[ANN][CVE-2021-44228] Pax Logging 2.0.11 and 1.11.10 released
0 views
Skip to first unread message
Grzegorz Grzybek
Dec 10, 2021, 6:20:19 AM12/10/21
to ops4j-ann...@googlegroups.com, Karaf Dev, d...@felix.apache.org
Hello
Pax Logging 2.0.11 and 1.11.10 have been released with CVE-2021-44228 fix.
Log4j2 has been updated to version 2.15.0.
The changelog is available at GitHub: https://github.com/ops4j/org.ops4j.pax.logging/milestone/72?closed=1
kind regards
Grzegorz Grzybek
kind regards
Grzegorz Grzybek
Grzegorz Grzybek
Dec 14, 2021, 7:07:53 AM12/14/21
to Karaf Dev, d...@felix.apache.org, ops4j-ann...@googlegroups.com
Hello
Pax Logging 2.0.12 and 1.11.11 have been released with Log4j2 upgrade.
The Log4j2 version used is 2.16.0, which is a follow-up release related to recent world-shaking CVE-2021-44228.
Version 2.16.0 polishes some corner cases related to message interpolation and is NOT a required upgrade for this CVE.
The changelog is available at GitHub: https://github.com/ops4j/org.ops4j.pax.logging/milestone/74?closed=1
kind regards
Grzegorz Grzybek
Grzegorz Grzybek
Grzegorz Grzybek
Dec 18, 2021, 10:05:58 AM12/18/21
to ops4j-ann...@googlegroups.com, Karaf Dev
Hello
Pax Logging 1.10.8 has been released with Log4j2 upgrade to version 2.12.2.
This is the version with CVE-2021-44228 fixed for people that still use JDK 7.
Normally, Pax Logging 1.10.x is no longer maintaned (only 1.11.x and 2.0.x branches are for now), but for this CVE we've made an exception ;)The changelog is available at GitHub: https://github.com/ops4j/org.ops4j.pax.logging/milestone/77?closed=1
kind regards
Grzegorz Grzybek
Grzegorz Grzybek
Grzegorz Grzybek
Dec 18, 2021, 1:14:42 PM12/18/21
to Karaf Dev, d...@felix.apache.org, ops4j-ann...@googlegroups.com
Hello
Pax Logging 2.0.13 and 1.11.12 have been released with two upgrades:
- Log4j2 2.17.0
- Logback 1.2.9
These are the latest versions of the dependencies as of December 18th 2021.
The changelogs are:
kind regards
Grzegorz Grzybek
Grzegorz Grzybek
Dec 30, 2021, 8:14:27 AM12/30/21
to Karaf Dev, d...@felix.apache.org, ops4j-ann...@googlegroups.com
Hello
Pax Logging 2.0.14, 1.11.13 and 1.10.9 have been released with two upgrades:
- Log4j2 2.17.1
- Logback 1.2.10
These are the latest versions of the dependencies as of December 30th 2021.
Pax Logging 2.0.14, 1.11.13 and 1.10.9 have been released with two upgrades:
- Log4j2 2.17.1
- Logback 1.2.10
These are the latest versions of the dependencies as of December 30th 2021.
Additionally, 2.0.14 and 1.11.13 contain new configuration property: "org.ops4j.pax.logging.syncJULFormatter" (defaults to "true") which controls the usage of `java.util.logging.SimpleFormatter` inside Pax Logging's JUL Handler. By default, there's a single formatter with synchronization. When this property is set to "false", new instance is created for each event being handled - this is special system/context property to be used in Payara server where some deadlocks were observed.
The changelogs are:
- 2.0.14: https://github.com/ops4j/org.ops4j.pax.logging/milestone/78?closed=1
- 1.11.13: https://github.com/ops4j/org.ops4j.pax.logging/milestone/79?closed=1
- 2.0.14: https://github.com/ops4j/org.ops4j.pax.logging/milestone/78?closed=1
- 1.11.13: https://github.com/ops4j/org.ops4j.pax.logging/milestone/79?closed=1
kind regards
Grzegorz Grzybek
Grzegorz Grzybek
Reply all
Reply to author
Forward
0 new messages