2.24.1

This release contains mainly bug fixes of problems encountered with the thread context map, logger registry and configuration reloading.

It also enhances integration tests to use Docker images of the most recent releases of MongoDB and Elastic Search.

Changed

• Rework LoggerRegistry to make it MessageFactory-namespaced.
  This effectively allows loggers of same name, but different message factory. (#2936)
• Enable Docker-based tests in CI for JSON Template Layout (#2953)

Fixed

• Switch MongoDB tests to use Docker. (#2229)
• Fix reloading of the configuration from an HTTP(S) source (#2937)
• Fix putAll() in the default thread context map implementation (#2942)

Updated

• Update org.apache.logging:logging-parent to version 11.3.0

2.24.0

The 2.24.0 version of Log4j API has been enhanced with changes from the 3.x branch and will be used by both Log4j 2 Core and Log4j 3 Core releases. The changes include:

• A faster default ThreadContextMap.
• Enhanced GraalVM support: native binaries that use Log4j API will no longer require additional GraalVM configuration.
• The configuration properties subsystem now only accepts the official pre-2.10 property names and the normalized post-2.10 names.
  Check your configuration for typos.

Documentation

The Apache Log4j 2 website has been almost entirely rewritten to provide improved documentation and faster access to the information you need.

Bridges

The JUL-to-Log4j API and Log4j 1-to-Log4j API bridges will no longer be able to modify the configuration of Log4j Core by default.
If such a functionality is required, it must be explicitly enabled.

Modules

The following Log4j Core additional modules have been removed:

• log4j-flume-ng
  The module is no longer part of the release process and will follow its own release lifecycle.
  Please manage your dependencies using log4j-bom to always use its latest version.

• log4j-kubernetes
  The module has been moved to the Fabric8.io Kubernetes project and follows the Fabric8.io release lifecycle.

• log4j-mongodb3
  The module based on MongoDB Java client version 3.x has been removed.
  Please migrate to log4j-mongodb (client version 5.x) or log4j-mongodb4 (client version 4.x).

JMX changes

Starting in version 2.24.0, JMX support is disabled by default and can be re-enabled via the log4j2.disableJmx=false system property.

Added

• Add a faster DefaultThreadContextMap implementation. (#2330)
• Add Logback throwable-consuming semantics as an option inlog4j-slf4j-impl and log4j-slf4j2-impl.
  Users can enable it by setting the property log4j2.messageFactory to org.apache.logging.slf4j.message.ThrowableConsumingMessageFactory. (#2363)

• Add trace context fields to GcpLayout.json (#2498)
• Add "Plugin Reference" to the website. It is a Javadoc-on-steroids focusing on Log4j plugins. (#1954)
• Automate website deployment using the new CI infrastructure shipped with org.apache.logging:logging-parent:11.0.0

Changed

• Fix usage of log4j-api in GraalVM without additional reachability data. (#1539)
• Ignore exceptions thrown by PropertySources. (Spirng-33450)
• Add logging to PropertiesUtil and fix Duration parser. (#1936)
• Disable level modification via JUL by default. (#2353)
• Centralize initialization in the Provider class and deprecate log4j2.loggerContextFactory property. (#2374)
• Remove log4j-kubernetes lookup. User should migrate to io.fabric8:kubernetes-log4j. (#2412)
• Disable JMX support by default. Require log4j2.disableJmx to be set to false to enable JMX support. (#2462)
• Replace some usages of DateTimeFormatter#toString() with DateTimeFormatter#formatTo(StringBuilder) to cut down on allocations
  (#2515)
• Disable programmatic configuration in Log4j 1 Bridge if log4j1.compatibility is false. (#2778)
• Improve missing plugin descriptor warnings. (#2835)
• Remove configuration properties caching and (undocumented) fuzzy property name matching. (#2849)
• Fixes property source ordering to account for different sources with the same priority. (LOG4J2-3618)
• Prioritize user-defined values of log4j2.enableThreadLocals,log4j2.garbagefreeThreadContextMap and log4j2.shutdownHookEnabled
  over the value of log4j.isWebapp. (#2517)
• Disallow duplicate keys in JSON Template Layout templates
• Deprecate log4j2.defaultStatusLevel property in Log4j Core in favor of log4j2.statusLoggerLevel (#2481)
• Add module log4j-mongodb to track the current MongoDB driver (currently version 5). (#2486)
• Remove module log4j-mongodb3, use log4j-mongodb instead, log4j-mongodb4 is deprecated for removal. (#2486)

