[logging-log4j2] branch log4j-2.12 updated: [DOC] Update release notes for 2.12.3
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch log4j-2.12 in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/log4j-2.12 by this push: new 7226a94 [DOC] Update release notes for 2.12.3 7226a94 is described below commit 7226a94879eba7c15b0c46a006794c9bae48c4a4 Author: rpopma AuthorDate: Mon Dec 20 10:01:42 2021 +0900 [DOC] Update release notes for 2.12.3 --- RELEASE-NOTES.md | 42 +- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 07dddce..dce21db 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -14,9 +14,9 @@ See the License for the specific language governing permissions and limitations under the License. --> -# Apache Log4j 2.12.2 Release Notes +# Apache Log4j 2.12.3 Release Notes -The Apache Log4j 2 team is pleased to announce the Log4j 2.12.2 release! +The Apache Log4j 2 team is pleased to announce the Log4j 2.12.3 release! Apache Log4j is a well known framework for logging application behavior. Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides @@ -27,31 +27,47 @@ temporary objects) while logging. In addition, Log4j 2 will not lose events whil The artifacts may be downloaded from https://logging.apache.org/log4j/2.x/download.html. -This release contains bugfixes and minor enhancements. +This release contains the changes noted below: + +* Address CVE-2021-45105. +* Require components that use JNDI to be enabled individually via system properties. +* Remove LDAP and LDAPS as supported protocols from JNDI. Due to a break in compatibility in the SLF4J binding, Log4j now ships with two versions of the SLF4J to Log4j adapters. log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and log4j-slf4j18-impl should be used with SLF4J 1.8.x and -later. +later. SLF4J-2.0.0 alpha releases are not fully supported. See https://issues.apache.org/jira/browse/LOG4J2-2975 and +https://jira.qos.ch/browse/SLF4J-511. -This release addresses CVE-2021-44228 for users still using Java 7 by disabling JNDI by default, only allowing the java -protocol when JNDI is enabled, making the JNDI Lookup inoperable, and removing the message lookup capability. +Some of the changes in Log4j 2.12.3 include: -The Log4j 2.12.2 API, as well as many core components, maintains binary compatibility with previous releases. +* Disable recursive evaluation of Lookups during log event processing. Recursive evaluation is still allowed while +generating the configuration. +* The JndiLookup, JndiContextSelector, and JMSAppender now require individual system properties to be enabled. +* Removed support for the LDAP and LDAPS protocols via JNDI. -## GA Release 2.12.2 +## GA Release 2.12.3 Changes in this version include: ### Fixed Bugs -* [LOG4J-3220](https://issues.apache.org/jira/browse/LOG4J-3220): -Disable JNDI by default, remove JNDI Lookup, remove message lookups. When enabled JNDI only supports the -java protocol. +* [LOG4J2-3230](https://issues.apache.org/jira/browse/LOG4J2-3230): +Fix string substitution recursion. +* [LOG4J2-3242](https://issues.apache.org/jira/browse/LOG4J2-3242): +Limit JNDI to the java protocol only. JNDI will remain disabled by default. Rename JNDI enablement property from 'log4j2.enableJndi' to 'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', and 'log4j2.enableJndiContextSelector'. +* [LOG4J2-3241](https://issues.apache.org/jira/browse/LOG4J2-3241): +Do not declare log4j-api-java9 and log4j-core-java9 as dependencies as it causes problems with the Maven enforcer plugin. +* [LOG4J2-3247](https://issues.apache.org/jira/browse/LOG4J2-3247): +PropertiesConfiguration.parseAppenderFilters NPE when parsing properties file filters. +* [LOG4J2-3249](https://issues.apache.org/jira/browse/LOG4J2-3249): +Log4j 1.2 bridge for Syslog Appender defaults to port 512 instead of 514. +* [LOG4J2-3237](https://issues.apache.org/jira/browse/LOG4J2-3237): +Log4j 1.2 bridge API hard codes the Syslog protocol to TCP. --- -Apache Log4j 2.12.2 requires a minimum of Java 7 to build and run. Log4j 2.3 was the +Apache Log4j 2.12.3 requires a minimum of Java 7 to build and run. Log4j 2.3 was the last release that supported Java 6. Basic compatibility with Log4j 1.x is provided through the log4j-1.2-api component, however it @@ -62,4 +78,4 @@ with log4j 1.x. For complete information on Apache Log4j 2, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Apache Log4j 2 website: -https://logging.apache.org/log4j/2.x/ \ No newline at end of file +https://logging.apache.org/log4j/2.x/
[logging-log4j2] branch release-2.x updated: [DOC] Fix supported Java 7 version; should be 2.12.2
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new dd57d8d [DOC] Fix supported Java 7 version; should be 2.12.2 dd57d8d is described below commit dd57d8d613edc92d90f9b2b71b892dd4cbad2463 Author: rpopma AuthorDate: Sat Dec 18 16:17:55 2021 +0900 [DOC] Fix supported Java 7 version; should be 2.12.2 --- RELEASE-NOTES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 015fe9b..a485be7 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -69,7 +69,7 @@ Changes in this version include: --- -Apache Log4j 2.17.0 requires a minimum of Java 8 to build and run. Log4j 2.12.1 is the last release to support +Apache Log4j 2.17.0 requires a minimum of Java 8 to build and run. Log4j 2.12.2 is the last release to support Java 7. Java 7 is not longer supported by the Log4j team. For complete information on Apache Log4j 2, including instructions on how to submit bug
[logging-log4j2] branch release-2.x updated: [DOC] update CVE-2021-45046 severity to critical
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new 0dc72b9 [DOC] update CVE-2021-45046 severity to critical 0dc72b9 is described below commit 0dc72b936eafdeb61b7b82503dde8c0cdadbca08 Author: rpopma AuthorDate: Fri Dec 17 14:29:49 2021 +0900 [DOC] update CVE-2021-45046 severity to critical --- src/site/markdown/index.md.vm | 34 ++- src/site/markdown/security.md | 78 ++- 2 files changed, 73 insertions(+), 39 deletions(-) diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm index 848373a..3507e3e 100644 --- a/src/site/markdown/index.md.vm +++ b/src/site/markdown/index.md.vm @@ -15,6 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> +#set($dollar = '$') #set($h1='#') #set($h2='##') #set($h3='###') @@ -32,14 +33,14 @@ $h2 Important: Security Vulnerability CVE-2021-45046 The Log4j team has been made aware of a security vulnerability, CVE-2021-45046, that has been addressed in Log4j 2.12.2 for Java 7 and 2.16.0 for Java 8 and up. -Summary: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack. +Summary: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations. $h4 Details -It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default -configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging -configuration uses a Pattern Layout with either a Context Lookup (for example, \$\$\{ctx:loginId\}) or a -Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern -resulting in a denial of service (DOS) attack. Log4j 2.15.0 restricts JNDI LDAP lookups to localhost by default. +It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. +When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, ``${dollar}${dollar}{ctx:loginId}``), +attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, +resulting in an information leak and remote code execution in some environments and local code execution in all environments; +remote code execution has been demonstrated on macOS but no other tested environments. Note that previous mitigations involving configuration such as setting the system property `log4j2.formatMsgNoLookups` to `true` do NOT mitigate this specific vulnerability. @@ -51,12 +52,12 @@ Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. Lookups in configuration still work. -From version 2.16.0 (for Java 8), Log4j disables access to JNDI by default. -JNDI lookups in configuration now need to be enabled explicitly. -Also, Log4j now limits the protocols by default to only java, ldap, and ldaps -and limits the ldap protocols to only accessing Java primitive objects. -Hosts other than the local host need to be explicitly allowed. -The message lookups feature has been completely removed. +From version 2.16.0 (for Java 8), the message lookups feature has been completely removed. +Lookups in configuration still work. +Furthermore, Log4j now disables access to JNDI by default. +Users are advised not to enable JNDI in Log4j 2.16.0. +If the JMS Appender is required, use Log4j 2.12.2. + $h4 Reference Please refer to the [Security page](security.html#CVE-2021-45046) for details and mitigation measures for older versions of Log4j. @@ -86,10 +87,11 @@ Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. Lookups in configuration still work. -From version 2.16.0 (for Java 8), the message lookups feature has been completely removed. Lookups in configuration still work. -Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. -Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap -protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. +From version 2.16.0 (for Java 8), the message lookups feature has been completely removed. +Lookups in configuration still work. +Furthermore, Log4j now disables access to JNDI by def
[logging-log4j-site] branch asf-site updated (ef18bd8 -> 53e8e6b)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a change to branch asf-site in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git. from ef18bd8 Merge pull request #5 from sebbASF/patch-1 add a53c7f6 CVE-2021-45046 severity critical add ce0f2aa CVE-2021-45046 severity critical (additional minor fixes) add e0a35d7 CVE-2021-45046 severity critical (additional minor fixes 2) add 34b4c87 CVE-2021-45046 severity critical (additional minor fixes 3) add a07f886 CVE-2021-45046 severity critical (additional minor fixes 4) add 53e8e6b CVE-2021-45046 severity critical (additional minor fixes 5) No new revisions were added by this update. Summary of changes: log4j-2.16.0/index.html| 50 ++-- log4j-2.16.0/security.html | 189 + 2 files changed, 147 insertions(+), 92 deletions(-)
[logging-log4j-site] branch asf-staging updated: CVE-2021-45046 severity critical (additional minor fixes 5)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new 53e8e6b CVE-2021-45046 severity critical (additional minor fixes 5) 53e8e6b is described below commit 53e8e6b50745dea5f0137cd1c0c393e293e25e83 Author: Remko Popma AuthorDate: Fri Dec 17 14:23:45 2021 +0900 CVE-2021-45046 severity critical (additional minor fixes 5) --- log4j-2.16.0/security.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html index 79932eb..a54b853 100644 --- a/log4j-2.16.0/security.html +++ b/log4j-2.16.0/security.html @@ -217,7 +217,7 @@ The safest thing to do is to upgrade Log4j to a safe version, or remove the JndiLookup class from the log4j-core jar. Release Details From version 2.16.0 (for Java 8), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Users are advised not to enable JNDI in Log4j 2.16.0. If the JMS Appender is required, use Log4j 2.12.2. -From version 2.12.2 (for Java 7), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. When enabled, JNDI will only support the java protocol. Hosts other than the local host need to be explicitly allowed. +From version 2.12.2 (for Java 7), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. When enabled, JNDI will only support the java protocol. Work in progress The Log4j team will continue to actively update this page as more information becomes known. Credit @@ -277,7 +277,7 @@ Release Details As of Log4j 2.15.0 the message lookups feature was disabled by default. Lookups in configuration still work. While Log4j 2.15.0 has an option to enable Lookups in this fashion, users are strongly discouraged from enabling it. A whitelisting mechanism was introduced for JNDI connections, allowing only localhost by default. The 2.15.0 release was found to have additional vulnerabilities and is not recommended. From version 2.16.0 (for Java 8), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Users are advised not to enable JNDI in Log4j 2.16.0. If the JMS Appender is required, use Log4j 2.12.2. -From version 2.12.2 (for Java 7), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. When enabled, JNDI will only support the java protocol. Hosts other than the local host need to be explicitly allowed. +From version 2.12.2 (for Java 7), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. When enabled, JNDI will only support the java protocol. Work in progress The Log4j team will continue to actively update this page as more information becomes known. Credit
[logging-log4j-site] branch asf-staging updated: CVE-2021-45046 severity critical (additional minor fixes 4)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new a07f886 CVE-2021-45046 severity critical (additional minor fixes 4) a07f886 is described below commit a07f8866e4ee71750d85311a0e2e4b4defe236a7 Author: Remko Popma AuthorDate: Fri Dec 17 14:19:08 2021 +0900 CVE-2021-45046 severity critical (additional minor fixes 4) --- log4j-2.16.0/security.html | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html index f0bb0a5..79932eb 100644 --- a/log4j-2.16.0/security.html +++ b/log4j-2.16.0/security.html @@ -207,7 +207,7 @@ Severity is now Critical The original severity of this CVE was rated as Moderate; since this CVE was published security experts found additional exploits against the Log4j 2.15.0 release, that could lead to information leaks, RCE (remote code execution) and LCE (local code execution) attacks. Base CVSS Score changed from 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) to 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). -The title of this CVE was changed from mentioning Denial of Service attacks to remote code execution attacks. +The title of this CVE was changed from mentioning Denial of Service attacks to mentioning Remote Code Execution attacks. Only Pattern Layouts with a Context Lookup (for example, $${ctx:loginId}) are vulnerable to this. This page previously incorrectly mentioned that Thread Context Map pattern (%X, %mdc, or %MDC) in the layout would also allow this vulnerability. While Log4j 2.15.0 makes a best-effort attempt to restrict JNDI LDAP lookups to localhost by default, there are ways to bypass this and users should not rely on this. Older (discredited) mitigation measures @@ -216,7 +216,8 @@ The reason these measures are insufficient is that, in addition to the Thread Context attack vector mentioned above, there are still code paths in Log4j where message lookups could occur: known examples are applications that use Logger.printf("%s", userInput), or applications that use a custom message factory, where the resulting messages do not implement StringBuilderFormattable. There may be other attack vectors. The safest thing to do is to upgrade Log4j to a safe version, or remove the JndiLookup class from the log4j-core jar. Release Details -From version 2.16.0, the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. +From version 2.16.0 (for Java 8), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Users are advised not to enable JNDI in Log4j 2.16.0. If the JMS Appender is required, use Log4j 2.12.2. +From version 2.12.2 (for Java 7), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. When enabled, JNDI will only support the java protocol. Hosts other than the local host need to be explicitly allowed. Work in progress The Log4j team will continue to actively update this page as more information becomes known. Credit @@ -274,8 +275,9 @@ The reason these measures are insufficient is that, in addition to the Thread Context attack vector mentioned above, there are still code paths in Log4j where message lookups could occur: known examples are applications that use Logger.printf("%s", userInput), or applications that use a custom message factory, where the resulting messages do not implement StringBuilderFormattable. There may be other attack vectors. The safest thing to do is to upgrade Log4j to a safe version, or remove the JndiLookup class from the log4j-core jar. Release Details -As of Log4j 2.15.0 the message lookups feature was disabled by default. Lookups in configuration still work. While Log4j 2.15.0 has an option to enable Lookups in this fashion, users are strongly discouraged from enabling it. A whitelisting mechanism was introduced for JNDI connections, allowin
[logging-log4j-site] branch asf-staging updated: CVE-2021-45046 severity critical (additional minor fixes 3)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new 34b4c87 CVE-2021-45046 severity critical (additional minor fixes 3) 34b4c87 is described below commit 34b4c87d1b1e57a21867815b810b9948f1f7e195 Author: Remko Popma AuthorDate: Fri Dec 17 13:53:03 2021 +0900 CVE-2021-45046 severity critical (additional minor fixes 3) --- log4j-2.16.0/index.html| 3 +-- log4j-2.16.0/security.html | 5 ++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/log4j-2.16.0/index.html b/log4j-2.16.0/index.html index fb9e89e..faca361 100644 --- a/log4j-2.16.0/index.html +++ b/log4j-2.16.0/index.html @@ -181,8 +181,7 @@ One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Ex [...] Mitigation In version 2.12.2 (for Java 7), Log4j disables access to JNDI by default. Usage of JNDI in configuration now needs to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. Lookups in configuration still work. -From version 2.16.0 (for Java 8), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. Users are advised not to enable JNDI in Log4j 2.16.0. If the JMS Appender is required, use Log4j 2.12.2. -From version 2.16.0 (for Java 8), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed.From version 2.16.0 (for Java 8), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. Users are advised not to enable JNDI in Log4j 2.16.0. If the JMS Appender is required, use Log4j 2.12.2. Reference Please refer to the Security page for mitigation measures for older versions of Log4j. diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html index c355f6f..f0bb0a5 100644 --- a/log4j-2.16.0/security.html +++ b/log4j-2.16.0/security.html @@ -198,7 +198,7 @@ Java 8 (or later) users should upgrade to release 2.16.0. Java 7 users should upgrade to release 2.12.2. -Otherwise, in any release other than 2.16.0, remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +Otherwise, in any release other than 2.16.0, you may remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class Users are advised not to enable JNDI in Log4j 2.16.0. If the JMS Appender is required, use Log4j 2.12.2. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability. @@ -261,7 +261,7 @@ Java 8 (or later) users should upgrade to release 2.16.0. Java 7 users should upgrade to release 2.12.2. -Otherwise, in any release other than 2.16.0, remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class +Otherwise, in any release other than 2.16.0, you may remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability. Also note that Apache Log4j is the only Logging Services subproject affected by this vulnerability. Other projects like Log4net and Log4cxx are not impacted by this. @@ -287,7 +287,6
[logging-log4j-site] branch asf-staging updated: CVE-2021-45046 severity critical (additional minor fixes 2)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new e0a35d7 CVE-2021-45046 severity critical (additional minor fixes 2) e0a35d7 is described below commit e0a35d7902cb02a90ff4850c0db38a75328f6f09 Author: Remko Popma AuthorDate: Fri Dec 17 13:37:37 2021 +0900 CVE-2021-45046 severity critical (additional minor fixes 2) --- log4j-2.16.0/index.html | 49 + 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/log4j-2.16.0/index.html b/log4j-2.16.0/index.html index 46ae24d..fb9e89e 100644 --- a/log4j-2.16.0/index.html +++ b/log4j-2.16.0/index.html @@ -160,30 +160,31 @@ Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback’s architecture. - -Important: Security Vulnerability CVE-2021-45046 -The Log4j team has been made aware of a security vulnerability, CVE-2021-45046, that has been addressed in Log4j 2.12.2 for Java 7 and 2.16.0 for Java 8 and up. -Summary: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations. -Details -It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all envir [...] -Note that previous mitigations involving configuration such as setting the system property log4j2.formatMsgNoLookups to true do NOT mitigate this specific vulnerability. -Mitigation -In version 2.12.2 (for Java 7), Log4j disables access to JNDI by default. Usage of JNDI in configuration now needs to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. Lookups in configuration still work. -From version 2.16.0 (for Java 8), Log4j disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. The message lookups feature has been completely removed. -Reference -Please refer to the Security page for details and mitigation measures for older versions of Log4j. - -Important: Security Vulnerability CVE-2021-44228 -The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.12.2 and Log4j 2.16.0. -Summary -Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code execution. -Details -One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) att [...] -Mitigation -In version 2.12.2 (for Java 7), Log4j disables access to JNDI by default. Usage of JNDI in configuration now needs to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. Lookups in configuration still work. -From version 2.16.0 (for Java 8), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. -Reference -Please refer to the Security page for mitigation measures for older versions of Log4j. + +Important: Security Vulnerability CVE-2021-45046 +The Log4j team has been made aware of a security vulnerability, CVE-2021-45046, that
[logging-log4j-site] branch asf-staging updated: CVE-2021-45046 severity critical (additional minor fixes)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new ce0f2aa CVE-2021-45046 severity critical (additional minor fixes) ce0f2aa is described below commit ce0f2aafb414e69564d5680e750ea2580d1bd088 Author: Remko Popma AuthorDate: Fri Dec 17 13:19:20 2021 +0900 CVE-2021-45046 severity critical (additional minor fixes) --- log4j-2.16.0/security.html | 225 +++-- 1 file changed, 114 insertions(+), 111 deletions(-) diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html index a3c5593..c355f6f 100644 --- a/log4j-2.16.0/security.html +++ b/log4j-2.16.0/security.html @@ -164,125 +164,128 @@ If you need help on building or configuring Log4j or other help on following the instructions to mitigate the known vulnerabilities listed here, please send your questions to the public Log4j Users mailing list If you have encountered an unlisted security vulnerability or other unexpected behaviour that has security impact, or if the descriptions here are incomplete, please report them privately to the mailto:priv...@logging.apache.org";>Log4j Security Team. Thank you. - Fixed in Log4j 2.12.2 (Java 7) and Log4j 2.16.0 (Java 8) - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046";>CVE-2021-45046: -Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations - - + + Fixed in Log4j 2.12.2 (Java 7) and Log4j 2.16.0 (Java 8) +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046";>CVE-2021-45046: +Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations + + - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046";>CVE-2021-45046 - Remote Code Execution - + + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046";>CVE-2021-45046 + Remote Code Execution + - - Severity - Critical - - Base CVSS Score - 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) - - Versions Affected - All versions from 2.0-beta9 to 2.15.0 - - -Description -It was found that the fix to address https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228";>CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an info [...] -Mitigation -Log4j 1.x mitigation -Log4j 1.x is not impacted by this vulnerability. -Log4j 2.x mitigation -Implement one of the following mitigation techniques: - + + Severity + Critical + + Base CVSS Score + 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) + + Versions Affected + All versions from 2.0-beta9 to 2.15.0, excluding 2.12.2 + + +Description +It was found that the fix to address https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228";>CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resultin [...] +Mitigation +Log4j 1.x mitigation +Log4j 1.x is not impacted by this vulnerability. +Log4j 2.x mitigation +Implement one of the following mitigation techniques: + -Java 8 (or later) users should upgrade to release 2.16.0. -Java 7 users should upgrade to release 2.12.2. -Otherwise, in any release other than 2.16.0, remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class - -Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability. -Also note that Apache Log4j is the only Logging Services subproject affected by this vulnerability. Other projects like Log4net and Log4cxx are not impacted by this. -History -Severity is now Critical -The original severi
[logging-log4j-site] branch asf-staging updated: CVE-2021-45046 severity critical
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new a53c7f6 CVE-2021-45046 severity critical a53c7f6 is described below commit a53c7f6b37cb87b4299231b93e7d71dd3930ba73 Author: Remko Popma AuthorDate: Fri Dec 17 12:14:20 2021 +0900 CVE-2021-45046 severity critical --- log4j-2.16.0/index.html| 14 +++-- log4j-2.16.0/security.html | 147 ++--- 2 files changed, 106 insertions(+), 55 deletions(-) diff --git a/log4j-2.16.0/index.html b/log4j-2.16.0/index.html index 585023c..46ae24d 100644 --- a/log4j-2.16.0/index.html +++ b/log4j-2.16.0/index.html @@ -159,16 +159,17 @@ Apache Log4j 2 Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback’s architecture. + Important: Security Vulnerability CVE-2021-45046 The Log4j team has been made aware of a security vulnerability, CVE-2021-45046, that has been addressed in Log4j 2.12.2 for Java 7 and 2.16.0 for Java 8 and up. -Summary: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack. +Summary: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations. Details -It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2. [...] +It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern, resulting in an information leak and remote code execution in some environments and local code execution in all envir [...] Note that previous mitigations involving configuration such as setting the system property log4j2.formatMsgNoLookups to true do NOT mitigate this specific vulnerability. Mitigation -In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. -In version 2.16.0 Log4j disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. The message lookups feature has been completely removed. +In version 2.12.2 (for Java 7), Log4j disables access to JNDI by default. Usage of JNDI in configuration now needs to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. Lookups in configuration still work. +From version 2.16.0 (for Java 8), Log4j disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. The message lookups feature has been completely removed. Reference Please refer to the Security page for details and mitigation measures for older versions of Log4j. @@ -179,11 +180,12 @@ Details One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) att [...] Mitigation -In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in
[logging-log4j2] branch release-2.x updated: [DOC] clarify that users should not remove JndiLookup in version 2.16.0
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new be97ee0 [DOC] clarify that users should not remove JndiLookup in version 2.16.0 be97ee0 is described below commit be97ee03cd5081b66b28c029fb3b10d3ce57b1f8 Author: rpopma AuthorDate: Fri Dec 17 10:15:48 2021 +0900 [DOC] clarify that users should not remove JndiLookup in version 2.16.0 --- src/site/markdown/security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index a442b01..137c259 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -74,7 +74,7 @@ Implement one of the following mitigation techniques: * Java 8 (or later) users should upgrade to release 2.16.0. * Java 7 users should upgrade to release 2.12.2. -* Otherwise, remove the `JndiLookup` class from the classpath: `zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class` +* Otherwise, in any release other than 2.16.0, remove the `JndiLookup` class from the classpath: `zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class` Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability. @@ -149,7 +149,7 @@ Implement one of the following mitigation techniques: * Java 8 (or later) users should upgrade to release 2.16.0. * Java 7 users should upgrade to release 2.12.2. -* Otherwise, remove the `JndiLookup` class from the classpath: `zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class` +* Otherwise, in any release other than 2.16.0, remove the `JndiLookup` class from the classpath: `zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class` Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.
