2.17.1

Release date

2021-12-27

This release addresses CVE-2021-44832 and contains other minor fixes.

Due to a break in compatibility in the SLF4J binding, Log4j now ships with two versions of the SLF4J to Log4j adapters. log4j-slf4j-impl should be used with SLF4J 1.7.x and earlier and log4j-slf4j18-impl should be used with SLF4J 1.8.x and later. SLF4J-2.0.0 alpha releases are not fully supported. See LOG4J2-2975 and SLF4J-511.

The Log4j 2.17.1 API, as well as many core components, maintains binary compatibility with previous releases.

Apache Log4j 2.17.1 requires a minimum of Java 8 to build and run. Log4j 2.12.2 is the last release to support Java 7. Java 7 is no longer supported by the Log4j team.

For complete information on Apache Log4j 2, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Log4j 2 website.

Fixed

  • Fix NPE when input is null in StrSubstitutor.replace(String, Properties).

  • Correct SpringLookup package name in Interpolator. (LOG4J2-3204)

  • Reduce ignored package scope of KafkaAppender. (LOG4J2-3256)

  • Fix MapLookup to lookup MapMessage before DefaultMap (LOG4J2-3264)

  • Lookups with no prefix only read values from the configuration properties as expected. (LOG4J2-3270)

  • Buffered I/O checked had inverted logic in RollingFileAppenderBuilder. (LOG4J2-3274)

  • log4j-to-slf4j takes the provided MessageFactory into account (LOG4J2-3284)

  • log4j-to-slf4j no longer re-interpolates formatted message contents. (LOG4J2-3289)

  • Remove unused method. (LOG4J2-3290)

  • ExtendedLoggerWrapper.logMessage no longer double-logs when location is requested. (LOG4J2-3292)

  • JdbcAppender now uses JndiManager to access JNDI resources. JNDI is only enabled when system property log4j2.enableJndiJdbc is set to true. (LOG4J2-3293)