Deprecated

• Deprecate Message#getFormat() due to unclear semantics andinconsistent implementations (#2773)
• Deprecate org.apache.logging.log4j.EventLogger for removal (#2665)
• Deprecate org.apache.logging.log4j.core.appender.rolling.action.Duration class for removal (#2425)
• Deprecate the log4j-mongodb4 module in favor of log4j-mongodb (#2486)

Fixed

• Use FQDN in RFC5424 Layout. (#1740)
• Fix custom thread-context data provider handling in lookups and filters. (#2331)
• Fix handling of log4j2.messageFactory and log4j2.flowMessageFactory properties (#2505)
• Discard blank keys in PropertiesUtil (#2414)
• Fix handling of log4j2.debug. (#2703)
• Fix location requirement for the %F and %file keys in Pattern Layout (#2781)
• Fix JsonLayout failure under JPMS. (#2814)
• Fix empty string handling for TruncatingBufferedWriter (#2609)
• Fix that parameterized message formatting throws an exception when there are insufficient number of parameters. It previously simply
  didn't replace the '{}' sequence. The behavior changed in 2.21.0 and should be restored for backward compatibility. (#2380)
• Fix ClassCastException in LMAX Disruptor 3 initialization (#2768)
• Fix requirement on the java.management module when JMX is disabled, which is the default (#2775)
• Website is migrated to Antora with several formatting and link fixes (#2427)

Removed

• Move Flume Appender to its own release lifecycle. (#2902)

Updated

• Update com.fasterxml.jackson:jackson-bom to version 2.17.2 (#2719)
• Update com.github.luben:zstd-jni to version 1.5.6-5 (#2901)
• Update commons-codec:commons-codec to version 1.17.1 (#2741)
• Update commons-logging:commons-logging to version 1.3.4 (#2864)
• Update github/codeql-action to version 3.25.1 (#2483)
• Update io.fabric8:docker-maven-plugin to version 0.45.0 (#2776)
• Update org.apache.cassandra:cassandra-all to version 3.11.17 (#2479)
• Update org.apache.commons:commons-compress to version 1.27.1 (#2869)
• Update org.apache.commons:commons-csv to version 1.11.0 (#2565)
• Update org.apache.commons:commons-lang3 to version 3.17.0 (#2907)
• Update org.apache.kafka:kafka-clients to version 3.8.0 (#2777)
• Update org.apache.logging:logging-parent to version 11.2.0
• Update org.eclipse.jetty:jetty-bom to version 9.4.55.v20240627 (#2709)
• Update org.jctools:jctools-core to version 4.0.5 (#2637)
• Update log4j-mongodb4 org.mongodb:* from 4.11.1 to 4.11.2 (#2409)
• Update org.mongodb:bson to version 5.1.3 (#2823)
• Update org.slf4j:slf4j-api to version 2.0.16 (#2829)
• Update org.springframework:spring-framework-bom to version 5.3.39 (#2840)

2.23.1

This release contains several small fixes and some dependency updates.

Changed

• Improve performance of CloseableThreadContext#closeMap() (#2296)

Fixed

• Fix handling of LoggerContextAware lookups (#2309)
• Fix NPE in PatternProcessor for a UNIX_MILLIS pattern (#2346)
• Fix that parameterized message formatting doesn't throw an exception when there are insufficient number of parameters (#2343)
• Fix StatusLogger log level filtering when debug mode is enabled (#2337)
• Add log4j2.StatusLogger.dateFormatZone system property to set the time-zone StatusLogger uses to format java.time.Instant. Without this, formatting patterns accessing to time-zone-specific fields (e.g., year-of-era) cause failures. (#2322)
• Fix StatusLogger to correctly read log4j2.StatusLogger.properties resource (#2354)
• Fix stack overflow in StatusLogger (#2322)

Updated

• Update jakarta.activation:jakarta.activation-api to version 2.1.3 (#2335)
• Update jakarta.mail:jakarta.mail-api to version 2.1.3 (#2348)
• Update org.apache.commons:commons-compress to version 1.26.0 (#2304)
• Update org.apache.commons:commons-dbcp2 to version 2.12.0 (#2344)
• Update org.apache.kafka:kafka-clients to version 3.7.0 (#2326)
• Update org.eclipse.angus:angus-activation to version 2.0.2 (#2336)
• Update org.eclipse.angus:jakarta.mail to version 2.0.3 (#2349)

3.0.0-beta2

This release provides a continuation of the modularization process of Log4j Core.

