[Git][java-team/apache-log4j2][stretch] 16 commits: New upstream version 2.8.2

Markus Koschany (@apo) gitlab at salsa.debian.org
Sun Dec 26 22:36:55 GMT 2021



Markus Koschany pushed to branch stretch at Debian Java Maintainers / apache-log4j2


Commits:
ed6badcc by Emmanuel Bourg at 2017-06-21T12:09:47+02:00
New upstream version 2.8.2
- - - - -
2d92309a by Emmanuel Bourg at 2018-03-16T14:45:56+01:00
New upstream version 2.9.0
- - - - -
d5178ede by Emmanuel Bourg at 2018-03-16T16:42:34+01:00
New upstream version 2.10.0
- - - - -
6d16824b by Emmanuel Bourg at 2018-04-22T22:31:19+02:00
New upstream version 2.11.0
- - - - -
c87b2af9 by Emmanuel Bourg at 2018-07-31T15:46:53+02:00
New upstream version 2.11.1
- - - - -
d43edfd0 by Emmanuel Bourg at 2019-09-10T09:35:25+02:00
New upstream version 2.11.2
- - - - -
3e3a4f41 by Emmanuel Bourg at 2021-01-19T13:34:43+01:00
New upstream version 2.12.0
- - - - -
088c9fc9 by Emmanuel Bourg at 2021-01-19T13:35:04+01:00
New upstream version 2.12.1
- - - - -
d9fc0d36 by Emmanuel Bourg at 2021-01-19T14:01:11+01:00
New upstream version 2.13.1
- - - - -
6c6f5b7f by Emmanuel Bourg at 2021-01-19T14:01:23+01:00
New upstream version 2.13.2
- - - - -
0aa2f85b by Emmanuel Bourg at 2021-01-19T14:01:32+01:00
New upstream version 2.13.3
- - - - -
bcae8c0e by Markus Koschany at 2021-12-11T14:49:40+01:00
New upstream version 2.15.0
- - - - -
7dfdbd70 by Markus Koschany at 2021-12-15T02:36:02+01:00
New upstream version 2.16.0
- - - - -
10929b7d by Markus Koschany at 2021-12-18T17:06:17+01:00
New upstream version 2.17.0
- - - - -
aa58884f by Markus Koschany at 2021-12-26T23:36:29+01:00
Import Upstream version 2.12.3
- - - - -
300b6c02 by Markus Koschany at 2021-12-26T23:36:29+01:00
Import Debian changes 2.12.3-0+deb9u1

apache-log4j2 (2.12.3-0+deb9u1) stretch-security; urgency=high
..
  * Team upload.
  * Fix CVE-2020-9488:
    Improper validation of certificate with host mismatch in Apache Log4j SMTP
    appender. This could allow an SMTPS connection to be intercepted by a
    man-in-the-middle attack which could leak any log messages sent through
    that appender.
  * Fix CVE-2021-45105:
    Apache Log4j2 did not protect from uncontrolled recursion from
    self-referential lookups. This allows an attacker with control over Thread
    Context Map data to cause a denial of service when a crafted string is
    interpreted.

- - - - -


30 changed files:

- log4j-web/src/main/resources/log4j2.component.properties → .dockerignore
- + .gitattributes
- .gitignore
- + .travis-toolchains.xml
- + .travis.yml
- + BUILDING.md
- − BUILDING.txt
- + CODE_OF_CONDUCT.md
- + CONTRIBUTING.md
- log4j-to-slf4j/src/main/resources/META-INF/log4j-provider.properties → Dockerfile
- NOTICE.txt
- README.md
- + RELEASE-NOTES.md
- − RELEASE-NOTES.txt
- − Vagrantfile
- debian/changelog
- debian/control
- debian/copyright
- − debian/liblog4j2-java-doc.doc-base.api
- − debian/liblog4j2-java-doc.install
- debian/liblog4j2-java.poms
- debian/maven.ignoreRules
- debian/maven.properties
- debian/maven.rules
- debian/patches/01-disable-kafka-appender.patch
- − debian/patches/02-jackson-compatibility.patch
- − debian/patches/03-mongodb-compatibility.patch
- − debian/patches/CVE-2017-5645.patch
- − debian/patches/CVE-2021-44228.patch
- + debian/patches/no-java9-support.patch


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/java-team/apache-log4j2/-/compare/ac8bf75d974e5194278c2c9ea9cea45c407a6f51...300b6c02761c79d66ddc3cd1d737435928161f86

-- 
View it on GitLab: https://salsa.debian.org/java-team/apache-log4j2/-/compare/ac8bf75d974e5194278c2c9ea9cea45c407a6f51...300b6c02761c79d66ddc3cd1d737435928161f86
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20211226/92165153/attachment.htm>


More information about the pkg-java-commits mailing list