Skip to content

Bump org.apache.logging.log4j:log4j-bom from 2.20.0 to 2.23.1 #313

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump org.apache.logging.log4j:log4j-bom from 2.20.0 to 2.23.1 #313

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 11, 2024

Bumps org.apache.logging.log4j:log4j-bom from 2.20.0 to 2.23.1.

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.23.1

This release contains several small fixes and some dependency updates.

Changed

  • Improve performance of CloseableThreadContext#closeMap() (#2296)

Fixed

  • Fix handling of LoggerContextAware lookups (#2309)
  • Fix NPE in PatternProcessor for a UNIX_MILLIS pattern (#2346)
  • Fix that parameterized message formatting doesn't throw an exception when there are insufficient number of parameters (#2343)
  • Fix StatusLogger log level filtering when debug mode is enabled (#2337)
  • Add log4j2.StatusLogger.dateFormatZone system property to set the time-zone StatusLogger uses to format java.time.Instant. Without this, formatting patterns accessing to time-zone-specific fields (e.g., year-of-era) cause failures. (#2322)
  • Fix StatusLogger to correctly read log4j2.StatusLogger.properties resource (#2354)
  • Fix stack overflow in StatusLogger (#2322)

Updated

  • Update jakarta.activation:jakarta.activation-api to version 2.1.3 (#2335)
  • Update jakarta.mail:jakarta.mail-api to version 2.1.3 (#2348)
  • Update org.apache.commons:commons-compress to version 1.26.0 (#2304)
  • Update org.apache.commons:commons-dbcp2 to version 2.12.0 (#2344)
  • Update org.apache.kafka:kafka-clients to version 3.7.0 (#2326)
  • Update org.eclipse.angus:angus-activation to version 2.0.2 (#2336)
  • Update org.eclipse.angus:jakarta.mail to version 2.0.3 (#2349)

2.23.0

This release adds support for LMAX Disruptor 4.x and several performance and bug fixes.

In order to maintain compatibility with JRE 8, support for LMAX Disruptor 3.x is maintained.

Added

  • Added support for LMAX Disruptor 4.x (#1821)

Changed

  • Simplify BND configuration after upgrade from version 6.4.1 to 7.0.0

Deprecated

  • Deprecate the configuration attribute verbose (i.e., <Configuration verbose="...") and StatusConsoleListener filters (#2226)
  • Deprecated the RingBufferLogEventHandler class for removal from the public API in 3.x

Fixed

  • Fix regression in JdkMapAdapterStringMap performance. (#2238)
  • Fix the behavior of Logger#setLevel and Logger#getLevel in the Log4j 1.2 bridge. (#2282)
  • Fix the behavior of CoreLogger#getLevel and CoreLogger#setLevel in the log4j-jul module. (#2282)

... (truncated)

Commits
  • fea2a71 Update the project.build.outputTimestamp property
  • a0e24d1 Update release notes
  • 07ab0ce Release changelog
  • d48454c Arrange changelog entries
  • 989ce78 Set version to 2.23.1
  • a4a8e99 Fix StatusLogger to correctly read log4j2.StatusLogger.properties (#2354)
  • 054a4f7 Fix NPE in PatternProcessor for the UNIX pattern
  • 0eb232f Don't fail on insufficient parameters in ParameterFormatter (#2337, #2343)
  • 32075af Update org.eclipse.angus:jakarta.mail to version 2.0.3 (#2349)
  • eb8bc2f Update jakarta.mail:jakarta.mail-api to version 2.1.3 (#2348)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump org.apache.logging.log4j:log4j-bom from 2.20.0 to 2.23.1
882fdbf 
Bumps [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2) from 2.20.0 to 2.23.1.
- [Release notes](https://github.com/apache/logging-log4j2/releases)
- [Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc)
- [Commits](apache/logging-log4j2@rel/2.20.0...rel/2.23.1)

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 11, 2024
@dependabot dependabot bot mentioned this pull request Mar 11, 2024
Closed
@chsonarqubeprchecks
Copy link

chsonarqubeprchecks bot commented Jul 12, 2024

SonarQube Quality Gate

Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant