Developer(s) | Apache Software Foundation |
---|---|
Initial release | January 8, 2001[1] |
Stable release | |
Repository | github |
Written in | Java |
Operating system | Cross-platform |
Type | Logging |
License | Apache License 2.0 |
Website | logging |
Apache Log4j is a Java-based logging utility originally written by Ceki Gülcü. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks.
Gülcü has since created SLF4J, Reload4j,[4] and Logback[5][better source needed] which are alternatives to Log4j.[6]
The Apache Log4j team developed Log4j 2[7] in response to the problems of Log4j 1.2, 1.3, java.util.logging
and Logback, addressing issues which appeared in those frameworks.[8] In addition, Log4j 2 offered a plugin architecture which makes it more extensible than its predecessor. Log4j 2 is not backwards compatible with 1.x versions,[9] although an "adapter" is available. On August 5, 2015, the Apache Logging Services Project Management Committee announced that Log4j 1 had reached end of life and that users of Log4j 1 were advised to upgrade to Apache Log4j 2.[10] On January 12, 2022, a forked and renamed log4j version 1.2 was released by Ceki Gülcü as Reload4j version 1.2.18.0 with the aim of fixing the most urgent issues in log4j 1.2.17 that had accumulated since its release in 2013.[11]
On December 9, 2021, a zero-day vulnerability involving arbitrary code execution in Log4j 2 was published by the Alibaba Cloud Security Team and given the descriptor "Log4Shell".[12] It has been characterized by Tenable as "the single biggest, most critical vulnerability of the last decade".[13]
lawfare
was invoked but never defined (see the help page).guardian
was invoked but never defined (see the help page).