[logging-log4j2] branch release-2.x updated: [DOC] update index and security page markdown with changes that were made directly to the site
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new fafe25d [DOC] update index and security page markdown with changes that were made directly to the site fafe25d is described below commit fafe25d0617e90d9ca376640087a1779a4d4e29d Author: rpopma AuthorDate: Fri Dec 17 09:56:48 2021 +0900 [DOC] update index and security page markdown with changes that were made directly to the site --- src/site/markdown/index.md.vm | 34 +- src/site/markdown/security.md | 16 +++- 2 files changed, 32 insertions(+), 18 deletions(-) diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm index 3574ef2..848373a 100644 --- a/src/site/markdown/index.md.vm +++ b/src/site/markdown/index.md.vm @@ -29,13 +29,14 @@ provides many of the improvements available in Logback while fixing some inheren $h2 Important: Security Vulnerability CVE-2021-45046 -The Log4j team has been made aware of a security vulnerability, CVE-2021-45046, that has been addressed in Log4j 2.16.0. +The Log4j team has been made aware of a security vulnerability, CVE-2021-45046, that has been addressed in +Log4j 2.12.2 for Java 7 and 2.16.0 for Java 8 and up. Summary: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack. $h4 Details It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default -configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging +configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a Pattern Layout with either a Context Lookup (for example, \$\$\{ctx:loginId\}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2.15.0 restricts JNDI LDAP lookups to localhost by default. @@ -44,13 +45,17 @@ Note that previous mitigations involving configuration such as setting the syste to `true` do NOT mitigate this specific vulnerability. $h4 Mitigation -In version 2.12.2 (for Java 7), Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. -Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. -The message lookups feature has been completely removed. - -From version 2.16.0 (for Java 8), Log4j disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. -Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap -protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. +In version 2.12.2 (for Java 7), Log4j disables access to JNDI by default. +Usage of JNDI in configuration now needs to be enabled explicitly. +Calls to the JndiLookup will now return a constant string. +Also, Log4j now limits the protocols by default to only java. +The message lookups feature has been completely removed. Lookups in configuration still work. + +From version 2.16.0 (for Java 8), Log4j disables access to JNDI by default. +JNDI lookups in configuration now need to be enabled explicitly. +Also, Log4j now limits the protocols by default to only java, ldap, and ldaps +and limits the ldap protocols to only accessing Java primitive objects. +Hosts other than the local host need to be explicitly allowed. The message lookups feature has been completely removed. $h4 Reference @@ -60,7 +65,8 @@ Please refer to the [Security page](security.html#CVE-2021-45046) for details an $h2 Important: Security Vulnerability CVE-2021-44228 -The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.16.0. +The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed +in Log4j 2.12.2 and Log4j 2.16.0. $h4 Summary Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code @@ -74,9 +80,11 @@ that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. $h4 Mitigation -In version 2.12.2 (for Java 7), Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. -Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. -The message lookups feature has been completely removed. +In version 2.12.2 (for Java 7), Log4j disables
[logging-log4j2] branch release-2.x updated: [DOC] remove duplicate entry for cve-2021-44228
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new b964eea [DOC] remove duplicate entry for cve-2021-44228 b964eea is described below commit b964eeab0d900acd1de20c179ebd1ead0bde0d4e Author: rpopma AuthorDate: Fri Dec 17 10:05:24 2021 +0900 [DOC] remove duplicate entry for cve-2021-44228 --- src/site/markdown/security.md | 16 1 file changed, 16 deletions(-) diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index 8addf4c..a442b01 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -235,22 +235,6 @@ This issues was discovered by Peter Stöckli. - [CVE-2020-9488](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488) - [LOG4J2-2819](https://issues.apache.org/jira/browse/LOG4J2-2819) -## Fixed in Log4j 2.12.2 (Java 7) - - -[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228): Apache Log4j2 JNDI -features do not protect against attacker controlled LDAP and other JNDI related endpoints. - -|[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) | | -| --- | | -| Severity | Critical | -| Base CVSS Score | 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | -| Versions Affected | All versions from 2.0-beta9 to 2.14.1 | - -See [above](#log4j-2.15.0) for details. - -### References -- [LOG4J2-3220](https://issues.apache.org/jira/browse/LOG4J2-3220) ## Fixed in Log4j 2.8.2 (Java 7)
[logging-log4j2] branch release-2.x updated: [DOC] update index page markdown with changes that were made directly to the site
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new cfdc346 [DOC] update index page markdown with changes that were made directly to the site cfdc346 is described below commit cfdc346f4089e444db10aea3b099bdbea00636ac Author: rpopma AuthorDate: Fri Dec 17 08:41:32 2021 +0900 [DOC] update index page markdown with changes that were made directly to the site --- src/site/markdown/index.md.vm | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm index 8e6fc69..3574ef2 100644 --- a/src/site/markdown/index.md.vm +++ b/src/site/markdown/index.md.vm @@ -44,7 +44,11 @@ Note that previous mitigations involving configuration such as setting the syste to `true` do NOT mitigate this specific vulnerability. $h4 Mitigation -From version 2.16.0, Log4j disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. +In version 2.12.2 (for Java 7), Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. +Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. +The message lookups feature has been completely removed. + +From version 2.16.0 (for Java 8), Log4j disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. The message lookups feature has been completely removed. @@ -70,7 +74,11 @@ that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. $h4 Mitigation -From version 2.16.0, the message lookups feature has been completely removed. Lookups in configuration still work. +In version 2.12.2 (for Java 7), Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. +Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. +The message lookups feature has been completely removed. + +From version 2.16.0 (for Java 8), the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed.
[logging-log4j-site] branch asf-site updated (9f8626a -> ef18bd8)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a change to branch asf-site in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git. from 9f8626a add credit to 4ra1n for reporting related to CVE-2021-45046 add 7d20007 Fix 2.3 links again add ef18bd8 Merge pull request #5 from sebbASF/patch-1 No new revisions were added by this update. Summary of changes: log4j-2.12.2/download.html | 32 1 file changed, 16 insertions(+), 16 deletions(-)
[logging-log4j-site] branch asf-site updated (2635ba6 -> 9f8626a)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a change to branch asf-site in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git. from 2635ba6 Fix misspelled `formatMsgNoLookups` add 9f8626a add credit to 4ra1n for reporting related to CVE-2021-45046 No new revisions were added by this update. Summary of changes: log4j-2.16.0/security.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
[logging-log4j-site] branch asf-staging updated: add credit to 4ra1n for reporting related to CVE-2021-45046
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new 9f8626a add credit to 4ra1n for reporting related to CVE-2021-45046 9f8626a is described below commit 9f8626a1fa7b16b02ac88809a554034f578b3a62 Author: Remko Popma AuthorDate: Thu Dec 16 13:17:38 2021 +0900 add credit to 4ra1n for reporting related to CVE-2021-45046 --- log4j-2.16.0/security.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html index 9756810..85adea5 100644 --- a/log4j-2.16.0/security.html +++ b/log4j-2.16.0/security.html @@ -195,7 +195,7 @@ Work in progress The Log4j team will continue to actively update this page as more information becomes known. Credit -This issue was discovered by Kai Mindermann of iC Consult. +This issue was discovered by Kai Mindermann of iC Consult and separately by 4ra1n. References https://issues.apache.org/jira/browse/LOG4J2-3221";>https://issues.apache.org/jira/browse/LOG4J2-3221
[logging-log4j2] branch release-2.x updated: [DOC] add credit to 4ra1n for reporting related to CVE-2021-45046
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new d8e2d4a [DOC] add credit to 4ra1n for reporting related to CVE-2021-45046 d8e2d4a is described below commit d8e2d4ab80bca67130fc77b2713d368067865963 Author: rpopma AuthorDate: Thu Dec 16 13:16:02 2021 +0900 [DOC] add credit to 4ra1n for reporting related to CVE-2021-45046 --- src/site/markdown/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index 71623bb..f854451 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -104,7 +104,7 @@ protocols to only accessing Java primitive objects. Hosts other than the local h The Log4j team will continue to actively update this page as more information becomes known. ### Credit -This issue was discovered by Kai Mindermann of iC Consult. +This issue was discovered by Kai Mindermann of iC Consult and separately by 4ra1n. ### References - [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046)
[logging-log4j-site] branch asf-site updated (8ffa40c -> 2635ba6)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a change to branch asf-site in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git. from 8ffa40c update left-side nav menu to point to 2.12.2 add 2635ba6 Fix misspelled `formatMsgNoLookups` No new revisions were added by this update. Summary of changes: log4j-2.16.0/index.html| 2 +- log4j-2.16.0/security.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
[logging-log4j-site] branch asf-staging updated: Fix misspelled `formatMsgNoLookups`
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new 2635ba6 Fix misspelled `formatMsgNoLookups` 2635ba6 is described below commit 2635ba6b8676d05edaaf6f5969756915757d745f Author: Remko Popma AuthorDate: Thu Dec 16 12:53:19 2021 +0900 Fix misspelled `formatMsgNoLookups` --- log4j-2.16.0/index.html| 2 +- log4j-2.16.0/security.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/log4j-2.16.0/index.html b/log4j-2.16.0/index.html index 11aa5f8..585023c 100644 --- a/log4j-2.16.0/index.html +++ b/log4j-2.16.0/index.html @@ -165,7 +165,7 @@ Summary: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack. Details It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2. [...] -Note that previous mitigations involving configuration such as setting the system property log4j2.noFormatMsgLookup to true do NOT mitigate this specific vulnerability. +Note that previous mitigations involving configuration such as setting the system property log4j2.formatMsgNoLookups to true do NOT mitigate this specific vulnerability. Mitigation In version 2.12.2 Log4j disables access to JNDI by default. Usage of JNDI in configuration now need to be enabled explicitly. Calls to the JndiLookup will now return a constant string. Also, Log4j now limits the protocols by default to only java. The message lookups feature has been completely removed. In version 2.16.0 Log4j disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. The message lookups feature has been completely removed. diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html index 5c35fee..9756810 100644 --- a/log4j-2.16.0/security.html +++ b/log4j-2.16.0/security.html @@ -172,7 +172,7 @@ Base CVSS Score: 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Versions Affected: all versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 Description -It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) atta [...] +It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) atta [...] Mitigation Log4j 1.x mitigation: Log4j 1.x is not impacted by this vulnerability. Log4j 2.x mitigation: Implement one of the mitigation techniques below.
[logging-log4j2] branch release-2.x updated: [DOC] fix typo
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new 2db53f8 [DOC] fix typo 2db53f8 is described below commit 2db53f87d4269271ab746c0b67f4c7bdce1f79dd Author: rpopma AuthorDate: Thu Dec 16 12:25:50 2021 +0900 [DOC] fix typo --- src/site/markdown/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index d22f577..71623bb 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -59,7 +59,7 @@ Thread Context Message Pattern and Context Lookup Pattern vulnerable to a Denial | Versions Affected | All versions from 2.0-beta9 to 2.15.0 | ### Description -It was found that the fix to address [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, ``$${ctx:loginId})`` or a Thread Context Map pattern (`%X`, `%mdc`, or `%MDC`) to craft malicious input data [...] +It was found that the fix to address [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, ``$${ctx:loginId})`` or a Thread Context Map pattern (`%X`, `%mdc`, or `%MDC`) to craft malicious input data [...] ### Mitigation
[logging-log4j2] branch release-2.x updated: [DOC] fix incorrect spelling of formatMsgNoLookups sysprop
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new 7a66ad0 [DOC] fix incorrect spelling of formatMsgNoLookups sysprop 7a66ad0 is described below commit 7a66ad08eceb74928a7570de0447253adb803126 Author: rpopma AuthorDate: Thu Dec 16 12:22:49 2021 +0900 [DOC] fix incorrect spelling of formatMsgNoLookups sysprop --- src/site/markdown/index.md.vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm index aae4734..8e6fc69 100644 --- a/src/site/markdown/index.md.vm +++ b/src/site/markdown/index.md.vm @@ -40,7 +40,7 @@ configuration uses a Pattern Layout with either a Context Lookup (for example, \ Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2.15.0 restricts JNDI LDAP lookups to localhost by default. -Note that previous mitigations involving configuration such as setting the system property `log4j2.noFormatMsgLookup` +Note that previous mitigations involving configuration such as setting the system property `log4j2.formatMsgNoLookups` to `true` do NOT mitigate this specific vulnerability. $h4 Mitigation
[logging-log4j-site] branch asf-staging updated: Revert "Add redirect for /log4j-2.12.2/download.html."
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new 2d253a6 Revert "Add redirect for /log4j-2.12.2/download.html." 2d253a6 is described below commit 2d253a6e591ea437a9ba3c5dbebf98214c3875d6 Author: Remko Popma AuthorDate: Thu Dec 16 09:47:34 2021 +0900 Revert "Add redirect for /log4j-2.12.2/download.html." This reverts commit 1e472c062f2dfbab47a08c6f11d1e5d5ce9a8b3e. --- .htaccess | 1 - 1 file changed, 1 deletion(-) diff --git a/.htaccess b/.htaccess deleted file mode 100644 index 9b30475..000 --- a/.htaccess +++ /dev/null @@ -1 +0,0 @@ -Redirect Permanent /log4j/log4j-2.12.2/download.html /log4j/log4j-2.12.1/download.html
[logging-log4j-site] branch asf-staging updated (3ae28bf -> d4e6398)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a change to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git. from 3ae28bf partial changes for 2.12.2 new c873a7f Revert "partial changes for 2.12.2" new d4e6398 Add links to binaries for 2.12.2; update left-side nav menu The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: log4j-2.12.1/download.html | 47 - log4j-2.16.0/articles.html | 3 +- log4j-2.16.0/build.html| 3 +- log4j-2.16.0/changelog.html| 3 +- log4j-2.16.0/changes-report.html | 2 +- log4j-2.16.0/dependency-convergence.html | 2 +- log4j-2.16.0/dependency-info.html | 2 +- log4j-2.16.0/dependency-management.html| 2 +- log4j-2.16.0/download-2.12.2.html | 220 - log4j-2.16.0/download.html | 2 +- log4j-2.16.0/faq.html | 2 +- log4j-2.16.0/guidelines.html | 2 +- log4j-2.16.0/index.html| 3 +- log4j-2.16.0/issue-tracking.html | 2 +- log4j-2.16.0/javadoc.html | 2 +- log4j-2.16.0/javastyle.html| 2 +- log4j-2.16.0/jira-report.html | 2 +- log4j-2.16.0/license.html | 2 +- log4j-2.16.0/log4j-1.2-api/checkstyle.html | 2 +- log4j-2.16.0/log4j-1.2-api/cpd.html| 2 +- log4j-2.16.0/log4j-1.2-api/dependencies.html | 2 +- .../log4j-1.2-api/dependency-convergence.html | 2 +- log4j-2.16.0/log4j-1.2-api/dependency-info.html| 2 +- .../log4j-1.2-api/dependency-management.html | 2 +- log4j-2.16.0/log4j-1.2-api/index.html | 2 +- log4j-2.16.0/log4j-1.2-api/issue-tracking.html | 2 +- log4j-2.16.0/log4j-1.2-api/jira-report.html| 2 +- log4j-2.16.0/log4j-1.2-api/license.html| 2 +- log4j-2.16.0/log4j-1.2-api/mail-lists.html | 2 +- log4j-2.16.0/log4j-1.2-api/pmd.html| 2 +- log4j-2.16.0/log4j-1.2-api/project-info.html | 2 +- log4j-2.16.0/log4j-1.2-api/project-reports.html| 2 +- log4j-2.16.0/log4j-1.2-api/project-summary.html| 2 +- log4j-2.16.0/log4j-1.2-api/rat-report.html | 2 +- log4j-2.16.0/log4j-1.2-api/revapi-report.html | 2 +- log4j-2.16.0/log4j-1.2-api/source-repository.html | 2 +- log4j-2.16.0/log4j-1.2-api/spotbugs.html | 2 +- log4j-2.16.0/log4j-1.2-api/team-list.html | 2 +- log4j-2.16.0/log4j-api/checkstyle.html | 2 +- log4j-2.16.0/log4j-api/cpd.html| 2 +- log4j-2.16.0/log4j-api/dependencies.html | 2 +- log4j-2.16.0/log4j-api/dependency-convergence.html | 2 +- log4j-2.16.0/log4j-api/dependency-info.html| 2 +- log4j-2.16.0/log4j-api/dependency-management.html | 2 +- log4j-2.16.0/log4j-api/index.html | 2 +- log4j-2.16.0/log4j-api/issue-tracking.html | 2 +- log4j-2.16.0/log4j-api/jira-report.html| 2 +- log4j-2.16.0/log4j-api/license.html| 2 +- log4j-2.16.0/log4j-api/mail-lists.html | 2 +- log4j-2.16.0/log4j-api/pmd.html| 2 +- log4j-2.16.0/log4j-api/project-info.html | 2 +- log4j-2.16.0/log4j-api/project-reports.html| 2 +- log4j-2.16.0/log4j-api/project-summary.html| 2 +- log4j-2.16.0/log4j-api/rat-report.html | 2 +- log4j-2.16.0/log4j-api/revapi-report.html | 2 +- log4j-2.16.0/log4j-api/source-repository.html | 2 +- log4j-2.16.0/log4j-api/spotbugs.html | 2 +- log4j-2.16.0/log4j-api/team-list.html | 2 +- log4j-2.16.0/log4j-appserver/checkstyle.html | 2 +- log4j-2.16.0/log4j-appserver/dependencies.html | 2 +- .../log4j-appserver/dependency-convergence.html| 2 +- log4j-2.16.0/log4j-appserver/dependency-info.html | 2 +- .../log4j-appserver/dependency-management.html | 2 +- log4j-2.16.0/log4j-appserver/index.html| 2 +- log4j-2.16.0/log4j-appserver/issue-tracking.html | 2 +- log4j-2.16.0/log4j-appserver/jira-report.html | 2 +- log4j-2.16.0/log4j-appserver/license.html | 2 +- log4j-2.16.0/log4j-appserver/mail-lists.html | 2 +- log4j-2.16.0/log4j-appserver/pmd.html | 2 +- log4j-2.16.0/log4j-appserver/project-info.html | 2 +- log4j-2.16.0/log4j-appserver/project-reports.html
[logging-log4j-site] 01/02: Revert "partial changes for 2.12.2"
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git commit c873a7f1bb10c1f7953214ba24227982f2a258ee Author: Remko Popma AuthorDate: Wed Dec 15 04:18:50 2021 +0900 Revert "partial changes for 2.12.2" This reverts commit 3ae28bf2d6dc4b85bacc5a856a24ed9d51f9ec17. --- log4j-2.16.0/articles.html| 3 +- log4j-2.16.0/build.html | 3 +- log4j-2.16.0/changelog.html | 3 +- log4j-2.16.0/download-2.12.2.html | 220 -- log4j-2.16.0/index.html | 3 +- 5 files changed, 4 insertions(+), 228 deletions(-) diff --git a/log4j-2.16.0/articles.html b/log4j-2.16.0/articles.html index 5fdc9fe..6b9d006 100644 --- a/log4j-2.16.0/articles.html +++ b/log4j-2.16.0/articles.html @@ -88,8 +88,7 @@ Legacy Sites http://logging.apache.org/log4j/1.2/"; class="externalLink" title="Log4j 1.2 - End of Life">Log4j 1.2 - End of Life http://logging.apache.org/log4j/log4j-2.3/"; class="externalLink" title="Log4j 2.3 - Java 6">Log4j 2.3 - Java 6 - http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1 manual - Java 7">Log4j 2.12.1 manual - Java 7 - Log4j 2.12.2 download - Java 7 +http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1 - Java 7">Log4j 2.12.1 - Java 7 Components API Implementation diff --git a/log4j-2.16.0/build.html b/log4j-2.16.0/build.html index 83e31ef..127b42c 100644 --- a/log4j-2.16.0/build.html +++ b/log4j-2.16.0/build.html @@ -88,8 +88,7 @@ Legacy Sites http://logging.apache.org/log4j/1.2/"; class="externalLink" title="Log4j 1.2 - End of Life">Log4j 1.2 - End of Life http://logging.apache.org/log4j/log4j-2.3/"; class="externalLink" title="Log4j 2.3 - Java 6">Log4j 2.3 - Java 6 - http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1 manual - Java 7">Log4j 2.12.1 manual - Java 7 - Log4j 2.12.2 download - Java 7 +http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1 - Java 7">Log4j 2.12.1 - Java 7 Components API Implementation diff --git a/log4j-2.16.0/changelog.html b/log4j-2.16.0/changelog.html index 5bb7216..c5de7a5 100644 --- a/log4j-2.16.0/changelog.html +++ b/log4j-2.16.0/changelog.html @@ -88,8 +88,7 @@ Legacy Sites http://logging.apache.org/log4j/1.2/"; class="externalLink" title="Log4j 1.2 - End of Life">Log4j 1.2 - End of Life http://logging.apache.org/log4j/log4j-2.3/"; class="externalLink" title="Log4j 2.3 - Java 6">Log4j 2.3 - Java 6 - http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1 manual - Java 7">Log4j 2.12.1 manual - Java 7 - Log4j 2.12.2 download - Java 7 +http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1 - Java 7">Log4j 2.12.1 - Java 7 Components API Implementation diff --git a/log4j-2.16.0/download-2.12.2.html b/log4j-2.16.0/download-2.12.2.html deleted file mode 100644 index 5e6b2ac..000 --- a/log4j-2.16.0/download-2.12.2.html +++ /dev/null @@ -1,220 +0,0 @@ - - -http://www.w3.org/1999/xhtml"; lang="en"> - - - - -Log4j – Download Apache Log4j 2.12.2 - - - - - - - - - - http://logging.apache.org"; id="bannerLeft"> - http://logging.apache.org/log4j/2.x"; id="bannerRight"> - - - - - -Last Published: 2021-12-14| - - Version: 2.17.0-SNAPSHOT - | -https://github.com/apache/logging-log4j2"; class="externalLink" title="GitHub">GitHub - | -https://analysis.apache.org/dashboard/index/org.apache.logging.log4j:log4j"; class="externalLink" title="Sonar">Sonar - | -Logging Services - | -https://www.apache.org/"; class="externalLink" title="Apache">Apache - https://cwiki.apache.org/confluence/display/LOGGING/Log4j"; class="externalLink" title="Logging Wiki">Logging Wiki - - - - - - - -Apache Log4j™ 2 -About -Download -Javadoc -Maven, Ivy, Gradle Artifacts -Runtime Dependencies -Changelog -FAQ -Performance -Articles and Tutorials -Security -Support -Thanks -For Contrib
[logging-log4j2] 01/02: Revert "[DOC] add separate download-2.12.2 page, add links in left side navigation menu"
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git commit 45eed5cfbd791fa27f6386097177be5664e32382 Author: rpopma AuthorDate: Wed Dec 15 04:50:27 2021 +0900 Revert "[DOC] add separate download-2.12.2 page, add links in left side navigation menu" This reverts commit 13270a6855699d0f5cbbb5ac2123ff1d398e6c90. --- src/site/markdown/download-2.12.2.md.vm | 67 - src/site/site.xml | 3 +- 2 files changed, 1 insertion(+), 69 deletions(-) diff --git a/src/site/markdown/download-2.12.2.md.vm b/src/site/markdown/download-2.12.2.md.vm deleted file mode 100644 index 3d6a394..000 --- a/src/site/markdown/download-2.12.2.md.vm +++ /dev/null @@ -1,67 +0,0 @@ - - -#set($h1='#') -#set($h2='##') - -$h1 Download Apache Log4j 2.12.2 - -Apache Log4j 2 is distributed under the [Apache License, version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html). - -There is no documentation for the 2.12.2 release. Please refer to the [Log4j 2.12.1 manual](http://logging.apache.org/log4j/log4j-2.12.1). - -The link in the Mirrors column should display a list of available mirrors with a default selection based on your -inferred location. If you do not see that page, try a different browser. The checksum and signature are links to -the originals on the main distribution server. - -| Distribution | Mirrors | Checksum | Signature | -| -- | | --- | --- | -| Apache Log4j 2 binary (tar.gz) | [apache-log4j-2.12.2-bin.tar.gz][bintar] | [apache-log4j-2.12.2-bin.tar.gz.sha512][bintarsha512] | [apache-log4j-2.12.2-bin.tar.gz.asc][bintarasc] | -| Apache Log4j 2 binary (zip)| [apache-log4j-2.12.2-bin.zip][binzip]| [apache-log4j-2.12.2-bin.zip.sha512][binzipsha512]| [apache-log4j-2.12.2-bin.zip.asc][binzipasc]| -| Apache Log4j 2 source (tar.gz) | [apache-log4j-2.12.2-src.tar.gz][srctar] | [apache-log4j-2.12.2-src.tar.gz.sha512][srctarsha512] | [apache-log4j-2.12.2-src.tar.gz.asc][srctarasc] | -| Apache Log4j 2 source (zip)| [apache-log4j-2.12.2-src.zip][srczip]| [apache-log4j-2.12.2-src.zip.sha512][srczipsha512]| [apache-log4j-2.12.2-src.zip.asc][srczipasc]| - -[bintar]: https://www.apache.org/dyn/closer.lua/logging/log4j/2.12.2/apache-log4j-2.12.2-bin.tar.gz -[bintarsha512]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-bin.tar.gz.sha512 -[bintarasc]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-bin.tar.gz.asc -[binzip]: https://www.apache.org/dyn/closer.lua/logging/log4j/2.12.2/apache-log4j-2.12.2-bin.zip -[binzipsha512]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-bin.zip.sha512 -[binzipasc]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-bin.zip.asc -[srctar]: https://www.apache.org/dyn/closer.lua/logging/log4j/2.12.2/apache-log4j-2.12.2-src.tar.gz -[srctarsha512]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-src.tar.gz.sha512 -[srctarasc]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-src.tar.gz.asc -[srczip]: https://www.apache.org/dyn/closer.lua/logging/log4j/2.12.2/apache-log4j-2.12.2-src.zip -[srczipsha512]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-src.zip.sha512 -[srczipasc]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-src.zip.asc - -It is essential that you verify the integrity of the downloaded files using the PGP and SHA512 signatures. -Please read [Verifying Apache HTTP Server Releases](https://httpd.apache.org/dev/verification.html) for more -information on why you should verify our releases. - -The PGP signatures can be verified using PGP or GPG. First download the -[KEYS](https://www.apache.org/dist/logging/KEYS) as well as the asc signature file for the relevant distribution. -Make sure you get these files from the [main distribution directory](https://www.apache.org/dist/logging/), rather -than from a mirror. Then verify the signatures using - -gpg --import KEYS -gpg --verify apache-log4j-2.12.2-bin.tar.gz.asc - -Apache Log4j 2.12.2 is signed by Ralph Goers (B3D8E1BA) - -Alternatively, you can verify the SHA512 signature on the files. A unix program called sha or sha512sum is included -in many unix distributions. - diff --git a/src/site/site.xml b/src/site/site.xml index 4d88a02..fa9cebc 100644 --- a/src/site/site.xml +++ b/src/site/site.xml @@ -302
