This is a vote to release Log4j 2.19.0, the next version of the Log4j 2 project.
Note that the security page on the web site was updated to better describe
CVE-2021-44228 and CVE-2021-45046. Please review those changes.
Please download, test, and cast your votes on the log4j developers list.
[] +1, release the artifacts
[] -1, don't release because...
The vote will remain open for 72 hours. All votes are welcome and we encourage
everyone to test the release, but only Logging PMC votes are “officially”
counted. As always, at least 3 +1 votes and more positive than negative votes
are required.
Changes in this version include:
New Features
• LOG4J2-3583: Add support for SLF4J2 stack-valued MDC. Thanks to
Pierrick Terrettaz.
• LOG4J2-2975: Add implementation of SLF4J2 fluent API. Thanks to
Daniel Gray.
Fixed Bugs
• LOG4J2-3578: Generate new SSL certs for testing.
• LOG4J2-3556: Make JsonTemplateLayout stack trace truncation operate
for each label block. Thanks to Arthur Gavlyukovskiy.
• LOG4J2-3550: SystemPropertyArbiter was assigning the value as the
name. Thanks to DongjianPeng.
• LOG4J2-3560: Logger$PrivateConfig.filter(Level, Marker, String) was
allocating empty varargs array. Thanks to David Schlosnagle.
• LOG4J2-3561: Allows a space separated list of style specifiers in the
%style pattern for consistency with %highlight. Thanks to Robert Papp.
• LOG4J2-3564: Fix NPE in log4j-to-jul in the case the root logger
level is null.
• LOG4J2-3545: Add correct manifest entries for OSGi to log4j-jcl
Thanks to Johan Compagner.
• LOG4J2-3565: Fix RollingRandomAccessFileAppender with
DirectWriteRolloverStrategy can't create the first log file of different
directory.
• LOG4J2-3579: Fix ServiceLoaderUtil behavior in the presence of a
SecurityManager. Thanks to Boris Unckel.
• LOG4J2-3559: Fix resolution of properties not starting with log4j2..
Thanks to Gary Gregory.
• LOG4J2-3557: Fix recursion between Log4j 1.2 LogManager and Category.
Thanks to Andreas Leitgeb.
• LOG4J2-3587: Fix regression in Rfc5424Layout default values. Thanks
to Tomas Micko.
• LOG4J2-3548: Improve support for passwordless keystores. Thanks to
Kristof Farkas-Pall.
• LOG4J2-708: Add async support to Log4jServletFilter.
Changes
• LOG4J2-3572: Add getExplicitLevel method to LoggerConfig.
• LOG4J2-3589: Allow Plugins to be injected with the LoggerContext
reference.
• LOG4J2-3588: Allow PropertySources to be added.
Removed
• LOG4J2-3573: Removed build page in favor of a single build
instructions file. Thanks to Wolff Bock von Wuelfingen.
• LOG4J2-3590: Remove SLF4J 1.8.x binding.
Tag:
a) for a new copy do "git clone https://github.com/apache/logging-log4j2.git
and then "git checkout tags/log4j-2.19.0-rc2” or just "git clone -b
log4j-2.19.0-rc2 https://github.com/apache/logging-log4j2.git";
b) for an existing working copy to “git pull” and then “git checkout
tags/log4j-2.19.0-rc2”
Web Site: https://logging.staged.apache.org/log4j/2.x/index.html.
Maven Artifacts:
https://repository.apache.org/content/repositories/orgapachelogging-1089/
Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/
You may download all the Maven artifacts by executing:
wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate
https://repository.apache.org/content/repositories/orgapachelogging-1089/org/apache/logging/log4j/
Ralph
