This release adds support for LMAX Disruptor 4.x and several performance and bug fixes.

In order to maintain compatibility with JRE 8, support for LMAX Disruptor 3.x is maintained.

Added

• Added support for LMAX Disruptor 4.x (#1821)

Changed

• Simplify BND configuration after upgrade from version 6.4.1 to 7.0.0

Deprecated

• Deprecate the configuration attribute verbose (i.e., <Configuration verbose="...") and StatusConsoleListener filters (#2226)
• Deprecated the RingBufferLogEventHandler class for removal from the public API in 3.x

Fixed

• Fix regression in JdkMapAdapterStringMap performance. (#2238)
• Fix the behavior of Logger#setLevel and Logger#getLevel in the Log4j 1.2 bridge. (#2282)
• Fix the behavior of CoreLogger#getLevel and CoreLogger#setLevel in the log4j-jul module. (#2282)
• Allow deserialization of all arrays of allowed classes. (LOG4J2-3680)
• Allow the node to appear in any position in the configuration element.
• Fix forgotten threadName field in RingBufferLogEvent#clear(). (#2234)
• Fix StringBuilder cache corruption on recursive access.
• Fixed use of SecurityManager in LoaderUtil where AccessController::doPrivileged should only be invoked when a SecurityManager is installed. Some runtimes do not seem to have this method available. (#2129)
• Fix log4j-spring-cloud-config-client dependencies to include only those required. (#2157)
• Fix typo in Kubernetes clientKeyData configuration property.

Updated

• Update com.fasterxml.jackson:jackson-bom to version 2.16.1 (#2126)
• Update commons-codec:commons-codec to version 1.16.1 (#2277)
• Update io.netty:netty-bom to version 4.1.107.Final (#2284)
• Update org.apache.logging:logging-parent to version 10.6.0 (#2197)
• Update org.eclipse.jetty:jetty-bom to version 9.4.54.v20240208 (#2287)
• Update org.jctools:jctools-core to version 4.0.3 (#2270)
• Update org.springframework:spring-framework-bom to version 5.3.32 (#2293)
• Update org.zeromq:jeromq to version 0.6.0 (#2271)

This is the first beta release of the upcoming major release, i.e., 3.0.0.

Added

• Add annotations for nullability. (LOG4J2-1477)
• Remove deprecated code. (LOG4J2-2493)
• Add a more generalized dependency injection system to plugins inspired by JSR 330. (LOG4J2-2803)
• Add and enhance structured properties for per-context settings outside configuration files. (LOG4J2-3299[LOG4J2-3299], #1473)
• Automate artifact publishing and release preparation. (LOG4J2-3466)
• Add support for dependency injection of plugins into container types such as Optional<T>, Collection<T>, Set<T>, Stream<T>, List<T>, and Map<String, T>. (LOG4J2-3496)
• Add support for ConstraintValidator in plugin classes. (LOG4J2-3497)