[logging-log4j2] 02/02: [DOC] modify left side nav menu for 2.12.2
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git commit 129b5318129bf8d9be18827c034417dbee6165d0 Author: rpopma AuthorDate: Wed Dec 15 05:04:07 2021 +0900 [DOC] modify left side nav menu for 2.12.2 --- src/site/site.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/site/site.xml b/src/site/site.xml index fa9cebc..2cf17e6 100644 --- a/src/site/site.xml +++ b/src/site/site.xml @@ -302,7 +302,7 @@ http://logging.apache.org/log4j/1.2/"/> http://logging.apache.org/log4j/log4j-2.3/"/> - http://logging.apache.org/log4j/log4j-2.12.1"/> + http://logging.apache.org/log4j/log4j-2.12.1"/>
[logging-log4j2] branch release-2.x updated (13270a6 -> 129b531)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a change to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git. from 13270a6 [DOC] add separate download-2.12.2 page, add links in left side navigation menu new 45eed5c Revert "[DOC] add separate download-2.12.2 page, add links in left side navigation menu" new 129b531 [DOC] modify left side nav menu for 2.12.2 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: src/site/markdown/download-2.12.2.md.vm | 67 - src/site/site.xml | 3 +- 2 files changed, 1 insertion(+), 69 deletions(-) delete mode 100644 src/site/markdown/download-2.12.2.md.vm
[logging-log4j-site] branch asf-staging updated: partial changes for 2.12.2
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new 3ae28bf partial changes for 2.12.2 3ae28bf is described below commit 3ae28bf2d6dc4b85bacc5a856a24ed9d51f9ec17 Author: Remko Popma AuthorDate: Wed Dec 15 04:12:21 2021 +0900 partial changes for 2.12.2 --- log4j-2.16.0/articles.html | 3 +- log4j-2.16.0/build.html| 3 +- log4j-2.16.0/changelog.html| 3 +- .../{changelog.html => download-2.12.2.html} | 70 -- log4j-2.16.0/index.html| 3 +- 5 files changed, 61 insertions(+), 21 deletions(-) diff --git a/log4j-2.16.0/articles.html b/log4j-2.16.0/articles.html index 6b9d006..5fdc9fe 100644 --- a/log4j-2.16.0/articles.html +++ b/log4j-2.16.0/articles.html @@ -88,7 +88,8 @@ Legacy Sites http://logging.apache.org/log4j/1.2/"; class="externalLink" title="Log4j 1.2 - End of Life">Log4j 1.2 - End of Life http://logging.apache.org/log4j/log4j-2.3/"; class="externalLink" title="Log4j 2.3 - Java 6">Log4j 2.3 - Java 6 -http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1 - Java 7">Log4j 2.12.1 - Java 7 + http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1 manual - Java 7">Log4j 2.12.1 manual - Java 7 + Log4j 2.12.2 download - Java 7 Components API Implementation diff --git a/log4j-2.16.0/build.html b/log4j-2.16.0/build.html index 127b42c..83e31ef 100644 --- a/log4j-2.16.0/build.html +++ b/log4j-2.16.0/build.html @@ -88,7 +88,8 @@ Legacy Sites http://logging.apache.org/log4j/1.2/"; class="externalLink" title="Log4j 1.2 - End of Life">Log4j 1.2 - End of Life http://logging.apache.org/log4j/log4j-2.3/"; class="externalLink" title="Log4j 2.3 - Java 6">Log4j 2.3 - Java 6 -http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1 - Java 7">Log4j 2.12.1 - Java 7 + http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1 manual - Java 7">Log4j 2.12.1 manual - Java 7 + Log4j 2.12.2 download - Java 7 Components API Implementation diff --git a/log4j-2.16.0/changelog.html b/log4j-2.16.0/changelog.html index c5de7a5..5bb7216 100644 --- a/log4j-2.16.0/changelog.html +++ b/log4j-2.16.0/changelog.html @@ -88,7 +88,8 @@ Legacy Sites http://logging.apache.org/log4j/1.2/"; class="externalLink" title="Log4j 1.2 - End of Life">Log4j 1.2 - End of Life http://logging.apache.org/log4j/log4j-2.3/"; class="externalLink" title="Log4j 2.3 - Java 6">Log4j 2.3 - Java 6 -http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1 - Java 7">Log4j 2.12.1 - Java 7 + http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1 manual - Java 7">Log4j 2.12.1 manual - Java 7 + Log4j 2.12.2 download - Java 7 Components API Implementation diff --git a/log4j-2.16.0/changelog.html b/log4j-2.16.0/download-2.12.2.html similarity index 73% copy from log4j-2.16.0/changelog.html copy to log4j-2.16.0/download-2.12.2.html index c5de7a5..5e6b2ac 100644 --- a/log4j-2.16.0/changelog.html +++ b/log4j-2.16.0/download-2.12.2.html @@ -1,6 +1,6 @@ http://www.w3.org/1999/xhtml"; lang="en"> @@ -8,7 +8,7 @@ -Log4j – Release Changelog +Log4j – Download Apache Log4j 2.12.2 @@ -25,9 +25,9 @@ -Last Published: 2021-12-13| +Last Published: 2021-12-14| - Version: 2.16.0 + Version: 2.17.0-SNAPSHOT | https://github.com/apache/logging-log4j2"; class="externalLink" title="GitHub">GitHub | @@ -50,7 +50,7 @@ Javadoc Maven, Ivy, Gradle Artifacts Runtime Dependencies -Changelog +Changelog FAQ Performance Articles and Tutorials @@ -88,7 +88,8 @@ Legacy Sites http://logging.apache.org/log4j/1.2/"; class="externalLink" title="Log4j 1.2 - End of Life">Log4j 1.2 - End of Life http://logging.apache.org/log4j/log4j-2.3/"; class="externalLink" title="Log4j 2.3 - Java 6">Log4j 2.3 - Java 6 -http://logging.apache.org/log4j/log4j-2.12.1"; class="externalLink" title="Log4j 2.12.1
[logging-log4j2] branch release-2.x updated: [DOC] add separate download-2.12.2 page, add links in left side navigation menu
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new 13270a6 [DOC] add separate download-2.12.2 page, add links in left side navigation menu 13270a6 is described below commit 13270a6855699d0f5cbbb5ac2123ff1d398e6c90 Author: rpopma AuthorDate: Wed Dec 15 04:07:36 2021 +0900 [DOC] add separate download-2.12.2 page, add links in left side navigation menu --- src/site/markdown/download-2.12.2.md.vm | 67 + src/site/site.xml | 3 +- 2 files changed, 69 insertions(+), 1 deletion(-) diff --git a/src/site/markdown/download-2.12.2.md.vm b/src/site/markdown/download-2.12.2.md.vm new file mode 100644 index 000..3d6a394 --- /dev/null +++ b/src/site/markdown/download-2.12.2.md.vm @@ -0,0 +1,67 @@ + + +#set($h1='#') +#set($h2='##') + +$h1 Download Apache Log4j 2.12.2 + +Apache Log4j 2 is distributed under the [Apache License, version 2.0](https://www.apache.org/licenses/LICENSE-2.0.html). + +There is no documentation for the 2.12.2 release. Please refer to the [Log4j 2.12.1 manual](http://logging.apache.org/log4j/log4j-2.12.1). + +The link in the Mirrors column should display a list of available mirrors with a default selection based on your +inferred location. If you do not see that page, try a different browser. The checksum and signature are links to +the originals on the main distribution server. + +| Distribution | Mirrors | Checksum | Signature | +| -- | | --- | --- | +| Apache Log4j 2 binary (tar.gz) | [apache-log4j-2.12.2-bin.tar.gz][bintar] | [apache-log4j-2.12.2-bin.tar.gz.sha512][bintarsha512] | [apache-log4j-2.12.2-bin.tar.gz.asc][bintarasc] | +| Apache Log4j 2 binary (zip)| [apache-log4j-2.12.2-bin.zip][binzip]| [apache-log4j-2.12.2-bin.zip.sha512][binzipsha512]| [apache-log4j-2.12.2-bin.zip.asc][binzipasc]| +| Apache Log4j 2 source (tar.gz) | [apache-log4j-2.12.2-src.tar.gz][srctar] | [apache-log4j-2.12.2-src.tar.gz.sha512][srctarsha512] | [apache-log4j-2.12.2-src.tar.gz.asc][srctarasc] | +| Apache Log4j 2 source (zip)| [apache-log4j-2.12.2-src.zip][srczip]| [apache-log4j-2.12.2-src.zip.sha512][srczipsha512]| [apache-log4j-2.12.2-src.zip.asc][srczipasc]| + +[bintar]: https://www.apache.org/dyn/closer.lua/logging/log4j/2.12.2/apache-log4j-2.12.2-bin.tar.gz +[bintarsha512]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-bin.tar.gz.sha512 +[bintarasc]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-bin.tar.gz.asc +[binzip]: https://www.apache.org/dyn/closer.lua/logging/log4j/2.12.2/apache-log4j-2.12.2-bin.zip +[binzipsha512]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-bin.zip.sha512 +[binzipasc]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-bin.zip.asc +[srctar]: https://www.apache.org/dyn/closer.lua/logging/log4j/2.12.2/apache-log4j-2.12.2-src.tar.gz +[srctarsha512]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-src.tar.gz.sha512 +[srctarasc]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-src.tar.gz.asc +[srczip]: https://www.apache.org/dyn/closer.lua/logging/log4j/2.12.2/apache-log4j-2.12.2-src.zip +[srczipsha512]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-src.zip.sha512 +[srczipasc]: https://www.apache.org/dist/logging/log4j/2.12.2/apache-log4j-2.12.2-src.zip.asc + +It is essential that you verify the integrity of the downloaded files using the PGP and SHA512 signatures. +Please read [Verifying Apache HTTP Server Releases](https://httpd.apache.org/dev/verification.html) for more +information on why you should verify our releases. + +The PGP signatures can be verified using PGP or GPG. First download the +[KEYS](https://www.apache.org/dist/logging/KEYS) as well as the asc signature file for the relevant distribution. +Make sure you get these files from the [main distribution directory](https://www.apache.org/dist/logging/), rather +than from a mirror. Then verify the signatures using + +gpg --import KEYS +gpg --verify apache-log4j-2.12.2-bin.tar.gz.asc + +Apache Log4j 2.12.2 is signed by Ralph Goers (B3D8E1BA) + +Alternatively, you can verify the SHA512 signature on the files. A unix program called sha or sha512sum is included +in many unix distributions. + diff --git a/src/site/site.xml b/src
[logging-log4j-site] 02/03: Improve CVE-2021-4422 text.
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git commit e79e10f74c5e6f978d55055cc887b3341097382c Author: Volkan Yazıcı AuthorDate: Sun Dec 12 20:24:59 2021 +0100 Improve CVE-2021-4422 text. --- log4j-2.15.0/index.html| 2 +- log4j-2.15.0/security.html | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/log4j-2.15.0/index.html b/log4j-2.15.0/index.html index e8c7f62..b7ed4ea 100644 --- a/log4j-2.15.0/index.html +++ b/log4j-2.15.0/index.html @@ -202,7 +202,7 @@ One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. As of Log4j 2.15.0 this feature is now disabled by default. While an option has been provided to enable Lookups in this fashion, users are strongly discouraged from enabling it. -For those who cannot upgrade to 2.15.0, in releases >=2.10, this vulnerability can be mitigated by setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. For releases from 2.0-beta9 to 2.10.0, the mitigation is to remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class. +For those who cannot upgrade to 2.15.0, in releases >=2.10, this behavior can be mitigated by setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. For releases >=2.7 and <=2.14.1, all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m. For releases >=2.0-beta9 and < [...] Other News Log4j 2.15.0 is now available for production. The API for Log4j 2 is not compatible with Log4j 1.x, however an adapter is available to allow applications to continue to use the Log4j 1.x API. Adapters are also available for Apache Commons Logging, SLF4J, and java.util.logging. diff --git a/log4j-2.15.0/security.html b/log4j-2.15.0/security.html index 5135f10..f8587c9 100644 --- a/log4j-2.15.0/security.html +++ b/log4j-2.15.0/security.html @@ -167,9 +167,9 @@ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228";>CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints. Severity: Critical Base CVSS Score: 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H -Versions Affected: all versions from 2.0-beta9 to 2.14.1 -Descripton: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. -Mitigation: In releases >=2.10, this behavior can be mitigated by setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. For releases from 2.0-beta9 to 2.10.0, the mitigation is to remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class. +Versions Affected: all log4j-core versions >=2.0-beta9 and <=2.14.1 +Descripton: Apache Log4j <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. +Mitigation: In releases >=2.10, this behavior can be mitigated by setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. For releases >=2.7 and <=2.14.1, all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m. For releases >=2.0-beta9 and <=2.10.0, the mitigation is t [...] Credit: This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team. References: https://issues.apache.org/jira/browse/LOG4J2-3201";>https://issues.apache.org/jira/browse/LOG4J2-3201 and https://issues.apache.org/jira/browse/LOG4J2-3198";>https://issues.apache.org/jira/browse/LOG4J2-3198
[logging-log4j-site] 03/03: Merge remote-tracking branch 'origin/asf-site' into asf-site
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git commit 8f434bfb019bd2b6d69f6ac10c2d4bc8c66c8d29 Merge: e79e10f 3453f9f Author: Remko Popma AuthorDate: Wed Dec 15 03:36:42 2021 +0900 Merge remote-tracking branch 'origin/asf-site' into asf-site # Conflicts: # log4j-2.16.0/security.html # log4j-kotlin-1.2.0/css/maven-theme.css # log4j-kotlin-1.2.0/images/add.gif # log4j-kotlin-1.2.0/images/close.gif # log4j-kotlin-1.2.0/images/external.png # log4j-kotlin-1.2.0/images/fix.gif # log4j-kotlin-1.2.0/images/icon_error_sml.gif # log4j-kotlin-1.2.0/images/icon_help_sml.gif # log4j-kotlin-1.2.0/images/icon_info_sml.gif # log4j-kotlin-1.2.0/images/icon_success_sml.gif # log4j-kotlin-1.2.0/images/icon_warning_sml.gif # log4j-kotlin-1.2.0/images/ls-logo.jpg # log4j-kotlin-1.2.0/images/maven-feather.png # log4j-kotlin-1.2.0/images/newwindow.png # log4j-kotlin-1.2.0/images/remove.gif # log4j-kotlin-1.2.0/images/rss.png # log4j-kotlin-1.2.0/images/update.gif # log4j-kotlin-1.2.0/log4j-api-kotlin-benchmark/license.html # log4j-kotlin-1.2.0/log4j-api-kotlin-benchmark/xref/stylesheet.css # log4j-kotlin-1.2.0/xref/index.html
[logging-log4j-site] branch asf-site updated (3453f9f -> 8f434bf)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a change to branch asf-site in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git. from 3453f9f Fix typo in link text add 9024aba Update home page news add 703d052 update pages add 5f259e5 Clarify CVE-2021-44228 text on top page add 170e5ca Stage Log4j Kotlin API 1.2.0-rc1 site add e962b0a Update kotlin link add 8c7a5a6 Merge remote-tracking branch 'origin/asf-staging' into asf-staging add b873839 Fix incorrect version 2.15.1 in text: should be 2.16.0 add 60c6f7a Fix typo: primative should be primitive add 375f6b9 Improve CVE-2021-44228 section add 5834c06 Fix broken anchor link to CVE-2021-44228 section in securities page add 3c0f302 Fix typo add be4700e [DOC] Temporarily remove references to 2.12.2, recommend 2.16 only, move 2.15 to discredited solutions add 94f51a0 [DOC] stop recommending 2.15 add c4aafe0 [DOC] Add Work In Progress notice and credit Kai Mindermann add 615e767 Update for CVE-2021-45046 new 2d490a2 Delete log4j-1.2.17/.svn directory new e79e10f Improve CVE-2021-4422 text. new 8f434bf Merge remote-tracking branch 'origin/asf-site' into asf-site The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: kotlin | 2 +- log4j-2.16.0/index.html| 31 +- log4j-2.16.0/manual/appenders.html | 4 +- log4j-2.16.0/manual/configuration.html | 2 +- log4j-2.16.0/manual/lookups.html | 4 +- log4j-2.16.0/security.html | 75 +- log4j-kotlin-1.2.0/apidocs/allclasses-frame.html | 33 + log4j-kotlin-1.2.0/apidocs/allclasses-noframe.html | 33 + log4j-kotlin-1.2.0/apidocs/constant-values.html| 124 log4j-kotlin-1.2.0/apidocs/deprecated-list.html| 124 log4j-kotlin-1.2.0/apidocs/help-doc.html | 225 ++ log4j-kotlin-1.2.0/apidocs/index-all.html | 393 ++ log4j-kotlin-1.2.0/apidocs/index.html | 73 ++ ..._companionObjectKotlinLoggerDirect_jmhTest.html | 484 ...panionObjectKotlinLoggerFunctional_jmhTest.html | 484 ...k_companionObjectLog4jLoggerDirect_jmhTest.html | 484 ...mpanionObjectLog4jLoggerFunctional_jmhTest.html | 484 ...mpanionObjectLookupInterfaceDirect_jmhTest.html | 484 ...ionObjectLookupInterfaceFunctional_jmhTest.html | 484 .../generated/LoggingBenchmark_jmhType.html| 301 .../generated/LoggingBenchmark_jmhType_B1.html | 283 +++ .../generated/LoggingBenchmark_jmhType_B2.html | 459 .../generated/LoggingBenchmark_jmhType_B3.html | 300 ...LevelLoggerWithContextLookupDirect_jmhTest.html | 484 ...lLoggerWithContextLookupFunctional_jmhTest.html | 484 ...enchmark_topLevelNamedLoggerDirect_jmhTest.html | 484 ...mark_topLevelNamedLoggerFunctional_jmhTest.html | 484 ..._companionObjectKotlinLoggerDirect_jmhTest.html | 124 ...panionObjectKotlinLoggerFunctional_jmhTest.html | 124 ...k_companionObjectLog4jLoggerDirect_jmhTest.html | 124 ...mpanionObjectLog4jLoggerFunctional_jmhTest.html | 124 ...mpanionObjectLookupInterfaceDirect_jmhTest.html | 124 ...ionObjectLookupInterfaceFunctional_jmhTest.html | 124 .../class-use/LoggingBenchmark_jmhType.html| 675 + .../class-use/LoggingBenchmark_jmhType_B1.html | 157 .../class-use/LoggingBenchmark_jmhType_B2.html | 186 + .../class-use/LoggingBenchmark_jmhType_B3.html | 149 ...LevelLoggerWithContextLookupDirect_jmhTest.html | 124 ...lLoggerWithContextLookupFunctional_jmhTest.html | 124 ...enchmark_topLevelNamedLoggerDirect_jmhTest.html | 124 ...mark_topLevelNamedLoggerFunctional_jmhTest.html | 124 .../kotlin/benchmark/generated/package-frame.html | 34 + .../benchmark/generated/package-summary.html | 194 + .../kotlin/benchmark/generated/package-tree.html | 159 .../kotlin/benchmark/generated/package-use.html| 151 log4j-kotlin-1.2.0/apidocs/overview-tree.html | 163 + .../apidocs/package-list | 0 .../apidocs/script.js | 0 .../apidocs/stylesheet.css | 0 log4j-kotlin-1.2.0/build.html | 189 + log4j-kotlin-1.2.0/changes-report.html | 231 ++ log4j-kotlin-1.2.0/checkstyle-aggregate.html | 191 + .../checkstyle.rss
[logging-log4j2] branch release-2.x updated: Update for CVE-2021-45046
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new f8e30c8 Update for CVE-2021-45046 f8e30c8 is described below commit f8e30c84764b8d7b799b17d2b5ecb2924865ba5f Author: rpopma AuthorDate: Wed Dec 15 03:09:38 2021 +0900 Update for CVE-2021-45046 --- src/site/markdown/index.md.vm | 27 + src/site/markdown/security.md | 68 +-- 2 files changed, 92 insertions(+), 3 deletions(-) diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm index 7de57a0..aae4734 100644 --- a/src/site/markdown/index.md.vm +++ b/src/site/markdown/index.md.vm @@ -26,6 +26,33 @@ Apache Log4j 2 is an upgrade to Log4j that provides significant improvements ove provides many of the improvements available in Logback while fixing some inherent problems in Logback's architecture. + +$h2 Important: Security Vulnerability CVE-2021-45046 + +The Log4j team has been made aware of a security vulnerability, CVE-2021-45046, that has been addressed in Log4j 2.16.0. + +Summary: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack. + +$h4 Details +It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default +configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging +configuration uses a Pattern Layout with either a Context Lookup (for example, \$\$\{ctx:loginId\}) or a +Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern +resulting in a denial of service (DOS) attack. Log4j 2.15.0 restricts JNDI LDAP lookups to localhost by default. + +Note that previous mitigations involving configuration such as setting the system property `log4j2.noFormatMsgLookup` +to `true` do NOT mitigate this specific vulnerability. + +$h4 Mitigation +From version 2.16.0, Log4j disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. +Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap +protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. +The message lookups feature has been completely removed. + +$h4 Reference +Please refer to the [Security page](security.html#CVE-2021-45046) for details and mitigation measures for older versions of Log4j. + + $h2 Important: Security Vulnerability CVE-2021-44228 diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index 1967b6f..14866ed 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -45,9 +45,71 @@ If you have encountered an unlisted security vulnerability or other unexpected b that has security impact, or if the descriptions here are incomplete, please report them privately to the [Log4j Security Team](mailto:priv...@logging.apache.org). Thank you. + + + +### Fixed in Log4j 2.16.0 + + CVE-2021-45046 +[CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046): Apache Log4j2 +Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack. + +Severity: Moderate + +Base CVSS Score: 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) + +Versions Affected: all versions from 2.0-beta9 to 2.15.0 + + Description +It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. [...] + + + Mitigation +**Log4j 1.x mitigation**: Log4j 1.x is not impacted by this vulnerability. + +**Log4j 2.x mitigation**: Implement one of the mitigation techniques below. + +* Java 8 (or later) users should upgrade to release 2.16.0. +* Users requiring Java 7 should upgrade to release 2.12.2 when it becomes available (work in progress, expected to be available soon). +* Otherwise, remove the JndiLookup class from the classpath: `zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class` + +Note that only the log4j-core JAR file is impacted by this vulnerability. +Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability. + + History +**Older (discredited) mitigation measures** + +This page previously mentioned other mitigation measures, b
[logging-log4j-site] branch asf-staging updated: Update for CVE-2021-45046
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new 615e767 Update for CVE-2021-45046 615e767 is described below commit 615e7671b58286b956306c8a1318e8d91ac7e2ab Author: Remko Popma AuthorDate: Wed Dec 15 03:06:52 2021 +0900 Update for CVE-2021-45046 --- log4j-2.16.0/index.html| 30 -- log4j-2.16.0/security.html | 42 ++ 2 files changed, 62 insertions(+), 10 deletions(-) diff --git a/log4j-2.16.0/index.html b/log4j-2.16.0/index.html index e9b4834..d028440 100644 --- a/log4j-2.16.0/index.html +++ b/log4j-2.16.0/index.html @@ -158,12 +158,30 @@ --> Apache Log4j 2 Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback’s architecture. -Important: Security Vulnerability CVE-2021-44228 -The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.16.0. -Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code execution. -One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) att [...] -From version 2.16.0, the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. -Please refer to the Security page for mitigation measures for older versions of Log4j. + + +Important: Security Vulnerability CVE-2021-45046 +The Log4j team has been made aware of a security vulnerability, CVE-2021-45046, that has been addressed in Log4j 2.16.0. +Summary: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack. +Details +It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2. [...] +Note that previous mitigations involving configuration such as setting the system property log4j2.noFormatMsgLookup to true do NOT mitigate this specific vulnerability. +Mitigation +From version 2.16.0, Log4j disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. The message lookups feature has been completely removed. +Reference +Please refer to the Security page for details and mitigation measures for older versions of Log4j. + +Important: Security Vulnerability CVE-2021-44228 +The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.16.0. +Summary +Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code execution. +Details +One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) att [...] +Mitigation +From version 2.16.0, the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. J
[logging-log4j2] branch release-2.x updated: [DOC] Add Work In Progress notice and credit Kai Mindermann
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new f719cbe [DOC] Add Work In Progress notice and credit Kai Mindermann f719cbe is described below commit f719cbef14155edf426dd1e32b8ad95134db2bde Author: rpopma AuthorDate: Wed Dec 15 00:03:48 2021 +0900 [DOC] Add Work In Progress notice and credit Kai Mindermann --- src/site/markdown/security.md | 5 + 1 file changed, 5 insertions(+) diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index 96cba98..6853151 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -113,9 +113,14 @@ Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in confi Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. + Work in progress +The Log4j team will continue to actively update this page as more information becomes known. + Credit This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team. +The ThreadContext attack vector was first discovered by Kai Mindermann of iC Consult. + References [https://issues.apache.org/jira/browse/LOG4J2-3201](https://issues.apache.org/jira/browse/LOG4J2-3201) and [https://issues.apache.org/jira/browse/LOG4J2-3198](https://issues.apache.org/jira/browse/LOG4J2-3198).
[logging-log4j-site] branch asf-staging updated: [DOC] Add Work In Progress notice and credit Kai Mindermann
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new c4aafe0 [DOC] Add Work In Progress notice and credit Kai Mindermann c4aafe0 is described below commit c4aafe0b3a75f2e42538a9c940c66860f4b7fa83 Author: Remko Popma AuthorDate: Wed Dec 15 00:03:11 2021 +0900 [DOC] Add Work In Progress notice and credit Kai Mindermann --- log4j-2.16.0/security.html | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html index 842612a..ae92f77 100644 --- a/log4j-2.16.0/security.html +++ b/log4j-2.16.0/security.html @@ -192,8 +192,11 @@ Release Details As of Log4j 2.15.0 the message lookups feature was disabled by default. Lookups in configuration still work. While Log4j 2.15.0 has an option to enable Lookups in this fashion, users are strongly discouraged from enabling it. A whitelisting mechanism was introduced for JNDI connections, allowing only localhost by default. From version 2.16.0, the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. +Work in progress +The Log4j team will continue to actively update this page as more information becomes known. Credit -This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team. +This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team. +The ThreadContext attack vector was first discovered by Kai Mindermann of iC Consult. References https://issues.apache.org/jira/browse/LOG4J2-3201";>https://issues.apache.org/jira/browse/LOG4J2-3201 and https://issues.apache.org/jira/browse/LOG4J2-3198";>https://issues.apache.org/jira/browse/LOG4J2-3198.
