apache-log4j2 (2.12.4-0ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Remote code execution
    - Updated to new upstream version 2.12.4.
    - CVE-2021-44832
    - CVE-2021-45105

 -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Tue, 11 Jan 2022 17:40:59 +0000

apache-log4j2 (2.10.0-2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Remote code execution
    - debian/patches/CVE-2021-44228.patch: Remove JndiLookup class.
    - CVE-2021-44228

 -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Fri, 10 Dec 2021 17:24:48 +0000

apache-log4j2 (2.10.0-2) unstable; urgency=medium

  * Team upload.
  * Generate code usable with the Java 8 API to help with the transition
  * Standards-Version updated to 4.1.4

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 06 Apr 2018 09:14:54 +0200

apache-log4j2 (2.10.0-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Build the new log4j-api-java9 module
    - Ignore the new log4j-appserver module
    - Replaced the log4j-nosql module with log4j-couchdb and log4j-cassandra
    - Updated the Maven rules
    - New dependency on libjackson2-annotations-java
  * Fixed the build failure with Java 9 (Closes: #893085)
  * Standards-Version updated to 4.1.3
  * Switch to debhelper level 11
  * Removed the Maven wrapper from the upstream tarball

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 16 Mar 2018 17:14:19 +0100

apache-log4j2 (2.8.2-2) unstable; urgency=medium

  * Team upload.
  * Added the missing build dependency on libnetty-java (Closes: #880239)
  * Standards-Version updated to 4.1.1

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 30 Oct 2017 23:14:54 +0100

apache-log4j2 (2.8.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Ignore the new test modules log4j-osgi and log4j-core-its
    - Disabled the Cassandra appender (missing dependencies)
    - Updated the Maven rules
    - Install RELEASE-NOTES.md instead of RELEASE-NOTES.txt

 -- Emmanuel Bourg <ebourg@apache.org>  Wed, 21 Jun 2017 12:55:58 +0200

apache-log4j2 (2.7-2) unstable; urgency=medium

  * Team upload.
  * Fixed CVE-2017-5645: When using the TCP socket server or UDP socket server
    to receive serialized log events from another application, a specially
    crafted binary payload can be sent that, when deserialized, can execute
    arbitrary code (Closes: #860489)

 -- Emmanuel Bourg <ebourg@apache.org>  Tue, 18 Apr 2017 14:30:00 +0200

apache-log4j2 (2.7-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Ignore the new log4j-api-scala modules
    - New dependencies on libconversant-disruptor-java, libjcommander-java
      and libjctools-java
  * Transition to the Servlet API 3.1
  * Switch to debhelper level 10

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 21 Oct 2016 18:22:32 +0200

apache-log4j2 (2.6.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release

 -- Emmanuel Bourg <ebourg@apache.org>  Thu, 14 Jul 2016 19:32:56 +0200

apache-log4j2 (2.6.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Fixed the compatibility with jackson and mongodb
    - New dependencies on groovy, libwoodstox-java and libbsh-java
    - Ignore the new test dependencies
  * Exclude the minified JavaScript files from the upstream tarball
  * Standards-Version updated to 3.9.8
  * Use a secure Vcs-Git URL

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 08 Jul 2016 16:08:33 +0200

apache-log4j2 (2.4-2) unstable; urgency=medium

  * Team upload.
  * maven.rules: Fix substitution rules for javax.servlet API.
    Thanks to Chris Lamb for the report. (Closes: #809619)
  * Switch from cdbs to dh sequencer.
  * Vcs-Browser: Use https.

 -- Markus Koschany <apo@debian.org>  Sat, 09 Jan 2016 14:23:29 +0100

apache-log4j2 (2.4-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - New dependencies on libcommons-compress-java, libcommons-csv-java
      and libjeromq-java
    - Ignore the new liquibase module
    - Disabled the new Kafka appender

 -- Emmanuel Bourg <ebourg@apache.org>  Thu, 22 Oct 2015 19:44:48 +0200

apache-log4j2 (2.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
  * liblog4j2-java.poms:
    - Add and enable the new modules: log4j-nosql, log4j-web, log4j2-jul
      and log4j-bom
    - Remove the log4j-osgi module
    - Ignore log4j-iostreams and log4j-perf modules
  * maven.ignoreRules: Ignore all artifacts which make the build FTBFS,
    including maven-failsafe-plugin, woodstox-core-asl, json-unit,
    activemq-broker.
  * debian/control:
    - Declare compliance with Debian Policy 3.9.6.
    - Switch Vcs-Browser field to cgit.
    - New build dependencies on libmaven-source-plugin-java,
      libcommons-lang3-java, libjackson2-dataformat-yaml,
      libjackson2-dataformat-xml-java and jackson-module-jaxb-annotations
  * Update maven.rules due to additional build-dependencies.

  [ Emmanuel Bourg ]
  * Build depend on libmail-java instead of libgnumail-java
  * debian/watch: Watch the release tags on Github

 -- Markus Koschany <apo@gambaru.de>  Fri, 29 May 2015 14:43:11 +0200

apache-log4j2 (2.0~beta9-1) unstable; urgency=medium

  * Initial release (Closes: #718867)

 -- Emmanuel Bourg <ebourg@apache.org>  Wed, 19 Mar 2014 11:49:25 +0100