Changed

• Remove liquibase-log4j2 maven module (#1193)
• Make the output of annotation processing reproducible. (#1520)
• Replace synchronized blocks with locks for improved performance with virtual threads. (#1532)
• Removes additional isFiltered checks in AsyncLoggerConfig. (#1550)
• Ignore exceptions thrown by PropertySources. Eliminate ClassCastException when SimpleLoggerContext is used. (spring-projects/spring-boot#33450, #1799)
• Update com.lmax:disruptor to version 4.0.0 (#1829)
• Migrate most tests to JUnit 5. This includes a more powerful set of test extensions. (LOG4J2-2653)
• Make Log4j use its own BOM. (LOG4J2-3511)
• Change encoding of HTTP Basic Authentication to UTF-8. (#1970)
• Upgraded the required compiler version to Java 17
• Upgraded the required runtime version to Java 17
• Update actions/checkout to version 4.1.1 (#1869)
• Update actions/setup-java to version 3.13.0 (#1809)
• Update actions/setup-python to version 4.7.1 (#1831)
• Update ch.qos.logback:logback-classic to version 1.4.14 (#2028)
• Update com.datastax.cassandra:cassandra-driver-core to version 3.11.5 (#1889)
• Update com.fasterxml.jackson:jackson-bom to version 2.16.0 (#1974)
• Update com.github.luben:zstd-jni to version 1.5.5-11 (#2032)
• Update com.github.spotbugs:spotbugs-maven-plugin to version 4.7.3.6 (#1879)
• Update com.github.tomakehurst:wiremock-jre8 to version 2.35.1 (#1765)
• Update com.google.code.java-allocation-instrumenter:java-allocation-instrumenter to version 3.3.4 (#2102)
• Update com.google.errorprone:error_prone_core to version 2.23.0 (#1871)
• Update com.google.guava:guava-testlib to version 32.1.3-jre (#1934)
• Update com.h2database:h2 to version 2.2.224 (#1917)
• Update commons-codec:commons-codec to version 1.16.0 (#2054)
• Update commons-io:commons-io to version 2.15.1 (#2035)
• Update commons-logging:commons-logging to version 1.3.0 (#2046)
• Update de.flapdoodle.reverse:de.flapdoodle.reverse to version 1.7.2 (#2000)
• Update io.netty:netty-bom to version 4.1.104.Final (#2097)
• Update net.java.dev.jna:jna to version 5.14.0 (#2082)
• Update org.apache.aries.spifly:org.apache.aries.spifly.dynamic.bundle to version 1.3.7 (#2053)
• Update org.apache.commons:commons-compress to version 1.25.0 (#2055)
• Update org.apache.commons:commons-csv to version 1.10.0 (#2041)
• Update org.apache.commons:commons-dbcp2 to version 2.11.0 (#2044)
• Update org.apache.commons:commons-lang3 to version 3.14.0 (#2036)
• Update org.apache.commons:commons-pool2 to version 2.12.0 (#2038)
• Update org.apache.groovy:groovy-bom to version 4.0.16 (#2039)
• Update org.apache.maven:maven-core to version 3.9.6 (#2049)
• Update org.apache.maven.surefire:surefire-junit47 to version 3.2.3 (#2091)
• Update org.apache.tomcat:tomcat-juli to version 10.1.17 (#2086)
• Update org.codehaus.plexus:plexus-utils to version 3.5.1 (#2061)
• Update org.eclipse.jetty:jetty-bom to version 9.4.53.v20231009 (#1931)
• Update org.eclipse.persistence:org.eclipse.persistence.jpa to version 2.7.13 (#1933)
• Update org.eclipse.platform:org.eclipse.osgi to version 3.18.600 (#2064)
• Update org.elasticsearch.client:elasticsearch-rest-high-level-client to version 7.17.16 (#2085)
• Update org.graalvm.truffle:truffle-api to version 23.1.1 (#1872)
• Update org.jctools:jctools-core to version 4.0.2 (#1995)
• Update org.jmdns:jmdns to version 3.5.9 (#2069)
• Update org.junit:junit-bom to version 5.10.1 (#1993)
• Update org.junit-pioneer:junit-pioneer to version 2.2.0 (#1986)
• Update org.mockito:mockito-bom to version 5.8.0 (#2031)
• Update org.mongodb:bson to version 4.11.1 (#1991)
• Update org.springframework.boot:spring-boot to version 2.7.17 (#1902)
• Update org.springframework.boot:spring-boot-dependencies to version 2.7.18 (#2002)
• Update org.springframework:spring-framework-bom to version 5.3.30 (#1903)
• Update org.springframework:spring-test to version 5.3.31 (#1992)
• Update org.xerial.snappy:snappy-java to version 1.1.10.5 (#1877)
• Update org.zeromq:jeromq to version 0.5.4 (#1888)
• Update uk.org.webcompere:system-stubs-core to version 2.1.5 (#2001)
• Update OpenTest4J from version 1.2.0 to 1.3.0.

Removed

• Remove GelfLayout (a GELF-compatible layout is still possible using JSON Template Layout) (#1951)
• Remove log4j-cassandra (#1951)
• Remove log4j-couchdb (#1951)
• Remove Jackson-based JSON configuration support. JSON configuration files are now handled through a built-in JSON parser.
• Moved Log4j Jakarta EE modules (log4j-jakarta-jms, log4j-jakarta-smtp, and log4j-jakarta-web) to their own repository and website (#1966)
• Removed all Java EE modules: log4j-jms, log4j-jpa, log4j-smtp, log4j-web (#1966)
• Remove log4j-jeromq module (users are recommended to migrate to loghublog4j2) (#1951)
• Remove log4j-kafka (#1951)
• Remove log4j-layout-jackson-json module (it is superseded by JSON Template Layout) (#1951)
• Remove log4j-layout-jackson-yaml module (#1951)
• Remove legacy OSGi integration. ServiceLoader mechanism should be used instead.
• Remove log4j-mongodb3 module (#1951)
• Remove support for SecurityManager. Starting in Java 21, a custom SecurityManager cannot be used.
• Remove log4j-spring-boot module (its features are upstreamed to org.springframework.boot:spring-boot-starter-log4j2) (#1951)

