apache-log4j1.2 1.2.17-9ubuntu0.1 source package in Ubuntu


apache-log4j1.2 (1.2.17-9ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: code execution via JMS appender
    - debian/patches/0002-Disable-JNDI-by-default.patch: Add an additional
      option that disables the JMS appender by default.
    - CVE-2021-4104
  * Environments that require JMS Appender will need to add the following
    to their configuration file: log4j.appender.jms.Enabled=true

 -- Paulo Flabiano Smorigo <email address hidden>  Mon, 10 Jan 2022 14:35:55 +0000

Upload details

Uploaded by:
Paulo Flabiano Smorigo
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates universe java
Focal security universe java


Focal: [FULLYBUILT] amd64


File Size SHA-256 Checksum
apache-log4j1.2_1.2.17.orig.tar.gz 539.1 KiB f293c2b8cb5a68c43b8c83a41891d3ef667841c2abc4dcfb172292a49eb5336f
apache-log4j1.2_1.2.17-9ubuntu0.1.debian.tar.xz 10.6 KiB e77bf5eb32e8ef5294ed7237bff3ec90b59f2c59d516c1131c8fd34a1ffd27a1
apache-log4j1.2_1.2.17-9ubuntu0.1.dsc 2.4 KiB bd6a44dfbf12dbdba4bd81f25e0dbe73796121303726d671720b25d4c00e234d

View changes file

Binary packages built by this source

liblog4j1.2-java: Logging library for java

 log4j is a tool to help the programmer output log statements to a variety of
 output targets.
 It is possible to enable logging at runtime without modifying the application
 binary. The log4j package is designed so that log statements can remain in
 shipped code without incurring a high performance cost.
 One of the distinctive features of log4j is the notion of hierarchical
 loggers. Using loggers it is possible to selectively control which log
 statements are output at arbitrary granularity.
 Log4j can output to: a file, a rolling file, a database with a JDBC driver,
 many output asynchronously, a JMS Topic, a swing based logging console,
 the NT event log, /dev/null, a SMTP server (using javamail), a socket server,
 syslog, telnet daemon and stdout.
 The format of the output can be defined using one of the various layout
 (or user defined layout) like: simple text, html, date, pattern defined and

liblog4j1.2-java-doc: Documentation for liblog4j1.2-java

 The javadoc API documentation for the logging library
 from the Apache Jakarta project. The documentation is
 for the version 1.2 of the log4j API.