The Apache Log4j 2 team is pleased to announce the Log4j 2.12.4 release!

Apache Log4j is a well known framework for logging application behavior. Log4j 
2 is an upgrade to Log4j that provides significant improvements over its 
predecessor, Log4j 1.x, and provides many other modern features such as support 
for Markers, lambda expressions for lazy logging, property substitution using 
Lookups, multiple patterns on a PatternLayout and asynchronous Loggers. Another 
notable Log4j 2 feature is the ability to be "garbage-free" (avoid allocating 
temporary objects) while logging. In addition, Log4j 2 will not lose events 
while reconfiguring.

The artifacts may be downloaded from 
https://logging.apache.org/log4j/2.x/download.html.

This release contains the changes noted below:

        • Address CVE-2021-44832.

This release addresses CVE-2021-44832 for users still using Java 7.

The Log4j 2.12.4 API, as well as many core components, maintains binary 
compatibility with previous releases.

GA Release 2.12.4

Changes in this version include:

Fixed Bugs

        • LOG4J2-3293: JdbcAppender now uses JndiManager to access JNDI 
resources. JNDI is only enabled when system property log4j2.enableJndiJdbc is 
set to true.

Apache Log4j 2.12.4 requires a minimum of Java 7 to build and run. Log4j 2.3 
was the last release that supported Java 6.

Basic compatibility with Log4j 1.x is provided through the log4j-1.2-api 
component, however it does not implement some of the very implementation 
specific classes and methods. The package names and Maven groupId have been 
changed to org.apache.logging.log4j to avoid any conflicts with log4j 1.x.

For complete information on Apache Log4j 2, including instructions on how to 
submit bug reports, patches, or suggestions for improvement, see the Apache 
Apache Log4j 2 website:

https://logging.apache.org/log4j/2.x/

Reply via email to