[logging-log4j2] branch release-2.x updated: [DOC] Stop recommending 2.15
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new 04ed06b [DOC] Stop recommending 2.15 04ed06b is described below commit 04ed06bfee5b5487b7846f2c8df99cbfd23b4594 Author: rpopma AuthorDate: Tue Dec 14 23:28:48 2021 +0900 [DOC] Stop recommending 2.15 --- src/site/markdown/index.md.vm | 3 +-- src/site/markdown/security.md | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm index 947d0ae..7de57a0 100644 --- a/src/site/markdown/index.md.vm +++ b/src/site/markdown/index.md.vm @@ -29,8 +29,7 @@ provides many of the improvements available in Logback while fixing some inheren $h2 Important: Security Vulnerability CVE-2021-44228 -The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.15.0 -and 2.16.0. +The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.16.0. $h4 Summary Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index 9697daa..96cba98 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -47,7 +47,7 @@ privately to the [Log4j Security Team](mailto:priv...@logging.apache.org). Thank -### Fixed in Log4j 2.15.0 and 2.16.0 +### Fixed in Log4j 2.16.0 CVE-2021-44228 [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228): Apache Log4j2 JNDI
[logging-log4j-site] branch asf-staging updated: [DOC] stop recommending 2.15
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new 94f51a0 [DOC] stop recommending 2.15 94f51a0 is described below commit 94f51a00a2bf1a2d949b3a93bcbf3a1a498ee780 Author: Remko Popma AuthorDate: Tue Dec 14 23:28:14 2021 +0900 [DOC] stop recommending 2.15 --- log4j-2.16.0/index.html| 2 +- log4j-2.16.0/security.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/log4j-2.16.0/index.html b/log4j-2.16.0/index.html index 2a7953d..e9b4834 100644 --- a/log4j-2.16.0/index.html +++ b/log4j-2.16.0/index.html @@ -159,7 +159,7 @@ Apache Log4j 2 Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback’s architecture. Important: Security Vulnerability CVE-2021-44228 -The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.15.0 and 2.16.0. +The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.16.0. Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code execution. One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) att [...] From version 2.16.0, the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html index a6110fa..842612a 100644 --- a/log4j-2.16.0/security.html +++ b/log4j-2.16.0/security.html @@ -164,7 +164,7 @@ If you need help on building or configuring Log4j or other help on following the instructions to mitigate the known vulnerabilities listed here, please send your questions to the public Log4j Users mailing list If you have encountered an unlisted security vulnerability or other unexpected behaviour that has security impact, or if the descriptions here are incomplete, please report them privately to the mailto:priv...@logging.apache.org";>Log4j Security Team. Thank you. -Fixed in Log4j 2.15.0 and 2.16.0 +Fixed in Log4j 2.16.0 CVE-2021-44228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228";>CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints. Severity: Critical
[logging-log4j-site] branch asf-staging updated: [DOC] Temporarily remove references to 2.12.2, recommend 2.16 only, move 2.15 to discredited solutions
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new be4700e [DOC] Temporarily remove references to 2.12.2, recommend 2.16 only, move 2.15 to discredited solutions be4700e is described below commit be4700ed61ef2e53a21551465edb9766af4f1a9a Author: Remko Popma AuthorDate: Tue Dec 14 23:04:08 2021 +0900 [DOC] Temporarily remove references to 2.12.2, recommend 2.16 only, move 2.15 to discredited solutions --- log4j-2.16.0/index.html| 1 - log4j-2.16.0/security.html | 21 +++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/log4j-2.16.0/index.html b/log4j-2.16.0/index.html index e41857a..2a7953d 100644 --- a/log4j-2.16.0/index.html +++ b/log4j-2.16.0/index.html @@ -162,7 +162,6 @@ The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.15.0 and 2.16.0. Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code execution. One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) att [...] -As of Log4j 2.15.0 the message lookups feature was disabled by default. Lookups in configuration still work. While Log4j 2.15.0 has an option to enable Lookups in this fashion, users are strongly discouraged from enabling it. From version 2.16.0, the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. Please refer to the Security page for mitigation measures for older versions of Log4j. Features diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html index 9e3fc59..a6110fa 100644 --- a/log4j-2.16.0/security.html +++ b/log4j-2.16.0/security.html @@ -171,32 +171,33 @@ Base CVSS Score: 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Versions Affected: all versions from 2.0-beta9 to 2.14.1 Description -Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. +In Apache Log4j2 versions up to and including 2.14.1, the JNDI features used in configurations, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. Mitigation Log4j 1.x mitigation: Log4j 1.x does not have Lookups so the risk is lower. Applications using Log4j 1.x are only vulnerable to this attack when they use JNDI in their configuration. A separate CVE (CVE-2021-4104) has been filed for this vulnerability. To mitigate: audit your logging configuration to ensure it has no JMSAppender configured. Log4j 1.x configurations without JMSAppender are not impacted by this vulnerability. Log4j 2.x mitigation: Implement one of the mitigation techniques below. -Upgrade to release 2.15.0 or later (2.16.0 is recommended) - requires Java 8 or later. -Users requiring Java 7, upgrade to release 2.12.2. +Java 8 (or later) users should upgrade to release 2.16.0. +Users requiring Java 7 should upgrade to release 2.12.2 when it becomes available (work in progress, expected to be available soon). Otherwise, remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability. History Older (discredited) mitigation measures -We strongly recommend upgrading Log4j to a safe version, or removing the JndiLookup class from the log4j-core jar. -This page previously had other mitigation measures, but
[logging-log4j2] branch release-2.x updated: [DOC] Temporarily remove references to 2.12.2, recommend 2.16 only, move 2.15 to discredited solutions
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new 69023fa [DOC] Temporarily remove references to 2.12.2, recommend 2.16 only, move 2.15 to discredited solutions 69023fa is described below commit 69023fa43619ed3c1f6d7a665d301c76b4af0bd1 Author: rpopma AuthorDate: Tue Dec 14 23:03:30 2021 +0900 [DOC] Temporarily remove references to 2.12.2, recommend 2.16 only, move 2.15 to discredited solutions --- src/site/markdown/index.md.vm | 9 - src/site/markdown/security.md | 32 +--- 2 files changed, 17 insertions(+), 24 deletions(-) diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm index e3de3e6..947d0ae 100644 --- a/src/site/markdown/index.md.vm +++ b/src/site/markdown/index.md.vm @@ -44,20 +44,11 @@ that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) attack. $h4 Mitigation -As of Log4j 2.15.0 the message lookups feature was disabled by default. Lookups in configuration still work. -While Log4j 2.15.0 has an option to enable Lookups in this fashion, users are strongly discouraged from enabling it. - From version 2.16.0, the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. -A version 2.12.2 has been released for users who cannot upgrade to 2.16.0 because they require Java 7. -This release is based on Log4j 2.12.1, with the same security changes as 2.16.0: -it removes the message lookups feature completely, disables JNDI by default, -and only allows access to Java primitive objects. -It is actually even stricter than 2.16.0, in that it allows only the java protocol (ldap and ldaps protocols will not work). - $h4 Reference Please refer to the [Security page](security.html#CVE-2021-44228) for mitigation measures for older versions of Log4j. diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index 86c2272..9697daa 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -60,8 +60,9 @@ Base CVSS Score: 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Versions Affected: all versions from 2.0-beta9 to 2.14.1 Description -In Apache Log4j2 2.14.1, the JNDI features used in configurations, log messages, and parameters do not -protect against an attacker-controlled LDAP and other JNDI related endpoints. An attacker who can control log +In Apache Log4j2 versions up to and including 2.14.1, +the JNDI features used in configurations, log messages, and parameters do not +protect against attacker-controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. @@ -74,8 +75,8 @@ Log4j 1.x configurations without JMSAppender are not impacted by this vulnerabil **Log4j 2.x mitigation**: Implement one of the mitigation techniques below. -* Java 8 (or later) users should upgrade to release 2.15.0 or later, 2.16.0 is recommended. -* Java 7 users should upgrade to release 2.12.2. +* Java 8 (or later) users should upgrade to release 2.16.0. +* Users requiring Java 7 should upgrade to release 2.12.2 when it becomes available (work in progress, expected to be available soon). * Otherwise, remove the JndiLookup class from the classpath: `zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class` Note that only the log4j-core JAR file is impacted by this vulnerability. @@ -84,33 +85,34 @@ Applications using only the log4j-api JAR file without the log4j-core JAR file a History **Older (discredited) mitigation measures** -We strongly recommend upgrading Log4j to a safe version, or removing the JndiLookup class from the log4j-core jar. +This page previously mentioned other mitigation measures, but we discovered that these measures only limit exposure while leaving some attack vectors open. -This page previously had other mitigation measures, but we discovered that these measures only limit exposure while leaving some attack vectors open. +The 2.15.0 release was found to still be vulnerable when the configuration has a pattern +layout containing a Context Lookup (for example, `$${ctx:loginId}`), +or a Thread Context Map pattern `%X`, `%mdc` or `%MDC`. +When an attacker can control Thread Context values, they may inject
[logging-log4j2] branch release-2.x updated (9573cbe -> 5c7f42d)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a change to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git. from 9573cbe Improve top page new 283f8c7 Fix broken anchor link new 5c7f42d Fix typo The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: src/site/markdown/index.md.vm | 2 +- src/site/markdown/security.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
[logging-log4j2] 01/02: Fix broken anchor link
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git commit 283f8c77f84458231c949aed3cd3e612231d463f Author: rpopma AuthorDate: Tue Dec 14 21:19:47 2021 +0900 Fix broken anchor link --- src/site/markdown/index.md.vm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm index d8ecfc9..e3de3e6 100644 --- a/src/site/markdown/index.md.vm +++ b/src/site/markdown/index.md.vm @@ -26,7 +26,7 @@ Apache Log4j 2 is an upgrade to Log4j that provides significant improvements ove provides many of the improvements available in Logback while fixing some inherent problems in Logback's architecture. - + $h2 Important: Security Vulnerability CVE-2021-44228 The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.15.0
[logging-log4j2] 02/02: Fix typo
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git commit 5c7f42d3a9c4b367b4d81c212411029c499f3f6f Author: rpopma AuthorDate: Tue Dec 14 21:20:06 2021 +0900 Fix typo --- src/site/markdown/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index 1fa02a7..4ed95d1 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -84,7 +84,7 @@ Applications using only the log4j-api JAR file without the log4j-core JAR file a History **Older (discredited) mitigation measures** -We strongly recommend upgrading Log4j to a safe version, or removing the JndiLookup class from the log4j-core class. +We strongly recommend upgrading Log4j to a safe version, or removing the JndiLookup class from the log4j-core jar. This page previously had other mitigation measures, but we discovered that these measures only limit exposure while leaving some attack vectors open.
[logging-log4j-site] branch asf-staging updated: Fix typo
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new 3c0f302 Fix typo 3c0f302 is described below commit 3c0f302920fea242f9fe83978c2ec3b46180f9a1 Author: Remko Popma AuthorDate: Tue Dec 14 21:21:34 2021 +0900 Fix typo --- log4j-2.16.0/security.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html index 8d8230d..9e3fc59 100644 --- a/log4j-2.16.0/security.html +++ b/log4j-2.16.0/security.html @@ -184,7 +184,7 @@ Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability. History Older (discredited) mitigation measures -We strongly recommend upgrading Log4j to a safe version, or removing the JndiLookup class from the log4j-core class. +We strongly recommend upgrading Log4j to a safe version, or removing the JndiLookup class from the log4j-core jar. This page previously had other mitigation measures, but we discovered that these measures only limit exposure while leaving some attack vectors open. These insufficient mitigation measures are: setting system property log4j2.formatMsgNoLookups or environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true for releases >= 2.10, or modifying the logging configuration to disable message lookups with %m{nolookups}, %msg{nolookups} or %message{nolookups} for releases >= 2.7 and <= 2.14.1. The reason these measures are insufficient is that there are still code paths in Log4j where message lookups could occur: known examples are applications that use Logger.printf("%s", userInput), or applications that use a custom message factory, where the resulting messages do not implement StringBuilderFormattable. There may be other attack vectors. The safest thing to do is to upgrade Log4j to a safe version, or removing the JndiLookup class from the log4j-core class.
[logging-log4j-site] branch asf-staging updated: Fix broken anchor link to CVE-2021-44228 section in securities page
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new 5834c06 Fix broken anchor link to CVE-2021-44228 section in securities page 5834c06 is described below commit 5834c0691433f05bf03047dd2be5acc5022923bc Author: Remko Popma AuthorDate: Tue Dec 14 18:54:28 2021 +0900 Fix broken anchor link to CVE-2021-44228 section in securities page --- log4j-2.16.0/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/log4j-2.16.0/index.html b/log4j-2.16.0/index.html index 0cb6555..e41857a 100644 --- a/log4j-2.16.0/index.html +++ b/log4j-2.16.0/index.html @@ -164,7 +164,7 @@ One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) att [...] As of Log4j 2.15.0 the message lookups feature was disabled by default. Lookups in configuration still work. While Log4j 2.15.0 has an option to enable Lookups in this fashion, users are strongly discouraged from enabling it. From version 2.16.0, the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. -Please refer to the Security page for mitigation measures for older versions of Log4j. +Please refer to the Security page for mitigation measures for older versions of Log4j. Features API Separation The API for Log4j is separate from the implementation making it clear for application developers which classes and methods they can use while ensuring forward compatibility. This allows the Log4j team to improve the implementation safely and in a compatible manner.
[logging-log4j2] 01/02: Improve CVE-2021-44228 section
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git commit 6cfd08511c822f7f28f6723042d2c697f90e0fb8 Author: rpopma AuthorDate: Tue Dec 14 18:47:04 2021 +0900 Improve CVE-2021-44228 section * create subsections * add text for Log4j 1.x and CVE-2021-4104 * correct the discredited mitigation techniques * list the recommended mitigation techniques * list details about releases related to this issue --- src/site/markdown/security.md | 69 +++ 1 file changed, 57 insertions(+), 12 deletions(-) diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index f4a9666..1fa02a7 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -45,9 +45,12 @@ If you have encountered an unlisted security vulnerability or other unexpected b that has security impact, or if the descriptions here are incomplete, please report them privately to the [Log4j Security Team](mailto:priv...@logging.apache.org). Thank you. -### Fixed in Log4j 2.15.0 + + +### Fixed in Log4j 2.15.0 and 2.16.0 -[CVE-2021-4422](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228): Apache Log4j2 JNDI + CVE-2021-44228 +[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228): Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints. Severity: Critical @@ -56,21 +59,63 @@ Base CVSS Score: 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Versions Affected: all versions from 2.0-beta9 to 2.14.1 -Descripton: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not + Description +Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup -substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. +substitution is enabled. -Mitigation: In releases >=2.10, this behavior can be mitigated by setting either the system property -`log4j2.formatMsgNoLookups` or the environment variable `LOG4J_FORMAT_MSG_NO_LOOKUPS` to `true`. -For releases from 2.7 through 2.14.1 all PatternLayout patterns can be modified to specify the message converter as -`%m{nolookups}` instead of just `%m`. -For releases from 2.0-beta9 to 2.7, the only mitigation is to remove the `JndiLookup` class from the classpath: -`zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class`. + Mitigation +**Log4j 1.x mitigation**: Log4j 1.x does not have Lookups so the risk is lower. +Applications using Log4j 1.x are only vulnerable to this attack when they use JNDI in their configuration. +A separate CVE (CVE-2021-4104) has been filed for this vulnerability. +To mitigate: audit your logging configuration to ensure it has no JMSAppender configured. +Log4j 1.x configurations without JMSAppender are not impacted by this vulnerability. -Credit: This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team. +**Log4j 2.x mitigation**: Implement one of the mitigation techniques below. -References: [https://issues.apache.org/jira/browse/LOG4J2-3201](https://issues.apache.org/jira/browse/LOG4J2-3201) +* Upgrade to release 2.15.0 or later (2.16.0 is recommended) - requires Java 8 or later. +* Users requiring Java 7, upgrade to release 2.12.2. +* Otherwise, remove the JndiLookup class from the classpath: `zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class` + +Note that only the log4j-core JAR file is impacted by this vulnerability. +Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability. + + History +**Older (discredited) mitigation measures** + +We strongly recommend upgrading Log4j to a safe version, or removing the JndiLookup class from the log4j-core class. + +This page previously had other mitigation measures, but we discovered that these measures only limit exposure while leaving some attack vectors open. + +These insufficient mitigation measures are: setting system property `log4j2.formatMsgNoLookups` or environment variable `LOG4J_FORMAT_MSG_NO_LOOKUPS` to `true` for releases >= 2.10, or modifying the logging configuration to disable message lookups with `%m{nolookups}`, `%msg{nolookups}` or `%message{nolookups}` for releases >= 2.7 and <= 2.14.1. + +The reason these measures are insufficient is that there are still code paths in Log4j where message lookups could occur: +known examples are applications that use `Logger.printf("%s", userInput)
[logging-log4j2] branch release-2.x updated (f448f03 -> 9573cbe)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a change to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git. from f448f03 [DOC] fix typo primative should be primitive new 6cfd085 Improve CVE-2021-44228 section new 9573cbe Improve top page The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: src/site/markdown/index.md.vm | 62 +- src/site/markdown/security.md | 69 +++ 2 files changed, 98 insertions(+), 33 deletions(-)
[logging-log4j2] 02/02: Improve top page
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git commit 9573cbe30ac3f23161e853be441740db1a4ffc11 Author: rpopma AuthorDate: Tue Dec 14 18:48:25 2021 +0900 Improve top page * move CVE-2021-4428 section to the top of the page * explain the vulnerability in more detail * mention related releases * link the the security page --- src/site/markdown/index.md.vm | 62 --- 1 file changed, 41 insertions(+), 21 deletions(-) diff --git a/src/site/markdown/index.md.vm b/src/site/markdown/index.md.vm index 1267cbe..d8ecfc9 100644 --- a/src/site/markdown/index.md.vm +++ b/src/site/markdown/index.md.vm @@ -18,12 +18,50 @@ #set($h1='#') #set($h2='##') #set($h3='###') +#set($h4='') $h1 Apache Log4j 2 Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback's architecture. + + +$h2 Important: Security Vulnerability CVE-2021-44228 + +The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.15.0 +and 2.16.0. + +$h4 Summary +Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code +execution. + +$h4 Details +One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. +This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, +then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from +that remote server. This in turn could execute any code during deserialization. +This is known as a RCE (Remote Code Execution) attack. + +$h4 Mitigation +As of Log4j 2.15.0 the message lookups feature was disabled by default. Lookups in configuration still work. +While Log4j 2.15.0 has an option to enable Lookups in this fashion, users are strongly discouraged from enabling it. + +From version 2.16.0, the message lookups feature has been completely removed. Lookups in configuration still work. +Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. +Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap +protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. + +A version 2.12.2 has been released for users who cannot upgrade to 2.16.0 because they require Java 7. +This release is based on Log4j 2.12.1, with the same security changes as 2.16.0: +it removes the message lookups feature completely, disables JNDI by default, +and only allows access to Java primitive objects. +It is actually even stricter than 2.16.0, in that it allows only the java protocol (ldap and ldaps protocols will not work). + +$h4 Reference +Please refer to the [Security page](security.html#CVE-2021-44228) for mitigation measures for older versions of Log4j. + + $h2 Features $h3 API Separation @@ -137,27 +175,9 @@ dependencies. $h2 News -Log4j 2.16.0 has been released solely to disable access to JNDI by default. The CVE noted below was fixed in the 2.15.0 -release. 2.16.0 is NOT a required upgrade but users may choose to use it to have confidence that JNDI will not be -abused. - -$h3 CVE-2021-44228 - -The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.15.0. - -Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code -execution. Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only -accessing Java primitive objects by default served on the local host. - -One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. As of -Log4j 2.15.0 this feature is now disabled by default. While an option has been provided to enable Lookups in this fashion, -users are strongly discouraged from enabling it. - -For those who cannot upgrade to 2.15.0, in releases >=2.10, this vulnerability can be mitigated by setting either the -system property `log4j2.formatMsgNoLookups` or the environment variable `LOG4J_FORMAT_MSG_NO_LOOKUPS` to `true`. For -releases from 2.7 through 2.14.1 all PatternLayout patterns can be modified to specify the message converter as -`%m{nnolookups}` instead of just `%m`. For releases from 2.0-beta9 to 2.10.0, the mitigation is to remove the -`JndiLookup` class from the classpath:`zip -q -d log4j-core-*.jar org/apache/lo
[logging-log4j-site] branch asf-staging updated: Improve CVE-2021-44228 section
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new 375f6b9 Improve CVE-2021-44228 section 375f6b9 is described below commit 375f6b9ca6425e8b51138f69a654691f83befefe Author: Remko Popma AuthorDate: Tue Dec 14 18:46:20 2021 +0900 Improve CVE-2021-44228 section * create subsections * add text for Log4j 1.x and CVE-2021-4104 * correct the discredited mitigation techniques * list the recommended mitigation techniques * list details about releases related to this issue --- log4j-2.16.0/security.html | 41 - 1 file changed, 32 insertions(+), 9 deletions(-) diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html index 3484793..8d8230d 100644 --- a/log4j-2.16.0/security.html +++ b/log4j-2.16.0/security.html @@ -163,17 +163,40 @@ Please note that binary patches are never provided. If you need to apply a source code patch, use the building instructions for the Apache Log4j version that you are using. For Log4j 2 this is BUILDING.md. This file can be found in the root subdirectory of a source distributive. If you need help on building or configuring Log4j or other help on following the instructions to mitigate the known vulnerabilities listed here, please send your questions to the public Log4j Users mailing list If you have encountered an unlisted security vulnerability or other unexpected behaviour that has security impact, or if the descriptions here are incomplete, please report them privately to the mailto:priv...@logging.apache.org";>Log4j Security Team. Thank you. -Improvements in 2.16.0 -Log4j 2.16.0 further addresses https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228";>CVE-2021-44228 by disabling JNDI support by default and completely removing the ability to perform lookups in log messages. Users are recommended to upgrade to 2.16.0. -Fixed in Log4j 2.15.0 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228";>CVE-2021-4422: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints. + +Fixed in Log4j 2.15.0 and 2.16.0 +CVE-2021-44228 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228";>CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints. Severity: Critical Base CVSS Score: 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H -Versions Affected: all versions from 2.0-beta9 to 2.14.1 -Descripton: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. -Mitigation: In releases >=2.10, this behavior can be mitigated by setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. For releases from 2.7 through 2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m. For releases from 2.0-beta9 to 2.7, the only mitigation is to remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apa [...] -Credit: This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team. -References: https://issues.apache.org/jira/browse/LOG4J2-3201";>https://issues.apache.org/jira/browse/LOG4J2-3201 and https://issues.apache.org/jira/browse/LOG4J2-3198";>https://issues.apache.org/jira/browse/LOG4J2-3198. +Versions Affected: all versions from 2.0-beta9 to 2.14.1 +Description +Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. +Mitigation +Log4j 1.x mitigation: Log4j 1.x does not have Lookups so the risk is lower. Applications using Log4j 1.x are only vulnerable to this attack when they use JNDI in their configuration. A separate CVE (CVE-2021-4104) has been filed for this vulnerability. To mitigate: audit your logging configuration to ensure it has no JMSAppender configured. Log4j 1.x configurations without JMSAppender are not impacted by this vulnerability. +Log4j 2.x mitigation: Implement one of the mitigation techniques below. + + +Upgrade to release 2.15.0 or later (2.16.0 is recommended) - requires
[logging-log4j-site] 01/02: Fix incorrect version 2.15.1 in text: should be 2.16.0
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git commit b873839f6e7c3f6d8b7bf3b5f8ca9def1d402857 Author: Remko Popma AuthorDate: Tue Dec 14 16:30:54 2021 +0900 Fix incorrect version 2.15.1 in text: should be 2.16.0 --- log4j-2.16.0/manual/appenders.html | 2 +- log4j-2.16.0/manual/lookups.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/log4j-2.16.0/manual/appenders.html b/log4j-2.16.0/manual/appenders.html index 072b262..a25c26e 100644 --- a/log4j-2.16.0/manual/appenders.html +++ b/log4j-2.16.0/manual/appenders.html @@ -2372,7 +2372,7 @@ public class ConnectionFactory { The JMS Appender sends the formatted log event to a JMS Destination. -The JMS Appender requires JNDI support so as of release 2.15.1 this appender will not function unless +The JMS Appender requires JNDI support so as of release 2.16.0 this appender will not function unless log4j2.enableJndi=truelog4j2.enableJndi=true is configured as a system property or environment variable. See the enableJndi system property. diff --git a/log4j-2.16.0/manual/lookups.html b/log4j-2.16.0/manual/lookups.html index ee6cfae..a053beb 100644 --- a/log4j-2.16.0/manual/lookups.html +++ b/log4j-2.16.0/manual/lookups.html @@ -519,7 +519,7 @@ Jndi Lookup -As of Log4j 2.15.1 JNDI operations require that log4j2.enableJndi=true be set as a system +As of Log4j 2.16.0 JNDI operations require that log4j2.enableJndi=true be set as a system property or the corresponding environment variable for this lookup to function. See the enableJndi system property.
[logging-log4j-site] 02/02: Fix typo: primative should be primitive
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git commit 60c6f7a6dff585211f16511aff4c4a4b7a9f6451 Author: Remko Popma AuthorDate: Tue Dec 14 17:48:11 2021 +0900 Fix typo: primative should be primitive --- log4j-2.16.0/manual/appenders.html | 2 +- log4j-2.16.0/manual/configuration.html | 2 +- log4j-2.16.0/manual/lookups.html | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/log4j-2.16.0/manual/appenders.html b/log4j-2.16.0/manual/appenders.html index a25c26e..7d95804 100644 --- a/log4j-2.16.0/manual/appenders.html +++ b/log4j-2.16.0/manual/appenders.html @@ -2408,7 +2408,7 @@ public class ConnectionFactory { A comma separated list of fully qualified class names that may be accessed by LDAP. The classes -must implement Serializable. Only applies when the JMS Appender By default only Java primative classes are allowed. +must implement Serializable. Only applies when the JMS Appender By default only Java primitive classes are allowed. diff --git a/log4j-2.16.0/manual/configuration.html b/log4j-2.16.0/manual/configuration.html index 8576e66..5c5aec7 100644 --- a/log4j-2.16.0/manual/configuration.html +++ b/log4j-2.16.0/manual/configuration.html @@ -2699,7 +2699,7 @@ public class AwesomeTest { System property that specifies fully qualified class names that may be accessed by LDAP. The classes - must implement Serializable. By default only Java primative classes are allowed. + must implement Serializable. By default only Java primitive classes are allowed. diff --git a/log4j-2.16.0/manual/lookups.html b/log4j-2.16.0/manual/lookups.html index a053beb..81beb33 100644 --- a/log4j-2.16.0/manual/lookups.html +++ b/log4j-2.16.0/manual/lookups.html @@ -532,7 +532,7 @@ By default the JDNI Lookup only supports the java, ldap, and ldaps protocols or no protocol. Additional protocols may be supported by specifying them on the log4j2.allowedJndiProtocols property. When using LDAP Java classes that implement the Referenceable interface are not supported for security -reasons. Only the Java primative classes are supported by default as well as any classes specified by the +reasons. Only the Java primitive classes are supported by default as well as any classes specified by the log4j2.allowedLdapClasses property. When using LDAP only references to the local host name or ip address are supported along with any hosts or ip addresses listed in the log4j2.allowedLdapHosts property.