Fixed

• Remove locale-dependent toLowerCase/toUpperCase calls. (#1281)
• Add environment variable arbiter. (#1312)
• Fixed logging of java.sql.Date objects by appending it before Log4J tries to call java.util.Date.toInstant() on it. (#1366)
• Adapt the OSGi metadata of log4j-api, log4j-core, log4j-slf4j-impl and log4j-slf4j2-impl to activate the bundle when it is accessed. To achieve that set the Bundle-ActivationPolicy to lazy for the log4j bundles. (#1367)
• Fix runtime dependencies documentation. (#1530)
• Allow to override fqcn in Log4jEventBuilder by implementing CallerBoundaryAware. (#1533)
• Migrate MongoDB tests to JUnit 5 and Flapdoodle Embedded MongoDB 4. (#1589)
• Fixed rollover strategy in the Log4j 1.x compatibility layer. (#1650)
• Only shutdown Log4j after last Log4jServletContextListener is executed. (#1782)
• Fixes context data loss if <AsyncLogger> components are used with an all async logger context. (#1786)
• AppenderLoggingException logging any exception to a MongoDB Appender. (LOG4J2-3392)

This release contains only dependency upgrades and bug fixes, which do not change the behavior of the artifacts.

While maintaining compatibility with Java 8, the artifacts in this release where generated using JDK 17, unlike version 2.22.0 that used JDK 11.

Fixed

• Mark JdkMapAdapterStringMap as frozen if map is immutable. (#2098)
• Fix NPE in CloseableThreadContext. (#1426)
• Use the module name of Conversant Media Disruptor from version 1.2.16+ of the library.
• Fix NPE in RollingFileManager. (#1645)
• Fix log4j-to-slf4j JPMS and OSGi descriptors. (#1983)
• Workaround a Coursier/Ivy dependency resolution bug affecting log4j-slf4j-impl and log4j-mongodb3. (#2065)

Updated

• Bumped the minimum Java version required for the build to Java 17. Runtime requirements remain unchanged. (#2021)
• Update com.github.luben:zstd-jni to version 1.5.5-11 (#2030)
• Update com.google.guava:guava to version 33.0.0-jre (#2110)
• Update commons-codec:commons-codec to version 1.16.0 (#2042)
• Update commons-io:commons-io to version 2.15.1 (#2034)
• Update commons-logging:commons-logging to version 1.3.0 (#2050)
• Update io.netty:netty-bom to version 4.1.104.Final (#2095)
• Update org.apache.commons:commons-compress to version 1.25.0 (#2045)
• Update org.apache.commons:commons-dbcp2 to version 2.11.0 (#2048)
• Update org.apache.commons:commons-lang3 to version 3.14.0 (#2047)
• Update org.apache.commons:commons-pool2 to version 2.12.0 (#2057)
• Update org.apache.kafka:kafka-clients to version 3.6.1 (#2068)
• Update org.apache.logging:logging-parent to version 10.5.0 (#2119)
• Update org.jctools:jctools-core to version 4.0.2 (#1984)
• Update org.springframework.boot:spring-boot to version 2.7.18 (#1998)
• Update org.springframework.cloud:spring-cloud-dependencies to version 2021.0.9 (#2109)

This releases provides a CycloneDX Software Bill of Materials (SBOM) along with each artifact and contains bug fixes addressing issues in the JPMS & OSGi infrastructure overhauled in 2.21.0, dependency updates, and some other minor fixes and improvements.

CycloneDX Software Bill of Materials (SBOM)

This is the first Log4j release that provides a CycloneDX Software Bill of Materials (SBOM) along with each artifact. Generated SBOMs are attached as artifacts with cyclonedx classifier and XML extensions, that is, <artifactId>-<version>-cyclonedx.xml. They contain vulnerability-assertion references to a CycloneDX Vulnerability Disclosure Report (VDR) that Apache Logging Services uses for all projects it maintains. This VDR is accessible through the following URL: https://logging.apache.org/cyclonedx/vdr.xml[]

SBOM generation is streamlined by logging-parent, see its website for details.

