Following #2778, the log4j-1.2-api module is no longer supposed to modify the Log4j Core configuration by default. However, it looks like we missed a few methods that still allow this.

The Log4j dependency is separated into two artifacts, the API and the core implementation. This is to enable replacing Log4j on the backend through the SLF4J bridge with another logging implementat ...

The Apache Software Foundation recently announced the General Availability of Log4j 2.0, containing many performance improvements over its predecessor Log4j 1.x. Years in the making, this release ...

The Noname API Security Platform has a suite of over 100 tests that you can run against your API inventory, one of which can identify if the API is using the vulnerable version of Log4j. Active ...

There are many dependency management frameworks for utilizing software components, and the Log4j website has thorough documentation on how to include Log4j with several such as Maven, Ivy, Gradle, and ...

Log4j, an open source project, allows developers to control which log statements are output with arbitrary granularity. It's fully configurable at runtime by using external configuration files ...

Log4j versions beyond 2.0 is in the top 0.003 percentile of most popular downloads across Maven Central and is the standard logging framework of choice for most other Java Open Source components, ...

There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.

The US Cybersecurity and Infrastructure Security Agency have ordered all civilian federal agencies to patch the Log4j vulnerability and three others by December 24, adding it to the organization's ...