Log4j

Apache Log4j
Developer(s)Apache Software Foundation
Initial releaseJanuary 8, 2001; 23 years ago (2001-01-08)[1]
Stable release
2.24.1[2] Edit this on Wikidata / 29 September 2024; 47 days ago (29 September 2024)[3]
Repositorygithub.com/apache/logging-log4j2
Written inJava
Operating systemCross-platform
TypeLogging
LicenseApache License 2.0
Websitelogging.apache.org/log4j/2.x/

Apache Log4j is a Java-based logging utility originally written by Ceki Gülcü. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks.

Gülcü has since created SLF4J, Reload4j,[4] and Logback[5][better source needed] which are alternatives to Log4j.[6]

The Apache Log4j team developed Log4j 2[7] in response to the problems of Log4j 1.2, 1.3, java.util.logging and Logback, addressing issues which appeared in those frameworks.[8] In addition, Log4j 2 offered a plugin architecture which makes it more extensible than its predecessor. Log4j 2 is not backwards compatible with 1.x versions,[9] although an "adapter" is available. On August 5, 2015, the Apache Logging Services Project Management Committee announced that Log4j 1 had reached end of life and that users of Log4j 1 were advised to upgrade to Apache Log4j 2.[10] On January 12, 2022, a forked and renamed log4j version 1.2 was released by Ceki Gülcü as Reload4j version 1.2.18.0 with the aim of fixing the most urgent issues in log4j 1.2.17 that had accumulated since its release in 2013.[11]

On December 9, 2021, a zero-day vulnerability involving arbitrary code execution in Log4j 2 was published by the Alibaba Cloud Security Team and given the descriptor "Log4Shell".[12] It has been characterized by Tenable as "the single biggest, most critical vulnerability of the last decade".[13]

  1. ^ "Apache Log4j 1.2 Release History". apache.org. Apache Software Foundation. Retrieved September 2, 2014.
  2. ^ "Release 2.24.1". September 29, 2024. Retrieved October 22, 2024.
  3. ^ "Release Notes - Log4j". logging.apache.org. Retrieved October 9, 2023.
  4. ^ "Reload4j Home". reload4j.qos.ch. Retrieved January 12, 2022.
  5. ^ "Logback Home". Logback.qos.ch. Retrieved July 24, 2014.
  6. ^ Grigg, Kadi (February 4, 2022). "Wicked Good Development - Cybersecurity Experts Talk Log4J, Open Source and More". blog.sonatype.com. Retrieved August 16, 2022.
  7. ^ "Log4j 2 Guide - Apache Log4j 2". Logging.apache.org. July 12, 2014. Retrieved July 24, 2014.
  8. ^ Goers, Ralph (December 15, 2019). "Why was Log4j 2 created?". Ralph Goers.
  9. ^ "Log4j 2 Guide - Apache Log4j 2: News". Logging.apache.org. July 12, 2014. Retrieved July 24, 2014.
  10. ^ "Apache Logging Services Project Announces Log4j 1 End-Of-Life; Recommends Upgrade to Log4j 2". blogs.apache.org. August 5, 2015. Retrieved July 3, 2016.
  11. ^ "Reload4j Project; Easy migration from log4j 1.2.x". qos.ch. January 12, 2022. Retrieved January 12, 2022.
  12. ^ Cite error: The named reference lawfare was invoked but never defined (see the help page).
  13. ^ Cite error: The named reference guardian was invoked but never defined (see the help page).