong> re-interpreting
well-formed log output, such as a terminal that executes injected ANSI escape
sequences (see <a href="#threat-common-sinks-passive-active">Passive and active
sinks</a>).</p>
+</li>
</ul>
</div>
</dd>
@@ -464,7 +543,7 @@ Regarding this threat:</p>
These layouts are meant for <strong>human</strong> and not computer
consumption.</p>
</li>
<li>
-<p>Log4cxx, Log4j and Log4net <strong>must</strong> prevent log injection in
<strong>structured</strong> layouts, such as XML, JSON and RFC 5424.</p>
+<p>Log4cxx, Log4j and Log4net <strong>must</strong> prevent log injection in
<strong>structured</strong> layouts, such as the XML, JSON, RFC 5424, and HTML
layouts, when they are consumed by a passive sink; see <a
href="#threat-common-sinks-passive-active">Passive and active sinks</a>.</p>
</li>
</ul>
</div>
@@ -709,6 +788,91 @@ We choose to pool all information on this one page,
allowing easy searching for
</table>
</div>
<div class="sect2">
+<h3 id="CVE-2026-49844"><a class="anchor" href="#CVE-2026-49844"></a><a
href="https://nvd.nist.gov/vuln/detail/CVE-2026-49844">CVE-2026-49844</a></h3>
+<table class="tableblock frame-all grid-all stretch">
+<colgroup>
+<col style="width: 16.6666%;">
+<col style="width: 83.3334%;">
+</colgroup>
+<tbody>
+<tr>
+<th class="tableblock halign-left valign-top"><p
class="tableblock">Summary</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Improper
serialization of non-finite floating-point values in
<code>MapMessage.asJson()</code></p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">CVSS 4.x
Score & Vector</p></th>
+<td class="tableblock halign-left valign-top"><p class="tableblock">6.3 MEDIUM
(CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N)</p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Components
affected</p></th>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>log4j-api</code></p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Versions
affected</p></th>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>[2.13.1, 2.25.5) ∪ [2.26.0, 2.26.1) ∪ [3.0.0-alpha1,
3.0.0-beta2]</code></p></td>
+</tr>
+<tr>
+<th class="tableblock halign-left valign-top"><p class="tableblock">Versions
fixed</p></th>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>2.25.5</code> and <code>2.26.1</code></p></td>
+</tr>
+</tbody>
+</table>
+<div class="sect3">
+<h4 id="CVE-2026-49844-description"><a class="anchor"
href="#CVE-2026-49844-description"></a>Description</h4>
+<div class="paragraph">
+<p>Improper encoding of non-finite floating-point values during
<code>MapMessage</code> JSON serialization in Apache Log4j API produces output
that is not valid JSON.
+This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version
2.26.0.</p>
+</div>
+<div class="paragraph">
+<p>The fix for <a href="#CVE-2026-34481">CVE-2026-34481</a> did not cover all
code paths: when a <code>MapMessage</code> contains a non-finite IEEE 754 value
(<code>NaN</code>, <code>Infinity</code>, or <code>-Infinity</code>),
<code>MapMessage.asJson()</code> emits the corresponding bare token.
+RFC 8259 does not permit these tokens, so a conformant parser rejects the
resulting document.</p>
+</div>
+<div class="paragraph">
+<p>The defect is reachable only when both of the following conditions hold:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p>The application uses the
+<a
href="https://logging.apache.org/log4j/2.x/manual/json-template-layout.html#event-template-resolver-message"><code>message</code>
resolver</a>
+of <code>JsonTemplateLayout</code>, or any other layout that relies on
<code>MapMessage.asJson()</code> or <code>MapMessage.getFormattedMessage(new
String[] {"JSON"})</code>.</p>
+</li>
+<li>
+<p>The application logs a <code>MapMessage</code> that contains an
attacker-controlled floating-point value.</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>An attacker who can supply a non-finite value can cause the affected layout
to emit malformed JSON, which may corrupt the enclosing log record or disrupt
downstream log ingestion and parsing.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="CVE-2026-49844-remediation"><a class="anchor"
href="#CVE-2026-49844-remediation"></a>Remediation</h4>
+<div class="paragraph">
+<p>Users are advised to upgrade to Apache Log4j API version
<code>2.25.5</code> or <code>2.26.1</code>, both of which emit RFC
8259-compliant JSON for non-finite values.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="CVE-2026-49844-credits"><a class="anchor"
href="#CVE-2026-49844-credits"></a>Credits</h4>
+<div class="paragraph">
+<p>This issue was discovered by Himanshu Anand.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="CVE-2026-49844-references"><a class="anchor"
href="#CVE-2026-49844-references"></a>References</h4>
+<div class="ulist">
+<ul>
+<li>
+<p><a
href="https://nvd.nist.gov/vuln/detail/CVE-2026-49844">CVE-2026-49844</a></p>
+</li>
+<li>
+<p><a href="https://github.com/apache/logging-log4j2/pull/4163">Pull request
that fixes the issue</a></p>
+</li>
+</ul>
+</div>
+</div>
+</div>
+<div class="sect2">
<h3 id="CVE-2026-40023"><a class="anchor" href="#CVE-2026-40023"></a><a
href="https://nvd.nist.gov/vuln/detail/CVE-2026-40023">CVE-2026-40023</a></h3>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
@@ -897,7 +1061,7 @@ This may cause downstream log processing systems to reject
or fail to index affe
<p>The application uses <code>JsonTemplateLayout</code>.</p>
</li>
<li>
-<p>The application logs a <code>MapMessage</code> containing an
attacker-controlled floating-point value.</p>
+<p>The application logs a <code>MapMessage</code>, or logs an object directly
(e.g., via <code>Logger.info(Object)</code>, which wraps it in an
<code>ObjectMessage</code>), where the message contains an attacker-controlled
floating-point value.</p>
</li>
</ul>
</div>
@@ -907,6 +1071,19 @@ This may cause downstream log processing systems to
reject or fail to index affe
<div class="paragraph">
<p>Users are advised to upgrade to Apache Log4j JSON Template Layout version
<code>2.25.4</code>, which corrects this issue.</p>
</div>
+<div class="admonitionblock note">
+<table>
+<tr>
+<td class="icon">
+<i class="fa icon-note" title="Note"></i>
+</td>
+<td class="content">
+The fix released in version <code>2.25.4</code> did not cover all affected
code paths.
