apache-log4j2 2.15.0-1 source package in Ubuntu
Changelog
apache-log4j2 (2.15.0-1) unstable; urgency=high
* Team upload.
* New upstream version 2.15.0.
- Fix CVE-2021-44228:
Chen Zhaojun of Alibaba Cloud Security Team discovered that JNDI features
used in configuration, log messages, and parameters do not protect
against attacker controlled LDAP and other JNDI related endpoints. An
attacker who can control log messages or log message parameters can
execute arbitrary code loaded from LDAP servers when message lookup
substitution is enabled. From version 2.15.0, this behavior has been
disabled by default. (Closes: #1001478)
* Update debian/watch to track the latest releases.
* Declare compliance with Debian Policy 4.6.0.
-- Markus Koschany <email address hidden> Sat, 11 Dec 2021 15:01:57 +0100
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- misc
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache-log4j2_2.15.0-1.dsc | 2.9 KiB | 221286f075e51ff2d6154ae6b420c65e5d4e828885bb7a3384f6537b27ed2456 |
| apache-log4j2_2.15.0.orig.tar.xz | 1.2 MiB | bfe55d5b3b6e636cc45c7f8ab35a531e14d9b07c33c6b1afe098571b0a71a02a |
| apache-log4j2_2.15.0-1.debian.tar.xz | 7.0 KiB | 23837f95be4b7f7870b7308322de52c4bb676b8f74c6ac22a4b441caf0904386 |
Available diffs
- diff from 2.13.3-1 to 2.15.0-1 (562.8 KiB)
No changes file available.
Binary packages built by this source
- liblog4j2-java: Apache Log4j - Logging Framework for Java
Apache Log4j 2 is an upgrade to Log4j that provides significant improvements
over its predecessor, Log4j 1.x:
.
API Separation: The API for Log4j is separate from the implementation making
it clear for application developers which classes and methods they can use
while ensuring forward compatibility.
.
Improved Performance: Log4j 2 contains next-generation Asynchronous Loggers
based on the LMAX Disruptor library. In multi-threaded scenarios Asynchronous
Loggers have 10 times higher throughput and orders of magnitude lower latency
than Log4j 1.x.
.
Support for multiple APIs: While the Log4j 2 API will provide the best
performance, Log4j 2 provides support for the SLF4J and Commons Logging APIs.
.
Automatic Reloading of Configurations: Log4j 2 can automatically reload its
configuration upon modification. It will do so without losing log events
while reconfiguration is taking place.
.
Advanced Filtering: Log4j 2 supports filtering based on context
data, markers, regular expressions, and other components in the Log event.
Filtering can be specified to apply to all events before being passed to
Loggers or as they pass through Appenders.
.
Plugin Architecture: Log4j uses the plugin pattern to configure components.
As such, no code is needed to create and configure an Appender, Layout,
Pattern Converter, and so on. Log4j automatically recognizes plugins
and uses them when a configuration references them.
.
Property Support: Properties can be referenced in a configuration, Log4j will
directly replace them, or Log4j will pass them to an underlying component that
will dynamically resolve them. Properties come from values defined in the
configuration file, system properties, environment variables, the
ThreadContext Map, and data present in the event.
