File log4j.changes of Package log4j.22206
-------------------------------------------------------------------
Tue Dec 14 17:43:26 UTC 2021 - Peter Simons <psimons@suse.com>
- Apply "disable-jndi-by-default.patch" to disable JNDI support by
default. There is evidence that the previous upstream fix for
CVE-2021-44228 did not solve the vulnerability entirely. Since
JNDI support is ususally not required, upstream recommends this
route to be completely safe. [bsc#1193611, CVE-2021-44228]
-------------------------------------------------------------------
Fri Dec 10 14:03:24 UTC 2021 - Peter Simons <psimons@suse.com>
- Apply "CVE-2021-44228.patch" to fix a remote code execution
vulnerability that existed in the LDAP JNDI parser. [bsc#1193611,
CVE-2021-44228]
-------------------------------------------------------------------
Mon Apr 27 11:21:57 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Security fix: [bsc#1170535, CVE-2020-9488]
* Improper validation of certificate with host mismatch in SMTP appender.
- Add log4j-CVE-2020-9488.patch
-------------------------------------------------------------------
Wed Feb 26 18:03:25 UTC 2020 - Fridrich Strba <fstrba@suse.com>
- Added patches:
* logging-log4j-LOG4J2-2745-LOG4J2-2744-slf4j.patch
* logging-log4j-Remove-unsupported-EventDataConverter.patch
+ fix build with newer slf4j
-------------------------------------------------------------------
Tue Jan 21 10:55:28 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Update to 2.13.0 [bsc#1159646, CVE-2019-17571]
* Bugfixes and minor enhancements:
- CVE-2019-17571: Remote code execution: Deserialization of untrusted
data in SocketServer
- Log4j 2 now requires Java 8 or higher to build and run.
- Better integration with Spring Boot by providing access to Spring
variables in Log4j 2 configuration files and allowing Log4j 2 system
properties to be defined in the Spring configuration.
- Support for accessing Kubernetes information via a Log4j 2 Lookup.
- The Gelf Layout now allows the message to be formatted using a
PatternLayout pattern.
- Due to a break in compatibility in the SLF4J binding, Log4j now
ships with two versions of the SLF4J to Log4j adapters.
- log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and
log4j-slf4j18-impl should be used with SLF4J 1.8.x and later.
- Note that the XML, JSON and YAML formats changed in the 2.11.0 release:
they no longer have the "timeMillis" attribute and instead have an
"Instant" element with "epochSecond" and "nanoOfSecond" attributes.
- The Log4j 2.13.0 API, as well as many core components, maintains
binary compatibility with previous releases.
* New Features
- Add ThreadContext.putIfNotNull method.
- Add a Level Patttern Selector.
- Add experimental support for Log4j 1 configuration files.
- Add the ability to lookup Kubernetes attributes in the Log4j
configuration. Allow Log4j properties to be retrieved from the
Spring environment if it is available.
- Allow Spring Boot application properties to be accessed in the
Log4j 2 configuration. Add lower and upper case Lookups.
- Add builder pattern to Logger interface.
* Fixed Bugs
- Prevent recursive calls to java.util.LogManager.getLogger().
- Added try/finally around event.execute() for RingBufferLogEventHandler
to clear memory correctly in case of exception/error.
- Wrong java version check in ThreadNameCachingStrategy.
- Use a less confusing name for the CompositeConfiguration source.
- Add setKey method to Kafka Appender Builder.
- ArrayIndexOutOfBoundsException could occur with MAC address longer
than 6 bytes.
- The rolling file appenders would fail to compress the file after
rollover if the file name matched the file pattern.
- @PluginValue does not support attribute names besides "value".
- Validation blocks definition of script in properties configuration.
- Set result of rename action to true if file was copied.
- Add automatic module names where missing.
- OutputStreamAppender.Builder ignores setFilter().
- Prevent a memory leak when async loggers throw errors.
* Changes
- Update Jackson to 2.9.10.
- Allow message portion of GELF layout to be formatted using a PatternLayout.
- Allow ThreadContext attributes to be explicitly included or excluded in the GelfLayout.
-------------------------------------------------------------------
Mon Jan 6 09:29:32 UTC 2020 - Fridrich Strba <fstrba@suse.com>
- Obsolete log4j-mini, since on systems where this package is
installed, the log4j-mini is not supposed to exist, but the
compatibility version log4j12-mini/log4j12
-------------------------------------------------------------------
Mon Nov 4 14:22:37 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Run fdupes on the javadoc
-------------------------------------------------------------------
Tue Oct 1 14:23:32 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Upgrade to apache-log4j-2.11.1
- Drop the log4j vs. log4j-mini split
* the bootstrapping is done using the log4j12/log4j12-mini
compatibility packages
- Removed patches:
* log4j-javadoc-xlink.patch
* log4j-logfactor5-userdir.patch
* log4j-mx4j-tools.patch
* log4j-reproducible.patch
+ unnecessary with this version
-------------------------------------------------------------------
Tue Jan 22 10:59:09 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Build against a generic javamail provider instead of against
classpathx-mail
-------------------------------------------------------------------
Tue Jan 15 04:41:49 UTC 2019 - Fridrich Strba <fstrba@suse.com>
- Let log4j provide the log4j-mini and obsolete it too.