The following features were moved to separate artifacts:

• The async logger feature was moved to log4j-async-logger and it was upgraded to use LMAX Disruptor 4.x. The async appender is still available by default in log4j-core.
• The YAML configuration is available now in log4j-config-yaml.
• The Java properties configuration was removed and replaced with a similar format based on jackson-dataformat-properties in a new log4j-config-properties artifact.

Other features were removed:

• Jetty 9.x users are encouraged to migrate to Jetty 10.x or later and replace log4j-appserver with log4j-slf4j2-impl.
• Tomcat JULI support will be available from a third-party (cf. copernik-eu/log4j-plugins).
• Apache Commons Logging users are encouraged to upgrade commons-logging to version 1.3.0 or later and remove log4j-jcl.
• Support for the XML layout was dropped.
• Support for JMX was dropped and will be replaced with a more recenttechnology.

Added

• Add and update DSLs for setting up dependency injection for test and non-test code. (#2147)
• Add a ConfigurationExtension mechanism to allow third-party JARs to extend the <Configuration> element.
• Add a new properties configuration factory based on jackson-dataformat-properties.

Changed

• Change the order of evaluation of FormattedMessage formatters. Messages are evaluated using java.util.Format only if they don't comply to the java.text.MessageFormat or ParameterizedMessage format. (#1223)
• Split off async logger support into a new log4j-async-logger module.
• Split off YAML configuration into a new log4j-config-yaml module.

Fixed

• Rewrote message parameter formatter with improved escape handling (#1626)
• The MongoDb4 appender now supports long values to configure collectionSize (#1747)
• Mark JdkMapAdapterStringMap as frozen if map is immutable. (#2098)
• Fix regression in JdkMapAdapterStringMap performance. (#2238)
• Prevents ClassCastException when trying to assign a SimpleLoggerContext to a core LoggerContext (LOG4J2-1921)
• Possible NullPointerException in MongoDb4DocumentObject, MongoDbDocumentObject, DefaultNoSqlObject. (LOG4J2-3392)
• Fix NPE in CloseableThreadContext. (#1426)
• Fix NPE in RollingFileManager. (#1645)
• Fix log4j-spring-cloud-config-client dependencies to include only those required. (2157)
• Workaround a Coursier/Ivy dependency resolution bug affecting log4j-slf4j-impl and log4j-mongodb3. (#2065)

Removed

• Removed legacy 2.x properties configuration factory.
• Removed DefaultLogEventFactory
• Removed log4j-appserver module (#2257)
• Removed org.apache.logging.log4j.core.parser and related packages. (#2154)
• Removed log4j-jcl module (#2257)
• Removed JMX support.
• Remove log4j-layout-jackson module (#2198)
• Remove log4j-layout-jackson-xml module (#2198)
• Remove log4j2.enable.threadlocals property (#2105)

Updated

• Update com.fasterxml.jackson:jackson-bom to version 2.16.1 (#2127)
• Update commons-codec:commons-codec to version 1.16.1 (#2276)
• Update io.netty:netty-bom to version 4.1.107.Final (#2283)
• Update org.apache.logging:logging-parent to version 10.6.0 (#2193)
• Update org.apache.tomcat:tomcat-juli to version 10.1.18 (#2176)
• Update org.eclipse.jetty:jetty-bom to version 9.4.54.v20240208 (#2285)
• Update org.jctools:jctools-core to version 4.0.3 (#2267)
• Update org.slf4j:slf4j-api to version 2.0.10 (#2136)
• Update org.springframework.boot:spring-boot-autoconfigure to version 3.2.2 (#2222)
• Update org.springframework.cloud:spring-cloud-context to version 4.1.1 (#2236)
• Update org.springframework:spring-framework-bom to version 6.1.4 (#2294)

2.23.0

This release adds support for LMAX Disruptor 4.x and several performance and bug fixes.

In order to maintain compatibility with JRE 8, support for LMAX Disruptor 3.x is maintained.

