Bump org.apache.logging.log4j:log4j-bom from 2.25.4 to 2.26.0 in the log4j group (#337)

dependabot[bot] · web-flow · commit 5d5e84654320 · 2026-05-08T14:37:12.000+02:00
Bumps the log4j group with 1 update: [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2). Updates `org.apache.logging.log4j:log4j-bom` from 2.25.4 to 2.26.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/apache/logging-log4j2/releases">org.apache.logging.log4j:log4j-bom's releases</a>.</em></p> <blockquote> <h2>2.26.0</h2> <p>This minor release delivers all the fixes in the <code>[2.25.0, 2.25.4]</code> version range, plus some new fixes, and several other improvements and features.</p> <h3>Added</h3> <ul> <li>Add a new <code>ConfigurationFactory::getConfiguration</code> method accepting multiple <code>URI</code>s (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3775">#3775</a>, <a href="https://redirect.github.com/apache/logging-log4j2/issues/3921">#3921</a>)</li> <li>Add and export <code>org.apache.logging.log4j.core.pattern.NamedInstantPattern</code> enabling users to programmatically access named date &amp; time patterns supported by Pattern Layout (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3789">#3789</a>)</li> <li>Add <code>log4j.plugin.processor.minAllowedMessageKind</code> annotation processor option to <code>PluginProcessor</code> to filter diagnostic messages by severity. This allows builds that treat compiler notes as errors (e.g. Maven with <code>-Werror</code>) to suppress informational notes emitted during normal plugin processing. (<a href="https://redirect.github.com/apache/logging-log4j2/discussions/3380%5B#3380%5D(https://redirect.github.com/apache/logging-log4j2/issues/3380)">apache/logging-log4j2#3380</a>, <a href="https://redirect.github.com/apache/logging-log4j2/issues/4063">#4063</a>)</li> <li>Add missing setters to <code>Rfc5424LayoutBuilder</code></li> </ul> <h3>Changed</h3> <ul> <li>Ensure scripts in the global <code>Scripts</code> element have explicit names by throwing a <code>ConfigurationException</code> for unnamed ones. (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3176">#3176</a>)</li> <li>Simplify file manager registry factory methods (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3968">#3968</a>)</li> </ul> <h3>Deprecated</h3> <ul> <li>Deprecated withers in builder classes in favor of setters. This change improves API consistency with Log4j Core 3 and helps users adapt to the upcoming changes. (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3750">#3750</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fix script resolution failure when the <code>Scripts</code> element is placed after a <code>ScriptRef</code> in the configuration. (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3336">#3336</a>)</li> <li>Fix <code>ArrayIndexOutOfBoundsException</code> thrown by <code>ThrowableStackTraceRenderer</code> when the stack trace is modified concurrently (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3940">#3940</a>, <a href="https://redirect.github.com/apache/logging-log4j2/issues/3955">#3955</a>)</li> <li>Fix <code>SLF4JLogger.atFatal()</code> returning <code>atLevel(Level.TRACE)</code> instead of <code>atLevel(Level.FATAL)</code>. This was causing <code>FATAL</code>-level log events to be silently discarded when using the fluent API through the <code>log4j-to-slf4j</code> bridge. (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4068">#4068</a>, <a href="https://redirect.github.com/apache/logging-log4j2/issues/4089">#4089</a>)</li> <li>Fix Javadoc references across module boundaries (i.e., cross-references) (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4099">#4099</a>, <a href="https://redirect.github.com/apache/logging-log4j2/issues/4100">#4100</a>)</li> <li>Fix header write in <code>RollingRandomAccessFileManager</code> that was being incorrectly skipped if <code>append=true</code> and the file didn't exist before</li> <li>Fix a properties file configuration regression caused by not referenced loggers, appenders, and filters (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4036">#4036</a>, <a href="https://redirect.github.com/apache/logging-log4j2/issues/4069">#4069</a>)</li> </ul> <h3>Removed</h3> <ul> <li>Remove the <code>jvmrunargs</code> lookup. (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3874">#3874</a>)</li> </ul> <h3>Updated</h3> <ul> <li>Update <code>org.junit:junit-bom</code> to version <code>5.13.4</code> (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3850">#3850</a>)</li> <li>Update <code>org.mongodb:bson</code> to version <code>5.6.1</code> (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3961">#3961</a>)</li> <li>Update <code>org.xerial.snappy:snappy-java</code> to version <code>1.1.10.8</code> (<a href="https://redirect.github.com/apache/logging-log4j2/issues/3841">#3841</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/logging-log4j2/commit/c1ad2a66cc90e643ec319b9e131764c9710bebc5"><code>c1ad2a6</code></a> Update the <code>project.build.outputTimestamp</code> property</li> <li><a href="https://github.com/apache/logging-log4j2/commit/8b3a7990421ec5cff2a44914c07d0676067c31ad"><code>8b3a799</code></a> Set version to <code>2.26.0</code></li> <li><a href="https://github.com/apache/logging-log4j2/commit/96486ebb8a2176f7bd14c797b334da84d90e801b"><code>96486eb</code></a> Merge remote-tracking branch 'origin/2.x' into release/2.26.0</li> <li><a href="https://github.com/apache/logging-log4j2/commit/82432570e8bb9a67c32de51dc63ebcfcec939818"><code>8243257</code></a> Add documentation for <code>MessageRewritePolicy</code> (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4042">#4042</a>)</li> <li><a href="https://github.com/apache/logging-log4j2/commit/2a15414e839fea3f3ba61cc7403dd8e4130a15cf"><code>2a15414</code></a> Add documentation pointer to the Async HTTP Appender of <code>more-log4j2</code> (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4062">#4062</a>)</li> <li><a href="https://github.com/apache/logging-log4j2/commit/b178cb1f926b3db43c65e69e9b7be7b76431f824"><code>b178cb1</code></a> Switch CI to <code>gha/v0</code> and remove Develocity (<a href="https://redirect.github.com/apache/logging-log4j2/issues/4108">#4108</a>)</li> <li><a href="https://github.com/apache/logging-log4j2/commit/23321deb0e1e1509ac16c5453653c86c1a4d5867"><code>23321de</code></a> Remove changelog entries for already released changes</li> <li><a href="https://github.com/apache/logging-log4j2/commit/def55fcf441b2a9ec2e6454e8fa8e1053d7d59ba"><code>def55fc</code></a> Add <code>.release.xml</code> and <code>.release-notes.adoc.ftl</code></li> <li><a href="https://github.com/apache/logging-log4j2/commit/0e019f23b001219fd32c78397224b134fa41e431"><code>0e019f2</code></a> Move changelog entries</li> <li><a href="https://github.com/apache/logging-log4j2/commit/a487a5d029697fc0b276a20c4277b24bf1f66b50"><code>a487a5d</code></a> Tidy up changelog</li> <li>Additional commits viewable in <a href="https://github.com/apache/logging-log4j2/compare/rel/2.25.4...rel/2.26.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.logging.log4j:log4j-bom&package-manager=gradle&previous-version=2.25.4&new-version=2.26.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -1,6 +1,6 @@
 [versions]
 slf4j-version = "2.0.17"
-log4j2-version = "2.25.4"
+log4j2-version = "2.26.0"
 sshj-version = "0.40.0"
 picocli-version = "4.7.7"
 jackson-version = "2.21.3"
