graylog2-server icon indicating copy to clipboard operation
graylog2-server copied to clipboard
verified publisher icon Graylog2

Bump org.apache.logging.log4j:log4j-bom from 2.22.1 to 2.23.0

Open dependabot[bot] opened this issue 1 year ago • 2 comments

Bumps org.apache.logging.log4j:log4j-bom from 2.22.1 to 2.23.0.

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.23.0

This release adds support for LMAX Disruptor 4.x and several performance and bug fixes.

In order to maintain compatibility with JRE 8, support for LMAX Disruptor 3.x is maintained.

Added

  • Added support for LMAX Disruptor 4.x (#1821)

Changed

  • Simplify BND configuration after upgrade from version 6.4.1 to 7.0.0

Deprecated

  • Deprecate the configuration attribute verbose (i.e., <Configuration verbose="...") and StatusConsoleListener filters (#2226)
  • Deprecated the RingBufferLogEventHandler class for removal from the public API in 3.x

Fixed

  • Fix regression in JdkMapAdapterStringMap performance. (#2238)
  • Fix the behavior of Logger#setLevel and Logger#getLevel in the Log4j 1.2 bridge. (#2282)
  • Fix the behavior of CoreLogger#getLevel and CoreLogger#setLevel in the log4j-jul module. (#2282)
  • Allow deserialization of all arrays of allowed classes. (LOG4J2-3680)
  • Allow the node to appear in any position in the configuration element.
  • Fix forgotten threadName field in RingBufferLogEvent#clear(). (#2234)
  • Fix StringBuilder cache corruption on recursive access.
  • Fixed use of SecurityManager in LoaderUtil where AccessController::doPrivileged should only be invoked when a SecurityManager is installed. Some runtimes do not seem to have this method available. (#2129)
  • Fix log4j-spring-cloud-config-client dependencies to include only those required. (#2157)
  • Fix typo in Kubernetes clientKeyData configuration property.

Updated

  • Update com.fasterxml.jackson:jackson-bom to version 2.16.1 (#2126)
  • Update commons-codec:commons-codec to version 1.16.1 (#2277)
  • Update io.netty:netty-bom to version 4.1.107.Final (#2284)
  • Update org.apache.logging:logging-parent to version 10.6.0 (#2197)
  • Update org.eclipse.jetty:jetty-bom to version 9.4.54.v20240208 (#2287)
  • Update org.jctools:jctools-core to version 4.0.3 (#2270)
  • Update org.springframework:spring-framework-bom to version 5.3.32 (#2293)
  • Update org.zeromq:jeromq to version 0.6.0 (#2271)
Commits
  • 73da901 Release changelog for version 2.23.0
  • de74dd6 Update the project.build.outputTimestamp property
  • feefcf1 Set version to 2.23.0
  • 44254fc Prepare release notes for 2.23.0
  • f53fca1 Fix behavior of CoreLogger#getLevel
  • 1755087 Update github/codeql-action to version 3.24.3 (#2295)
  • 9dc6aab Update org.springframework:spring-framework-bom to version 5.3.32 (#2293)
  • fb49b23 Update commons-codec:commons-codec to version 1.16.1 (#2277)
  • 5fbff3f Review corrections for #2278
  • f87c5a7 Allow arbitrary position of \<Properties> element
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Feb 22 '24 01:02 dependabot[bot]

@dependabot rebase

thll avatar Feb 22 '24 08:02 thll

@dependabot rebase

thll avatar Feb 23 '24 08:02 thll