Added

• Added support for LMAX Disruptor 4.x (#1821)

Changed

• Simplify BND configuration after upgrade from version 6.4.1 to 7.0.0

Deprecated

• Deprecate the configuration attribute verbose (i.e., <Configuration verbose="...") and StatusConsoleListener filters (#2226)
• Deprecated the RingBufferLogEventHandler class for removal from the public API in 3.x

Fixed

• Fix regression in JdkMapAdapterStringMap performance. (#2238)
• Fix the behavior of Logger#setLevel and Logger#getLevel in the Log4j 1.2 bridge. (#2282)
• Fix the behavior of CoreLogger#getLevel and CoreLogger#setLevel in the log4j-jul module. (#2282)
• Allow deserialization of all arrays of allowed classes. (LOG4J2-3680)
• Allow the node to appear in any position in the configuration element.
• Fix forgotten threadName field in RingBufferLogEvent#clear(). (#2234)
• Fix StringBuilder cache corruption on recursive access.
• Fixed use of SecurityManager in LoaderUtil where AccessController::doPrivileged should only be invoked when a SecurityManager is installed. Some runtimes do not seem to have this method available. (#2129)
• Fix log4j-spring-cloud-config-client dependencies to include only those required. (#2157)
• Fix typo in Kubernetes clientKeyData configuration property.

Updated

• Update com.fasterxml.jackson:jackson-bom to version 2.16.1 (#2126)
• Update commons-codec:commons-codec to version 1.16.1 (#2277)
• Update io.netty:netty-bom to version 4.1.107.Final (#2284)
• Update org.apache.logging:logging-parent to version 10.6.0 (#2197)
• Update org.eclipse.jetty:jetty-bom to version 9.4.54.v20240208 (#2287)
• Update org.jctools:jctools-core to version 4.0.3 (#2270)
• Update org.springframework:spring-framework-bom to version 5.3.32 (#2293)
• Update org.zeromq:jeromq to version 0.6.0 (#2271)

3.0.0-beta1

This is the first beta release of the upcoming major release, i.e., 3.0.0.

Added

• Add annotations for nullability. (LOG4J2-1477)
• Remove deprecated code. (LOG4J2-2493)
• Add a more generalized dependency injection system to plugins inspired by JSR 330. (LOG4J2-2803)
• Add and enhance structured properties for per-context settings outside configuration files. (LOG4J2-3299[LOG4J2-3299], #1473)
• Automate artifact publishing and release preparation. (LOG4J2-3466)
• Add support for dependency injection of plugins into container types such as Optional<T>, Collection<T>, Set<T>, Stream<T>, List<T>, and Map<String, T>. (LOG4J2-3496)
• Add support for ConstraintValidator in plugin classes. (LOG4J2-3497)

