This article is about the Java logging framework. For the 2021 vulnerability affecting Log4j, see Log4Shell.
Apache Log4j
Developer(s)
Apache Software Foundation
Initial release
January 8, 2001; 23 years ago (2001-01-08)[1]
Stable release
2.23.1[2]
/ 10 March 2024; 46 days ago (10 March 2024)[3]
Repository
github.com/apache/logging-log4j2
Written in
Java
Operating system
Cross-platform
Type
Logging
License
Apache License 2.0
Website
logging.apache.org/log4j/2.x/
Apache Log4j is a Java-based logging utility originally written by Ceki Gülcü. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks.
Gülcü has since created SLF4J, Reload4j,[4] and Logback[5][better source needed] which are alternatives to Log4j.[6]
The Apache Log4j team developed Log4j 2[7] in response to the problems of Log4j 1.2, 1.3, java.util.logging and Logback, addressing issues which appeared in those frameworks.[8] In addition, Log4j 2 offered a plugin architecture which makes it more extensible than its predecessor. Log4j 2 is not backwards compatible with 1.x versions,[9] although an "adapter" is available. On August 5, 2015, the Apache Logging Services Project Management Committee announced that Log4j 1 had reached end of life and that users of Log4j 1 were advised to upgrade to Apache Log4j 2.[10] On January 12, 2022, a forked and renamed log4j version 1.2 was released by Ceki Gülcü as Reload4j version 1.2.18.0 with the aim of fixing the most urgent issues in log4j 1.2.17 that had accumulated since its release in 2013.[11]
On December 9, 2021, a zero-day vulnerability involving arbitrary code execution in Log4j 2 was published by the Alibaba Cloud Security Team and given the descriptor "Log4Shell".[12] It has been characterized by Tenable as "the single biggest, most critical vulnerability of the last decade".[13]
Apache Log4j is a Java-based logging utility originally written by Ceki Gülcü. It is part of the Apache Logging Services, a project of the Apache Software...
Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability...
classpath and may be the standard Sun Java logging package java.util.logging, Log4j, Reload4j, Logback or tinylog. The separation of the client API from the...
Apache Commons Logging (also known as Java Commons Logging or JCL) and Log4j. This led to problems when integrating different third-party libraries (JARs)...
vulnerability called "Log4Shell" was discovered in popular logging framework Log4j, affecting many services including iCloud, Minecraft: Java Edition and Steam...
has the capability to defend against zero-day attacks, for example some log4j attacks. Darktrace was included in Fast Company's 50 Most Innovative Companies...
ubiquitous Java logging framework software Log4j. The report was privately disclosed to project developers of Log4j, a team at The Apache Software Foundation...
4534 Unofficial Armagetron Advanced server default 4560 Unofficial default Log4j socketappender port 4567 Unofficial Sinatra default server port in development...
The first report of the board was published 11 July 2022 and described Log4j and Log4shell. Sanger, David E.; Perlroth, Nicole; Barnes, Julian E. (2021-05-10)...
1.13.4, 1.12.6, 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during...
Stream processing platform Apache Log4j Java logging framework - Log4j 2 is the enhanced version of the popular Log4j project. Apache Lucene High-performance...
December 2017. Retrieved May 30, 2018. Corin Faife (December 16, 2021). "Log4j is patched, but the exploits are just getting started". Verge. Retrieved...
2022. "After Log4j, Open-Source Software Is Now a National Security Issue". Gizmodo. Retrieved 16 January 2022. Greig, Jonathan. "After Log4j, White House...
know". Washington Post. 20 December 2021. Retrieved 3 January 2022. "Log4j – Apache Log4j Security Vulnerabilities". logging.apache.org. Retrieved 3 January...
Teo". "Singapore government patching systems after alert on 'critical' Log4j software vulnerability". CNA. "Inaugural Singapore International Cyber Week...
a construction used by many hash functions Mapped Diagnostic Context, a Log4j mechanism used to pass additional information to the underlying logger to...
guitar tablature Log4JFugue is a utility for converting log files created by log4j into musical patterns; this allows one to listen for changes in a log file...
or above) JSON (REST support) JUnit (automated tests for user projects) Log4J (installation and configuration) OSGi (the Roo tool is built on OSGi) Representational...