Changed

• Change the order of evaluation of FormattedMessage formatters. Messages are evaluated using java.util.Format only if they don't comply to the java.text.MessageFormat or ParameterizedMessage format. (#1223)
• Change default encoding of HTTP Basic Authentication to UTF-8 and add log4j2.configurationAuthorizationEncoding property to overwrite it. (#1970)
• Update com.fasterxml.jackson:jackson-bom to version 2.16.0 (#1974)
• Update com.github.luben:zstd-jni to version 1.5.5-10 (#1940)
• Update com.google.guava:guava to version 32.1.3-jre (#1875)
• Update io.netty:netty-bom to version 4.1.101.Final (#1960)
• Update org.eclipse.persistence:org.eclipse.persistence.jpa to version 2.7.13 (#1900)
• Update org.fusesource.jansi:jansi to version 2.4.1 (#1907)
• Update org.mongodb:bson to version 4.11.1 (#1957)
• Update org.springframework:spring-framework-bom to version 5.3.30
• Update org.springframework.boot:spring-boot to version 2.7.17 (#1874)
• Update org.springframework:spring-framework-bom to version 5.3.31 (#1973)
• Update org.zeromq:jeromq to version 0.5.4 (#1878)

Removed

• Removed unused FastDateParser which was causing unnecessary heap overhead (LOG4J2-3672, #1848)

Fixed

• Fix MDC pattern converter causing issues for %notEmpty (#1922)
• Export missing OSGi & JPMS modules in log4j-layout-template-json and log4j-1.2-api (#1895)
• Fix spring-test dependency scope change (LOG4J2-3675)
• Fix JPMS descriptors causing jlink issues (#1896)
• Add missing Implementation- and Specification- entries to MANIFEST.MF (implemented by logging-parent version 10.3.0 update) (#1923)
• Fix NotSerializableException thrown when Logger is serialized with a ReusableMessageFactory (#1884)

This patch release contains only the fix of a log4j-jcl bug that prevents it from connecting with commons-logging.

The Log4j 2.21.1 API, as well as the other artifacts, maintains binary compatibility with the previous release.

Apache Log4j 2.21.1 requires Java 8 to run.
The build requires JDK 11 and generates reproducible binaries.

For complete information on Apache Log4j 2, including instructions on how to submit bug reports, patches, get support, or suggestions for improvement, see the Apache Log4j 2 website.

Fixed

• Fixes the Apache Commons Logging (JCL) bridge: log4j-jcl. (#1865)

This release primarily focuses on enhancements to our OSGi and JPMS support and contains several bug fixes.
It will be the first release built and signed by the CI using the ASF Logging Services Release Manager GPG key,
which is shared in KEYS.

The Log4j 2.21.0 API, as well as the other artifacts, maintains binary compatibility with the previous release.

Apache Log4j 2.21.0 requires Java 8 to run.
The build requires JDK 11 and generates reproducible binaries.

For complete information on Apache Log4j 2, including instructions on how to submit bug reports, patches, get support, or suggestions for improvement, see the Apache Log4j 2 website.

OSGi changes

All the published artifacts are OSGi bundles or fragments.

This release introduces a change in the bundle symbolic names to allow them to function as JPMS module name: all hyphens - present in the bundle names of previous releases were replaced by dots ..

JPMS changes

All the published artifacts have been migrated from automatic modules to named JPMS modules.
All packages marked as private in the Javadoc are not exported.

The module name of four bridges (log4j-slf4j-impl, log4j-slf4j2-impl, log4j-to-jul and log4j-to-slf4j) have been changed to adhere to the same convention as the OSGi bundle names.

Added

• Added marker parent support to JsonTemplateLayout (#1381)
• Added ZStandard compression support (#1508, #1514)
• Added a warning for incorrect syntax of highlighting styles (#1545, #1637)

Changed

• Open FileExtension methods to allow their usage in custom RolloverStrategys (#1365, #1683)
• Bumped the minimum Java version required for the build to JDK 11. Runtime requirements remain unchanged. (#1369)
• Set the default minLevel and maxLevel of LevelRangeFilter to OFF and ALL, respectively (#1503)
• Removed additional isFiltered checks in AsyncLoggerConfig (#1550)
• Use Java version-specific warnings in StackLocator (#1760)
• Started logging a status error event instead of an NPE in OsgiServiceLocator.loadServices(Class, Lookup, boolean) when a bundle has no valid BundleContext for a service type
• Implemented a CI-based release process
• Update Eclipse Angus Activation to version 2.0.1 (#1591)
• Update Eclipse Angus Mail to version 2.0.2 (#1591)
• Update com.datastax.cassandra:cassandra-driver-core to version 3.11.5 (#1591)
• Update Apache Cassandra to version 3.11.16 (#1591)
• Update Apache Commons Compress to version 1.24.0 (#1591)
• Update Apache Commons CSV to version 1.10.0 (#1591)
• Update Jackson to version 2.15.2 (#1591)
• Update Jakarta Activation API to version 2.1.2 (#1591)
• Update Jakarta Mail API to version 2.1.2 (#1591)
• Update JCTools to version 4.0.1 (#1591)
• Update Apache Kafka to version 3.4.0 (#1591)
• Update Kubernetes client to version 5.12.4 (#1591)
• Update org.mongodb:mongodb-driver-core to version 4.10.2 (#1591)
• Update io.netty:netty-bom to version 4.1.97 (#1591)
• Update Spring Boot to version 2.7.15 (#1591)
• Update Spring Framework to version 5.3.29 (#1591)
• Update Tomcat JULI to version 10.0.27 (#1591)
• Update Woodstox to version 6.5.1 (#1591)

