[qos.ch-announce] Release of reload4j version 1.2.22
QOS.ch annoucements
announce at qos.ch
Thu Jul 21 14:07:42 CEST 2022
Hello all,
I am very happy to announce the immediate availability of reload4j
version 1.2.22. It is intended as a drop-in replacement for log4j
version 1.2.17. By drop in, we mean the replacement of log4j.jar with
reload4j.jar in your build with no source code changes in .java files
being necessary.
Release 1.2.22 fixes a *newly* discovered XXE vulnerability in Chainsaw.
Please refer to the release notes for more information about changes in
reload4j versions.
https://reload4j.qos.ch/news.html
Reload4j was built using Java 8 but targets Java 1.5.
As both log4j 1.x and reload4j do *not* offer a message lookup
mechanism, they did not suffer from the notorious log4shell vulnerability.
Reload4j has the following Maven coordinates:
<dependency>
<groupId>ch.qos.reload4j</groupId>
<artifactId>reload4j</artifactId>
<version>1.2.22</version>
</dependency>
Project web-site: https://reload4j.qos.ch/
Source repository: https://github.com/qos-ch/reload4j
Donations and sponsorship
You can also support SLF4J/logback/reload4j projects via donations and
sponsorship. We thank our current supporters and sponsors for their
continued contributions.
Sponsorship link: https://github.com/sponsors/qos-ch
Announcement mailing list:
You can receive SLF4J/logback/reload4j related announcements by
subscribing QOS.ch announce list, please visit the following URL.
http://www.qos.ch/mailman/listinfo/announce
Enjoy,
--
Ceki Gülcü
More information about the announce
mailing list