[logging-log4j-site] branch asf-staging updated (8c7a5a6 -> 60c6f7a)
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a change to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git. from 8c7a5a6 Merge remote-tracking branch 'origin/asf-staging' into asf-staging new b873839 Fix incorrect version 2.15.1 in text: should be 2.16.0 new 60c6f7a Fix typo: primative should be primitive The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: log4j-2.16.0/manual/appenders.html | 4 ++-- log4j-2.16.0/manual/configuration.html | 2 +- log4j-2.16.0/manual/lookups.html | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-)
[logging-log4j2] branch release-2.x updated: [DOC] fix typo primative should be primitive
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new f448f03 [DOC] fix typo primative should be primitive f448f03 is described below commit f448f034b8ee1af0f14e8edf15438d233435a634 Author: rpopma AuthorDate: Tue Dec 14 17:46:34 2021 +0900 [DOC] fix typo primative should be primitive --- src/site/xdoc/manual/appenders.xml| 2 +- src/site/xdoc/manual/configuration.xml.vm | 2 +- src/site/xdoc/manual/lookups.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/site/xdoc/manual/appenders.xml b/src/site/xdoc/manual/appenders.xml index f6fad02..bb2c628 100644 --- a/src/site/xdoc/manual/appenders.xml +++ b/src/site/xdoc/manual/appenders.xml @@ -1564,7 +1564,7 @@ public class ConnectionFactory { null A comma separated list of fully qualified class names that may be accessed by LDAP. The classes -must implement Serializable. Only applies when the JMS Appender By default only Java primative classes are allowed. +must implement Serializable. Only applies when the JMS Appender By default only Java primitive classes are allowed. diff --git a/src/site/xdoc/manual/configuration.xml.vm b/src/site/xdoc/manual/configuration.xml.vm index 3499eee..25d539b 100644 --- a/src/site/xdoc/manual/configuration.xml.vm +++ b/src/site/xdoc/manual/configuration.xml.vm @@ -2162,7 +2162,7 @@ public class AwesomeTest { System property that specifies fully qualified class names that may be accessed by LDAP. The classes - must implement Serializable. By default only Java primative classes are allowed. + must implement Serializable. By default only Java primitive classes are allowed. diff --git a/src/site/xdoc/manual/lookups.xml b/src/site/xdoc/manual/lookups.xml index e9a2e59..d541661 100644 --- a/src/site/xdoc/manual/lookups.xml +++ b/src/site/xdoc/manual/lookups.xml @@ -278,7 +278,7 @@ By default the JDNI Lookup only supports the java, ldap, and ldaps protocols or no protocol. Additional protocols may be supported by specifying them on the log4j2.allowedJndiProtocols property. When using LDAP Java classes that implement the Referenceable interface are not supported for security -reasons. Only the Java primative classes are supported by default as well as any classes specified by the +reasons. Only the Java primitive classes are supported by default as well as any classes specified by the log4j2.allowedLdapClasses property. When using LDAP only references to the local host name or ip address are supported along with any hosts or ip addresses listed in the log4j2.allowedLdapHosts property.
[logging-log4j2] branch release-2.x updated: [DOC] fix incorrect version 2.15.1: should be 2.16.0
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git The following commit(s) were added to refs/heads/release-2.x by this push: new 0ac8c85 [DOC] fix incorrect version 2.15.1: should be 2.16.0 0ac8c85 is described below commit 0ac8c8585747422324013094d049d323fdacc244 Author: rpopma AuthorDate: Tue Dec 14 16:41:31 2021 +0900 [DOC] fix incorrect version 2.15.1: should be 2.16.0 --- src/site/xdoc/manual/appenders.xml | 2 +- src/site/xdoc/manual/lookups.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/site/xdoc/manual/appenders.xml b/src/site/xdoc/manual/appenders.xml index 6a4956c..f6fad02 100644 --- a/src/site/xdoc/manual/appenders.xml +++ b/src/site/xdoc/manual/appenders.xml @@ -1540,7 +1540,7 @@ public class ConnectionFactory { The JMS Appender sends the formatted log event to a JMS Destination. - The JMS Appender requires JNDI support so as of release 2.15.1 this appender will not function unless + The JMS Appender requires JNDI support so as of release 2.16.0 this appender will not function unless log4j2.enableJndi=truelog4j2.enableJndi=true is configured as a system property or environment variable. See the enableJndi system property. diff --git a/src/site/xdoc/manual/lookups.xml b/src/site/xdoc/manual/lookups.xml index 70024ff..e9a2e59 100644 --- a/src/site/xdoc/manual/lookups.xml +++ b/src/site/xdoc/manual/lookups.xml @@ -267,7 +267,7 @@ -As of Log4j 2.15.1 JNDI operations require that log4j2.enableJndi=true be set as a system +As of Log4j 2.16.0 JNDI operations require that log4j2.enableJndi=true be set as a system property or the corresponding environment variable for this lookup to function. See the enableJndi system property.
[logging-log4j-site] branch asf-staging updated: Clarify CVE-2021-44228 text on top page
This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new 5f259e5 Clarify CVE-2021-44228 text on top page new 8c7a5a6 Merge remote-tracking branch 'origin/asf-staging' into asf-staging 5f259e5 is described below commit 5f259e559240250f069b402e5405ec979c13b1a2 Author: Remko Popma AuthorDate: Tue Dec 14 16:17:44 2021 +0900 Clarify CVE-2021-44228 text on top page --- log4j-2.16.0/index.html | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/log4j-2.16.0/index.html b/log4j-2.16.0/index.html index de32149..0cb6555 100644 --- a/log4j-2.16.0/index.html +++ b/log4j-2.16.0/index.html @@ -158,6 +158,13 @@ --> Apache Log4j 2 Apache Log4j 2 is an upgrade to Log4j that provides significant improvements over its predecessor, Log4j 1.x, and provides many of the improvements available in Logback while fixing some inherent problems in Logback’s architecture. +Important: Security Vulnerability CVE-2021-44228 +The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.15.0 and 2.16.0. +Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code execution. +One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. This meant that when user input is logged, and that user input contained a JNDI Lookup pointing to a malicious server, then Log4j would resolve that JNDI Lookup, connect to that server, and potentially download serialized Java code from that remote server. This in turn could execute any code during deserialization. This is known as a RCE (Remote Code Execution) att [...] +As of Log4j 2.15.0 the message lookups feature was disabled by default. Lookups in configuration still work. While Log4j 2.15.0 has an option to enable Lookups in this fashion, users are strongly discouraged from enabling it. +From version 2.16.0, the message lookups feature has been completely removed. Lookups in configuration still work. Furthermore, Log4j now disables access to JNDI by default. JNDI lookups in configuration now need to be enabled explicitly. Also, Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects. Hosts other than the local host need to be explicitly allowed. +Please refer to the Security page for mitigation measures for older versions of Log4j. Features API Separation The API for Log4j is separate from the implementation making it clear for application developers which classes and methods they can use while ensuring forward compatibility. This allows the Log4j team to improve the implementation safely and in a compatible manner. @@ -196,11 +203,6 @@ Log4j 2.13.0 and greater require Java 8. Version 2.4 through 2.12.1 required Java 7 (the Log4j team no longer supports Java 7). Some features require optional dependencies; the documentation for these features will specify the required dependencies. News Log4j 2.16.0 has been released solely to disable access to JNDI by default and completely remove the ability to use Lookups in messages. The CVE noted below was fixed in the 2.15.0 release. 2.16.0 is a recommended upgrade to ensure that JNDI will not be abused and that message Lookups are no longer possible. -CVE-2021-44228 -The Log4j team has been made aware of a security vulnerability, CVE-2021-44228, that has been addressed in Log4j 2.15.0. -Log4j’s JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code execution. Log4j now limits the protocols by default to only java, ldap, and ldaps and limits the ldap protocols to only accessing Java primitive objects by default served on the local host. -One vector that allowed exposure to this vulnerability was Log4j’s allowance of Lookups to appear in log messages. As of Log4j 2.15.0 this feature is now disabled by default. While an option has been provided to enable Lookups in this fashion, users are strongly discouraged from enabling it. -For those who cannot upgrade to 2.15.0, in releases >=2.10, this vulnerability can be mitigated by setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. For releases from 2.7 through 2.14.1 all PatternLayout patterns can be modified to specify the message converter as %m{nnolookups} instead of just %m. For releases from 2.0-beta9 to 2.10.0, the mitigation is to remove the JndiLookup class from the classpath:zip [...] Other News Log4j 2.16.0 is now available for production. The API for Log4j 2 is not compatible with Log4j 1.x, howev
[4/4] logging-log4j2 git commit: [BUILD] removed picocli tests from core tests; they do not add value here and occasionally fail when building Log4j on a console that supports ANSI colors
[BUILD] removed picocli tests from core tests; they do not add value here and occasionally fail when building Log4j on a console that supports ANSI colors (cherry picked from commit dd8ded9) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/445395c7 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/445395c7 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/445395c7 Branch: refs/heads/master Commit: 445395c709b9550f30a3bb70d7ca23d2c5854368 Parents: 80d025b Author: rpopma Authored: Wed Mar 21 20:07:40 2018 +0900 Committer: rpopma Committed: Wed Mar 21 20:09:12 2018 +0900 -- .../tools/picocli/CommandLineArityTest.java | 898 - .../core/tools/picocli/CommandLineHelpTest.java | 2536 -- .../core/tools/picocli/CommandLineTest.java | 3188 -- .../core/tools/picocli/CustomLayoutDemo.java| 264 -- .../logging/log4j/core/tools/picocli/Demo.java | 719 5 files changed, 7605 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/445395c7/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineArityTest.java -- diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineArityTest.java b/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineArityTest.java deleted file mode 100644 index e35b593..000 --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineArityTest.java +++ /dev/null @@ -1,898 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache license, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the license for the specific language governing permissions and - * limitations under the license. - */ -package org.apache.logging.log4j.core.tools.picocli; - -import java.io.File; -import java.net.InetAddress; -import java.util.Arrays; -import java.util.List; -import java.util.concurrent.TimeUnit; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.*; - -import static org.junit.Assert.*; - -public class CommandLineArityTest { -@Before public void setUp() { System.clearProperty("picocli.trace"); } -@After public void tearDown() { System.clearProperty("picocli.trace"); } - -private static void setTraceLevel(String level) { -System.setProperty("picocli.trace", level); -} -@Test -public void testArityConstructor_fixedRange() { -Range arity = new Range(1, 23, false, false, null); -assertEquals("min", 1, arity.min); -assertEquals("max", 23, arity.max); -assertEquals("1..23", arity.toString()); -assertEquals(Range.valueOf("1..23"), arity); -} -@Test -public void testArityConstructor_variableRange() { -Range arity = new Range(1, Integer.MAX_VALUE, true, false, null); -assertEquals("min", 1, arity.min); -assertEquals("max", Integer.MAX_VALUE, arity.max); -assertEquals("1..*", arity.toString()); -assertEquals(Range.valueOf("1..*"), arity); -} -@Test -public void testArityForOption_booleanFieldImplicitArity0() throws Exception { -Range arity = Range.optionArity(CommandLineTest.SupportedTypes.class.getDeclaredField("booleanField")); -assertEquals(Range.valueOf("0"), arity); -assertEquals("0", arity.toString()); -} -@Test -public void testArityForOption_intFieldImplicitArity1() throws Exception { -Range arity = Range.optionArity(CommandLineTest.SupportedTypes.class.getDeclaredField("intField")); -assertEquals(Range.valueOf("1"), arity); -assertEquals("1", arity.toString()); -} -@Test -public void testArityForOption_isExplicitlyDeclaredValue() throws Exception { -class Params { -@Option(names = "-timeUnitList&qu
[2/4] logging-log4j2 git commit: [BUILD] removed picocli tests from core tests; they do not add value here and occasionally fail when building Log4j on a console that supports ANSI colors
http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/445395c7/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineTest.java -- diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineTest.java b/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineTest.java deleted file mode 100644 index 118a59f..000 --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineTest.java +++ /dev/null @@ -1,3188 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache license, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the license for the specific language governing permissions and - * limitations under the license. - */ -package org.apache.logging.log4j.core.tools.picocli; - -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.PrintStream; -import java.io.UnsupportedEncodingException; -import java.math.BigDecimal; -import java.math.BigInteger; -import java.net.InetAddress; -import java.net.MalformedURLException; -import java.net.Socket; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.URL; -import java.net.UnknownHostException; -import java.nio.charset.Charset; -import java.sql.Time; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedHashMap; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.Queue; -import java.util.Set; -import java.util.SortedSet; -import java.util.TreeMap; -import java.util.TreeSet; -import java.util.UUID; -import java.util.concurrent.ArrayBlockingQueue; -import java.util.concurrent.Callable; -import java.util.concurrent.TimeUnit; -import java.util.regex.Pattern; - -import org.junit.After; -import org.junit.Before; -import org.junit.Ignore; -import org.junit.Test; - -import static java.util.concurrent.TimeUnit.*; -import static org.junit.Assert.*; -import static org.apache.logging.log4j.core.tools.picocli.CommandLine.*; - -/** - * Tests for the CommandLine argument parsing interpreter functionality. - */ -// DONE arrays -// DONE collection fields -// DONE all built-in types -// DONE private fields, public fields (TODO methods?) -// DONE arity 2, 3 -// DONE arity -1, -2, -3 -// TODO arity ignored for single-value types (non-array, non-collection) -// DONE positional arguments with '--' separator (where positional arguments look like options) -// DONE positional arguments without '--' separator (based on arity of last option?) -// DONE positional arguments based on arity of last option -// TODO ambiguous options: writing --input ARG (as opposed to --input=ARG) is ambiguous, -// meaning it is not possible to tell whether ARG is option's argument or a positional argument. -// In usage patterns this will be interpreted as an option with argument only if a description (covered below) -// for that option is provided. -// Otherwise it will be interpreted as an option and separate positional argument. -// TODO ambiguous short options: ambiguity with the -f FILE and -fFILE notation. -// In the latter case it is not possible to tell whether it is a number of stacked short options, -// or an option with an argument. These notations will be interpreted as an option with argument only if a -// description for the option is provided. -// DONE compact flags -// DONE compact flags where last option has an argument, separate by space -// DONE compact flags where last option has an argument attached to the option character -// DONE long options with argument separate by space -// DONE long options with argument separated by '=' (no spaces) -// TODO document that if arity>1 and args="-opt=val1 val2", arity overrules the "=": both values are assigned -// TODO test superclass bean and child class bean where child class field shadows super class and have same annotation Option name -// TODO test superclass bean and child class bean where child class field shadows super class and have different annotation Option name -// DONE -vrx, -vro outputFile, -vrooutputFile, -vro=outputFile, -vro:outputFile, -vro=, -vro:, -vro -// D
[3/4] logging-log4j2 git commit: [BUILD] removed picocli tests from core tests; they do not add value here and occasionally fail when building Log4j on a console that supports ANSI colors
http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/445395c7/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineHelpTest.java -- diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineHelpTest.java b/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineHelpTest.java deleted file mode 100644 index 3651b22..000 --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineHelpTest.java +++ /dev/null @@ -1,2536 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache license, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the license for the specific language governing permissions and - * limitations under the license. - */ -package org.apache.logging.log4j.core.tools.picocli; - -import org.junit.After; -import org.junit.Ignore; -import org.junit.Test; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Help; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Help.Ansi.IStyle; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Help.Ansi.Style; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Help.Ansi.Text; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Help.ColorScheme; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Help.TextTable; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Option; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Parameters; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Command; - -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.IOException; -import java.io.PrintStream; -import java.io.UnsupportedEncodingException; -import java.lang.String; -import java.lang.reflect.Field; -import java.net.InetAddress; -import java.net.URI; -import java.net.URL; -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import java.util.Map; -import java.util.UUID; -import java.util.concurrent.TimeUnit; - -import static java.lang.String.format; -import static org.junit.Assert.*; - -/** - * Tests for picoCLI's "Usage" help functionality. - */ -public class CommandLineHelpTest { -private static final String LINESEP = System.getProperty("line.separator"); - -@After -public void after() { -System.getProperties().remove("picocli.color.commands"); -System.getProperties().remove("picocli.color.options"); -System.getProperties().remove("picocli.color.parameters"); -System.getProperties().remove("picocli.color.optionParams"); -} -private static String usageString(Object annotatedObject, Help.Ansi ansi) throws UnsupportedEncodingException { -return usageString(new CommandLine(annotatedObject), ansi); -} -private static String usageString(CommandLine commandLine, Help.Ansi ansi) throws UnsupportedEncodingException { -ByteArrayOutputStream baos = new ByteArrayOutputStream(); -commandLine.usage(new PrintStream(baos, true, "UTF8"), ansi); -String result = baos.toString("UTF8"); - -if (ansi == Help.Ansi.AUTO) { -baos.reset(); -commandLine.usage(new PrintStream(baos, true, "UTF8")); -assertEquals(result, baos.toString("UTF8")); -} else if (ansi == Help.Ansi.ON) { -baos.reset(); -commandLine.usage(new PrintStream(baos, true, "UTF8"), Help.defaultColorScheme(Help.Ansi.ON)); -assertEquals(result, baos.toString("UTF8")); -} -return result; -} -private static Field field(Class cls, String fieldName) throws NoSuchFieldException { -return cls.getDeclaredField(fieldName); -} -private static Field[] fields(Class cls, String... fieldNames) throws NoSuchFieldException { -Field[] result = new Field[fieldNames.length]; -for (int i = 0; i < fieldNames.length; i++) { -result[i] = cls.getDeclaredField(fieldNames[i]); -} -return result; -} - -@Test -public void testWithoutShowDefaultValues() throws Exception { -@CommandLine.Command() -class Params { -@Option(names = {"-f", "--file"}, required = true, description = "the file to use") File file; -
[1/4] logging-log4j2 git commit: [BUILD] removed picocli tests from core tests; they do not add value here and occasionally fail when building Log4j on a console that supports ANSI colors
es in untracked directories." -}) -GitStatusMode mode = GitStatusMode.all; -} - -static -// tag::GitCommit[] -// tag::GitCommit-declaration[] -@Command(name = "git-commit", -sortOptions = false, -headerHeading = "@|bold,underline Usage:|@%n%n", -synopsisHeading = "%n", -descriptionHeading = "%n@|bold,underline Description:|@%n%n", -parameterListHeading = "%n@|bold,underline Parameters:|@%n", -optionListHeading = "%n@|bold,underline Options:|@%n", -header = "Record changes to the repository.", -description = "Stores the current contents of the index in a new commit " + -"along with a log message from the user describing the changes.") -class GitCommit { // end::GitCommit-declaration[] -@Option(names = {"-a", "--all"}, -description = "Tell the command to automatically stage files that have been modified " + - "and deleted, but new files you have not told Git about are not affected.") -boolean all; - -@Option(names = {"-p", "--patch"}, description = "Use the interactive patch selection interface to chose which changes to commit") -boolean patch; - -@Option(names = {"-C", "--reuse-message"}, paramLabel = "", -description = "Take an existing commit object, and reuse the log message and the " + -"authorship information (including the timestamp) when creating the commit.") -String reuseMessageCommit; - -@Option(names = {"-c", "--reedit-message"}, paramLabel = "", -description = "Like -C, but with -c the editor is invoked, so that the user can" + -"further edit the commit message.") -String reEditMessageCommit; - -@Option(names = "--fixup", paramLabel = "", -description = "Construct a commit message for use with rebase --autosquash.") -String fixupCommit; - -@Option(names = "--squash", paramLabel = "", -description = "Construct a commit message for use with rebase --autosquash. The commit" + -"message subject line is taken from the specified commit with a prefix of " + -"\"squash! \". Can be used with additional commit message options (-m/-c/-C/-F).") -String squashCommit; - -@Option(names = {"-F", "--file"}, paramLabel = "", -description = "Take the commit message from the given file. Use - to read the message from the standard input.") -File file; - -@Option(names = {"-m", "--message"}, paramLabel = "", -description = "Use the given as the commit message. If multiple -m options" + -" are given, their values are concatenated as separate paragraphs.") -List message = new ArrayList(); - -@Parameters(paramLabel = "", description = "the files to commit") -List files = new ArrayList(); -} -// end::GitCommit[] - -// defines some commands to show in the list (option/parameters fields omitted for this demo) -@Command(name = "git-add", header = "Add file contents to the index.") static class GitAdd {} -@Command(name = "git-branch", header = "List, create, or delete branches.") static class GitBranch {} -@Command(name = "git-checkout", header = "Checkout a branch or paths to the working tree.") static class GitCheckout{} -@Command(name = "git-clone", header = "Clone a repository into a new directory.") static class GitClone{} -@Command(name = "git-diff", header = "Show changes between commits, commit and working tree, etc.") static class GitDiff{} -@Command(name = "git-merge", header = "Join two or more development histories together.") static class GitMerge{} -@Command(name = "git-push", header = "Update remote refs along with associated objects.") static class GitPush{} -@Command(name = "git-rebase", header = "Forward-port local commits to the updated upstream head.") static class GitRebase{} -@Command(name = "git-tag", header = "Create, list, delete or verify a tag object signed with GPG.") static class GitTag{} - -/** @see CommandLineTest#testParseSubCommands() The JUnit
[3/4] logging-log4j2 git commit: [BUILD] removed picocli tests from core tests; they do not add value here and occasionally fail when building Log4j on a console that supports ANSI colors
http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/dd8ded97/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineHelpTest.java -- diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineHelpTest.java b/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineHelpTest.java deleted file mode 100644 index 3651b22..000 --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineHelpTest.java +++ /dev/null @@ -1,2536 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache license, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the license for the specific language governing permissions and - * limitations under the license. - */ -package org.apache.logging.log4j.core.tools.picocli; - -import org.junit.After; -import org.junit.Ignore; -import org.junit.Test; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Help; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Help.Ansi.IStyle; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Help.Ansi.Style; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Help.Ansi.Text; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Help.ColorScheme; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Help.TextTable; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Option; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Parameters; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.Command; - -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.IOException; -import java.io.PrintStream; -import java.io.UnsupportedEncodingException; -import java.lang.String; -import java.lang.reflect.Field; -import java.net.InetAddress; -import java.net.URI; -import java.net.URL; -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import java.util.Map; -import java.util.UUID; -import java.util.concurrent.TimeUnit; - -import static java.lang.String.format; -import static org.junit.Assert.*; - -/** - * Tests for picoCLI's "Usage" help functionality. - */ -public class CommandLineHelpTest { -private static final String LINESEP = System.getProperty("line.separator"); - -@After -public void after() { -System.getProperties().remove("picocli.color.commands"); -System.getProperties().remove("picocli.color.options"); -System.getProperties().remove("picocli.color.parameters"); -System.getProperties().remove("picocli.color.optionParams"); -} -private static String usageString(Object annotatedObject, Help.Ansi ansi) throws UnsupportedEncodingException { -return usageString(new CommandLine(annotatedObject), ansi); -} -private static String usageString(CommandLine commandLine, Help.Ansi ansi) throws UnsupportedEncodingException { -ByteArrayOutputStream baos = new ByteArrayOutputStream(); -commandLine.usage(new PrintStream(baos, true, "UTF8"), ansi); -String result = baos.toString("UTF8"); - -if (ansi == Help.Ansi.AUTO) { -baos.reset(); -commandLine.usage(new PrintStream(baos, true, "UTF8")); -assertEquals(result, baos.toString("UTF8")); -} else if (ansi == Help.Ansi.ON) { -baos.reset(); -commandLine.usage(new PrintStream(baos, true, "UTF8"), Help.defaultColorScheme(Help.Ansi.ON)); -assertEquals(result, baos.toString("UTF8")); -} -return result; -} -private static Field field(Class cls, String fieldName) throws NoSuchFieldException { -return cls.getDeclaredField(fieldName); -} -private static Field[] fields(Class cls, String... fieldNames) throws NoSuchFieldException { -Field[] result = new Field[fieldNames.length]; -for (int i = 0; i < fieldNames.length; i++) { -result[i] = cls.getDeclaredField(fieldNames[i]); -} -return result; -} - -@Test -public void testWithoutShowDefaultValues() throws Exception { -@CommandLine.Command() -class Params { -@Option(names = {"-f", "--file"}, required = true, description = "the file to use") File file; -
[4/4] logging-log4j2 git commit: [BUILD] removed picocli tests from core tests; they do not add value here and occasionally fail when building Log4j on a console that supports ANSI colors
