Headline
CVE-2023-6378: News
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
Logback 1.3.x supports the Java EE edition whereas logback 1.4.x supports Jakarta EE, otherwise the two versions are feature identical.
Logback News
You can receive logback-related announcements by subscribing to the QOS.ch announce mailing list.
On the 1.3.x and 1.4.x series
Given that downstream users are likely to depend on either Java EE (in the javax namespace) or on Jakarta EE (in the jakarta namespace) in their projects, it was deemed important for logback to support both alternatives.
As such, logback 1.3.x supports the Java EE edition whereas logback 1.4.x supports Jakarta EE, otherwise the two versions are feature identical. Here is a summary of the differences:
Logback version
github branch
SLF4J version
JDK
Enterprise Edition
1.3.x
branch_1.3.x
2.0.x
8
Java EE (javax.* namespace)
1.4.x
master
2.0.x
11
Jakarta EE (jakarta.* namespace)
Logback components written for logback 1.2 should work without change in version 1.3. However, Joran, logback’s configuration system, has been rewritten to use an internal representation model which can be processed separately. Thus, code depending on Joran needs to be adapted to changes in Joran (logback’s internal configuration mechanism).
As a result of enhancements to Joran, logback configuration scripts are now largely order-free. For example, appenders can now be defined after they are first referenced in a logger. Moreover, unreferenced appenders are no longer instantiated.
Reproducible builds
Starting early 2022, logback artifacts are binary reproducible, as independently attested by reproducible-central.
2023-11-28 Release of logback versions 1.3.13 and 1.4.13
• Removed superflous System.out.println call in ExecutorServiceUtil class. This problem was reported in issue 741 by Ernst de Haan.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.13 (or v_1.4.13) from the source code repository (GitHub). Releases built using Java “21” 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.
2023-11-27 Release of logback versions 1.3.12 and 1.4.12
• Logback will now use virtual threads (new in Java 21) when scheduling a reconfigure on change task and when removing old files. This is part of issue 737.
• Fixed vulnerability to a potential denial of service attack on a centralized logback receiver when a third party controlling a remote appender connects to said receiver and could potentially shut down or slow down logging of events. This problem was reported by Yakov Shafranovich, Amazon Web Services.
• Better error reporting in case archived log files slated for deletion could not be deleted. This may occur if another process has an open handle on the file under Windows OS.
• Better handling of classloading in case the logback jar files are loaded by the system classloader. This fixes issue 715 reported by Sylvere Richard.
• Added a checkIncrement property to SizeAndTimeBasedRollingPolicy.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.12 (or v_1.4.12) from the source code repository (GitHub). Releases built using Java “21” 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.
2023-08-09 Release of logback versions 1.3.11 and 1.4.11
• Changes made to the configure method in the Configurator interface in version 1.3.9/1.4.9 were reverted.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.11 (or v_1.4.11) from the source code repository (GitHub). Release built using Java “20” 2023-03-21 build 20+36-2344 under Linux Debian 11.6.
2023-08-09 Release of logback versions 1.3.10 and 1.4.10
• The Configurator interface is moved back to the logback-classic module instead of logback-core. This reverts the change made in versions 1.3.9/1.4.9.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.10 (or v_1.4.10) from the source code repository (GitHub). Release built using Java “20” 2023-03-21 build 20+36-2344 under Linux Debian 11.6.
2023-08-04 Release of logback versions 1.3.9 and 1.4.9
This release was championed by the Sovereign Tech Fund.
• Added an additional configuration step during initialization using SerializedModelConfigurator. See configuration at initialization section in the manual for further details. Configuration from a serialized model file was added because it executes faster and does not require any XML libraries. In conjuction with GraalVM, this may yield smaller executables that start faster.
• In JsonEncoder added support for throwable “cause” and “suppressed” throwables. This fixes LOGBACK-1749 reported by Christopher Holt.
• Fixed OverlappingFileLockException when using prudent mode. This problem was reported by Christian Habermehl in LOGBACK-1754.
• Fixed incorrect status message printed by Compressor.gzCompress() method. This issue was reported by Marko Mitrović in LOGBACK-1750 who also provided the relevant PR.
• The default implementation of getInstant method in ILoggingEvent now returns Instant.ofEpochMills(getTimeStamp()) instead of null. This issue was reported in LOGBACK-1735 by “wreulicke” who also provided the relevant PR.
• The “logback.statusListenerClass” system property now admits the case insensitive string “STDOUT” in addition to the string “SYSOUT” as shorthands for the class name "ch.qos.logback.core.status.OnConsoleStatusListener".