Changed

• Remove liquibase-log4j2 maven module (#1193)
• Make the output of annotation processing reproducible. (#1520)
• Replace synchronized blocks with locks for improved performance with virtual threads. (#1532)
• Removes additional isFiltered checks in AsyncLoggerConfig. (#1550)
• Ignore exceptions thrown by PropertySources. Eliminate ClassCastException when SimpleLoggerContext is used. (spring-projects/spring-boot#33450, #1799)
• Update com.lmax:disruptor to version 4.0.0 (#1829)
• Migrate most tests to JUnit 5. This includes a more powerful set of test extensions. (LOG4J2-2653)
• Make Log4j use its own BOM. (LOG4J2-3511)
• Change encoding of HTTP Basic Authentication to UTF-8. (#1970)
• Upgraded the required compiler version to Java 17
• Upgraded the required runtime version to Java 17
• Update actions/checkout to version 4.1.1 (#1869)
• Update actions/setup-java to version 3.13.0 (#1809)
• Update actions/setup-python to version 4.7.1 (#1831)
• Update ch.qos.logback:logback-classic to version 1.4.14 (#2028)
• Update com.datastax.cassandra:cassandra-driver-core to version 3.11.5 (#1889)
• Update com.fasterxml.jackson:jackson-bom to version 2.16.0 (#1974)
• Update com.github.luben:zstd-jni to version 1.5.5-11 (#2032)
• Update com.github.spotbugs:spotbugs-maven-plugin to version 4.7.3.6 (#1879)
• Update com.github.tomakehurst:wiremock-jre8 to version 2.35.1 (#1765)
• Update com.google.code.java-allocation-instrumenter:java-allocation-instrumenter to version 3.3.4 (#2102)
• Update com.google.errorprone:error_prone_core to version 2.23.0 (#1871)
• Update com.google.guava:guava-testlib to version 32.1.3-jre (#1934)
• Update com.h2database:h2 to version 2.2.224 (#1917)
• Update commons-codec:commons-codec to version 1.16.0 (#2054)
• Update commons-io:commons-io to version 2.15.1 (#2035)
• Update commons-logging:commons-logging to version 1.3.0 (#2046)
• Update de.flapdoodle.reverse:de.flapdoodle.reverse to version 1.7.2 (#2000)
• Update io.netty:netty-bom to version 4.1.104.Final (#2097)
• Update net.java.dev.jna:jna to version 5.14.0 (#2082)
• Update org.apache.aries.spifly:org.apache.aries.spifly.dynamic.bundle to version 1.3.7 (#2053)
• Update org.apache.commons:commons-compress to version 1.25.0 (#2055)
• Update org.apache.commons:commons-csv to version 1.10.0 (#2041)
• Update org.apache.commons:commons-dbcp2 to version 2.11.0 (#2044)
• Update org.apache.commons:commons-lang3 to version 3.14.0 (#2036)
• Update org.apache.commons:commons-pool2 to version 2.12.0 (#2038)
• Update org.apache.groovy:groovy-bom to version 4.0.16 (#2039)
• Update org.apache.maven:maven-core to version 3.9.6 (#2049)
• Update org.apache.maven.surefire:surefire-junit47 to version 3.2.3 (#2091)
• Update org.apache.tomcat:tomcat-juli to version 10.1.17 (#2086)
• Update org.codehaus.plexus:plexus-utils to version 3.5.1 (#2061)
• Update org.eclipse.jetty:jetty-bom to version 9.4.53.v20231009 (#1931)
• Update org.eclipse.persistence:org.eclipse.persistence.jpa to version 2.7.13 (#1933)
• Update org.eclipse.platform:org.eclipse.osgi to version 3.18.600 (#2064)
• Update org.elasticsearch.client:elasticsearch-rest-high-level-client to version 7.17.16 (#2085)
• Update org.graalvm.truffle:truffle-api to version 23.1.1 (#1872)
• Update org.jctools:jctools-core to version 4.0.2 (#1995)
• Update org.jmdns:jmdns to version 3.5.9 (#2069)
• Update org.junit:junit-bom to version 5.10.1 (#1993)
• Update org.junit-pioneer:junit-pioneer to version 2.2.0 (#1986)
• Update org.mockito:mockito-bom to version 5.8.0 (#2031)
• Update org.mongodb:bson to version 4.11.1 (#1991)
• Update org.springframework.boot:spring-boot to version 2.7.17 (#1902)
• Update org.springframework.boot:spring-boot-dependencies to version 2.7.18 (#2002)
• Update org.springframework:spring-framework-bom to version 5.3.30 (#1903)
• Update org.springframework:spring-test to version 5.3.31 (#1992)
• Update org.xerial.snappy:snappy-java to version 1.1.10.5 (#1877)
• Update org.zeromq:jeromq to version 0.5.4 (#1888)
• Update uk.org.webcompere:system-stubs-core to version 2.1.5 (#2001)
• Update OpenTest4J from version 1.2.0 to 1.3.0.

Removed

• Remove GelfLayout (a GELF-compatible layout is still possible using JSON Template Layout) (#1951)
• Remove log4j-cassandra (#1951)
• Remove log4j-couchdb (#1951)
• Remove Jackson-based JSON configuration support. JSON configuration files are now handled through a built-in JSON parser.
• Moved Log4j Jakarta EE modules (log4j-jakarta-jms, log4j-jakarta-smtp, and log4j-jakarta-web) to their own repository and website (#1966)
• Removed all Java EE modules: log4j-jms, log4j-jpa, log4j-smtp, log4j-web (#1966)
• Remove log4j-jeromq module (users are recommended to migrate to loghublog4j2) (#1951)
• Remove log4j-kafka (#1951)
• Remove log4j-layout-jackson-json module (it is superseded by JSON Template Layout) (#1951)
• Remove log4j-layout-jackson-yaml module (#1951)
• Remove legacy OSGi integration. ServiceLoader mechanism should be used instead.
• Remove log4j-mongodb3 module (#1951)
• Remove support for SecurityManager. Starting in Java 21, a custom SecurityManager cannot be used.
• Remove log4j-spring-boot module (its features are upstreamed to org.springframework.boot:spring-boot-starter-log4j2) (#1951)

