Debian
apache-log4j1.2 package

Change logs for apache-log4j1.2 source package in Bullseye

Bullseye (11)
Change log

apache-log4j1.2 (1.2.17-10+deb11u1) bullseye; urgency=medium

  * Team upload.
  * Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307.
    Multiple security vulnerabilities have been discovered in
    Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and
    JMSAppender or Apache Chainsaw. Note that a possible attacker requires
    write access to the Log4j configuration and the aforementioned features are
    not enabled by default. In order to completely mitigate against these
    vulnerabilities the related classes have been removed from the resulting
    jar file.

 -- Markus Koschany <email address hidden>  Sat, 12 Feb 2022 10:54:14 +0100

apache-log4j1.2 (1.2.17-10) unstable; urgency=medium

  * No longer build the examples to fix the build failure with OpenJDK 17
    (Closes: #981854)
  * Standards-Version updated to 4.5.1
  * Switch to debhelper level 13
  * Removed debian/orig-tar.sh

 -- Emmanuel Bourg <email address hidden>  Fri, 05 Feb 2021 13:07:53 +0100

Debianapache-log4j1.2 package

Change logs for apache-log4j1.2 source package in Bullseye

Debian
apache-log4j1.2 package