Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[cross-project-issues-dev] reload4j 1.2.18 fixing pressing issues of log4j 1.2.17

The reload4j project [1] is a fork of Apache log4j version 1.2.17 with
the goal of fixing pressing issues. It is intended as a drop-in
replacement for log4j version 1.2.17.

The reload4j project aims to fix the most urgent issues in log4j 1.2.17
which hasn't seen a new release since 2012. Note that on 2022-01-06 the
Apache Logging PMC formally voted to reaffirm the EOL (End of Life)
status of log4j 1.x. Despite best efforts it was therefore impossible to
revive the log4j 1.x project within the Apache Software Foundation.

The first release 1.2.18 of reload4j was released yesterday.

Most notably version 1.2.18 contains the following changes
- remove unused method JNDIUtil.getInitialContext()
- fix CVE-2019-17571 [2]
- fix CVE-2021-4104 [3]

This new version might help all those projects which still depend on log4j 1.x.


Back to the top