Fixed

• Remove locale-dependent toLowerCase/toUpperCase calls. (#1281)
• Add environment variable arbiter. (#1312)
• Fixed logging of java.sql.Date objects by appending it before Log4J tries to call java.util.Date.toInstant() on it. (#1366)
• Adapt the OSGi metadata of log4j-api, log4j-core, log4j-slf4j-impl and log4j-slf4j2-impl to activate the bundle when it is accessed. To achieve that set the Bundle-ActivationPolicy to lazy for the log4j bundles. (#1367)
• Fix runtime dependencies documentation. (#1530)
• Allow to override fqcn in Log4jEventBuilder by implementing CallerBoundaryAware. (#1533)
• Migrate MongoDB tests to JUnit 5 and Flapdoodle Embedded MongoDB 4. (#1589)
• Fixed rollover strategy in the Log4j 1.x compatibility layer. (#1650)
• Only shutdown Log4j after last Log4jServletContextListener is executed. (#1782)
• Fixes context data loss if <AsyncLogger> components are used with an all async logger context. (#1786)
• AppenderLoggingException logging any exception to a MongoDB Appender. (LOG4J2-3392)

2.22.1

This release contains only dependency upgrades and bug fixes, which do not change the behavior of the artifacts.

While maintaining compatibility with Java 8, the artifacts in this release where generated using JDK 17, unlike version 2.22.0 that used JDK 11.

Fixed

• Mark JdkMapAdapterStringMap as frozen if map is immutable. (#2098)
• Fix NPE in CloseableThreadContext. (#1426)
• Use the module name of Conversant Media Disruptor from version 1.2.16+ of the library.
• Fix NPE in RollingFileManager. (#1645)
• Fix log4j-to-slf4j JPMS and OSGi descriptors. (#1983)
• Workaround a Coursier/Ivy dependency resolution bug affecting log4j-slf4j-impl and log4j-mongodb3. (#2065)

Updated

• Bumped the minimum Java version required for the build to Java 17. Runtime requirements remain unchanged. (#2021)
• Update com.github.luben:zstd-jni to version 1.5.5-11 (#2030)
• Update com.google.guava:guava to version 33.0.0-jre (#2110)
• Update commons-codec:commons-codec to version 1.16.0 (#2042)
• Update commons-io:commons-io to version 2.15.1 (#2034)
• Update commons-logging:commons-logging to version 1.3.0 (#2050)
• Update io.netty:netty-bom to version 4.1.104.Final (#2095)
• Update org.apache.commons:commons-compress to version 1.25.0 (#2045)
• Update org.apache.commons:commons-dbcp2 to version 2.11.0 (#2048)
• Update org.apache.commons:commons-lang3 to version 3.14.0 (#2047)
• Update org.apache.commons:commons-pool2 to version 2.12.0 (#2057)
• Update org.apache.kafka:kafka-clients to version 3.6.1 (#2068)
• Update org.apache.logging:logging-parent to version 10.5.0 (#2119)
• Update org.jctools:jctools-core to version 4.0.2 (#1984)
• Update org.springframework.boot:spring-boot to version 2.7.18 (#1998)
• Update org.springframework.cloud:spring-cloud-dependencies to version 2021.0.9 (#2109)

2.22.0

This releases provides a CycloneDX Software Bill of Materials (SBOM) along with each artifact and contains bug fixes addressing issues in the JPMS & OSGi infrastructure overhauled in 2.21.0, dependency updates, and some other minor fixes and improvements.

CycloneDX Software Bill of Materials (SBOM)

This is the first Log4j release that provides a CycloneDX Software Bill of Materials (SBOM) along with each artifact. Generated SBOMs are attached as artifacts with cyclonedx classifier and XML extensions, that is, <artifactId>-<version>-cyclonedx.xml. They contain vulnerability-assertion references to a CycloneDX Vulnerability Disclosure Report (VDR) that Apache Logging Services uses for all projects it maintains. This VDR is accessible through the following URL: https://logging.apache.org/cyclonedx/vdr.xml[]

SBOM generation is streamlined by logging-parent, see its website for details.

