[logging-log4j2] branch log4j-2.12 updated: [DOC] Update release notes for 2.12.3

rpopma Sun, 19 Dec 2021 17:02:15 -0800

This is an automated email from the ASF dual-hosted git repository.

rpopma pushed a commit to branch log4j-2.12
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git



The following commit(s) were added to refs/heads/log4j-2.12 by this push:
     new 7226a94  [DOC] Update release notes for 2.12.3
7226a94 is described below

commit 7226a94879eba7c15b0c46a006794c9bae48c4a4
Author: rpopma <rpo...@apache.org>
AuthorDate: Mon Dec 20 10:01:42 2021 +0900

    [DOC] Update release notes for 2.12.3
---
 RELEASE-NOTES.md | 42 +++++++++++++++++++++++++++++-------------
 1 file changed, 29 insertions(+), 13 deletions(-)

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 07dddce..dce21db 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -14,9 +14,9 @@
  See the License for the specific language governing permissions and
  limitations under the License.
 -->
-# Apache Log4j 2.12.2 Release Notes
+# Apache Log4j 2.12.3 Release Notes
 
-The Apache Log4j 2 team is pleased to announce the Log4j 2.12.2 release!
+The Apache Log4j 2 team is pleased to announce the Log4j 2.12.3 release!
 
 Apache Log4j is a well known framework for logging application behavior. Log4j 
2 is an upgrade
 to Log4j that provides significant improvements over its predecessor, Log4j 
1.x, and provides
@@ -27,31 +27,47 @@ temporary objects) while logging. In addition, Log4j 2 will 
not lose events whil
 
 The artifacts may be downloaded from 
https://logging.apache.org/log4j/2.x/download.html.
 
-This release contains bugfixes and minor enhancements.
+This release contains the changes noted below:
+
+* Address CVE-2021-45105.
+* Require components that use JNDI to be enabled individually via system 
properties.
+* Remove LDAP and LDAPS as supported protocols from JNDI.
 
 Due to a break in compatibility in the SLF4J binding, Log4j now ships with two 
versions of the SLF4J to Log4j adapters.
 log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and 
log4j-slf4j18-impl should be used with SLF4J 1.8.x and
-later.
+later. SLF4J-2.0.0 alpha releases are not fully supported. See 
https://issues.apache.org/jira/browse/LOG4J2-2975 and
+https://jira.qos.ch/browse/SLF4J-511.
 
-This release addresses CVE-2021-44228 for users still using Java 7 by 
disabling JNDI by default, only allowing the java
-protocol when JNDI is enabled, making the JNDI Lookup inoperable, and removing 
the message lookup capability.
+Some of the changes in Log4j 2.12.3 include:
 
-The Log4j 2.12.2 API, as well as many core components, maintains binary 
compatibility with previous releases.
+* Disable recursive evaluation of Lookups during log event processing. 
Recursive evaluation is still allowed while
+generating the configuration.
+* The JndiLookup, JndiContextSelector, and JMSAppender now require individual 
system properties to be enabled.
+* Removed support for the LDAP and LDAPS protocols via JNDI.
 
-## GA Release 2.12.2
+## GA Release 2.12.3
 
 Changes in this version include:
 
 
 ### Fixed Bugs
-* [LOG4J-3220](https://issues.apache.org/jira/browse/LOG4J-3220):
-Disable JNDI by default, remove JNDI Lookup, remove message lookups. When 
enabled JNDI only supports the
-        java protocol.
+* [LOG4J2-3230](https://issues.apache.org/jira/browse/LOG4J2-3230):
+    Fix string substitution recursion.
+* [LOG4J2-3242](https://issues.apache.org/jira/browse/LOG4J2-3242):
+    Limit JNDI to the java protocol only. JNDI will remain disabled by 
default. Rename JNDI enablement property from 'log4j2.enableJndi' to 
'log4j2.enableJndiLookup', 'log4j2.enableJndiJms', and 
'log4j2.enableJndiContextSelector'.
+* [LOG4J2-3241](https://issues.apache.org/jira/browse/LOG4J2-3241):
+    Do not declare log4j-api-java9 and log4j-core-java9 as dependencies as it 
causes problems with the Maven enforcer plugin.
+* [LOG4J2-3247](https://issues.apache.org/jira/browse/LOG4J2-3247):
+    PropertiesConfiguration.parseAppenderFilters NPE when parsing properties 
file filters.
+* [LOG4J2-3249](https://issues.apache.org/jira/browse/LOG4J2-3249):
+    Log4j 1.2 bridge for Syslog Appender defaults to port 512 instead of 514.
+* [LOG4J2-3237](https://issues.apache.org/jira/browse/LOG4J2-3237):
+    Log4j 1.2 bridge API hard codes the Syslog protocol to TCP.
 
 
 ---
 
-Apache Log4j 2.12.2 requires a minimum of Java 7 to build and run. Log4j 2.3 
was the
+Apache Log4j 2.12.3 requires a minimum of Java 7 to build and run. Log4j 2.3 
was the
 last release that supported Java 6.
 
 Basic compatibility with Log4j 1.x is provided through the log4j-1.2-api 
component, however it
@@ -62,4 +78,4 @@ with log4j 1.x.
 For complete information on Apache Log4j 2, including instructions on how to 
submit bug
 reports, patches, or suggestions for improvement, see the Apache Apache Log4j 
2 website:
 
-https://logging.apache.org/log4j/2.x/
\ No newline at end of file
+https://logging.apache.org/log4j/2.x/

[logging-log4j2] branch log4j-2.12 updated: [DOC] Update release notes for 2.12.3

Reply via email to