+<a href="#CVE-2026-49844">CVE-2026-49844</a> was assigned to the remaining
issue, which concerns the <code>MapMessage.asJson()</code> serialization in
Apache Log4j API and is fixed in versions <code>2.25.5</code> and
<code>2.26.1</code>.
+</td>
+</tr>
+</table>
+</div>
</div>
<div class="sect3">
<h4 id="CVE-2026-34481-credits"><a class="anchor"
href="#CVE-2026-34481-credits"></a>Credits</h4>
diff --git a/sitemap.xml b/sitemap.xml
index 31d0ee30..449b68e7 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -2,86 +2,86 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://logging.apache.org/blog/20231117-flume-joins-logging-services.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20231128-new-pmc-member.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20231202-apache-common-logging-1.3.0.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20231214-announcing-support-from-the-stf.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20231218-20-years-of-innovation.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20240725-Log4j-At-Community-Over-Code-2024.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20240808-welcome-to-the-pmc-jan.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20240812-log4j-bug-bounty.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/20250728-introduction-to-vex-files.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/blog/index.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/charter.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/download.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/guidelines.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/index.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/processes.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/security.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/security/faq.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/support.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/team-list.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/what-is-logging.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
<url>
<loc>https://logging.apache.org/xml/ns/index.html</loc>
-<lastmod>2026-06-25T20:17:11.031Z</lastmod>
+<lastmod>2026-07-10T21:12:07.093Z</lastmod>
</url>
</urlset>
diff --git a/team-list.html b/team-list.html
index da962b08..dbf989ad 100644
--- a/team-list.html
+++ b/team-list.html
@@ -181,12 +181,6 @@ See <a href="guidelines.html" class="xref
page">Guidelines</a> for further detai
</thead>
<tbody>
<tr>
-<td class="tableblock halign-left valign-top"><p class="tableblock">Carter
Kozak</p></td>
-<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>ckozak</code></p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">PMC
Member</p></td>
-<td class="tableblock halign-left valign-top"><p
class="tableblock">Log4j</p></td>
-</tr>
-<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Christian
Grobmeier</p></td>
<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>grobmeier</code></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">PMC
Member</p></td>
@@ -277,12 +271,6 @@ See <a href="guidelines.html" class="xref
page">Guidelines</a> for further detai
<td class="tableblock halign-left valign-top"><p
class="tableblock">Log4cxx</p></td>
</tr>
<tr>
-<td class="tableblock halign-left valign-top"><p class="tableblock">Ron
Grabowski</p></td>
-<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>rgrabowski</code></p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">PMC
Member</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">Log4j,
Log4net</p></td>
-</tr>
-<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Scott
Deboy</p></td>
<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>sdeboy</code></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">PMC
Member</p></td>
@@ -364,6 +352,13 @@ Inactive members are welcome to continue participating at
any time.</p>
<td class="tableblock halign-left valign-top"><p class="tableblock">Last
Active 2015</p></td>
</tr>
<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Carter
Kozak</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>ckozak</code></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">PMC
Member</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock">Log4j</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Last
Active 2026</p></td>
+</tr>
+<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Ceki
Gülcü</p></td>
<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>ceki</code></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">PMC
Member</p></td>
@@ -403,7 +398,7 @@ Inactive members are welcome to continue participating at
any time.</p>
<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>juhanic</code></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">PMC
Member</p></td>
<td class="tableblock halign-left valign-top"><p
class="tableblock">Flume</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">Last
Active 2014</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Emeritus
2026</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Knut
Urdalen</p></td>
@@ -424,14 +419,14 @@ Inactive members are welcome to continue participating at
any time.</p>
<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>mikes</code></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">PMC
Member</p></td>
<td class="tableblock halign-left valign-top"><p
class="tableblock">Log4j</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">Last
Active 2018</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Emeritus
2026</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Mike
Percy</p></td>
<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>mpercy</code></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">PMC
Member</p></td>
<td class="tableblock halign-left valign-top"><p
class="tableblock">Flume</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">Last
Active 2019</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Emeritus
2026</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Nick
Williams</p></td>
@@ -455,6 +450,13 @@ Inactive members are welcome to continue participating at
any time.</p>
<td class="tableblock halign-left valign-top"><p class="tableblock">Emeritus
2014</p></td>
</tr>
<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Ron
Grabowski</p></td>
+<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>rgrabowski</code></p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">PMC
Member</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Log4j,
Log4net</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Emeritus
2026</p></td>
+</tr>
+<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Stefan
Bodewig</p></td>
<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>bodewig</code></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">PMC
Member</p></td>
@@ -466,7 +468,7 @@ Inactive members are welcome to continue participating at
any time.</p>
<td class="tableblock halign-left valign-top"><p
class="tableblock"><code>tristan</code></p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">PMC
Member</p></td>
<td class="tableblock halign-left valign-top"><p
class="tableblock">Flume</p></td>
-<td class="tableblock halign-left valign-top"><p class="tableblock">Last
Active 2023</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Emeritus
2026</p></td>
</tr>
</tbody>
</table>