apache-log4j2 (2.17.1-0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - Updated to new upstream version 2.17.1.
    - CVE-2021-44832

 -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Tue, 11 Jan 2022 18:30:01 +0000

apache-log4j2 (2.17.0-0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service via uncontrolled recursion
    - Updated to new upstream version 2.17.0.
    - CVE-2021-45105

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Sun, 19 Dec 2021 07:44:06 -0500

apache-log4j2 (2.16.0-0.20.04.1) focal-security; urgency=high

  * SECURITY UPDATE: Denial of service
    - Updated to new upstream version 2.16.0.
    - CVE-2021-45046

 -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Wed, 15 Dec 2021 10:52:44 -0300

apache-log4j2 (2.15.0-0.20.04.1) focal-security; urgency=high

  * SECURITY UPDATE: Remote Code Execution
    - Updated to new upstream version 2.15.0.
    - debian/liblog4j2-java.poms: Update pom list to the new version.
    - debian/maven.ignoreRules: Add more tests to ignore list.
    - CVE-2021-44228

 -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Mon, 13 Dec 2021 16:44:36 +0000

apache-log4j2 (2.11.2-1) unstable; urgency=medium

  * Team upload.

  [ tony mancill ]
  * Revert "Drop support for mongodb (Debian: #919095)"

  [ Emmanuel Bourg ]
  * New upstream release
    - Refreshed the patches
    - Updated the Maven rules
  * Sort the entries in the plugin cache (Log4j2Plugins.dat) to make
    the build reproducible
  * Standards-Version updated to 4.4.0

 -- Emmanuel Bourg <ebourg@apache.org>  Tue, 10 Sep 2019 10:32:34 +0200

apache-log4j2 (2.11.1-2) unstable; urgency=medium

  * Team upload.
  * Drop support for mongodb (Closes: #919095)
  * Standards-Version updated to 4.3.0

 -- tony mancill <tmancill@debian.org>  Sat, 12 Jan 2019 11:33:45 -0800

apache-log4j2 (2.11.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Build the new log4j-core-java9 module
    - Build the mongodb3 module and ignore the mongodb2 one
    - Ignore the new log4j-jdbc-dbcp2, log4j-jpa and log4j-slf4j18-impl modules
  * Worked around a javadoc bug in Java 10 causing an IllegalArgumentException
    (Closes: #905139)
  * Standards-Version updated to 4.1.5
  * Use salsa.debian.org Vcs-* URLs

 -- Emmanuel Bourg <ebourg@apache.org>  Tue, 31 Jul 2018 17:12:58 +0200

apache-log4j2 (2.10.0-2) unstable; urgency=medium

  * Team upload.
  * Generate code usable with the Java 8 API to help with the transition
  * Standards-Version updated to 4.1.4

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 06 Apr 2018 09:14:54 +0200

apache-log4j2 (2.10.0-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Build the new log4j-api-java9 module
    - Ignore the new log4j-appserver module
    - Replaced the log4j-nosql module with log4j-couchdb and log4j-cassandra
    - Updated the Maven rules
    - New dependency on libjackson2-annotations-java
  * Fixed the build failure with Java 9 (Closes: #893085)
  * Standards-Version updated to 4.1.3
  * Switch to debhelper level 11
  * Removed the Maven wrapper from the upstream tarball

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 16 Mar 2018 17:14:19 +0100

apache-log4j2 (2.8.2-2) unstable; urgency=medium

  * Team upload.
  * Added the missing build dependency on libnetty-java (Closes: #880239)
  * Standards-Version updated to 4.1.1

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 30 Oct 2017 23:14:54 +0100

apache-log4j2 (2.8.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Ignore the new test modules log4j-osgi and log4j-core-its
    - Disabled the Cassandra appender (missing dependencies)
    - Updated the Maven rules
    - Install RELEASE-NOTES.md instead of RELEASE-NOTES.txt

 -- Emmanuel Bourg <ebourg@apache.org>  Wed, 21 Jun 2017 12:55:58 +0200

apache-log4j2 (2.7-2) unstable; urgency=medium

  * Team upload.
  * Fixed CVE-2017-5645: When using the TCP socket server or UDP socket server
    to receive serialized log events from another application, a specially
    crafted binary payload can be sent that, when deserialized, can execute
    arbitrary code (Closes: #860489)

 -- Emmanuel Bourg <ebourg@apache.org>  Tue, 18 Apr 2017 14:30:00 +0200

apache-log4j2 (2.7-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Ignore the new log4j-api-scala modules
    - New dependencies on libconversant-disruptor-java, libjcommander-java
      and libjctools-java
  * Transition to the Servlet API 3.1
  * Switch to debhelper level 10

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 21 Oct 2016 18:22:32 +0200

apache-log4j2 (2.6.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release

 -- Emmanuel Bourg <ebourg@apache.org>  Thu, 14 Jul 2016 19:32:56 +0200

apache-log4j2 (2.6.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Fixed the compatibility with jackson and mongodb
    - New dependencies on groovy, libwoodstox-java and libbsh-java
    - Ignore the new test dependencies
  * Exclude the minified JavaScript files from the upstream tarball
  * Standards-Version updated to 3.9.8
  * Use a secure Vcs-Git URL

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 08 Jul 2016 16:08:33 +0200

apache-log4j2 (2.4-2) unstable; urgency=medium

  * Team upload.
  * maven.rules: Fix substitution rules for javax.servlet API.
    Thanks to Chris Lamb for the report. (Closes: #809619)
  * Switch from cdbs to dh sequencer.
  * Vcs-Browser: Use https.

 -- Markus Koschany <apo@debian.org>  Sat, 09 Jan 2016 14:23:29 +0100

apache-log4j2 (2.4-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - New dependencies on libcommons-compress-java, libcommons-csv-java
      and libjeromq-java
    - Ignore the new liquibase module
    - Disabled the new Kafka appender

 -- Emmanuel Bourg <ebourg@apache.org>  Thu, 22 Oct 2015 19:44:48 +0200

apache-log4j2 (2.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
  * liblog4j2-java.poms:
    - Add and enable the new modules: log4j-nosql, log4j-web, log4j2-jul
      and log4j-bom
    - Remove the log4j-osgi module
    - Ignore log4j-iostreams and log4j-perf modules
  * maven.ignoreRules: Ignore all artifacts which make the build FTBFS,
    including maven-failsafe-plugin, woodstox-core-asl, json-unit,
    activemq-broker.
  * debian/control:
    - Declare compliance with Debian Policy 3.9.6.
    - Switch Vcs-Browser field to cgit.
    - New build dependencies on libmaven-source-plugin-java,
      libcommons-lang3-java, libjackson2-dataformat-yaml,
      libjackson2-dataformat-xml-java and jackson-module-jaxb-annotations
  * Update maven.rules due to additional build-dependencies.

  [ Emmanuel Bourg ]
  * Build depend on libmail-java instead of libgnumail-java
  * debian/watch: Watch the release tags on Github

 -- Markus Koschany <apo@gambaru.de>  Fri, 29 May 2015 14:43:11 +0200

apache-log4j2 (2.0~beta9-1) unstable; urgency=medium

  * Initial release (Closes: #718867)

 -- Emmanuel Bourg <ebourg@apache.org>  Wed, 19 Mar 2014 11:49:25 +0100