Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

log4j-2.13.0-lp152.3.6.1 RPM for noarch

From OpenSuSE Ports Leap 15.2 updates for noarch

Name: log4j Distribution: openSUSE Leap 15.2
Version: 2.13.0 Vendor: openSUSE
Release: lp152.3.6.1 Build date: Tue Dec 14 20:23:03 2021
Group: Unspecified Build host: obs-arm-10
Size: 2090085 Source RPM: log4j-2.13.0-lp152.3.6.1.src.rpm
Packager: http://bugs.opensuse.org
Url: http://logging.apache.org/log4j
Summary: Java logging package
Log4j is a tool to help the programmer output log statements to a
variety of output targets.

Provides

Requires

License

Apache-2.0

Changelog

* Tue Dec 14 2021 Peter Simons <psimons@suse.com>
  - Apply "disable-jndi-by-default.patch" to disable JNDI support by
    default. There is evidence that the previous upstream fix for
    CVE-2021-44228 did not solve the vulnerability entirely. Since
    JNDI support is ususally not required, upstream recommends this
    route to be completely safe. [bsc#1193611, CVE-2021-44228]
* Fri Dec 10 2021 Peter Simons <psimons@suse.com>
  - Apply "CVE-2021-44228.patch" to fix a remote code execution
    vulnerability that existed in the LDAP JNDI parser. [bsc#1193611,
    CVE-2021-44228]
* Mon Apr 27 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - Security fix: [bsc#1170535, CVE-2020-9488]
    * Improper validation of certificate with host mismatch in SMTP appender.
  - Add log4j-CVE-2020-9488.patch
* Wed Feb 26 2020 Fridrich Strba <fstrba@suse.com>
  - Added patches:
    * logging-log4j-LOG4J2-2745-LOG4J2-2744-slf4j.patch
    * logging-log4j-Remove-unsupported-EventDataConverter.patch
      + fix build with newer slf4j
* Tue Jan 21 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - Update to 2.13.0 [bsc#1159646, CVE-2019-17571]
    * Bugfixes and minor enhancements:
    - CVE-2019-17571: Remote code execution: Deserialization of untrusted
      data in SocketServer
    - Log4j 2 now requires Java 8 or higher to build and run.
    - Better integration with Spring Boot by providing access to Spring
      variables in Log4j 2 configuration files and allowing Log4j 2 system
      properties to be defined in the Spring configuration.
    - Support for accessing Kubernetes information via a Log4j 2 Lookup.
    - The Gelf Layout now allows the message to be formatted using a
      PatternLayout pattern.
    - Due to a break in compatibility in the SLF4J binding, Log4j now
      ships with two versions of the SLF4J to Log4j adapters.
    - log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and
      log4j-slf4j18-impl should be used with SLF4J 1.8.x and later.
    - Note that the XML, JSON and YAML formats changed in the 2.11.0 release:
      they no longer have the "timeMillis" attribute and instead have an
      "Instant" element with "epochSecond" and "nanoOfSecond" attributes.
    - The Log4j 2.13.0 API, as well as many core components, maintains
      binary compatibility with previous releases.
    * New Features
    - Add ThreadContext.putIfNotNull method.
    - Add a Level Patttern Selector.
    - Add experimental support for Log4j 1 configuration files.
    - Add the ability to lookup Kubernetes attributes in the Log4j
      configuration. Allow Log4j properties to be retrieved from the
      Spring environment if it is available.
    - Allow Spring Boot application properties to be accessed in the
      Log4j 2 configuration. Add lower and upper case Lookups.
    - Add builder pattern to Logger interface.
    * Fixed Bugs
    - Prevent recursive calls to java.util.LogManager.getLogger().
    - Added try/finally around event.execute() for RingBufferLogEventHandler
      to clear memory correctly in case of exception/error.
    - Wrong java version check in ThreadNameCachingStrategy.