Changed

• Change the order of evaluation of FormattedMessage formatters. Messages are evaluated using java.util.Format only if they don't comply to the java.text.MessageFormat or ParameterizedMessage format. (#1223)
• Change default encoding of HTTP Basic Authentication to UTF-8 and add log4j2.configurationAuthorizationEncoding property to overwrite it. (#1970)
• Update com.fasterxml.jackson:jackson-bom to version 2.16.0 (#1974)
• Update com.github.luben:zstd-jni to version 1.5.5-10 (#1940)
• Update com.google.guava:guava to version 32.1.3-jre (#1875)
• Update io.netty:netty-bom to version 4.1.101.Final (#1960)
• Update org.eclipse.persistence:org.eclipse.persistence.jpa to version 2.7.13 (#1900)
• Update org.fusesource.jansi:jansi to version 2.4.1 (#1907)
• Update org.mongodb:bson to version 4.11.1 (#1957)
• Update org.springframework:spring-framework-bom to version 5.3.30
• Update org.springframework.boot:spring-boot to version 2.7.17 (#1874)
• Update org.springframework:spring-framework-bom to version 5.3.31 (#1973)
• Update org.zeromq:jeromq to version 0.5.4 (#1878)

Removed

• Removed unused FastDateParser which was causing unnecessary heap overhead (LOG4J2-3672, #1848)

Fixed

• Fix MDC pattern converter causing issues for %notEmpty (#1922)
• Export missing OSGi & JPMS modules in log4j-layout-template-json and log4j-1.2-api (#1895)
• Fix spring-test dependency scope change (LOG4J2-3675)
• Fix JPMS descriptors causing jlink issues (#1896)
• Add missing Implementation- and Specification- entries to MANIFEST.MF (implemented by logging-parent version 10.3.0 update) (#1923)
• Fix NotSerializableException thrown when Logger is serialized with a ReusableMessageFactory (#1884)

2.21.1

This patch release contains only the fix of a log4j-jcl bug that prevents it from connecting with commons-logging.

The Log4j 2.21.1 API, as well as the other artifacts, maintains binary compatibility with the previous release.

Apache Log4j 2.21.1 requires Java 8 to run.
The build requires JDK 11 and generates reproducible binaries.

For complete information on Apache Log4j 2, including instructions on how to submit bug reports, patches, get support, or suggestions for improvement, see the Apache Log4j 2 website.

Fixed

• Fixes the Apache Commons Logging (JCL) bridge: log4j-jcl. (#1865)

2.21.0

This release primarily focuses on enhancements to our OSGi and JPMS support and contains several bug fixes.
It will be the first release built and signed by the CI using the ASF Logging Services Release Manager GPG key,
which is shared in KEYS.

The Log4j 2.21.0 API, as well as the other artifacts, maintains binary compatibility with the previous release.

Apache Log4j 2.21.0 requires Java 8 to run.
The build requires JDK 11 and generates reproducible binaries.

For complete information on Apache Log4j 2, including instructions on how to submit bug reports, patches, get support, or suggestions for improvement, see the Apache Log4j 2 website.

OSGi changes

All the published artifacts are OSGi bundles or fragments.

This release introduces a change in the bundle symbolic names to allow them to function as JPMS module name: all hyphens - present in the bundle names of previous releases were replaced by dots ..

JPMS changes

All the published artifacts have been migrated from automatic modules to named JPMS modules.
All packages marked as private in the Javadoc are not exported.

The module name of four bridges (log4j-slf4j-impl, log4j-slf4j2-impl, log4j-to-jul and log4j-to-slf4j) have been changed to adhere to the same convention as the OSGi bundle names.

Added

• Added marker parent support to JsonTemplateLayout (#1381)
• Added ZStandard compression support (#1508, #1514)
• Added a warning for incorrect syntax of highlighting styles (#1545, #1637)

Changed

• Open FileExtension methods to allow their usage in custom RolloverStrategys (#1365, #1683)
• Bumped the minimum Java version required for the build to JDK 11. Runtime requirements remain unchanged. (#1369)
• Set the default minLevel and maxLevel of LevelRangeFilter to OFF and ALL, respectively (#1503)
• Removed additional isFiltered checks in AsyncLoggerConfig (#1550)
• Use Java version-specific warnings in StackLocator (#1760)
• Started logging a status error event instead of an NPE in OsgiServiceLocator.loadServices(Class, Lookup, boolean) when a bundle has no valid BundleContext for a service type
• Implemented a CI-based release process
• Update Eclipse Angus Activation to version 2.0.1 (#1591)
• Update Eclipse Angus Mail to version 2.0.2 (#1591)
• Update com.datastax.cassandra:cassandra-driver-core to version 3.11.5 (#1591)
• Update Apache Cassandra to version 3.11.16 (#1591)
• Update Apache Commons Compress to version 1.24.0 (#1591)
• Update Apache Commons CSV to version 1.10.0 (#1591)
• Update Jackson to version 2.15.2 (#1591)
• Update Jakarta Activation API to version 2.1.2 (#1591)
• Update Jakarta Mail API to version 2.1.2 (#1591)
• Update JCTools to version 4.0.1 (#1591)
• Update Apache Kafka to version 3.4.0 (#1591)
• Update Kubernetes client to version 5.12.4 (#1591)
• Update org.mongodb:mongodb-driver-core to version 4.10.2 (#1591)
• Update io.netty:netty-bom to version 4.1.97 (#1591)
• Update Spring Boot to version 2.7.15 (#1591)
• Update Spring Framework to version 5.3.29 (#1591)
• Update Tomcat JULI to version 10.0.27 (#1591)
• Update Woodstox to version 6.5.1 (#1591)

