Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: log4j | Distribution: openSUSE Leap 15.2 |
Version: 2.13.0 | Vendor: openSUSE |
Release: lp152.3.6.1 | Build date: Tue Dec 14 20:23:03 2021 |
Group: Unspecified | Build host: obs-arm-10 |
Size: 2090085 | Source RPM: log4j-2.13.0-lp152.3.6.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: http://logging.apache.org/log4j | |
Summary: Java logging package |
Log4j is a tool to help the programmer output log statements to a variety of output targets.
Apache-2.0
* Tue Dec 14 2021 Peter Simons <psimons@suse.com> - Apply "disable-jndi-by-default.patch" to disable JNDI support by default. There is evidence that the previous upstream fix for CVE-2021-44228 did not solve the vulnerability entirely. Since JNDI support is ususally not required, upstream recommends this route to be completely safe. [bsc#1193611, CVE-2021-44228] * Fri Dec 10 2021 Peter Simons <psimons@suse.com> - Apply "CVE-2021-44228.patch" to fix a remote code execution vulnerability that existed in the LDAP JNDI parser. [bsc#1193611, CVE-2021-44228] * Mon Apr 27 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> - Security fix: [bsc#1170535, CVE-2020-9488] * Improper validation of certificate with host mismatch in SMTP appender. - Add log4j-CVE-2020-9488.patch * Wed Feb 26 2020 Fridrich Strba <fstrba@suse.com> - Added patches: * logging-log4j-LOG4J2-2745-LOG4J2-2744-slf4j.patch * logging-log4j-Remove-unsupported-EventDataConverter.patch + fix build with newer slf4j * Tue Jan 21 2020 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> - Update to 2.13.0 [bsc#1159646, CVE-2019-17571] * Bugfixes and minor enhancements: - CVE-2019-17571: Remote code execution: Deserialization of untrusted data in SocketServer - Log4j 2 now requires Java 8 or higher to build and run. - Better integration with Spring Boot by providing access to Spring variables in Log4j 2 configuration files and allowing Log4j 2 system properties to be defined in the Spring configuration. - Support for accessing Kubernetes information via a Log4j 2 Lookup. - The Gelf Layout now allows the message to be formatted using a PatternLayout pattern. - Due to a break in compatibility in the SLF4J binding, Log4j now ships with two versions of the SLF4J to Log4j adapters. - log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and log4j-slf4j18-impl should be used with SLF4J 1.8.x and later. - Note that the XML, JSON and YAML formats changed in the 2.11.0 release: they no longer have the "timeMillis" attribute and instead have an "Instant" element with "epochSecond" and "nanoOfSecond" attributes. - The Log4j 2.13.0 API, as well as many core components, maintains binary compatibility with previous releases. * New Features - Add ThreadContext.putIfNotNull method. - Add a Level Patttern Selector. - Add experimental support for Log4j 1 configuration files. - Add the ability to lookup Kubernetes attributes in the Log4j configuration. Allow Log4j properties to be retrieved from the Spring environment if it is available. - Allow Spring Boot application properties to be accessed in the Log4j 2 configuration. Add lower and upper case Lookups. - Add builder pattern to Logger interface. * Fixed Bugs - Prevent recursive calls to java.util.LogManager.getLogger(). - Added try/finally around event.execute() for RingBufferLogEventHandler to clear memory correctly in case of exception/error. - Wrong java version check in ThreadNameCachingStrategy. - Use a less confusing name for the CompositeConfiguration source. - Add setKey method to Kafka Appender Builder. - ArrayIndexOutOfBoundsException could occur with MAC address longer than 6 bytes. - The rolling file appenders would fail to compress the file after rollover if the file name matched the file pattern. - @PluginValue does not support attribute names besides "value". - Validation blocks definition of script in properties configuration. - Set result of rename action to true if file was copied. - Add automatic module names where missing. - OutputStreamAppender.Builder ignores setFilter(). - Prevent a memory leak when async loggers throw errors. * Changes - Update Jackson to 2.9.10. - Allow message portion of GELF layout to be formatted using a PatternLayout. - Allow ThreadContext attributes to be explicitly included or excluded in the GelfLayout. * Mon Jan 06 2020 Fridrich Strba <fstrba@suse.com> - Obsolete log4j-mini, since on systems where this package is installed, the log4j-mini is not supposed to exist, but the compatibility version log4j12-mini/log4j12 * Mon Nov 04 2019 Fridrich Strba <fstrba@suse.com> - Run fdupes on the javadoc * Tue Oct 01 2019 Fridrich Strba <fstrba@suse.com> - Upgrade to apache-log4j-2.11.1 - Drop the log4j vs. log4j-mini split * the bootstrapping is done using the log4j12/log4j12-mini compatibility packages - Removed patches: * log4j-javadoc-xlink.patch * log4j-logfactor5-userdir.patch * log4j-mx4j-tools.patch * log4j-reproducible.patch + unnecessary with this version * Tue Jan 22 2019 Fridrich Strba <fstrba@suse.com> - Build against a generic javamail provider instead of against classpathx-mail * Tue Jan 15 2019 Fridrich Strba <fstrba@suse.com> - Let log4j provide the log4j-mini and obsolete it too. - Remove conflicts on each other * Thu Dec 13 2018 Fridrich Strba <fstrba@suse.com> - Depend on the generic xml-apis * Thu Oct 18 2018 Fridrich Strba <fstrba@suse.com> - Install and package the maven pom and metadata files for the non-bootstrap log4j * Wed Jul 25 2018 fstrba@suse.com - Require at least java 8 for build * Wed Jan 10 2018 bwiedemann@suse.com - Add log4j-reproducible.patch to drop javadoc timestamps to make package builds more reproducible (boo#1047218) * Tue Sep 12 2017 fstrba@suse.com - Specify java source and target level 1.6 to allow building with jdk9 * Mon Mar 02 2015 tchvatal@suse.com - Version bump to 1.2.17 latest 1.2 series: * No short changelog provided - many small changes - Try to avoid cycle between log4j and apache-common-loggings - Remove obsoleted patch: * log4j-jmx-Agent.patch - Refresh patch to apply to new source: * log4j-mx4j-tools.patch * Mon Mar 02 2015 tchvatal@suse.com - Cleanup with a spec-cleaner so I can understand what is going around here.
/usr/share/doc/packages/log4j /usr/share/doc/packages/log4j/NOTICE.txt /usr/share/java/log4j /usr/share/java/log4j.jar /usr/share/java/log4j/log4j-1.2-api.jar /usr/share/java/log4j/log4j-api.jar /usr/share/java/log4j/log4j-core.jar /usr/share/java/log4j/log4j-docker.jar /usr/share/java/log4j/log4j-osgi.jar /usr/share/licenses/log4j /usr/share/licenses/log4j/LICENSE.txt /usr/share/maven-metadata/log4j.xml /usr/share/maven-poms/log4j /usr/share/maven-poms/log4j.pom /usr/share/maven-poms/log4j/log4j-1.2-api.pom /usr/share/maven-poms/log4j/log4j-api.pom /usr/share/maven-poms/log4j/log4j-core.pom /usr/share/maven-poms/log4j/log4j-docker.pom /usr/share/maven-poms/log4j/log4j-osgi.pom /usr/share/maven-poms/log4j/log4j.pom
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 13:38:59 2024