dependabot[bot] opened a new pull request, #99: URL: https://github.com/apache/logging-log4j-audit-sample/pull/99
Bumps [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2) from 2.25.3 to 2.25.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/apache/logging-log4j2/releases";>org.apache.logging.log4j:log4j-bom's releases</a>.</em></p> <blockquote> <h2>2.25.4</h2> <p>This patch release delivers fixes for configuration inconsistencies and formatting issues across several layouts.</p> <ul> <li>Restores alignment between documented and actual configuration attributes.</li> <li>Fixes formatting and sanitization issues in XML and RFC5424 layouts.</li> <li>Improves handling of invalid characters and non-standard values.</li> </ul> <p>The authoritative list of recognized configuration attributes is available in the <a href="https://logging.apache.org/log4j/2.x/plugin-reference.html";>PluginReference</a>.</p> <h3>Fixed</h3> <ul> <li>Don't issue warnings if extra argument in parameterized logging is <code>null</code>. (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3975";>#3975</a>, <a href="https://redirect.github.com/apache/logging-log4j2/issues/4014";>#4014</a>)</li> <li>Restore support for documented <code>Rfc5424Layout</code> parameter names. (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4022";>#4022</a>, <a href="https://redirect.github.com/apache/logging-log4j2/issues/4074";>#4074</a>)</li> <li>Take <code>Throwable#toString()</code> into account while rendering stack traces in Pattern Layout. (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3623";>#3623</a>, <a href="https://redirect.github.com/apache/logging-log4j2/issues/4033";>#4033</a>)</li> <li>Added debug level logs for successful resource loading in <code>Loader</code> class. (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4058";>#4058</a>, <a href="https://redirect.github.com/apache/logging-log4j2/issues/4060";>#4060</a>)</li> <li>Align <code>SslConfiguration</code> factory method usage with Log4j 2.12+ API. The <code>verifyHostname</code> attribute is now correctly recognized. (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4061";>#4061</a>, <a href="https://redirect.github.com/apache/logging-log4j2/issues/4075";>#4075</a>)</li> <li>Fix sanitization of structured data parameter names in RFC5424 layout. (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4073";>#4073</a>)</li> <li>Replace invalid characters in XmlLayout output with the Unicode replacement character (U+FFFD). (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4077";>#4077</a>)</li> <li>Replace invalid characters in Log4j1XmlLayout output with the Unicode replacement character (U+FFFD). (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4078";>#4078</a>)</li> <li>Replace invalid characters in MapMessage.asXml() output with the Unicode replacement character (U+FFFD). (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4079";>#4079</a>)</li> <li>Write non-finite floating-point numbers as strings in <code>JsonWriter</code>. (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4080";>#4080</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/logging-log4j2/commit/0628e53b25a33e496b509c40a39f2d7c64f2aa6c";><code>0628e53</code></a> Update the <code>project.build.outputTimestamp</code> property</li> <li><a href="https://github.com/apache/logging-log4j2/commit/a2590b4c52ebb7a752c150284ea926fc6bea4a0f";><code>a2590b4</code></a> Add debug logs for successful resource loading in <code>Loader</code> (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4060";>#4060</a>)</li> <li><a href="https://github.com/apache/logging-log4j2/commit/b7881547e953108278381fc70495b52544032ec0";><code>b788154</code></a> Changelog for additional fixes</li> <li><a href="https://github.com/apache/logging-log4j2/commit/59bd6b35f0a7bf4821fa20efb5c64fa6251ca2a3";><code>59bd6b3</code></a> Avoid referring to <code>PluginBuilderAttribute.class</code> in <code>PluginProcessor</code> (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4041";>#4041</a>)</li> <li><a href="https://github.com/apache/logging-log4j2/commit/79568db4c030e1c995badce680d742fcd6ea3fb5";><code>79568db</code></a> Take <code>Throwable#toString()</code> into account while rendering stack traces in Patt...</li> <li><a href="https://github.com/apache/logging-log4j2/commit/0881bc5d54e6e6af65bc49201d0135038b913cb5";><code>0881bc5</code></a> Add versioning and support policy information (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3341";>#3341</a>)</li> <li><a href="https://github.com/apache/logging-log4j2/commit/0543b52777800dce1130567a0d08c590da7b6659";><code>0543b52</code></a> docs: recommend use of appropriately scoped trust roots (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4006";>#4006</a>)</li> <li><a href="https://github.com/apache/logging-log4j2/commit/7a1e0ad385f6e40b5028a006158e01ec6221c824";><code>7a1e0ad</code></a> Fix warning when last argument is null (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4014";>#4014</a>)</li> <li><a href="https://github.com/apache/logging-log4j2/commit/52861486375074647f5ad16799679a98f57b319f";><code>5286148</code></a> Remove Log4j Jakarta EE link from navigation file (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4025";>#4025</a>)</li> <li><a href="https://github.com/apache/logging-log4j2/commit/adcda323d534dd036e47abcc9947b823dd63c7dd";><code>adcda32</code></a> Retire Log4j Scala (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4030";>#4030</a>)</li> <li>Additional commits viewable in <a href="https://github.com/apache/logging-log4j2/compare/rel/2.25.3...rel/2.25.4";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