Removed

• Moved log4j-jmx-gui to its own repository along with its own release cycle

Fixed

• Added validation to rolling file manager path conditions (#1231)
• Adapted the OSGi metadata of log4j-to-slf4j to work with SLF4J 1 and 2. To achieve that used a version range of [1.7,3) for the imported SLF4J packages. (#1232)
• Fixed Javadoc failures (#1275, #1753)
• Removed locale-dependent toLowerCase/toUpperCase calls (#1281)
• Redirected old /<module>/apidocs URLs (broken in 2.20.0) to /javadoc/<module> (#1284)
• Added environment variable arbiter (#1312)
• Fixed logging of java.sql.Date objects by appending it before Log4J tries to call java.util.Date.toInstant() on it (#1366)
• Adapted the OSGi metadata of log4j-api, log4j-core, log4j-slf4j-impl and log4j-slf4j2-impl to activate the bundle when it is accessed. To achieve that set the Bundle-ActivationPolicy to lazy for the log4j bundles. (#1367)
• Avoided using released objects in StackTraceStringResolver of JsonTemplateLayout (#1380)
• Added missing setter for connectionStringSource in MongoDb4Provider builder (#1389)
• Fixed NPE in PluginElementVisitor (#1391)
• Added columnType as alias for the column mapping type attribute (#1405)
• Restored Log4jMarker visibility in SLF4J adapters (#1414)
• Fixed buffer size in Log4jFixedFormatter date time formatter (#1418)
• Fixed the propagation of synchronous action failures in RollingFileManager and FileRenameAction (#1445, #1549)
• Fixed RollingFileManager to propagate failed synchronous actions correctly (#1445)
• Replaced the usage of System.out in StackLocator for warnings with System.err (#1484)
• Fixed concurrent date-time formatting issue in PatternLayout (#1485)
• Fixed runtime dependencies documentation (#1530)
• Allowed to override FQCN in Log4jEventBuilder by implementing CallerBoundaryAware (#1533)
• Migrated MongoDB tests to JUnit 5 and Flapdoodle Embedded MongoDB 4 (#1589)
• Rewrote message parameter formatter with improved escape handling (#1626)
• Improved formatting and serialization of StackTraceElement on JDK 9+ (#1640)
• Fixed MemoryMappedFileAppender buffer unmapping on JRE 9+ (#1646)
• Fixed rollover strategy in the Log4j 1.x compatibility layer (#1650)
• Removed incorrect mention of base64 lookup and improve the rest of the lookup manual (#1681, LOG4J2-3504)
• Implemented LocationAware for JsonTemplateLayout, since this was causing location not being passed to underlying appenders (#1692)
• Added support for long values in MongoDb 4 appender to configure collectionSize (#1747)
• Only shutdown Log4j after last Log4jServletContextListener is executed (#1782)
• Allowed using Spring Arbiter without a Spring environment (#1783)
• Fixed context data loss if <AsyncLogger> components are used with an all async logger context (#1786)
• Fixed JsonTemplateLayout NPE thrown on custom log levels (#1805)
• Improved Log4j-config.xsd schema LOG4J2-170
• Fixed NPE in ContextSelector (LOG4J2-3217, #1538)
• Avoided allocating ThreadLocals in AbstractLogger when they are disabled, since this was causing memory leaks due to retained reference to class loaders in web applications LOG4J2-3657
• Fixed %notEmpty directive of PatternLayout for empty MDC/NDC inputs LOG4J2-3660
• Fixed file descriptor leak on Tomcat LOG4J2-3663
• Ensured FileOutputStream is closed in CommonsCompressAction.execute()