    - Use a less confusing name for the CompositeConfiguration source.
    - Add setKey method to Kafka Appender Builder.
    - ArrayIndexOutOfBoundsException could occur with MAC address longer
      than 6 bytes.
    - The rolling file appenders would fail to compress the file after
      rollover if the file name matched the file pattern.
    - @PluginValue does not support attribute names besides "value".
    - Validation blocks definition of script in properties configuration.
    - Set result of rename action to true if file was copied.
    - Add automatic module names where missing.
    - OutputStreamAppender.Builder ignores setFilter().
    - Prevent a memory leak when async loggers throw errors.
    * Changes
    - Update Jackson to 2.9.10.
    - Allow message portion of GELF layout to be formatted using a PatternLayout.
    - Allow ThreadContext attributes to be explicitly included or excluded in the GelfLayout.
* Mon Jan 06 2020 Fridrich Strba <fstrba@suse.com>
  - Obsolete log4j-mini, since on systems where this package is
    installed, the log4j-mini is not supposed to exist, but the
    compatibility version log4j12-mini/log4j12
* Mon Nov 04 2019 Fridrich Strba <fstrba@suse.com>
  - Run fdupes on the javadoc
* Tue Oct 01 2019 Fridrich Strba <fstrba@suse.com>
  - Upgrade to apache-log4j-2.11.1
  - Drop the log4j vs. log4j-mini split
    * the bootstrapping is done using the log4j12/log4j12-mini
      compatibility packages
  - Removed patches:
    * log4j-javadoc-xlink.patch
    * log4j-logfactor5-userdir.patch
    * log4j-mx4j-tools.patch
    * log4j-reproducible.patch
      + unnecessary with this version
* Tue Jan 22 2019 Fridrich Strba <fstrba@suse.com>
  - Build against a generic javamail provider instead of against
    classpathx-mail
* Tue Jan 15 2019 Fridrich Strba <fstrba@suse.com>
  - Let log4j provide the log4j-mini and obsolete it too.
  - Remove conflicts on each other
* Thu Dec 13 2018 Fridrich Strba <fstrba@suse.com>
  - Depend on the generic xml-apis
* Thu Oct 18 2018 Fridrich Strba <fstrba@suse.com>
  - Install and package the maven pom and metadata files for the
    non-bootstrap log4j
* Wed Jul 25 2018 fstrba@suse.com
  - Require at least java 8 for build
* Wed Jan 10 2018 bwiedemann@suse.com
  - Add log4j-reproducible.patch to drop javadoc timestamps to make
    package builds more reproducible (boo#1047218)
* Tue Sep 12 2017 fstrba@suse.com
  - Specify java source and target level 1.6 to allow building with
    jdk9
* Mon Mar 02 2015 tchvatal@suse.com
  - Version bump to 1.2.17 latest 1.2 series:
    * No short changelog provided - many small changes
  - Try to avoid cycle between log4j and apache-common-loggings
  - Remove obsoleted patch:
    * log4j-jmx-Agent.patch
  - Refresh patch to apply to new source:
    * log4j-mx4j-tools.patch
* Mon Mar 02 2015 tchvatal@suse.com
  - Cleanup with a spec-cleaner so I can understand what
    is going around here.

Files

/usr/share/doc/packages/log4j
/usr/share/doc/packages/log4j/NOTICE.txt
/usr/share/java/log4j
/usr/share/java/log4j.jar
/usr/share/java/log4j/log4j-1.2-api.jar
/usr/share/java/log4j/log4j-api.jar
/usr/share/java/log4j/log4j-core.jar
/usr/share/java/log4j/log4j-docker.jar
/usr/share/java/log4j/log4j-osgi.jar
/usr/share/licenses/log4j
/usr/share/licenses/log4j/LICENSE.txt
/usr/share/maven-metadata/log4j.xml
/usr/share/maven-poms/log4j
/usr/share/maven-poms/log4j.pom
/usr/share/maven-poms/log4j/log4j-1.2-api.pom
/usr/share/maven-poms/log4j/log4j-api.pom
/usr/share/maven-poms/log4j/log4j-core.pom
/usr/share/maven-poms/log4j/log4j-docker.pom
/usr/share/maven-poms/log4j/log4j-osgi.pom
/usr/share/maven-poms/log4j/log4j.pom


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 13:38:59 2024