- Remove conflicts on each other
-------------------------------------------------------------------
Thu Dec 13 15:36:59 UTC 2018 - Fridrich Strba <fstrba@suse.com>
- Depend on the generic xml-apis
-------------------------------------------------------------------
Thu Oct 18 11:50:32 UTC 2018 - Fridrich Strba <fstrba@suse.com>
- Install and package the maven pom and metadata files for the
non-bootstrap log4j
-------------------------------------------------------------------
Wed Jul 25 08:07:37 UTC 2018 - fstrba@suse.com
- Require at least java 8 for build
-------------------------------------------------------------------
Wed Jan 10 13:45:44 UTC 2018 - bwiedemann@suse.com
- Add log4j-reproducible.patch to drop javadoc timestamps to make
package builds more reproducible (boo#1047218)
-------------------------------------------------------------------
Tue Sep 12 07:10:10 UTC 2017 - fstrba@suse.com
- Specify java source and target level 1.6 to allow building with
jdk9
-------------------------------------------------------------------
Mon Mar 2 13:17:50 UTC 2015 - tchvatal@suse.com
- Version bump to 1.2.17 latest 1.2 series:
* No short changelog provided - many small changes
- Try to avoid cycle between log4j and apache-common-loggings
- Remove obsoleted patch:
* log4j-jmx-Agent.patch
- Refresh patch to apply to new source:
* log4j-mx4j-tools.patch
-------------------------------------------------------------------
Mon Mar 2 12:37:05 UTC 2015 - tchvatal@suse.com
- Cleanup with a spec-cleaner so I can understand what
is going around here.
-------------------------------------------------------------------
Thu Sep 12 08:44:08 UTC 2013 - mvyskocil@suse.com
- log4j and log4j-mini are in conflict
-------------------------------------------------------------------
Mon Sep 9 11:06:12 UTC 2013 - tchvatal@suse.com
- Move from jpackage-utils to javapackage-tools
-------------------------------------------------------------------
Tue Jul 16 14:05:53 CEST 2013 - mls@suse.de
- get rid of wrong dir modifier in filelist
-------------------------------------------------------------------
Thu Dec 10 11:11:47 UTC 2009 - mvyskocil@suse.cz
- refreshed patches
* log4j-javadoc-xlink.patch
* log4j-jmx-Agent.patch
* log4j-logfactor5-userdir.patch
* log4j-mx4j-tools.patch
-------------------------------------------------------------------
Wed Jul 16 12:52:50 CEST 2008 - coolo@suse.de
- even more packages to build ignore
-------------------------------------------------------------------
Fri Jun 27 10:54:27 CEST 2008 - coolo@suse.de
- avoid build cycle between axis and log4j
-------------------------------------------------------------------
Tue May 6 12:36:44 CEST 2008 - mvyskocil@suse.cz
- removed a dots in a names of geronimo-* packages
-------------------------------------------------------------------
Tue Apr 8 11:26:43 CEST 2008 - mvyskocil@suse.cz
- updated to 1.2.5 [bnc#355798]
- merged a spec with jpackage 1.7
- the ant arguments was splitted to several lines
- new BuildRequires:
- classpathx-javamail
- geronimo-jaf
- geronimo-jms
- a new patches to break of a dependendy on Sun's HtmlAdaptorServer
(replaced by HttpAdaptor from mx4j package)
- added a gjc build branch
- created an autogenerated -mini specfile used for bootstrap (hint from sbrabec@suse.cz)
- added an explicit provides of log4j symbol for log4j-mini (automatically by script)
- replaced a name `macro' by `real', because the -mini package has a different name
- disable the javadoc and manual subpackages for -mini build
-------------------------------------------------------------------
Thu Jun 7 15:35:03 CEST 2007 - sbrabec@suse.cz
- Removed invalid desktop Category "Application" (#254654).
-------------------------------------------------------------------
Fri May 18 11:48:26 CEST 2007 - dbornkessel@suse.de
- removed mx4j BuildReq to avoid build cycle ... apparently it was not used at compile time
-------------------------------------------------------------------
Tue May 8 17:10:47 CEST 2007 - dbornkessel@suse.de
- use mx4j instead of jmx
-------------------------------------------------------------------
Wed Feb 15 10:14:39 CET 2006 - stbinner@suse.de
- add GenericName to .desktop files
-------------------------------------------------------------------
Wed Jan 25 21:46:52 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Tue Nov 8 15:27:34 CET 2005 - jsmeix@suse.de
- Current version 1.2.12 from JPackage.org
-------------------------------------------------------------------
Thu Sep 29 00:25:43 CEST 2005 - dmueller@suse.de
- add norootforbuild
-------------------------------------------------------------------
Thu Nov 25 02:36:46 CET 2004 - ro@suse.de
- added suse_update_desktop_file
-------------------------------------------------------------------
Thu Sep 23 14:19:10 CEST 2004 - mskibbe@suse.de
- change specfile(suse_update_desktop_file)
-------------------------------------------------------------------
Thu Sep 16 14:26:11 CEST 2004 - skh@suse.de
- Fix prerequires for javadoc subpackage.
-------------------------------------------------------------------
Thu Sep 2 17:44:52 CEST 2004 - skh@suse.de
- Initial package created with version 1.2.8 (JPackage 1.5)
