You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This releases provides a CycloneDX Software Bill of Materials (SBOM) along with each artifact and contains bug fixes addressing issues in the JPMS & OSGi infrastructure overhauled in 2.21.0, dependency updates, and some other minor fixes and improvements.
CycloneDX Software Bill of Materials (SBOM)
This is the first Log4j release that provides a CycloneDX Software Bill of Materials (SBOM) along with each artifact. Generated SBOMs are attached as artifacts with cyclonedx classifier and XML extensions, that is, --cyclonedx.xml. They contain vulnerability-assertion references to a CycloneDX Vulnerability Disclosure Report (VDR) that Apache Logging Services uses for all projects it maintains. This VDR is accessible through the following URL: https://logging.apache.org/cyclonedx/vdr.xml
SBOM generation is streamlined by logging-parent, see its website for details.
Changed
Change the order of evaluation of FormattedMessage formatters. Messages are evaluated using java.util.Format only if they don’t comply to the java.text.MessageFormat or ParameterizedMessage format. (1223)
Change default encoding of HTTP Basic Authentication to UTF-8 and add log4j2.configurationAuthorizationEncoding property to overwrite it. (1970)
Update com.fasterxml.jackson:jackson-bom to version 2.16.0 (1974)
Update com.github.luben:zstd-jni to version 1.5.5-10 (1940)
Update com.google.guava:guava to version 32.1.3-jre (1875)
Update io.netty:netty-bom to version 4.1.101.Final (1960)
Update org.eclipse.persistence:org.eclipse.persistence.jpa to version 2.7.13 (1900)
Update org.fusesource.jansi:jansi to version 2.4.1 (1907)
https://logging.apache.org/log4j/2.x/release-notes.html
This releases provides a CycloneDX Software Bill of Materials (SBOM) along with each artifact and contains bug fixes addressing issues in the JPMS & OSGi infrastructure overhauled in 2.21.0, dependency updates, and some other minor fixes and improvements.
CycloneDX Software Bill of Materials (SBOM)
This is the first Log4j release that provides a CycloneDX Software Bill of Materials (SBOM) along with each artifact. Generated SBOMs are attached as artifacts with cyclonedx classifier and XML extensions, that is, --cyclonedx.xml. They contain vulnerability-assertion references to a CycloneDX Vulnerability Disclosure Report (VDR) that Apache Logging Services uses for all projects it maintains. This VDR is accessible through the following URL: https://logging.apache.org/cyclonedx/vdr.xml
SBOM generation is streamlined by logging-parent, see its website for details.
Changed
Change the order of evaluation of FormattedMessage formatters. Messages are evaluated using java.util.Format only if they don’t comply to the java.text.MessageFormat or ParameterizedMessage format. (1223)
Change default encoding of HTTP Basic Authentication to UTF-8 and add log4j2.configurationAuthorizationEncoding property to overwrite it. (1970)
Update com.fasterxml.jackson:jackson-bom to version 2.16.0 (1974)
Update com.github.luben:zstd-jni to version 1.5.5-10 (1940)
Update com.google.guava:guava to version 32.1.3-jre (1875)
Update io.netty:netty-bom to version 4.1.101.Final (1960)
Update org.eclipse.persistence:org.eclipse.persistence.jpa to version 2.7.13 (1900)
Update org.fusesource.jansi:jansi to version 2.4.1 (1907)
Update org.mongodb:bson to version 4.11.1 (1957)
Update org.springframework:spring-framework-bom to version 5.3.30
Update org.springframework.boot:spring-boot to version 2.7.17 (1874)
Update org.springframework:spring-framework-bom to version 5.3.31 (1973)
Update org.zeromq:jeromq to version 0.5.4 (1878)
Removed
Removed unused FastDateParser which was causing unnecessary heap overhead (LOG4J2-3672, 1848)
Fixed
Fix MDC pattern converter causing issues for %notEmpty (1922)
Export missing OSGi & JPMS modules in log4j-layout-template-json and log4j-1.2-api (1895)
Fix spring-test dependency scope change (LOG4J2-3675)
Fix JPMS descriptors causing jlink issues (1896)
Add missing Implementation- and Specification- entries to MANIFEST.MF (implemented by logging-parent version 10.3.0 update) (1923)
Fix NotSerializableException thrown when Logger is serialized with a ReusableMessageFactory (1884)
The text was updated successfully, but these errors were encountered: