apache-log4j2 2.17.0-1 source package in Ubuntu

Changelog

apache-log4j2 (2.17.0-1) unstable; urgency=high

  * Team upload.
  * New upstream version 2.17.0.
    - Fix CVE-2021-45105:
      Apache Log4j2 did not protect from uncontrolled recursion from
      self-referential lookups. When the logging configuration uses a
      non-default Pattern Layout with a Context Lookup (for example,
      $${ctx:loginId}), attackers with control over Thread Context Map (MDC)
      input data can craft malicious input data that contains a recursive
      lookup, resulting in a denial of service. (Closes: #1001891)
      Thanks to Salvatore Bonaccorso for the report.

 -- Markus Koschany <email address hidden>  Sat, 18 Dec 2021 17:09:22 +0100

Upload details

Uploaded by:
Debian Java Maintainers
Uploaded to:
Sid
Original maintainer:
Debian Java Maintainers
Architectures:
all
Section:
misc
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Jammy: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
apache-log4j2_2.17.0-1.dsc 2.9 KiB 44e3a04ac63579338c8e9b5c59850898e76a307bcf8271303447afa62c197f81
apache-log4j2_2.17.0.orig.tar.xz 1.2 MiB 7c9a8976f9672bf7cc31ded21b2dddc5f6a3cee4621e53dfe5aab65ef82eae24
apache-log4j2_2.17.0-1.debian.tar.xz 7.3 KiB 54b041799a600845d65c97ecf35e41c4129b5dbfee68f9cd96b1b1d60b49e615

Available diffs

No changes file available.

Binary packages built by this source

liblog4j2-java: Apache Log4j - Logging Framework for Java

 Apache Log4j 2 is an upgrade to Log4j that provides significant improvements
 over its predecessor, Log4j 1.x:
 .
 API Separation: The API for Log4j is separate from the implementation making
 it clear for application developers which classes and methods they can use
 while ensuring forward compatibility.
 .
 Improved Performance: Log4j 2 contains next-generation Asynchronous Loggers
 based on the LMAX Disruptor library. In multi-threaded scenarios Asynchronous
 Loggers have 10 times higher throughput and orders of magnitude lower latency
 than Log4j 1.x.
 .
 Support for multiple APIs: While the Log4j 2 API will provide the best
 performance, Log4j 2 provides support for the SLF4J and Commons Logging APIs.
 .
 Automatic Reloading of Configurations: Log4j 2 can automatically reload its
 configuration upon modification. It will do so without losing log events
 while reconfiguration is taking place.
 .
 Advanced Filtering: Log4j 2 supports filtering based on context
 data, markers, regular expressions, and other components in the Log event.
 Filtering can be specified to apply to all events before being passed to
 Loggers or as they pass through Appenders.
 .
 Plugin Architecture: Log4j uses the plugin pattern to configure components.
 As such, no code is needed to create and configure an Appender, Layout,
 Pattern Converter, and so on. Log4j automatically recognizes plugins
 and uses them when a configuration references them.
 .
 Property Support: Properties can be referenced in a configuration, Log4j will
 directly replace them, or Log4j will pass them to an underlying component that
 will dynamically resolve them. Properties come from values defined in the
 configuration file, system properties, environment variables, the
 ThreadContext Map, and data present in the event.