[BUILD] removed picocli tests from core tests; they do not add value here and occasionally fail when building Log4j on a console that supports ANSI colors Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/dd8ded97 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/dd8ded97 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/dd8ded97 Branch: refs/heads/release-2.x Commit: dd8ded97adc3fb2422eadc6c67a2da9c327f4497 Parents: ec10b16 Author: rpopma Authored: Wed Mar 21 20:07:40 2018 +0900 Committer: rpopma Committed: Wed Mar 21 20:07:40 2018 +0900 -- .../tools/picocli/CommandLineArityTest.java | 898 - .../core/tools/picocli/CommandLineHelpTest.java | 2536 -- .../core/tools/picocli/CommandLineTest.java | 3188 -- .../core/tools/picocli/CustomLayoutDemo.java| 264 -- .../logging/log4j/core/tools/picocli/Demo.java | 719 5 files changed, 7605 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/dd8ded97/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineArityTest.java -- diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineArityTest.java b/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineArityTest.java deleted file mode 100644 index e35b593..000 --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineArityTest.java +++ /dev/null @@ -1,898 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache license, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the license for the specific language governing permissions and - * limitations under the license. - */ -package org.apache.logging.log4j.core.tools.picocli; - -import java.io.File; -import java.net.InetAddress; -import java.util.Arrays; -import java.util.List; -import java.util.concurrent.TimeUnit; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.apache.logging.log4j.core.tools.picocli.CommandLine.*; - -import static org.junit.Assert.*; - -public class CommandLineArityTest { -@Before public void setUp() { System.clearProperty("picocli.trace"); } -@After public void tearDown() { System.clearProperty("picocli.trace"); } - -private static void setTraceLevel(String level) { -System.setProperty("picocli.trace", level); -} -@Test -public void testArityConstructor_fixedRange() { -Range arity = new Range(1, 23, false, false, null); -assertEquals("min", 1, arity.min); -assertEquals("max", 23, arity.max); -assertEquals("1..23", arity.toString()); -assertEquals(Range.valueOf("1..23"), arity); -} -@Test -public void testArityConstructor_variableRange() { -Range arity = new Range(1, Integer.MAX_VALUE, true, false, null); -assertEquals("min", 1, arity.min); -assertEquals("max", Integer.MAX_VALUE, arity.max); -assertEquals("1..*", arity.toString()); -assertEquals(Range.valueOf("1..*"), arity); -} -@Test -public void testArityForOption_booleanFieldImplicitArity0() throws Exception { -Range arity = Range.optionArity(CommandLineTest.SupportedTypes.class.getDeclaredField("booleanField")); -assertEquals(Range.valueOf("0"), arity); -assertEquals("0", arity.toString()); -} -@Test -public void testArityForOption_intFieldImplicitArity1() throws Exception { -Range arity = Range.optionArity(CommandLineTest.SupportedTypes.class.getDeclaredField("intField")); -assertEquals(Range.valueOf("1"), arity); -assertEquals("1", arity.toString()); -} -@Test -public void testArityForOption_isExplicitlyDeclaredValue() throws Exception { -class Params { -@Option(names = "-timeUnitList", type = TimeUnit.class, arity =
[1/4] logging-log4j2 git commit: [BUILD] removed picocli tests from core tests; they do not add value here and occasionally fail when building Log4j on a console that supports ANSI colors
es in untracked directories." -}) -GitStatusMode mode = GitStatusMode.all; -} - -static -// tag::GitCommit[] -// tag::GitCommit-declaration[] -@Command(name = "git-commit", -sortOptions = false, -headerHeading = "@|bold,underline Usage:|@%n%n", -synopsisHeading = "%n", -descriptionHeading = "%n@|bold,underline Description:|@%n%n", -parameterListHeading = "%n@|bold,underline Parameters:|@%n", -optionListHeading = "%n@|bold,underline Options:|@%n", -header = "Record changes to the repository.", -description = "Stores the current contents of the index in a new commit " + -"along with a log message from the user describing the changes.") -class GitCommit { // end::GitCommit-declaration[] -@Option(names = {"-a", "--all"}, -description = "Tell the command to automatically stage files that have been modified " + - "and deleted, but new files you have not told Git about are not affected.") -boolean all; - -@Option(names = {"-p", "--patch"}, description = "Use the interactive patch selection interface to chose which changes to commit") -boolean patch; - -@Option(names = {"-C", "--reuse-message"}, paramLabel = "", -description = "Take an existing commit object, and reuse the log message and the " + -"authorship information (including the timestamp) when creating the commit.") -String reuseMessageCommit; - -@Option(names = {"-c", "--reedit-message"}, paramLabel = "", -description = "Like -C, but with -c the editor is invoked, so that the user can" + -"further edit the commit message.") -String reEditMessageCommit; - -@Option(names = "--fixup", paramLabel = "", -description = "Construct a commit message for use with rebase --autosquash.") -String fixupCommit; - -@Option(names = "--squash", paramLabel = "", -description = "Construct a commit message for use with rebase --autosquash. The commit" + -"message subject line is taken from the specified commit with a prefix of " + -"\"squash! \". Can be used with additional commit message options (-m/-c/-C/-F).") -String squashCommit; - -@Option(names = {"-F", "--file"}, paramLabel = "", -description = "Take the commit message from the given file. Use - to read the message from the standard input.") -File file; - -@Option(names = {"-m", "--message"}, paramLabel = "", -description = "Use the given as the commit message. If multiple -m options" + -" are given, their values are concatenated as separate paragraphs.") -List message = new ArrayList(); - -@Parameters(paramLabel = "", description = "the files to commit") -List files = new ArrayList(); -} -// end::GitCommit[] - -// defines some commands to show in the list (option/parameters fields omitted for this demo) -@Command(name = "git-add", header = "Add file contents to the index.") static class GitAdd {} -@Command(name = "git-branch", header = "List, create, or delete branches.") static class GitBranch {} -@Command(name = "git-checkout", header = "Checkout a branch or paths to the working tree.") static class GitCheckout{} -@Command(name = "git-clone", header = "Clone a repository into a new directory.") static class GitClone{} -@Command(name = "git-diff", header = "Show changes between commits, commit and working tree, etc.") static class GitDiff{} -@Command(name = "git-merge", header = "Join two or more development histories together.") static class GitMerge{} -@Command(name = "git-push", header = "Update remote refs along with associated objects.") static class GitPush{} -@Command(name = "git-rebase", header = "Forward-port local commits to the updated upstream head.") static class GitRebase{} -@Command(name = "git-tag", header = "Create, list, delete or verify a tag object signed with GPG.") static class GitTag{} - -/** @see CommandLineTest#testParseSubCommands() Th
[2/4] logging-log4j2 git commit: [BUILD] removed picocli tests from core tests; they do not add value here and occasionally fail when building Log4j on a console that supports ANSI colors
http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/dd8ded97/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineTest.java -- diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineTest.java b/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineTest.java deleted file mode 100644 index 118a59f..000 --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/tools/picocli/CommandLineTest.java +++ /dev/null @@ -1,3188 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache license, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the license for the specific language governing permissions and - * limitations under the license. - */ -package org.apache.logging.log4j.core.tools.picocli; - -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.PrintStream; -import java.io.UnsupportedEncodingException; -import java.math.BigDecimal; -import java.math.BigInteger; -import java.net.InetAddress; -import java.net.MalformedURLException; -import java.net.Socket; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.URL; -import java.net.UnknownHostException; -import java.nio.charset.Charset; -import java.sql.Time; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedHashMap; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.Queue; -import java.util.Set; -import java.util.SortedSet; -import java.util.TreeMap; -import java.util.TreeSet; -import java.util.UUID; -import java.util.concurrent.ArrayBlockingQueue; -import java.util.concurrent.Callable; -import java.util.concurrent.TimeUnit; -import java.util.regex.Pattern; - -import org.junit.After; -import org.junit.Before; -import org.junit.Ignore; -import org.junit.Test; - -import static java.util.concurrent.TimeUnit.*; -import static org.junit.Assert.*; -import static org.apache.logging.log4j.core.tools.picocli.CommandLine.*; - -/** - * Tests for the CommandLine argument parsing interpreter functionality. - */ -// DONE arrays -// DONE collection fields -// DONE all built-in types -// DONE private fields, public fields (TODO methods?) -// DONE arity 2, 3 -// DONE arity -1, -2, -3 -// TODO arity ignored for single-value types (non-array, non-collection) -// DONE positional arguments with '--' separator (where positional arguments look like options) -// DONE positional arguments without '--' separator (based on arity of last option?) -// DONE positional arguments based on arity of last option -// TODO ambiguous options: writing --input ARG (as opposed to --input=ARG) is ambiguous, -// meaning it is not possible to tell whether ARG is option's argument or a positional argument. -// In usage patterns this will be interpreted as an option with argument only if a description (covered below) -// for that option is provided. -// Otherwise it will be interpreted as an option and separate positional argument. -// TODO ambiguous short options: ambiguity with the -f FILE and -fFILE notation. -// In the latter case it is not possible to tell whether it is a number of stacked short options, -// or an option with an argument. These notations will be interpreted as an option with argument only if a -// description for the option is provided. -// DONE compact flags -// DONE compact flags where last option has an argument, separate by space -// DONE compact flags where last option has an argument attached to the option character -// DONE long options with argument separate by space -// DONE long options with argument separated by '=' (no spaces) -// TODO document that if arity>1 and args="-opt=val1 val2", arity overrules the "=": both values are assigned -// TODO test superclass bean and child class bean where child class field shadows super class and have same annotation Option name -// TODO test superclass bean and child class bean where child class field shadows super class and have different annotation Option name -// DONE -vrx, -vro outputFile, -vrooutputFile, -vro=outputFile, -vro:outputFile, -vro=, -vro:, -vro -// D
[1/2] logging-log4j2 git commit: LOG4J2-2253 Update ParameterConsumer index type from short to int
Repository: logging-log4j2 Updated Branches: refs/heads/master aaaba79a6 -> 31c41c0c6 LOG4J2-2253 Update ParameterConsumer index type from short to int Originally ParameterVisitable was built for ReusableMessage which provides a "short getParameterCount()" method. Now that the interface isn't bound to ReusableMessage it might as well use integer. Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/73191e1c Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/73191e1c Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/73191e1c Branch: refs/heads/master Commit: 73191e1ccfd35e444634d3150fdaad029f1e10e9 Parents: aaaba79 Author: Carter Kozak Authored: Mon Feb 26 21:39:12 2018 -0800 Committer: rpopma Committed: Tue Feb 27 19:01:23 2018 +0900 -- .../java/org/apache/logging/log4j/message/ParameterConsumer.java | 2 +- .../org/apache/logging/log4j/message/ReusableObjectMessage.java| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/73191e1c/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java index ff8c148..8b81e1a 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java @@ -21,6 +21,6 @@ public interface ParameterConsumer { * @param parameterIndex Index of the parameter * @param state */ -void accept(Object parameter, short parameterIndex, S state); +void accept(Object parameter, int parameterIndex, S state); } http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/73191e1c/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java index b973e5a..c272ab7 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java @@ -114,7 +114,7 @@ public class ReusableObjectMessage implements ReusableMessage, ParameterVisitabl @Override public void forEachParameter(ParameterConsumer action, S state) { -action.accept(obj, (short) 0, state); +action.accept(obj, 0, state); } @Override
[2/2] logging-log4j2 git commit: LOG4J2-2253 Update tests
LOG4J2-2253 Update tests Closes #156 Closes #157 Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/31c41c0c Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/31c41c0c Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/31c41c0c Branch: refs/heads/master Commit: 31c41c0c6d270402185f92289972a78ecdf62e17 Parents: 73191e1 Author: Carter Kozak Authored: Mon Feb 26 21:46:10 2018 -0800 Committer: rpopma Committed: Tue Feb 27 19:03:27 2018 +0900 -- .../logging/log4j/message/ReusableParameterizedMessageTest.java| 2 +- .../apache/logging/log4j/core/async/RingBufferLogEventTest.java| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/31c41c0c/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableParameterizedMessageTest.java -- diff --git a/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableParameterizedMessageTest.java b/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableParameterizedMessageTest.java index 38f157d..d16beb3 100644 --- a/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableParameterizedMessageTest.java +++ b/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableParameterizedMessageTest.java @@ -160,7 +160,7 @@ public class ReusableParameterizedMessageTest { final List actual = new LinkedList<>(); msg.forEachParameter(new ParameterConsumer() { @Override -public void accept(Object parameter, short parameterIndex, Void state) { +public void accept(Object parameter, int parameterIndex, Void state) { actual.add(parameter); } }, null); http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/31c41c0c/log4j-core/src/test/java/org/apache/logging/log4j/core/async/RingBufferLogEventTest.java -- diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/async/RingBufferLogEventTest.java b/log4j-core/src/test/java/org/apache/logging/log4j/core/async/RingBufferLogEventTest.java index fdc03d4..1d34921 100644 --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/async/RingBufferLogEventTest.java +++ b/log4j-core/src/test/java/org/apache/logging/log4j/core/async/RingBufferLogEventTest.java @@ -196,7 +196,7 @@ public class RingBufferLogEventTest { final RingBufferLogEvent evt = new RingBufferLogEvent(); evt.forEachParameter(new ParameterConsumer() { @Override -public void accept(Object parameter, short parameterIndex, Void state) { +public void accept(Object parameter, int parameterIndex, Void state) { fail("Should not have been called"); } }, null);
[2/2] logging-log4j2 git commit: LOG4J2-2253 Update tests
LOG4J2-2253 Update tests Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/a10da6d4 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/a10da6d4 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/a10da6d4 Branch: refs/heads/release-2.x Commit: a10da6d43b3e558a51d23d982d55a74af7ef3db4 Parents: 2e80659 Author: Carter Kozak Authored: Mon Feb 26 21:46:10 2018 -0800 Committer: rpopma Committed: Tue Feb 27 18:58:26 2018 +0900 -- .../logging/log4j/message/ReusableParameterizedMessageTest.java| 2 +- .../apache/logging/log4j/core/async/RingBufferLogEventTest.java| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/a10da6d4/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableParameterizedMessageTest.java -- diff --git a/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableParameterizedMessageTest.java b/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableParameterizedMessageTest.java index 38f157d..d16beb3 100644 --- a/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableParameterizedMessageTest.java +++ b/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableParameterizedMessageTest.java @@ -160,7 +160,7 @@ public class ReusableParameterizedMessageTest { final List actual = new LinkedList<>(); msg.forEachParameter(new ParameterConsumer() { @Override -public void accept(Object parameter, short parameterIndex, Void state) { +public void accept(Object parameter, int parameterIndex, Void state) { actual.add(parameter); } }, null); http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/a10da6d4/log4j-core/src/test/java/org/apache/logging/log4j/core/async/RingBufferLogEventTest.java -- diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/async/RingBufferLogEventTest.java b/log4j-core/src/test/java/org/apache/logging/log4j/core/async/RingBufferLogEventTest.java index 0b59de7..2b6e6b6 100644 --- a/log4j-core/src/test/java/org/apache/logging/log4j/core/async/RingBufferLogEventTest.java +++ b/log4j-core/src/test/java/org/apache/logging/log4j/core/async/RingBufferLogEventTest.java @@ -196,7 +196,7 @@ public class RingBufferLogEventTest { final RingBufferLogEvent evt = new RingBufferLogEvent(); evt.forEachParameter(new ParameterConsumer() { @Override -public void accept(Object parameter, short parameterIndex, Void state) { +public void accept(Object parameter, int parameterIndex, Void state) { fail("Should not have been called"); } }, null);
[1/2] logging-log4j2 git commit: LOG4J2-2253 Update ParameterConsumer index type from short to int
Repository: logging-log4j2 Updated Branches: refs/heads/release-2.x 326d06319 -> a10da6d43 LOG4J2-2253 Update ParameterConsumer index type from short to int Originally ParameterVisitable was built for ReusableMessage which provides a "short getParameterCount()" method. Now that the interface isn't bound to ReusableMessage it might as well use integer. Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/2e806597 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/2e806597 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/2e806597 Branch: refs/heads/release-2.x Commit: 2e80659771cc77365247bcfd49ae328def28690a Parents: 326d063 Author: Carter Kozak Authored: Mon Feb 26 21:39:12 2018 -0800 Committer: rpopma Committed: Tue Feb 27 18:57:57 2018 +0900 -- .../java/org/apache/logging/log4j/message/ParameterConsumer.java | 2 +- .../org/apache/logging/log4j/message/ReusableObjectMessage.java| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/2e806597/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java index ff8c148..8b81e1a 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java @@ -21,6 +21,6 @@ public interface ParameterConsumer { * @param parameterIndex Index of the parameter * @param state */ -void accept(Object parameter, short parameterIndex, S state); +void accept(Object parameter, int parameterIndex, S state); } http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/2e806597/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java index b973e5a..c272ab7 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java @@ -114,7 +114,7 @@ public class ReusableObjectMessage implements ReusableMessage, ParameterVisitabl @Override public void forEachParameter(ParameterConsumer action, S state) { -action.accept(obj, (short) 0, state); +action.accept(obj, 0, state); } @Override
[1/2] logging-log4j2 git commit: LOG4J2-2273 Fix typo in documentation for custom configuration
Repository: logging-log4j2 Updated Branches: refs/heads/release-2.x e4d9b0d65 -> 326d06319 LOG4J2-2273 Fix typo in documentation for custom configuration Closes #155 (cherry picked from commit c8261a5) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/551cbd19 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/551cbd19 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/551cbd19 Branch: refs/heads/release-2.x Commit: 551cbd19a20dd51517fa61069f36107d4e4f6716 Parents: e4d9b0d Author: Bruno P. Kinoshita Authored: Tue Feb 27 12:11:43 2018 +0900 Committer: rpopma Committed: Tue Feb 27 12:40:42 2018 +0900 -- src/site/xdoc/manual/customconfig.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/551cbd19/src/site/xdoc/manual/customconfig.xml -- diff --git a/src/site/xdoc/manual/customconfig.xml b/src/site/xdoc/manual/customconfig.xml index 8b1b8bd..e57af39 100644 --- a/src/site/xdoc/manual/customconfig.xml +++ b/src/site/xdoc/manual/customconfig.xml @@ -210,7 +210,7 @@ builder.add( builder.newLogger( "TestLogger", Level.DEBUG ) builder.add( builder.newRootLogger( Level.DEBUG ) .add( builder.newAppenderRef( "rolling" ) ) ); -LoggerContext ctx = Configurator.intitialize(builder.build()); +LoggerContext ctx = Configurator.initialize(builder.build()); ]]>
[2/2] logging-log4j2 git commit: LOG4J2-2273 (change log) Fix typo in documentation for custom configuration
LOG4J2-2273 (change log) Fix typo in documentation for custom configuration Closes #155 Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/326d0631 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/326d0631 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/326d0631 Branch: refs/heads/release-2.x Commit: 326d06319da09ec832826eb978a8d19f57138553 Parents: 551cbd1 Author: rpopma Authored: Tue Feb 27 12:41:53 2018 +0900 Committer: rpopma Committed: Tue Feb 27 12:41:53 2018 +0900 -- src/changes/changes.xml | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/326d0631/src/changes/changes.xml -- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index a5f5de9..d4bff2b 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -31,6 +31,9 @@ - "remove" - Removed --> + +Documentation fix in manual page for custom configurations. + Reusable LogEvents now pass the original format string to downstream components like layouts and filters.
[2/2] logging-log4j2 git commit: LOG4J2-2273 Documentation fix
LOG4J2-2273 Documentation fix Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/aaaba79a Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/aaaba79a Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/aaaba79a Branch: refs/heads/master Commit: aaaba79a64fb409c4beb0fe3c23ba84b1ad6b7da Parents: 5b5bd91 c8261a5 Author: rpopma Authored: Tue Feb 27 12:27:33 2018 +0900 Committer: rpopma Committed: Tue Feb 27 12:35:34 2018 +0900 -- src/changes/changes.xml | 3 +++ src/site/xdoc/manual/customconfig.xml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/aaaba79a/src/changes/changes.xml -- diff --cc src/changes/changes.xml index 4e3cc99,10081d5..63183b6 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@@ -90,9 -90,6 +90,12 @@@ ++ ++Documentation fix in manual page for custom configurations. ++ + +Reusable LogEvents now pass the original format string to downstream components like layouts and filters. + Add API to enable iterating over message parameters without creating temporary objects.
[1/2] logging-log4j2 git commit: Fix typo in documentation
Repository: logging-log4j2 Updated Branches: refs/heads/master 5b5bd9120 -> aaaba79a6 Fix typo in documentation Hello, found while updating a legacy project from log4j1 to log4j2, and reading the docs (which are great, by the way, a life saver. Thanks!) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/c8261a5b Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/c8261a5b Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/c8261a5b Branch: refs/heads/master Commit: c8261a5b1997c121f9416d693e60dac050c2719f Parents: b712cb7 Author: Bruno P. Kinoshita Authored: Tue Feb 27 16:11:43 2018 +1300 Committer: GitHub Committed: Tue Feb 27 16:11:43 2018 +1300 -- src/site/xdoc/manual/customconfig.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/c8261a5b/src/site/xdoc/manual/customconfig.xml -- diff --git a/src/site/xdoc/manual/customconfig.xml b/src/site/xdoc/manual/customconfig.xml index 8b1b8bd..e57af39 100644 --- a/src/site/xdoc/manual/customconfig.xml +++ b/src/site/xdoc/manual/customconfig.xml @@ -210,7 +210,7 @@ builder.add( builder.newLogger( "TestLogger", Level.DEBUG ) builder.add( builder.newRootLogger( Level.DEBUG ) .add( builder.newAppenderRef( "rolling" ) ) ); -LoggerContext ctx = Configurator.intitialize(builder.build()); +LoggerContext ctx = Configurator.initialize(builder.build()); ]]>
logging-log4j2 git commit: LOG4J2-2252 (change log) Reusable LogEvents now pass the original format string to downstream components like layouts and filters.
Repository: logging-log4j2 Updated Branches: refs/heads/master b712cb7b4 -> 5b5bd9120 LOG4J2-2252 (change log) Reusable LogEvents now pass the original format string to downstream components like layouts and filters. Closes #148 (cherry picked from commit e4d9b0d) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/5b5bd912 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/5b5bd912 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/5b5bd912 Branch: refs/heads/master Commit: 5b5bd912043222b1b0c94683bcba98eede54c97c Parents: b712cb7 Author: rpopma Authored: Tue Feb 27 12:17:43 2018 +0900 Committer: rpopma Committed: Tue Feb 27 12:21:32 2018 +0900 -- src/changes/changes.xml | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/5b5bd912/src/changes/changes.xml -- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 10081d5..4e3cc99 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -90,6 +90,9 @@ + +Reusable LogEvents now pass the original format string to downstream components like layouts and filters. + Add API to enable iterating over message parameters without creating temporary objects.
[1/2] logging-log4j2 git commit: LOG4J2-2252 Reusable LogEvents should pass along the original format string
Repository: logging-log4j2 Updated Branches: refs/heads/release-2.x 73306cd08 -> e4d9b0d65 LOG4J2-2252 Reusable LogEvents should pass along the original format string This allows custom layouts to group logged messages parameterized values without creating new single-use messages for each event. This slightly modifies the getFormat implementation of some message types to avoid doing unnecessary work to load the format string. Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/ac614e85 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/ac614e85 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/ac614e85 Branch: refs/heads/release-2.x Commit: ac614e85e59d9e89033eda703ec43dcd2b2b4fc7 Parents: 73306cd Author: Carter Kozak Authored: Tue Feb 13 11:28:17 2018 -0500 Committer: Carter Kozak Committed: Mon Feb 26 09:04:14 2018 -0800 -- .../log4j/message/ReusableObjectMessage.java| 2 +- .../log4j/message/ReusableSimpleMessage.java| 2 +- .../logging/log4j/message/SimpleMessage.java| 5 ++-- .../message/ReusableObjectMessageTest.java | 4 +-- .../message/ReusableSimpleMessageTest.java | 2 +- .../log4j/core/async/RingBufferLogEvent.java| 5 +++- .../log4j/core/impl/MutableLogEvent.java| 5 +++- .../log4j/core/impl/MutableLogEventTest.java| 28 8 files changed, 44 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ac614e85/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java index 950a35e..b973e5a 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java @@ -55,7 +55,7 @@ public class ReusableObjectMessage implements ReusableMessage, ParameterVisitabl */ @Override public String getFormat() { -return getFormattedMessage(); +return obj instanceof String ? (String) obj : null; } /** http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ac614e85/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableSimpleMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableSimpleMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableSimpleMessage.java index 1bd1732..49b0d7f 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableSimpleMessage.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableSimpleMessage.java @@ -43,7 +43,7 @@ public class ReusableSimpleMessage implements ReusableMessage, CharSequence, Par @Override public String getFormat() { -return getFormattedMessage(); +return charSequence instanceof String ? (String) charSequence : null; } @Override http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ac614e85/log4j-api/src/main/java/org/apache/logging/log4j/message/SimpleMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/SimpleMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/SimpleMessage.java index 8a2fc72..d33f3b9 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/message/SimpleMessage.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/SimpleMessage.java @@ -16,10 +16,11 @@ */ package org.apache.logging.log4j.message; +import org.apache.logging.log4j.util.StringBuilderFormattable; + import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; -import org.apache.logging.log4j.util.StringBuilderFormattable; /** * The simplest possible implementation of Message. It just returns the String given as the constructor argument. @@ -75,7 +76,7 @@ public class SimpleMessage implements Message, StringBuilderFormattable, CharSeq */ @Override public String getFormat() { -return getFormattedMessage(); +return message; } /** http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/ac614e85/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableObjectMessageTest.java -- diff --git a/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableOb
[2/2] logging-log4j2 git commit: LOG4J2-2252 (change log) Reusable LogEvents now pass the original format string to downstream components like layouts and filters.
LOG4J2-2252 (change log) Reusable LogEvents now pass the original format string to downstream components like layouts and filters. Closes #154 Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/e4d9b0d6 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/e4d9b0d6 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/e4d9b0d6 Branch: refs/heads/release-2.x Commit: e4d9b0d65218291b0eaf60e980fe368892ab5aca Parents: ac614e8 Author: rpopma Authored: Tue Feb 27 12:17:43 2018 +0900 Committer: rpopma Committed: Tue Feb 27 12:17:43 2018 +0900 -- src/changes/changes.xml | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/e4d9b0d6/src/changes/changes.xml -- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 624829b..a5f5de9 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -31,6 +31,9 @@ - "remove" - Removed --> + +Reusable LogEvents now pass the original format string to downstream components like layouts and filters. + Add API to enable iterating over message parameters without creating temporary objects.
