This is an automated email from the ASF dual-hosted git repository. vy pushed a commit to branch apachePrefix in repository https://gitbox.apache.org/repos/asf/logging-site.git
commit 77559645444e898557e34d02e2cbd1fa91c08682 Author: Volkan Yazıcı <[email protected]> AuthorDate: Fri Jan 9 15:30:18 2026 +0100 Use the `Apache` prefix consistently in prose --- src/site/antora/modules/ROOT/pages/_vulnerabilities.adoc | 16 ++++++++-------- .../blog/20231214-announcing-support-from-the-stf.adoc | 2 +- .../ROOT/pages/blog/20231218-20-years-of-innovation.adoc | 2 +- .../blog/20240725-Log4j-At-Community-Over-Code-2024.adoc | 4 ++-- .../ROOT/pages/blog/20240812-log4j-bug-bounty.adoc | 2 +- src/site/antora/modules/ROOT/pages/index.adoc | 2 +- src/site/antora/modules/ROOT/pages/xml/ns/index.adoc | 4 ++-- src/site/static/cyclonedx/vdr.xml | 6 +++--- src/site/static/doaps/doap_Log4j.rdf | 4 ++-- 9 files changed, 21 insertions(+), 21 deletions(-) diff --git a/src/site/antora/modules/ROOT/pages/_vulnerabilities.adoc b/src/site/antora/modules/ROOT/pages/_vulnerabilities.adoc index a4136594..f9158ae0 100644 --- a/src/site/antora/modules/ROOT/pages/_vulnerabilities.adoc +++ b/src/site/antora/modules/ROOT/pages/_vulnerabilities.adoc @@ -36,7 +36,7 @@ For brevity, mathematical interval notation is used, with the union operator (` |=== |Summary |Missing TLS hostname verification in Socket appender |CVSS 4.x Score & Vector |6.3 MEDIUM (CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N) -|Components affected |Apache Log4j Core +|Components affected |Log4j Core |Versions affected |`[2.0-beta9, 2.25.3)` |Versions fixed |`2.25.3` |=== @@ -44,7 +44,7 @@ For brevity, mathematical interval notation is used, with the union operator (` [#CVE-2025-68161-description] === Description -The Socket Appender in Apache Log4j Core versions `2.0-beta9` through `2.25.2` does not perform TLS hostname verification of the peer certificate, even when the +The Socket Appender in Log4j Core versions `2.0-beta9` through `2.25.2` does not perform TLS hostname verification of the peer certificate, even when the https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName[`verifyHostName`] configuration attribute or the https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName[`log4j2.sslVerifyHostName`] @@ -57,7 +57,7 @@ This issue may allow a man-in-the-middle attacker to intercept or redirect log t [#CVE-2025-68161-remediation] === Remediation -Users are advised to upgrade to Apache Log4j Core version `2.25.3`, which fully addresses this issue. +Users are advised to upgrade to Log4j Core version `2.25.3`, which fully addresses this issue. For earlier versions, the risk can be reduced by carefully restricting the trust store used by the Socket Appender. @@ -73,7 +73,7 @@ https://csrc.nist.gov/pubs/sp/800/52/r2/final[NIST SP 800-52 Rev. 2] === Credits This issue was discovered by Samuli Leinonen. -It was reported through the https://yeswehack.com/programs/log4j-bug-bounty-program[Apache Log4j Bug Bounty Program on YesWeHack] funded by the Sovereign Tech Agency. +It was reported through the https://yeswehack.com/programs/log4j-bug-bounty-program[Log4j Bug Bounty Program on YesWeHack] funded by the Sovereign Tech Agency. [#CVE-2025-68161-references] === References @@ -87,7 +87,7 @@ It was reported through the https://yeswehack.com/programs/log4j-bug-bounty-prog |=== |Summary |Improper escaping with JSONLayout |CVSS 4.x Score & Vector |6.3 MEDIUM (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N) -|Components affected |Apache Log4cxx +|Components affected |Log4cxx |Versions affected |`[0.11.0, 1.5.0)` |Versions fixed |`1.5.0` |=== @@ -105,7 +105,7 @@ Users are recommended to upgrade to version `1.5.0`, which fixes the issue. [#CVE-2025-54813-credits] === Credits -This issue was discovered and remediated with support from the Sovereign Tech Agency, through the https://yeswehack.com/programs/log4j-bug-bounty-program[Apache Log4j Bug Bounty Program on YesWeHack]. +This issue was discovered and remediated with support from the Sovereign Tech Agency, through the https://yeswehack.com/programs/log4j-bug-bounty-program[Log4j Bug Bounty Program on YesWeHack]. [#CVE-2025-54813-references] === References @@ -119,7 +119,7 @@ This issue was discovered and remediated with support from the Sovereign Tech Ag |=== |Summary |Improper