Removed

• Moved log4j-jmx-gui to its own repository along with its own release cycle

Fixed

• Added validation to rolling file manager path conditions (#1231)
• Adapted the OSGi metadata of log4j-to-slf4j to work with SLF4J 1 and 2. To achieve that used a version range of [1.7,3) for the imported SLF4J packages. (#1232)
• Fixed Javadoc failures (#1275, #1753)
• Removed locale-dependent toLowerCase/toUpperCase calls (#1281)
• Redirected old /<module>/apidocs URLs (broken in 2.20.0) to /javadoc/<module> (#1284)
• Added environment variable arbiter (#1312)
• Fixed logging of java.sql.Date objects by appending it before Log4J tries to call java.util.Date.toInstant() on it (#1366)
• Adapted the OSGi metadata of log4j-api, log4j-core, log4j-slf4j-impl and log4j-slf4j2-impl to activate the bundle when it is accessed. To achieve that set the Bundle-ActivationPolicy to lazy for the log4j bundles. (#1367)
• Avoided using released objects in StackTraceStringResolver of JsonTemplateLayout (#1380)
• Added missing setter for connectionStringSource in MongoDb4Provider builder (#1389)
• Fixed NPE in PluginElementVisitor (#1391)
• Added columnType as alias for the column mapping type attribute (#1405)
• Restored Log4jMarker visibility in SLF4J adapters (#1414)
• Fixed buffer size in Log4jFixedFormatter date time formatter (#1418)
• Fixed the propagation of synchronous action failures in RollingFileManager and FileRenameAction (#1445, #1549)
• Fixed RollingFileManager to propagate failed synchronous actions correctly (#1445)
• Replaced the usage of System.out in StackLocator for warnings with System.err (#1484)
• Fixed concurrent date-time formatting issue in PatternLayout (#1485)
• Fixed runtime dependencies documentation (#1530)
• Allowed to override FQCN in Log4jEventBuilder by implementing CallerBoundaryAware (#1533)
• Migrated MongoDB tests to JUnit 5 and Flapdoodle Embedded MongoDB 4 (#1589)
• Rewrote message parameter formatter with improved escape handling (#1626)
• Improved formatting and serialization of StackTraceElement on JDK 9+ (#1640)
• Fixed MemoryMappedFileAppender buffer unmapping on JRE 9+ (#1646)
• Fixed rollover strategy in the Log4j 1.x compatibility layer (#1650)
• Removed incorrect mention of base64 lookup and improve the rest of the lookup manual (#1681, LOG4J2-3504)
• Implemented LocationAware for JsonTemplateLayout, since this was causing location not being passed to underlying appenders (#1692)
• Added support for long values in MongoDb 4 appender to configure collectionSize (#1747)
• Only shutdown Log4j after last Log4jServletContextListener is executed (#1782)
• Allowed using Spring Arbiter without a Spring environment (#1783)
• Fixed context data loss if <AsyncLogger> components are used with an all async logger context (#1786)
• Fixed JsonTemplateLayout NPE thrown on custom log levels (#1805)
• Improved Log4j-config.xsd schema LOG4J2-170
• Fixed NPE in ContextSelector (LOG4J2-3217, #1538)
• Avoided allocating ThreadLocals in AbstractLogger when they are disabled, since this was causing memory leaks due to retained reference to class loaders in web applications LOG4J2-3657
• Fixed %notEmpty directive of PatternLayout for empty MDC/NDC inputs LOG4J2-3660
• Fixed file descriptor leak on Tomcat LOG4J2-3663
• Ensured FileOutputStream is closed in CommonsCompressAction.execute()