[2/2] logging-log4j2 git commit: LOG4J2-2253 (change log) Add API to enable iterating over message parameters without creating temporary objects
LOG4J2-2253 (change log) Add API to enable iterating over message parameters without creating temporary objects Closes #150 (cherry picked from commit 73306cd) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/b712cb7b Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/b712cb7b Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/b712cb7b Branch: refs/heads/master Commit: b712cb7b419e5d665ee4935101a947f933ab749d Parents: 0bc29cc Author: rpopma Authored: Mon Feb 26 19:42:22 2018 +0900 Committer: rpopma Committed: Mon Feb 26 19:46:06 2018 +0900 -- src/changes/changes.xml | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/b712cb7b/src/changes/changes.xml -- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index db9db2f..10081d5 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -90,6 +90,9 @@ + +Add API to enable iterating over message parameters without creating temporary objects. + Move module-info.class to META-INF/versions/9 directory.
[1/2] logging-log4j2 git commit: fix typo
Repository: logging-log4j2 Updated Branches: refs/heads/master 7060cc307 -> b712cb7b4 fix typo (cherry picked from commit d19496f) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/0bc29cc3 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/0bc29cc3 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/0bc29cc3 Branch: refs/heads/master Commit: 0bc29cc36ba66c13e8a97b27b187a13c2efdb9e8 Parents: 7060cc3 Author: rpopma Authored: Mon Feb 26 19:38:25 2018 +0900 Committer: rpopma Committed: Mon Feb 26 19:45:17 2018 +0900 -- src/changes/changes.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/0bc29cc3/src/changes/changes.xml -- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 3f96496..db9db2f 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -90,7 +90,7 @@ - + Move module-info.class to META-INF/versions/9 directory.
[2/4] logging-log4j2 git commit: LOG4J2-2253 renamed ParameterVisitableMessage to ParameterVisitable
LOG4J2-2253 renamed ParameterVisitableMessage to ParameterVisitable (cherry picked from commit 7060cc3) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/d3c95b10 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/d3c95b10 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/d3c95b10 Branch: refs/heads/release-2.x Commit: d3c95b1021d272c68263438a580045110809599d Parents: e381ffa Author: rpopma Authored: Mon Feb 26 19:31:42 2018 +0900 Committer: rpopma Committed: Mon Feb 26 19:37:00 2018 +0900 -- .../log4j/message/ParameterVisitable.java | 30 .../message/ParameterVisitableMessage.java | 30 .../log4j/message/ReusableObjectMessage.java| 2 +- .../message/ReusableParameterizedMessage.java | 2 +- .../log4j/message/ReusableSimpleMessage.java| 2 +- .../log4j/core/async/RingBufferLogEvent.java| 2 +- .../log4j/core/impl/MutableLogEvent.java| 2 +- 7 files changed, 35 insertions(+), 35 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/d3c95b10/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitable.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitable.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitable.java new file mode 100644 index 000..31d8c5f --- /dev/null +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitable.java @@ -0,0 +1,30 @@ +package org.apache.logging.log4j.message; + +import org.apache.logging.log4j.util.PerformanceSensitive; + +/** + * Allows message parameters to be iterated over without any allocation + * or memory copies. + * + * @since 2.11 + */ +@PerformanceSensitive("allocation") +public interface ParameterVisitable { + +/** + * Performs the given action for each parameter until all values + * have been processed or the action throws an exception. + * + * The second parameter lets callers pass in a stateful object to be modified with the key-value pairs, + * so the TriConsumer implementation itself can be stateless and potentially reusable. + * + * + * @param action The action to be performed for each key-value pair in this collection + * @param state the object to be passed as the third parameter to each invocation on the + * specified ParameterConsumer. + * @param type of the third parameter + * @since 2.11 + */ + void forEachParameter(ParameterConsumer action, S state); + +} http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/d3c95b10/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java deleted file mode 100644 index 5cb6228..000 --- a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.apache.logging.log4j.message; - -import org.apache.logging.log4j.util.PerformanceSensitive; - -/** - * Allows message parameters to be iterated over without any allocation - * or memory copies. - * - * @since 2.11 - */ -@PerformanceSensitive("allocation") -public interface ParameterVisitableMessage extends Message { - -/** - * Performs the given action for each parameter until all values - * have been processed or the action throws an exception. - * - * The second parameter lets callers pass in a stateful object to be modified with the key-value pairs, - * so the TriConsumer implementation itself can be stateless and potentially reusable. - * - * - * @param action The action to be performed for each key-value pair in this collection - * @param state the object to be passed as the third parameter to each invocation on the - * specified ParameterConsumer. - * @param type of the third parameter - * @since 2.11 - */ - void forEachParameter(ParameterConsumer action, S state); - -} http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/d3c95b10/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java index 603381f..950a35e
[1/4] logging-log4j2 git commit: LOG4J2-2253 Added ParameterVisitableMessage.forEachParameter
Repository: logging-log4j2 Updated Branches: refs/heads/release-2.x ed9c83ed0 -> 73306cd08 LOG4J2-2253 Added ParameterVisitableMessage.forEachParameter This method allows us to iterate over parameters in a ParameterVisitableMessage without array creation. (cherry picked from commit 41648df) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/e381ffa5 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/e381ffa5 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/e381ffa5 Branch: refs/heads/release-2.x Commit: e381ffa5084ab03e79afd46da9daebe74ee8e2d8 Parents: ed9c83e Author: Carter Kozak Authored: Thu Feb 15 04:48:00 2018 +0900 Committer: rpopma Committed: Mon Feb 26 19:35:07 2018 +0900 -- .../log4j/message/ParameterConsumer.java| 26 + .../message/ParameterVisitableMessage.java | 30 .../log4j/message/ReusableObjectMessage.java| 7 - .../message/ReusableParameterizedMessage.java | 10 ++- .../log4j/message/ReusableSimpleMessage.java| 6 +++- .../ReusableParameterizedMessageTest.java | 22 ++ .../log4j/core/async/RingBufferLogEvent.java| 17 +++ .../log4j/core/impl/MutableLogEvent.java| 11 ++- .../core/async/RingBufferLogEventTest.java | 12 9 files changed, 131 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/e381ffa5/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java new file mode 100644 index 000..ff8c148 --- /dev/null +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java @@ -0,0 +1,26 @@ +package org.apache.logging.log4j.message; + +/** + * An operation that accepts two input arguments and returns no result. + * + * + * The third parameter lets callers pass in a stateful object to be modified with the key-value pairs, + * so the ParameterConsumer implementation itself can be stateless and potentially reusable. + * + * + * @param state data + * @see ReusableMessage + * @since 2.11 + */ +public interface ParameterConsumer { + +/** + * Performs an operation given the specified arguments. + * + * @param parameter the parameter + * @param parameterIndex Index of the parameter + * @param state + */ +void accept(Object parameter, short parameterIndex, S state); + +} http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/e381ffa5/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java new file mode 100644 index 000..5cb6228 --- /dev/null +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java @@ -0,0 +1,30 @@ +package org.apache.logging.log4j.message; + +import org.apache.logging.log4j.util.PerformanceSensitive; + +/** + * Allows message parameters to be iterated over without any allocation + * or memory copies. + * + * @since 2.11 + */ +@PerformanceSensitive("allocation") +public interface ParameterVisitableMessage extends Message { + +/** + * Performs the given action for each parameter until all values + * have been processed or the action throws an exception. + * + * The second parameter lets callers pass in a stateful object to be modified with the key-value pairs, + * so the TriConsumer implementation itself can be stateless and potentially reusable. + * + * + * @param action The action to be performed for each key-value pair in this collection + * @param state the object to be passed as the third parameter to each invocation on the + * specified ParameterConsumer. + * @param type of the third parameter + * @since 2.11 + */ + void forEachParameter(ParameterConsumer action, S state); + +} http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/e381ffa5/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java index c4ffa22..6
[3/4] logging-log4j2 git commit: fix typo
fix typo Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/d19496f0 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/d19496f0 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/d19496f0 Branch: refs/heads/release-2.x Commit: d19496f0d1ee82b09605ff06b49d6f5afadc639c Parents: d3c95b1 Author: rpopma Authored: Mon Feb 26 19:38:25 2018 +0900 Committer: rpopma Committed: Mon Feb 26 19:38:25 2018 +0900 -- src/changes/changes.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/d19496f0/src/changes/changes.xml -- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 6081c7b..00020b5 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -31,7 +31,7 @@ - "remove" - Removed --> - + Move module-info.class to META-INF/versions/9 directory.
[4/4] logging-log4j2 git commit: LOG4J2-2253 (change log) Add API to enable iterating over message parameters without creating temporary objects
LOG4J2-2253 (change log) Add API to enable iterating over message parameters without creating temporary objects Closes #150 Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/73306cd0 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/73306cd0 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/73306cd0 Branch: refs/heads/release-2.x Commit: 73306cd08a95cafa12bfcc98aee81f0903c533b1 Parents: d19496f Author: rpopma Authored: Mon Feb 26 19:42:22 2018 +0900 Committer: rpopma Committed: Mon Feb 26 19:42:22 2018 +0900 -- src/changes/changes.xml | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/73306cd0/src/changes/changes.xml -- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 00020b5..624829b 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -31,6 +31,9 @@ - "remove" - Removed --> + +Add API to enable iterating over message parameters without creating temporary objects. + Move module-info.class to META-INF/versions/9 directory.
[3/3] logging-log4j2 git commit: LOG4J2-2253 renamed ParameterVisitableMessage to ParameterVisitable
LOG4J2-2253 renamed ParameterVisitableMessage to ParameterVisitable Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/7060cc30 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/7060cc30 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/7060cc30 Branch: refs/heads/master Commit: 7060cc30761120e0adfae07bfe528c5b6cb0d697 Parents: 7bfe620 Author: rpopma Authored: Mon Feb 26 19:31:42 2018 +0900 Committer: rpopma Committed: Mon Feb 26 19:31:42 2018 +0900 -- .../log4j/message/ParameterVisitable.java | 30 .../message/ParameterVisitableMessage.java | 30 .../log4j/message/ReusableObjectMessage.java| 2 +- .../message/ReusableParameterizedMessage.java | 2 +- .../log4j/message/ReusableSimpleMessage.java| 2 +- .../log4j/core/async/RingBufferLogEvent.java| 2 +- .../log4j/core/impl/MutableLogEvent.java| 2 +- 7 files changed, 35 insertions(+), 35 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/7060cc30/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitable.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitable.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitable.java new file mode 100644 index 000..31d8c5f --- /dev/null +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitable.java @@ -0,0 +1,30 @@ +package org.apache.logging.log4j.message; + +import org.apache.logging.log4j.util.PerformanceSensitive; + +/** + * Allows message parameters to be iterated over without any allocation + * or memory copies. + * + * @since 2.11 + */ +@PerformanceSensitive("allocation") +public interface ParameterVisitable { + +/** + * Performs the given action for each parameter until all values + * have been processed or the action throws an exception. + * + * The second parameter lets callers pass in a stateful object to be modified with the key-value pairs, + * so the TriConsumer implementation itself can be stateless and potentially reusable. + * + * + * @param action The action to be performed for each key-value pair in this collection + * @param state the object to be passed as the third parameter to each invocation on the + * specified ParameterConsumer. + * @param type of the third parameter + * @since 2.11 + */ + void forEachParameter(ParameterConsumer action, S state); + +} http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/7060cc30/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java deleted file mode 100644 index 5cb6228..000 --- a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.apache.logging.log4j.message; - -import org.apache.logging.log4j.util.PerformanceSensitive; - -/** - * Allows message parameters to be iterated over without any allocation - * or memory copies. - * - * @since 2.11 - */ -@PerformanceSensitive("allocation") -public interface ParameterVisitableMessage extends Message { - -/** - * Performs the given action for each parameter until all values - * have been processed or the action throws an exception. - * - * The second parameter lets callers pass in a stateful object to be modified with the key-value pairs, - * so the TriConsumer implementation itself can be stateless and potentially reusable. - * - * - * @param action The action to be performed for each key-value pair in this collection - * @param state the object to be passed as the third parameter to each invocation on the - * specified ParameterConsumer. - * @param type of the third parameter - * @since 2.11 - */ - void forEachParameter(ParameterConsumer action, S state); - -} http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/7060cc30/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java index b542240..b973e5a 100644 --- a/log4j-api/src/main/java/org/
[1/3] logging-log4j2 git commit: LOG4J2-2253 Added ParameterVisitableMessage.forEachParameter
Repository: logging-log4j2 Updated Branches: refs/heads/master 4c587de33 -> 7060cc307 LOG4J2-2253 Added ParameterVisitableMessage.forEachParameter This method allows us to iterate over parameters in a ParameterVisitableMessage without array creation. Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/41648dfa Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/41648dfa Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/41648dfa Branch: refs/heads/master Commit: 41648dfa16a7176860e3af30b483e85775c48b9d Parents: ae7f125 Author: Carter Kozak Authored: Wed Feb 14 14:48:00 2018 -0500 Committer: rpopma Committed: Mon Feb 26 19:03:43 2018 +0900 -- .../log4j/message/ParameterConsumer.java| 26 + .../message/ParameterVisitableMessage.java | 30 .../log4j/message/ReusableObjectMessage.java| 7 - .../message/ReusableParameterizedMessage.java | 10 ++- .../log4j/message/ReusableSimpleMessage.java| 6 +++- .../ReusableParameterizedMessageTest.java | 22 ++ .../log4j/core/async/RingBufferLogEvent.java| 17 +++ .../log4j/core/impl/MutableLogEvent.java| 11 ++- .../core/async/RingBufferLogEventTest.java | 12 9 files changed, 131 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/41648dfa/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java new file mode 100644 index 000..ff8c148 --- /dev/null +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterConsumer.java @@ -0,0 +1,26 @@ +package org.apache.logging.log4j.message; + +/** + * An operation that accepts two input arguments and returns no result. + * + * + * The third parameter lets callers pass in a stateful object to be modified with the key-value pairs, + * so the ParameterConsumer implementation itself can be stateless and potentially reusable. + * + * + * @param state data + * @see ReusableMessage + * @since 2.11 + */ +public interface ParameterConsumer { + +/** + * Performs an operation given the specified arguments. + * + * @param parameter the parameter + * @param parameterIndex Index of the parameter + * @param state + */ +void accept(Object parameter, short parameterIndex, S state); + +} http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/41648dfa/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java new file mode 100644 index 000..5cb6228 --- /dev/null +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ParameterVisitableMessage.java @@ -0,0 +1,30 @@ +package org.apache.logging.log4j.message; + +import org.apache.logging.log4j.util.PerformanceSensitive; + +/** + * Allows message parameters to be iterated over without any allocation + * or memory copies. + * + * @since 2.11 + */ +@PerformanceSensitive("allocation") +public interface ParameterVisitableMessage extends Message { + +/** + * Performs the given action for each parameter until all values + * have been processed or the action throws an exception. + * + * The second parameter lets callers pass in a stateful object to be modified with the key-value pairs, + * so the TriConsumer implementation itself can be stateless and potentially reusable. + * + * + * @param action The action to be performed for each key-value pair in this collection + * @param state the object to be passed as the third parameter to each invocation on the + * specified ParameterConsumer. + * @param type of the third parameter + * @since 2.11 + */ + void forEachParameter(ParameterConsumer action, S state); + +} http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/41648dfa/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java index c4ffa22..603381f 100644 --- a/log4j-api/src/main/java/org/a
[2/3] logging-log4j2 git commit: LOG4J2-2253 Reusable messages missing a garbage free parameter accessor: Merge branch 'message_parameter_for_each' of https://github.com/cakofony/logging-log4j2
LOG4J2-2253 Reusable messages missing a garbage free parameter accessor: Merge branch 'message_parameter_for_each' of https://github.com/cakofony/logging-log4j2 Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/7bfe620d Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/7bfe620d Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/7bfe620d Branch: refs/heads/master Commit: 7bfe620dc763e3fecad924d5ccf7a6fc0ef86aa3 Parents: 4c587de 41648df Author: rpopma Authored: Mon Feb 26 18:59:44 2018 +0900 Committer: rpopma Committed: Mon Feb 26 19:03:47 2018 +0900 -- .../log4j/message/ParameterConsumer.java| 26 + .../message/ParameterVisitableMessage.java | 30 .../log4j/message/ReusableObjectMessage.java| 7 - .../message/ReusableParameterizedMessage.java | 10 ++- .../log4j/message/ReusableSimpleMessage.java| 6 +++- .../ReusableParameterizedMessageTest.java | 22 ++ .../log4j/core/async/RingBufferLogEvent.java| 17 +++ .../log4j/core/impl/MutableLogEvent.java| 11 ++- .../core/async/RingBufferLogEventTest.java | 12 9 files changed, 131 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/7bfe620d/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/7bfe620d/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableSimpleMessage.java -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/7bfe620d/log4j-core/src/main/java/org/apache/logging/log4j/core/async/RingBufferLogEvent.java -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/7bfe620d/log4j-core/src/main/java/org/apache/logging/log4j/core/impl/MutableLogEvent.java --
[1/2] logging-log4j2 git commit: LOG4J2-2252 Reusable LogEvents should pass along the original format string
Repository: logging-log4j2 Updated Branches: refs/heads/master 33fe01a2a -> 4c587de33 LOG4J2-2252 Reusable LogEvents should pass along the original format string This allows custom layouts to group logged messages parameterized values without creating new single-use messages for each event. This slightly modifies the getFormat implementation of some message types to avoid doing unnecessary work to load the format string. Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/967bb0f7 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/967bb0f7 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/967bb0f7 Branch: refs/heads/master Commit: 967bb0f71155aa00acadbd95362a90832bed69f6 Parents: 1175e4a Author: Carter Kozak Authored: Tue Feb 13 11:28:17 2018 -0500 Committer: rpopma Committed: Mon Feb 26 18:23:43 2018 +0900 -- .../log4j/message/ReusableObjectMessage.java| 2 +- .../log4j/message/ReusableSimpleMessage.java| 2 +- .../logging/log4j/message/SimpleMessage.java| 5 ++-- .../message/ReusableObjectMessageTest.java | 4 +-- .../message/ReusableSimpleMessageTest.java | 2 +- .../log4j/core/async/RingBufferLogEvent.java| 5 +++- .../log4j/core/impl/MutableLogEvent.java| 5 +++- .../log4j/core/impl/MutableLogEventTest.java| 28 8 files changed, 44 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/967bb0f7/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java index c4ffa22..ff2d58f 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableObjectMessage.java @@ -55,7 +55,7 @@ public class ReusableObjectMessage implements ReusableMessage { */ @Override public String getFormat() { -return getFormattedMessage(); +return obj instanceof String ? (String) obj : null; } /** http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/967bb0f7/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableSimpleMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableSimpleMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableSimpleMessage.java index 905b694..90c8bc0 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableSimpleMessage.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableSimpleMessage.java @@ -43,7 +43,7 @@ public class ReusableSimpleMessage implements ReusableMessage, CharSequence { @Override public String getFormat() { -return getFormattedMessage(); +return charSequence instanceof String ? (String) charSequence : null; } @Override http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/967bb0f7/log4j-api/src/main/java/org/apache/logging/log4j/message/SimpleMessage.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/message/SimpleMessage.java b/log4j-api/src/main/java/org/apache/logging/log4j/message/SimpleMessage.java index 8a2fc72..d33f3b9 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/message/SimpleMessage.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/message/SimpleMessage.java @@ -16,10 +16,11 @@ */ package org.apache.logging.log4j.message; +import org.apache.logging.log4j.util.StringBuilderFormattable; + import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; -import org.apache.logging.log4j.util.StringBuilderFormattable; /** * The simplest possible implementation of Message. It just returns the String given as the constructor argument. @@ -75,7 +76,7 @@ public class SimpleMessage implements Message, StringBuilderFormattable, CharSeq */ @Override public String getFormat() { -return getFormattedMessage(); +return message; } /** http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/967bb0f7/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableObjectMessageTest.java -- diff --git a/log4j-api/src/test/java/org/apache/logging/log4j/message/ReusableObjectMessageTest.java b/log4j-
[2/2] logging-log4j2 git commit: Merge branch 'reusable_event_format_string' of https://github.com/cakofony/logging-log4j2
Merge branch 'reusable_event_format_string' of https://github.com/cakofony/logging-log4j2 Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/4c587de3 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/4c587de3 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/4c587de3 Branch: refs/heads/master Commit: 4c587de3304ede2bfa7d98ba285e665776e7a671 Parents: 33fe01a 967bb0f Author: rpopma Authored: Mon Feb 26 17:58:37 2018 +0900 Committer: rpopma Committed: Mon Feb 26 18:23:48 2018 +0900 -- .../log4j/message/ReusableObjectMessage.java| 2 +- .../log4j/message/ReusableSimpleMessage.java| 2 +- .../logging/log4j/message/SimpleMessage.java| 5 ++-- .../message/ReusableObjectMessageTest.java | 4 +-- .../message/ReusableSimpleMessageTest.java | 2 +- .../log4j/core/async/RingBufferLogEvent.java| 5 +++- .../log4j/core/impl/MutableLogEvent.java| 5 +++- .../log4j/core/impl/MutableLogEventTest.java| 28 8 files changed, 44 insertions(+), 9 deletions(-) --
logging-log4j2 git commit: LOG4J2-2250 (configurable status logger timestamps) renamed property to use CamelCase after community feedback
Repository: logging-log4j2 Updated Branches: refs/heads/release-2.x 629fa2fe6 -> 48387090f LOG4J2-2250 (configurable status logger timestamps) renamed property to use CamelCase after community feedback (cherry picked from commit 89756bb) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/48387090 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/48387090 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/48387090 Branch: refs/heads/release-2.x Commit: 48387090f8302ec86550a14f5d52b0bfb7b4112c Parents: 629fa2f Author: rpopma Authored: Sat Feb 17 13:56:44 2018 +0900 Committer: rpopma Committed: Sat Feb 17 13:57:41 2018 +0900 -- .../main/java/org/apache/logging/log4j/status/StatusLogger.java| 2 +- src/changes/changes.xml| 2 +- src/site/xdoc/manual/configuration.xml.vm | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/48387090/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java b/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java index 3f9f6f3..3de75f6 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java @@ -69,7 +69,7 @@ public final class StatusLogger extends AbstractLogger { * in the status logger output. See {@link java.text.SimpleDateFormat} for supported formats. * @since 2.11.0 */ -public static final String STATUS_DATE_FORMAT = "log4j2.StatusLogger.dateformat"; +public static final String STATUS_DATE_FORMAT = "log4j2.StatusLogger.DateFormat"; private static final long serialVersionUID = 2L; http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/48387090/src/changes/changes.xml -- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 83a5e09..b4d658f 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -32,7 +32,7 @@ --> -The internal status logger timestamp format is now configurable with system property `log4j2.StatusLogger.dateformat`. +The internal status logger timestamp format is now configurable with system property `log4j2.StatusLogger.DateFormat`. Removed unnecessary dependency on jcommander since Log4j uses embedded picocli since 2.9. http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/48387090/src/site/xdoc/manual/configuration.xml.vm -- diff --git a/src/site/xdoc/manual/configuration.xml.vm b/src/site/xdoc/manual/configuration.xml.vm index c594192..45d1f21 100644 --- a/src/site/xdoc/manual/configuration.xml.vm +++ b/src/site/xdoc/manual/configuration.xml.vm @@ -2106,7 +2106,7 @@ public class AwesomeTest { log4j2.statusLoggerDateformat - (log4j2.StatusLogger.dateformat) + (log4j2.StatusLogger.DateFormat) LOG4J_STATUS_LOGGER_DATEFORMAT
logging-log4j2 git commit: LOG4J2-2250 (configurable status logger timestamps) renamed property to use CamelCase after community feedback
Repository: logging-log4j2 Updated Branches: refs/heads/master a3cd18e69 -> 89756bb87 LOG4J2-2250 (configurable status logger timestamps) renamed property to use CamelCase after community feedback Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/89756bb8 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/89756bb8 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/89756bb8 Branch: refs/heads/master Commit: 89756bb87d50eaee5a97cfc84a5725c2ade40f26 Parents: a3cd18e Author: rpopma Authored: Sat Feb 17 13:56:44 2018 +0900 Committer: rpopma Committed: Sat Feb 17 13:56:44 2018 +0900 -- .../main/java/org/apache/logging/log4j/status/StatusLogger.java| 2 +- src/changes/changes.xml| 2 +- src/site/xdoc/manual/configuration.xml.vm | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/89756bb8/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java b/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java index 3f9f6f3..3de75f6 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java @@ -69,7 +69,7 @@ public final class StatusLogger extends AbstractLogger { * in the status logger output. See {@link java.text.SimpleDateFormat} for supported formats. * @since 2.11.0 */ -public static final String STATUS_DATE_FORMAT = "log4j2.StatusLogger.dateformat"; +public static final String STATUS_DATE_FORMAT = "log4j2.StatusLogger.DateFormat"; private static final long serialVersionUID = 2L; http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/89756bb8/src/changes/changes.xml -- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 58f4340..95868a7 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -61,7 +61,7 @@ -The internal status logger timestamp format is now configurable with system property `log4j2.StatusLogger.dateformat`. +The internal status logger timestamp format is now configurable with system property `log4j2.StatusLogger.DateFormat`. Removed unnecessary dependency on jcommander since Log4j uses embedded picocli since 2.9. http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/89756bb8/src/site/xdoc/manual/configuration.xml.vm -- diff --git a/src/site/xdoc/manual/configuration.xml.vm b/src/site/xdoc/manual/configuration.xml.vm index b6d4a29..8acdd40 100644 --- a/src/site/xdoc/manual/configuration.xml.vm +++ b/src/site/xdoc/manual/configuration.xml.vm @@ -2106,7 +2106,7 @@ public class AwesomeTest { log4j2.statusLoggerDateformat - (log4j2.StatusLogger.dateformat) + (log4j2.StatusLogger.DateFormat) LOG4J_STATUS_LOGGER_DATEFORMAT
logging-log4j2 git commit: LOG4J2-2250 (configurable status logger timestamps) bugfix: use PropertiesUtil instead of System properties; set showDateTime flag
Repository: logging-log4j2 Updated Branches: refs/heads/master 384e929d5 -> a3cd18e69 LOG4J2-2250 (configurable status logger timestamps) bugfix: use PropertiesUtil instead of System properties; set showDateTime flag (cherry picked from commit 629fa2f) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/a3cd18e6 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/a3cd18e6 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/a3cd18e6 Branch: refs/heads/master Commit: a3cd18e694674fd01e0d36b73e68161ee8197962 Parents: 384e929 Author: rpopma Authored: Fri Feb 16 21:39:46 2018 +0900 Committer: rpopma Committed: Fri Feb 16 21:40:37 2018 +0900 -- .../java/org/apache/logging/log4j/status/StatusLogger.java| 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/a3cd18e6/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java b/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java index 57da8f9..3f9f6f3 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java @@ -103,9 +103,10 @@ public final class StatusLogger extends AbstractLogger { private StatusLogger(final String name, final MessageFactory messageFactory) { super(name, messageFactory); -this.logger = new SimpleLogger("StatusLogger", Level.ERROR, false, true, false, false, -System.getProperty(STATUS_DATE_FORMAT, Strings.EMPTY), -messageFactory, PROPS, System.err); +final String dateFormat = PROPS.getStringProperty(STATUS_DATE_FORMAT, Strings.EMPTY); +final boolean showDateTime = !Strings.isEmpty(dateFormat); +this.logger = new SimpleLogger("StatusLogger", Level.ERROR, false, true, showDateTime, false, +dateFormat, messageFactory, PROPS, System.err); this.listenersLevel = Level.toLevel(DEFAULT_STATUS_LEVEL, Level.WARN).intLevel(); // LOG4J2-1813 if system property "log4j2.debug" is defined, print all status logging
logging-log4j2 git commit: LOG4J2-2250 (configurable status logger timestamps) bugfix: use PropertiesUtil instead of System properties; set showDateTime flag
Repository: logging-log4j2 Updated Branches: refs/heads/release-2.x e83d0faf2 -> 629fa2fe6 LOG4J2-2250 (configurable status logger timestamps) bugfix: use PropertiesUtil instead of System properties; set showDateTime flag Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/629fa2fe Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/629fa2fe Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/629fa2fe Branch: refs/heads/release-2.x Commit: 629fa2fe65dc1bee2120900d246067887f2cfdf5 Parents: e83d0fa Author: rpopma Authored: Fri Feb 16 21:39:46 2018 +0900 Committer: rpopma Committed: Fri Feb 16 21:39:46 2018 +0900 -- .../java/org/apache/logging/log4j/status/StatusLogger.java| 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/629fa2fe/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java b/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java index 57da8f9..3f9f6f3 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java @@ -103,9 +103,10 @@ public final class StatusLogger extends AbstractLogger { private StatusLogger(final String name, final MessageFactory messageFactory) { super(name, messageFactory); -this.logger = new SimpleLogger("StatusLogger", Level.ERROR, false, true, false, false, -System.getProperty(STATUS_DATE_FORMAT, Strings.EMPTY), -messageFactory, PROPS, System.err); +final String dateFormat = PROPS.getStringProperty(STATUS_DATE_FORMAT, Strings.EMPTY); +final boolean showDateTime = !Strings.isEmpty(dateFormat); +this.logger = new SimpleLogger("StatusLogger", Level.ERROR, false, true, showDateTime, false, +dateFormat, messageFactory, PROPS, System.err); this.listenersLevel = Level.toLevel(DEFAULT_STATUS_LEVEL, Level.WARN).intLevel(); // LOG4J2-1813 if system property "log4j2.debug" is defined, print all status logging
logging-log4j2 git commit: Move Legacy Property Name into same column as Property Name to prevent page from overflowing horizontally.
