www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Goers <rgo...@apache.org>
Subject [ANNOUNCEMENT] Apache Log4j 2.10.0 released
Date Thu, 23 Nov 2017 19:03:00 GMT
The Apache Log4j 2 team is pleased to announce the Log4j 2.10.0 release!

Apache Log4j is a well known framework for logging application behavior. 
Log4j 2 is an upgrade to Log4j that provides significant improvements 
over its predecessor, Log4j 1.x, and providesmany other modern features 
such as support for Markers, lambda expressions for lazy logging, 
property substitution using Lookups, multiple patterns on a 
PatternLayout and asynchronousLoggers. Another notable Log4j 2 feature 
is the ability to be "garbage-free" (avoid allocating temporary objects) 
while logging. In addition, Log4j 2 will not lose events while 
reconfiguring.

This release contains new features, bugfixes and minor enhancements. 
Some of the new features include support for the Java 9 module system, 
support for the new SLF4j 1.8 bindingmechanism, simplification of the 
Log4j property naming scheme, and native support of Jetty's logger. 
Log4j API is now a fully compliant Java 9 module while the other Log4j 
jars are Java 9 named automatic modules.

This release supports both SLF4J 1.7.x and SLF4J 1.8.x. Because SLF4J 
1.7.x requires implementations to include classes in the org.slf4j.impl 
package log4j-sl4j-impl cannot be used as a Java 9 module. Support for 
SLF4J 1.7.x will be removed in a future release.

As of Log4j 2.9.0, the Log4j API was modified to use 
java.util.ServiceLoader to locate Log4j implementations, although the 
former binding mechanism is still supported. The Log4j API jar is now a 
multi-release jar to provide implementations of Java 9 specific classes. 
Multi-release jars are not supported by the OSGi specification so OSGi 
modules will not be able to take advantage of these implementations but 
will not lose functionality as they will fall back to the 
implementations used in Java 7 and 8. More details on the new features 
and fixes are itemized below. Note that some tools are not compatible 
with multi-release jars and may fail trying to process class files in 
the META-INF/versions/9 folder. Those errors should be reported to the 
tool vendor.

During testing of the release it was found that one unit test fails when 
run on Windows. When building from source either use “mvn clean install 
-DskipTests” on Windows or run the build on a different operating 
system. The unit test failure is a problem in the test, not in Log4j. As 
always, pre-built distributions can be downloaded 
from http://www.apache.org/dist/logging/log4j/ or the binaries jars may 
be obtained from the Maven central repository.

Note that subsequent to the 2.9.0 release, for security reasons, 
SerializedLayout is deprecated and no longer used as default in the 
Socket and JMS appenders. SerializedLayout can still be used as before, 
but has to be specified explicitly. To retain old behaviour, you have to 
change configuration like:

<Appenders>
   <Socket name="socket" host="localhost" port="9500"/>
</Appenders>

into:

<Appenders>
   <Socket name="socket" host="localhost" port="9500">
     <SerializedLayout/>
   </Socket>
</Appenders>

We do, however, discourage the use of SerializedLayout and recommend 
JsonLayout as a replacement:

<Appenders>
   <Socket name="socket" host="localhost" port="9500">
     <JsonLayout properties="true"/>
   </Socket>
</Appenders>

Note that subsequent to the 2.9.0 release, for security reasons, Log4j 
does not process DTD in XML files. If you used DTD for including 
snippets, you have to use XInclude or Composite Configuration instead.

The Log4j 2.10.0 API, as well as many core components, maintains binary 
compatibility with previous releases.

GA Release 2.10.0

Changes in this version include:

New Features

•LOG4J2-2120: Properly escape newlines and other control characters in 
JSON. Thanks to Carter Douglas Kozak.
•LOG4J2-2109: Add property to disable message pattern converter lookups. 
Thanks to Carter Douglas Kozak.
•LOG4J2-2112: MapMessage should use deep toString for values. Thanks to 
Carter Douglas Kozak.
•LOG4J2-2103: XML encoding for PatternLayout.
•LOG4J2-2114: Provide a native Log4j 2 implementation of Eclipse Jetty's 
org.eclipse.jetty.util.log.Logger.
•LOG4J2-1203: Allow filtering of line breaks in layout pattern. Thanks 
to Robert Turner.
•LOG4J2-2098: Add a noop AppenderSkeleton for applications still using 
Log4j 1.x.
•LOG4J2-2062: Add possibility of sending the key of a message to Kafka 
using KafkaAppender. Thanks to Jorge Sanchez.
•LOG4J2-2056: Modularize Log4j-api and make most other log4j jars 
automatic modules.
•LOG4J2-1431: Simplify log4j system property naming scheme.
•LOG4J2-1809: Add global configuration environment SPI.
•LOG4J2-1694: Add fields with fixed values to JSON/XML/YAML layouts. 
Thanks to Michal Dvořák.
•LOG4J2-2054: Provide ways to configure SSL that avoid plain-text 
passwords in the log4j configuration. The configuration may now specify 
a system environment variable that holds the password, or the path to a 
file that holds the password.
•LOG4J2-2071: Add 
org.apache.logging.log4j.core.config.composite.CompositeConfiguration#toString(). 
Thanks to Carter Kozak.

Fixed Bugs

•LOG4J2-2107: MapMessage supports both StringBuilderFormattable and 
MultiformatMessage. Thanks to Carter Douglas Kozak.
•LOG4J2-2102: MapMessage JSON encoding will escape keys and values. 
Thanks to Carter Douglas Kozak.
•LOG4J2-2101: Non-string value in MapMessage caused ClassCastException. 
Thanks to Carter Douglas Kozak.
•LOG4J2-2091: Log4j respects the configured "log4j2.is.webapp" property 
Thanks to Carter Douglas Kozak.
•LOG4J2-2100: LevelMixIn class for Jackson is coded incorrectly
•LOG4J2-2087: Jansi now needs to be enabled explicitly (by setting 
system property log4j.skipJansi to false). To avoid causing problems for 
web applications, Log4j will no longer automatically try to load Jansi 
without explicit configuration. Thanks to Andy Gumbrecht.
•LOG4J2-2060: AbstractDatabaseManager should make a copy of LogEvents 
before holding references to them: AsyncLogger log events are mutable.
•LOG4J2-2055: If Log4j is used as the Tomcat logging implementation 
startup might fail if an application also uses Log4j.
•LOG4J2-2031: Until this change, messages appeared out of order in log 
file any time when the async logging queue was full. With this change, 
messages are only logged out of order to prevent deadlock when Log4j2 
detects recursive logging while the queue is full.
•LOG4J2-2053: Exception java.nio.charset.UnsupportedCharsetException: 
cp65001 in 2.9.0.
•LOG4J2-1216: Nested pattern layout options broken. Thanks to Thies 
Wellpott, Barna Zsombor Klara, GFriedrich.
•LOG4J2-2070: Log4j1XmlLayout does not provide the entire stack trace, 
it is missing the caused by information. Thanks to Doug Hughes.
•LOG4J2-2036: CompositeConfiguration supports Reconfiguration. PR #115. 
Thanks to Robert Haycock.
•LOG4J2-2073: Log4j-config.xsd should make AppenderRef optional for each 
Logger element. Thanks to Patrick Lucas.
•LOG4J2-2074: The console appender should say why it cannot load JAnsi.
•LOG4J2-2085: Wrong Apache Commons CSV version referenced in the Javadoc 
of CsvParameterLayout. Thanks to István Neuwirth.

Changes

•LOG4J2-2076: Split up log4j-nosql into one module per appender.
•LOG4J2-2088: Upgrade picocli to 2.0.3 from 0.9.8.
•LOG4J2-2025: Provide support for overriding the Tomcat Log class in 
Tomcat 8.5+.
•LOG4J2-2057: Support new SLF4J binding mechanism introduced in SLF4J 1.8.
•LOG4J2-2052: Disable thread name caching by default when running on 
Java 8u102 or later.
•LOG4J2-1896: Update classes in org.apache.logging.log4j.core.net.ssl in 
APIs from String to a PasswordProvider producing char[] for passwords.
•LOG4J2-2078: Update LMAX disruptor from 3.3.6 to 3.3.7.
•LOG4J2-2081: Update Apache Commons Compress from 1.14 to 1.15.
•LOG4J2-2089: [TagLib] Update servlet-api provided dependency from 2.5 
to 3.0.1.
•LOG4J2-2096: Update Apache Kafka kafka-clients from 0.11.0.1 to 1.0.0.
•LOG4J2-2077: Update from Jackson 2.9.1 to 2.9.2.
•LOG4J2-2117: Jackson dependencies for 2.9.2 incorrectly bring in 
jackson-annotations 2.9.0 instead of 2.9.2.

Apache Log4j 2.10.0 requires a minimum of Java 7 to build and run. Log4j 
2.3 was the last release that supported Java 6.

Basic compatibility with Log4j 1.x is provided through the log4j-1.2-api 
component, however it does not implement some of the very implementation 
specific classes and methods. The package names and Maven groupId have 
been changed to org.apache.logging.log4j to avoid any conflicts with 
log4j 1.x.

For complete information on Apache Log4j 2, including instructions on 
how to submit bug reports, patches, or suggestions for improvement, see 
the Apache Apache Log4j 2 website: https://logging.apache.org/log4j/2.x/

Mime
View raw message