HTML escaping in HTMLLayout |CVSS 4.x Score & Vector |2.1 LOW (CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N) -|Components affected |Apache Log4cxx +|Components affected |Log4cxx |Versions affected |`[0, 1.5.0)` |Versions fixed |`1.5.0` |=== @@ -144,7 +144,7 @@ Users are recommended to upgrade to version `1.5.0`, which fixes the issue. [#CVE-2025-54812-credits] === Credits -This issue was discovered and remediated with support from the Sovereign Tech Agency, through the https://yeswehack.com/programs/log4j-bug-bounty-program[Apache Log4j Bug Bounty Program on YesWeHack]. +This issue was discovered and remediated with support from the Sovereign Tech Agency, through the https://yeswehack.com/programs/log4j-bug-bounty-program[Log4j Bug Bounty Program on YesWeHack]. [#CVE-2025-54812-references] === References diff --git a/src/site/antora/modules/ROOT/pages/blog/20231214-announcing-support-from-the-stf.adoc b/src/site/antora/modules/ROOT/pages/blog/20231214-announcing-support-from-the-stf.adoc index 016731b3..d6f4fdde 100644 --- a/src/site/antora/modules/ROOT/pages/blog/20231214-announcing-support-from-the-stf.adoc +++ b/src/site/antora/modules/ROOT/pages/blog/20231214-announcing-support-from-the-stf.adoc @@ -17,7 +17,7 @@ = Receiving Support from the Sovereign Tech Fund -For a long time, Apache Log4j has thrived through the dedication and contributions +For a long time, Log4j has thrived through the dedication and contributions of our community, relying mostly on unpaid volunteers. Today, we're excited to announce a pivotal moment in our journey – https://www.sprind.org/de/projekte/sovereign-tech-fund[the Sovereign Tech Fund (STF)] has chosen to support us in the further development of specific Log4j projects. diff --git a/src/site/antora/modules/ROOT/pages/blog/20231218-20-years-of-innovation.adoc b/src/site/antora/modules/ROOT/pages/blog/20231218-20-years-of-innovation.adoc index e6a99e17..5fa8b05f 100644 --- a/src/site/antora/modules/ROOT/pages/blog/20231218-20-years-of-innovation.adoc +++ b/src/site/antora/modules/ROOT/pages/blog/20231218-20-years-of-innovation.adoc @@ -15,7 +15,7 @@ limitations under the License. //// -= Two Decades of Apache Log4j: A Journey of Resilience and Innovation += Two Decades of Log4j: A Journey of Resilience and Innovation Today, December 17, 2023 marks a significant milestone for the Apache Logging Services project, as we celebrate 20 years since the inception of Log4j 1. diff --git a/src/site/antora/modules/ROOT/pages/blog/20240725-Log4j-At-Community-Over-Code-2024.adoc b/src/site/antora/modules/ROOT/pages/blog/20240725-Log4j-At-Community-Over-Code-2024.adoc index 12e4d3cf..1d618f8d 100644 --- a/src/site/antora/modules/ROOT/pages/blog/20240725-Log4j-At-Community-Over-Code-2024.adoc +++ b/src/site/antora/modules/ROOT/pages/blog/20240725-Log4j-At-Community-Over-Code-2024.adoc @@ -15,9 +15,9 @@ limitations under the License. //// -= Apache Log4j at Community Over Code 2024 in Bratislava += Log4j at Community Over Code 2024 in Bratislava -On July 25, 2024, Apache Log4j was featured at the Community Over Code conference in Bratislava. +On July 25, 2024, Log4j was featured at the Community Over Code conference in Bratislava. Matt Sicker and Piotr Karwasz, two of the project's key contributors, shared insights into the history and future of Log4j. If you are interested in what we learned about security and how we want to diff --git a/src/site/antora/modules/ROOT/pages/blog/20240812-log4j-bug-bounty.adoc b/src/site/antora/modules/ROOT/pages/blog/20240812-log4j-bug-bounty.adoc index c6be7eba..9b4a78b1 100644 --- a/src/site/antora/modules/ROOT/pages/blog/20240812-log4j-bug-bounty.adoc +++ b/src/site/antora/modules/ROOT/pages/blog/20240812-log4j-bug-bounty.adoc @@ -15,7 +15,7 @@ limitations under the License. //// -= Apache Log4j participates in the bug bounty program += Log4j participates in the bug bounty program We were proud to be xref:blog/20231214-announcing-support-from-the-stf.adoc[supported by the STF] last year. This support helped us to fix many bugs, rewrite documentation, and improve the overall quality of the codebase and security. diff --git a/src/site/antora/modules/ROOT/pages/index.adoc b/src/site/antora/modules/ROOT/pages/index.adoc index 58f06613..99678a83 100644 --- a/src/site/antora/modules/ROOT/pages/index.adoc +++ b/src/site/antora/modules/ROOT/pages/index.adoc @@ -59,7 +59,7 @@ The very first Log4j® major release. Reached End-Of-Life in August 2015. https://logging.apache.org/log4j-audit/latest[Log4j® Audit]:: -Audit logging framework built upon Apache Log4j®. +Audit logging framework built upon Log4j®. https://logging.apache.org/log4j/extras[Log4j® Extras]:: Extras for Log4j® 1; companions, receivers, and more. diff --git a/src/site/antora/modules/ROOT/pages/xml/ns/index.adoc b/src/site/antora/modules/ROOT/pages/xml/ns/index.adoc index 29d17ab8..966f6117 100644 --- a/src/site/antora/modules/ROOT/pages/xml/ns/index.adoc +++ b/src/site/antora/modules/ROOT/pages/xml/ns/index.adoc @@ -84,7 +84,7 @@ Following schemas model the Log4j runtime configuration, i.e., `log4j2.xml`{empt == Log4j Changelog schemas link:/log4j/tools/log4j-changelog.html[Log4j Changelog] is a tool to maintain changelogs. -It is designed for Apache Log4j, but can be used for any Java project. +It is designed for Log4j, but can be used for any Java project. [%header,cols="3*"] |=== @@ -137,7 +137,7 @@ It is designed for Apache Log4j, but can be used for any Java project. == Log4j Docgen schemas link:/log4j/tools/log4j-docgen.html[Log4j Docgen] is a tool to maintain Log4j Core plugin documentation. -It is designed for Apache Log4j. +It is designed for Log4j. [%header,cols="3*"] |=== diff --git a/src/site/static/cyclonedx/vdr.xml b/src/site/static/cyclonedx/vdr.xml index c6e4acf8..94fa2a71 100644 --- a/src/site/static/cyclonedx/vdr.xml +++ b/src/site/static/cyclonedx/vdr.xml @@ -55,7 +55,7 @@ This is necessary, since not all Log4j components have SBOMs associated with them. --> <components> <component type="library" bom-ref="log4cxx"> - <name>Apache Log4cxx</name> + <name>Log4cxx</name> </component> <component type="library" bom-ref="pkg:maven/org.apache.logging.log4j/log4j-core?type=jar"> <group>org.apache.logging.log4j</group> @@ -89,7 +89,7 @@ <cwes> <cwe>297</cwe> </cwes> - <description><![CDATA[The Socket Appender in Apache Log4j Core versions `2.0-beta9` through `2.25.2` does not perform TLS hostname verification of the peer certificate, even when the + <description><![CDATA[The Socket Appender in Log4j Core versions `2.0-beta9` through `2.25.2` does not perform TLS hostname verification of the peer certificate, even when the https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName[`verifyHostName`] configuration attribute or the https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName[`log4j2.sslVerifyHostName`] @@ -99,7 +99,7 @@ This issue may allow a man-in-the-middle attacker to intercept or redirect log t * The attacker is able to intercept or redirect network traffic between the client and the log receiver. * The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender’s configured trust store (or by the default Java trust store if no custom trust store is configured).]]></description> - <recommendation><![CDATA[Users are advised to upgrade to Apache Log4j Core version `2.25.3`, which fully addresses this issue. + <recommendation><![CDATA[Users are advised to upgrade to Log4j Core version `2.25.3`, which fully addresses this issue. For earlier versions, the risk can be reduced by carefully restricting the trust store used by the Socket Appender.]]></recommendation> <created>2025-12-18T16:09:38Z</created> diff --git a/src/site/static/doaps/doap_Log4j.rdf b/src/site/static/doaps/doap_Log4j.rdf index 5453e135..897bdcca 100644 --- a/src/site/static/doaps/doap_Log4j.rdf +++ b/src/site/static/doaps/doap_Log4j.rdf @@ -24,10 +24,10 @@ <Project rdf:about="https://logging.apache.org/log4j";> <created>1999-01-01</created> <license rdf:resource="https://spdx.org/licenses/Apache-2.0"; /> - <name>Apache Log4j</name> + <name>Log4j</name> <homepage rdf:resource="https://logging.apache.org/log4j/2.x/index.html"; /> <asfext:pmc rdf:resource="https://logging.apache.org"; /> - <shortdesc>Apache Log4j is a versatile, feature-rich, efficient logging API and backend for Java.</shortdesc> + <shortdesc>Log4j is a versatile, feature-rich, efficient logging API and backend for Java.</shortdesc> <bug-database rdf:resource="https://github.com/apache/logging-log4j2/issues"; /> <mailing-list rdf:resource="https://logging.apache.org/support.html"; /> <download-page rdf:resource="https://logging.apache.org/log4j/2.x/download.html"; />