Repository: logging-log4j2 Updated Branches: refs/heads/master 08d2c1ef3 -> 384e929d5 Move Legacy Property Name into same column as Property Name to prevent page from overflowing horizontally. (cherry picked from commit e83d0fa) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/384e929d Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/384e929d Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/384e929d Branch: refs/heads/master Commit: 384e929d5d24bcb9669fa05d3a738865426eb8c0 Parents: 08d2c1e Author: rpopma Authored: Fri Feb 16 21:30:35 2018 +0900 Committer: rpopma Committed: Fri Feb 16 21:34:15 2018 +0900 -- src/site/xdoc/manual/configuration.xml.vm | 379 - 1 file changed, 247 insertions(+), 132 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/384e929d/src/site/xdoc/manual/configuration.xml.vm -- diff --git a/src/site/xdoc/manual/configuration.xml.vm b/src/site/xdoc/manual/configuration.xml.vm index 9c773c2..b6d4a29 100644 --- a/src/site/xdoc/manual/configuration.xml.vm +++ b/src/site/xdoc/manual/configuration.xml.vm @@ -1636,26 +1636,29 @@ public class AwesomeTest { Log4j 2 global configuration properties -Property Name +Property Name (Legacy Property Name) Environment Variable -Legacy Property Name Default Value Description -log4j2.configurationFile +log4j2.configurationFile + + (log4j.configurationFile) + LOG4J_CONFIGURATION_FILE -log4j.configurationFile Path to an Log4j 2 configuration file. May also contain a comma separated list of configuration file names. -log4j2.debug +log4j2.debug + + (log4j2.debug) + LOG4J_DEBUG -log4j2.debug Log4j2 will print all internal logging to the console if system property @@ -1663,9 +1666,11 @@ public class AwesomeTest { -log4j2.mergeFactory +log4j2.mergeFactory + + (log4j.mergeFactory) + LOG4J_MERGE_FACTORY -log4j.mergeFactory The name of the class that implements the MergeStrategy interface. If not specified @@ -1673,9 +1678,11 @@ public class AwesomeTest { -log4j2.contextSelector +log4j2.contextSelector + + (Log4jContextSelector) + LOG4J_CONTEXT_SELECTOR -Log4jContextSelector ClassLoaderContextSelector Creates the LoggerContexts. An application can have one or more active LoggerContexts depending @@ -1691,9 +1698,11 @@ public class AwesomeTest { -log4j2.logEventFactory +log4j2.logEventFactory + + (Log4jLogEventFactory) + LOG4J_LOG_EVENT_FACTORY -Log4jLogEventFactory org.apache.logging.log4j.core.impl .DefaultLogEventFactory @@ -1702,9 +1711,11 @@ public class AwesomeTest { -log4j2.loggerContextFactory +log4j2.loggerContextFactory + + (log4j2.loggerContextFactory) + LOG4J_LOGGER_CONTEXT_FACTORY -log4j2.loggerContextFactory org.apache.logging.log4j.simple .SimpleLoggerContextFactory @@ -1714,9 +1725,11 @@ public class AwesomeTest { -log4j2.configurationFactory +log4j2.configurationFactory + + (log4j.configurationFactory) + LOG4J_CONFIGURATION_FACTORY -log4j.configurationFactory Fully specified class name of a class extending org.apache.logging.log4j.core @@ -1725,9 +1738,11 @@ public class AwesomeTest { -log4j2.shutdownHookEnabled +log4j2.shutdownHookEnabled + + (log4j.shutdownHookEnabled) + LOG4J_SHUTDOWN_HOOK_ENABLED -log4j.shutdownHookEnabled true Overrides the global flag for whether or not a shutdown hook should be used to stop a LoggerContext. @@ -1736,9 +1751,11 @@ public class AwesomeTest { -log4j2.shutdownCallbackRegistry +log4j2.shutdownCallbackRegistry + + (log4j.shutdownCallbackRegistry) + LOG4J_SHUTDOWN_CALLBACK_REGISTRY -log4j.shutdownCallbackRegistry org.apache.logging.log4j.core.util .DefaultShutdownCallbackRegistry @@ -1749,12 +1766,14 @@ public class AwesomeTest { -log4j2.clock +log4j2.clock + + (log4j.Clock) + LOG4J_CLOCK -log4j.Clock SystemClock - Implementation of the org.apache.logging.log4j.core.time.Clock + Implementation of the org.apache.logging.log4j .core.time.Clock interface that is used for timestamping the log events. By default, System.currentTimeMillis
logging-log4j2 git commit: Move Legacy Property Name into same column as Property Name to prevent page from overflowing horizontally.
Repository: logging-log4j2 Updated Branches: refs/heads/release-2.x 7588d3fd1 -> e83d0faf2 Move Legacy Property Name into same column as Property Name to prevent page from overflowing horizontally. Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/e83d0faf Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/e83d0faf Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/e83d0faf Branch: refs/heads/release-2.x Commit: e83d0faf236634ce99d6ba4c28d14cf81a08597c Parents: 7588d3f Author: rpopma Authored: Fri Feb 16 21:30:35 2018 +0900 Committer: rpopma Committed: Fri Feb 16 21:30:35 2018 +0900 -- src/site/xdoc/manual/configuration.xml.vm | 379 - 1 file changed, 247 insertions(+), 132 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/e83d0faf/src/site/xdoc/manual/configuration.xml.vm -- diff --git a/src/site/xdoc/manual/configuration.xml.vm b/src/site/xdoc/manual/configuration.xml.vm index 55b398d..c594192 100644 --- a/src/site/xdoc/manual/configuration.xml.vm +++ b/src/site/xdoc/manual/configuration.xml.vm @@ -1636,26 +1636,29 @@ public class AwesomeTest { Log4j 2 global configuration properties -Property Name +Property Name (Legacy Property Name) Environment Variable -Legacy Property Name Default Value Description -log4j2.configurationFile +log4j2.configurationFile + + (log4j.configurationFile) + LOG4J_CONFIGURATION_FILE -log4j.configurationFile Path to an Log4j 2 configuration file. May also contain a comma separated list of configuration file names. -log4j2.debug +log4j2.debug + + (log4j2.debug) + LOG4J_DEBUG -log4j2.debug Log4j2 will print all internal logging to the console if system property @@ -1663,9 +1666,11 @@ public class AwesomeTest { -log4j2.mergeFactory +log4j2.mergeFactory + + (log4j.mergeFactory) + LOG4J_MERGE_FACTORY -log4j.mergeFactory The name of the class that implements the MergeStrategy interface. If not specified @@ -1673,9 +1678,11 @@ public class AwesomeTest { -log4j2.contextSelector +log4j2.contextSelector + + (Log4jContextSelector) + LOG4J_CONTEXT_SELECTOR -Log4jContextSelector ClassLoaderContextSelector Creates the LoggerContexts. An application can have one or more active LoggerContexts depending @@ -1691,9 +1698,11 @@ public class AwesomeTest { -log4j2.logEventFactory +log4j2.logEventFactory + + (Log4jLogEventFactory) + LOG4J_LOG_EVENT_FACTORY -Log4jLogEventFactory org.apache.logging.log4j.core.impl .DefaultLogEventFactory @@ -1702,9 +1711,11 @@ public class AwesomeTest { -log4j2.loggerContextFactory +log4j2.loggerContextFactory + + (log4j2.loggerContextFactory) + LOG4J_LOGGER_CONTEXT_FACTORY -log4j2.loggerContextFactory org.apache.logging.log4j.simple .SimpleLoggerContextFactory @@ -1714,9 +1725,11 @@ public class AwesomeTest { -log4j2.configurationFactory +log4j2.configurationFactory + + (log4j.configurationFactory) + LOG4J_CONFIGURATION_FACTORY -log4j.configurationFactory Fully specified class name of a class extending org.apache.logging.log4j.core @@ -1725,9 +1738,11 @@ public class AwesomeTest { -log4j2.shutdownHookEnabled +log4j2.shutdownHookEnabled + + (log4j.shutdownHookEnabled) + LOG4J_SHUTDOWN_HOOK_ENABLED -log4j.shutdownHookEnabled true Overrides the global flag for whether or not a shutdown hook should be used to stop a LoggerContext. @@ -1736,9 +1751,11 @@ public class AwesomeTest { -log4j2.shutdownCallbackRegistry +log4j2.shutdownCallbackRegistry + + (log4j.shutdownCallbackRegistry) + LOG4J_SHUTDOWN_CALLBACK_REGISTRY -log4j.shutdownCallbackRegistry org.apache.logging.log4j.core.util .DefaultShutdownCallbackRegistry @@ -1749,12 +1766,14 @@ public class AwesomeTest { -log4j2.clock +log4j2.clock + + (log4j.Clock) + LOG4J_CLOCK -log4j.Clock SystemClock - Implementation of the org.apache.logging.log4j.core.util.Clock + Implementation of the org.apache.logging.log4j .core.util.Clock interface that is used for timestamping the log events. By default, System.currentTimeMillis is called on every log ev
[2/2] logging-log4j2 git commit: LOG4J2-2250 update change log (configurable status logger timestamps)
LOG4J2-2250 update change log (configurable status logger timestamps) (cherry picked from commit 7588d3f) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/08d2c1ef Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/08d2c1ef Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/08d2c1ef Branch: refs/heads/master Commit: 08d2c1ef3cbdb7eb4512194c5981c81b693c051b Parents: 1d55f0f Author: rpopma Authored: Fri Feb 16 12:59:09 2018 +0900 Committer: rpopma Committed: Fri Feb 16 13:00:39 2018 +0900 -- src/changes/changes.xml | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/08d2c1ef/src/changes/changes.xml -- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 008b682..58f4340 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -60,6 +60,9 @@ + +The internal status logger timestamp format is now configurable with system property `log4j2.StatusLogger.dateformat`. + Removed unnecessary dependency on jcommander since Log4j uses embedded picocli since 2.9.
[1/2] logging-log4j2 git commit: LOG4J2-2250 The internal status logger timestamp format is now configurable with system property `log4j2.StatusLogger.dateformat`.
Repository: logging-log4j2 Updated Branches: refs/heads/master 1175e4a89 -> 08d2c1ef3 LOG4J2-2250 The internal status logger timestamp format is now configurable with system property `log4j2.StatusLogger.dateformat`. (cherry picked from commit 377570d) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/1d55f0f1 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/1d55f0f1 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/1d55f0f1 Branch: refs/heads/master Commit: 1d55f0f1f9c16c376f4f61b7851f262c1a0f2830 Parents: 1175e4a Author: rpopma Authored: Fri Feb 16 12:58:17 2018 +0900 Committer: rpopma Committed: Fri Feb 16 13:00:20 2018 +0900 -- .../logging/log4j/status/StatusLogger.java | 10 ++- src/site/xdoc/manual/configuration.xml.vm | 28 +--- 2 files changed, 34 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/1d55f0f1/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java b/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java index 25e85ff..57da8f9 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java @@ -64,6 +64,13 @@ public final class StatusLogger extends AbstractLogger { */ public static final String DEFAULT_STATUS_LISTENER_LEVEL = "log4j2.StatusLogger.level"; +/** + * System property that can be configured with a date-time format string to use as the format for timestamps + * in the status logger output. See {@link java.text.SimpleDateFormat} for supported formats. + * @since 2.11.0 + */ +public static final String STATUS_DATE_FORMAT = "log4j2.StatusLogger.dateformat"; + private static final long serialVersionUID = 2L; private static final String NOT_AVAIL = "?"; @@ -96,7 +103,8 @@ public final class StatusLogger extends AbstractLogger { private StatusLogger(final String name, final MessageFactory messageFactory) { super(name, messageFactory); -this.logger = new SimpleLogger("StatusLogger", Level.ERROR, false, true, false, false, Strings.EMPTY, +this.logger = new SimpleLogger("StatusLogger", Level.ERROR, false, true, false, false, +System.getProperty(STATUS_DATE_FORMAT, Strings.EMPTY), messageFactory, PROPS, System.err); this.listenersLevel = Level.toLevel(DEFAULT_STATUS_LEVEL, Level.WARN).intLevel(); http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/1d55f0f1/src/site/xdoc/manual/configuration.xml.vm -- diff --git a/src/site/xdoc/manual/configuration.xml.vm b/src/site/xdoc/manual/configuration.xml.vm index 525baa1..9c773c2 100644 --- a/src/site/xdoc/manual/configuration.xml.vm +++ b/src/site/xdoc/manual/configuration.xml.vm @@ -1623,7 +1623,17 @@ public class AwesomeTest { column contains the name used in properties files and system properties; Environemt Variable for the equivalent environment variable; and Legacy Property Name for the pre-2.10 name. - + + * { // this works for all but td + word-wrap:break-word; + } + + table { // this somehow makes it work for td + table-layout:fixed; + width:100%; + } + + Log4j 2 global configuration properties Property Name @@ -1699,7 +1709,8 @@ public class AwesomeTest { org.apache.logging.log4j.simple .SimpleLoggerContextFactory Factory class used by LogManager to bootstrap the logging implementation. - The core jar provides org.apache.logging.log4j.core.impl.Log4jContextFactory. + The core jar provides org.apache.logging.log4j.core + .impl.Log4jContextFactory. @@ -1708,7 +1719,8 @@ public class AwesomeTest { log4j.configurationFactory - Fully specified class name of a class extending org.apache.logging.log4j.core.config.ConfigurationFactory. + Fully specified class name of a class extending org.apache.logging.log4j.core + .config.ConfigurationFactory. If specified, an instance of this class is added to the list of configuration factories. @@ -2023,6 +2035,16 @@ public class AwesomeTest { +log4j2.statusLoggerDateformat +LOG4J_STATUS_LOGGER_DATEFORMAT +log4j2.StatusLogger.dateformat +"/MM/dd HH:mm:ss:SSS zzz" + + Date-time format string to use as th
[1/2] logging-log4j2 git commit: LOG4J2-2250 The internal status logger timestamp format is now configurable with system property `log4j2.StatusLogger.dateformat`.
Repository: logging-log4j2 Updated Branches: refs/heads/release-2.x 8e803e788 -> 7588d3fd1 LOG4J2-2250 The internal status logger timestamp format is now configurable with system property `log4j2.StatusLogger.dateformat`. Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/377570da Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/377570da Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/377570da Branch: refs/heads/release-2.x Commit: 377570dac80ab636745ee0fd937cde318db4acc8 Parents: 8e803e7 Author: rpopma Authored: Fri Feb 16 12:58:17 2018 +0900 Committer: rpopma Committed: Fri Feb 16 12:58:17 2018 +0900 -- .../logging/log4j/status/StatusLogger.java | 10 ++- src/site/xdoc/manual/configuration.xml.vm | 28 +--- 2 files changed, 34 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/377570da/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java -- diff --git a/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java b/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java index 25e85ff..57da8f9 100644 --- a/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java +++ b/log4j-api/src/main/java/org/apache/logging/log4j/status/StatusLogger.java @@ -64,6 +64,13 @@ public final class StatusLogger extends AbstractLogger { */ public static final String DEFAULT_STATUS_LISTENER_LEVEL = "log4j2.StatusLogger.level"; +/** + * System property that can be configured with a date-time format string to use as the format for timestamps + * in the status logger output. See {@link java.text.SimpleDateFormat} for supported formats. + * @since 2.11.0 + */ +public static final String STATUS_DATE_FORMAT = "log4j2.StatusLogger.dateformat"; + private static final long serialVersionUID = 2L; private static final String NOT_AVAIL = "?"; @@ -96,7 +103,8 @@ public final class StatusLogger extends AbstractLogger { private StatusLogger(final String name, final MessageFactory messageFactory) { super(name, messageFactory); -this.logger = new SimpleLogger("StatusLogger", Level.ERROR, false, true, false, false, Strings.EMPTY, +this.logger = new SimpleLogger("StatusLogger", Level.ERROR, false, true, false, false, +System.getProperty(STATUS_DATE_FORMAT, Strings.EMPTY), messageFactory, PROPS, System.err); this.listenersLevel = Level.toLevel(DEFAULT_STATUS_LEVEL, Level.WARN).intLevel(); http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/377570da/src/site/xdoc/manual/configuration.xml.vm -- diff --git a/src/site/xdoc/manual/configuration.xml.vm b/src/site/xdoc/manual/configuration.xml.vm index 77c5f82..55b398d 100644 --- a/src/site/xdoc/manual/configuration.xml.vm +++ b/src/site/xdoc/manual/configuration.xml.vm @@ -1623,7 +1623,17 @@ public class AwesomeTest { column contains the name used in properties files and system properties; Environemt Variable for the equivalent environment variable; and Legacy Property Name for the pre-2.10 name. - + + * { // this works for all but td + word-wrap:break-word; + } + + table { // this somehow makes it work for td + table-layout:fixed; + width:100%; + } + + Log4j 2 global configuration properties Property Name @@ -1699,7 +1709,8 @@ public class AwesomeTest { org.apache.logging.log4j.simple .SimpleLoggerContextFactory Factory class used by LogManager to bootstrap the logging implementation. - The core jar provides org.apache.logging.log4j.core.impl.Log4jContextFactory. + The core jar provides org.apache.logging.log4j.core + .impl.Log4jContextFactory. @@ -1708,7 +1719,8 @@ public class AwesomeTest { log4j.configurationFactory - Fully specified class name of a class extending org.apache.logging.log4j.core.config.ConfigurationFactory. + Fully specified class name of a class extending org.apache.logging.log4j.core + .config.ConfigurationFactory. If specified, an instance of this class is added to the list of configuration factories. @@ -2023,6 +2035,16 @@ public class AwesomeTest { +log4j2.statusLoggerDateformat +LOG4J_STATUS_LOGGER_DATEFORMAT +log4j2.StatusLogger.dateformat +"/MM/dd HH:mm:ss:SSS zzz" + + Date-time format string to use as the format for timestamps + i
[2/2] logging-log4j2 git commit: LOG4J2-2250 update change log (configurable status logger timestamps)
LOG4J2-2250 update change log (configurable status logger timestamps) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/7588d3fd Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/7588d3fd Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/7588d3fd Branch: refs/heads/release-2.x Commit: 7588d3fd1304994834233324fdb8584258864bb8 Parents: 377570d Author: rpopma Authored: Fri Feb 16 12:59:09 2018 +0900 Committer: rpopma Committed: Fri Feb 16 12:59:09 2018 +0900 -- src/changes/changes.xml | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/7588d3fd/src/changes/changes.xml -- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 7cc647b..83a5e09 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -31,6 +31,9 @@ - "remove" - Removed --> + +The internal status logger timestamp format is now configurable with system property `log4j2.StatusLogger.dateformat`. + Removed unnecessary dependency on jcommander since Log4j uses embedded picocli since 2.9.
logging-log4j2 git commit: Add TOC for Maven, Ivy, Gradle Artifacts page to left-nav menu
Repository: logging-log4j2 Updated Branches: refs/heads/release-2.x 01a57ad14 -> 8e803e788 Add TOC for Maven, Ivy, Gradle Artifacts page to left-nav menu (cherry picked from commit 1175e4a) Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/8e803e78 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/8e803e78 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/8e803e78 Branch: refs/heads/release-2.x Commit: 8e803e7880cb7c4bb4eca0843fbaaa29a2a3a978 Parents: 01a57ad Author: rpopma Authored: Sun Feb 11 17:47:43 2018 +0900 Committer: rpopma Committed: Sun Feb 11 17:49:00 2018 +0900 -- src/site/site.xml | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/8e803e78/src/site/site.xml -- diff --git a/src/site/site.xml b/src/site/site.xml index 6e0ac62..b30d201 100644 --- a/src/site/site.xml +++ b/src/site/site.xml @@ -37,7 +37,15 @@ - + + + + + + + + +
logging-log4j2 git commit: Add TOC for Maven, Ivy, Gradle Artifacts page to left-nav menu
Repository: logging-log4j2 Updated Branches: refs/heads/master c580bb7be -> 1175e4a89 Add TOC for Maven, Ivy, Gradle Artifacts page to left-nav menu Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/1175e4a8 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/1175e4a8 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/1175e4a8 Branch: refs/heads/master Commit: 1175e4a89809d8fba68c5a25d0b780d2f044fbfe Parents: c580bb7 Author: rpopma Authored: Sun Feb 11 17:47:43 2018 +0900 Committer: rpopma Committed: Sun Feb 11 17:47:43 2018 +0900 -- src/site/site.xml | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/1175e4a8/src/site/site.xml -- diff --git a/src/site/site.xml b/src/site/site.xml index 6e0ac62..b30d201 100644 --- a/src/site/site.xml +++ b/src/site/site.xml @@ -37,7 +37,15 @@ - + + + + + + + + +
[logging-log4j2] Git Push Summary
Repository: logging-log4j2 Updated Branches: refs/heads/LOG4J2-1883-instant-field [deleted] 4354f5193
logging-log4j2 git commit: Update changes.xml: moved JIRA tickets that are not included in the 2.11 release to the 3.0 section
Repository: logging-log4j2 Updated Branches: refs/heads/master 041fe8ffe -> a9e8f525a Update changes.xml: moved JIRA tickets that are not included in the 2.11 release to the 3.0 section Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/a9e8f525 Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/a9e8f525 Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/a9e8f525 Branch: refs/heads/master Commit: a9e8f525a20d92d85caf6c4e4de22d45b0a98c2c Parents: 041fe8f Author: rpopma Authored: Thu Feb 1 21:08:50 2018 +0900 Committer: rpopma Committed: Thu Feb 1 21:08:50 2018 +0900 -- src/changes/changes.xml | 40 +--- 1 file changed, 21 insertions(+), 19 deletions(-) -- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/a9e8f525/src/changes/changes.xml -- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 2f21b0f..469493a 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -30,13 +30,33 @@ - "update" - Change - "remove" - Removed --> - + Renamed package core.util.datetime to core.time.internal.format to clarify these classes are to be considered private. Moved time-related classes from core.util to core.time. Classes considered private moved to core.time.internal. + +Split off ZeroMq/JeroMq support into a new module log4j-jeromq. + + +Split off Kafka support into a new module log4j-kafka. + + +Split off SMTP support into a new module log4j-smtp. + + +Move CSV layout from log4j-core to a new module log4j-csv. + + +Move JMS code to a new module log4j-jms. + + +Move JDBC code to a new module log4j-jdbc. + + + Removed unnecessary dependency on jcommander since Log4j uses embedded picocli since 2.9. @@ -173,24 +193,6 @@ Update Jackson from 2.9.3 to 2.9.4. - -Split off ZeroMq/JeroMq support into a new module log4j-jeromq. - - -Split off Kafka support into a new module log4j-kafka. - - -Split off SMTP support into a new module log4j-smtp. - - -Move CSV layout from log4j-core to a new module log4j-csv. - - -Move JMS code to a new module log4j-jms. - - -Move JDBC code to a new module log4j-jdbc. -