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.9 (or v_1.4.9) from the source code repository (GitHub). Release built using Java “20” 2023-03-21 build 20+36-2344 under Linux Debian 11.6.
2023-06-13 Release of logback versions 1.3.8 and 1.4.8
• Logback now ships with JsonEncoder which outputs logging events in Newline delimited JSON (ndjson) format. This enhancement was requested in LOGBACK-1734 by Oleksandr Gavenko.
• OSGi service-loader requirement for spi.Configurator is now optional. This fixes LOGBACK-1736 reported by Hannes Wellmann who also provided the relevant PR.
• Fixed NoSuchMethodError issue in ConsoleAppender under java 8. This fixes LOGBACK-1737 reported by Wolfgang F. Riedl.
• The LogbackMDCAdapter instance associated with a LogbackServiceProvider is now accessible/set via LoggerContext and not only via MDC. This makes tests simpler. See also LOGBACK-1742.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.8 (or v_1.4.8) from the source code repository (GitHub). Release built using Java “20” 2023-03-21 build 20+36-2344 under Linux Debian 11.6.
2023-04-19 Release of logback versions 1.3.7 and 1.4.7
• Add support for Jansi library version 2.4.0. This was requested in LOGBACK-1595 by Nils Renaud with Benjamin Marwell providing the relevant PR.
• Fixed incorrect OSGi execution-environment requirements in MANIFEST.MF files. This issue was reported in in LOGBACK-1728 by Hannes Well who also provided the relevant PR.
• Addded OSGi Service Loader Mediator entries to load logback Configurators. This enhacement was requested in in LOGBACK-1729 by Hannes Well who also provided the relevant PR.
• Fixed incorrect use of ExecutionService preventing ServerSocketAppender from serving requests. This issue was reported in LOGBACK-1716 by Grzegorz Grzybek.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.7 (or v_1.4.7) from the source code repository (GitHub). Release built using Java “20” 2023-03-21 build 20+36-2344 under Linux Debian 11.6.
2023-03-23 Release of logback versions 1.2.12
• Fixed NPE in ThrowableProxy if extractSupressedThrowables method returns null. This fixes LOGBACK-1623 reported by Oyvind Horneland.
• Fixed incorrect use of HttpServletResponse.getStatus in logback-access as reported in LOGBACK-1580 by Joakim Erdfelt who also provided the relevant PR.
• Fixed incorrect use of HttpServletRequest.getParameterNames() logback-access as reported in LOGBACK-1581 by Joakim Erdfelt who also provided the relevant PR.
• Fixed incorrect SCP URL in Maven pom.xml. This issue was reported in LOGBACK-1633 by Rayk Bajohr who also provided the relevant PR.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.2.12 from the source code repository (GitHub). Release built using Java “1.8.0_311” build 1.8.0_311-b11 under Linux Debian 9.5.
2023-03-15 Release of logback versions 1.3.6 and 1.4.6
This release was kindly championed by LVM Versicherung.
• Nesting a SiftingAppender within a conditional, that is within an <if> element, is now supported. This fixes LOGBACK-1713 reported by Andree Worthmuth with valuable input from Sébastien Philippon and Frank Upgang.
• During variable substitution, an empty default value is now interpreted as an empty string. This fixes LOGBACK-1712.
• In LOGBACK-1696 Marty Ewings reported that the expected date format did not match actual output in case the system locale was different then the desired locale. Issue was fixed by adding a third optional locale parameter to the date converter.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.6 (or v_1.4.6) from the source code repository (GitHub). Release built using Java “19” 2022-09-20 build 19+36-2038 under Linux Debian 9.5.
2022-11-18 Release of logback versions 1.3.5 and 1.4.5
• Fixed incomplete handling of insertFromJNDI element in logback-classic configuration files. This fixes LOGBACK-1706 reported by Ove Hiltwein.
• Removed spurious warning message regarding nested appender within SiftingAppender. This fixes LOGBACK-1698.
• Added missing exports ch.qos.logback.classic.model in module-info.java in the logback-classic module. This fixes LOGBACK-1703.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.5 (or v_1.4.5) from the source code repository (GitHub). Release built using Java “19” 2022-09-20 build 19+36-2038 under Linux Debian 9.5.
2022-10-07 Release of logback versions 1.3.4 and 1.4.4
• Fixed spurious “transitive” modifier in the requires declaration on javax.mail/jakarta.mail in the logback-core module. This issue was reported in LOGBACK-1693 by Sebastian Stenzel.
• Fixed a compilation problem in the logback-core-blackbox module. This issue is described in LOGBACK-1694.
• Added an “export missing for ch.qos.logback.core.layout” declaration in logback-core module. This fixes LOGBACK-1695 as reported by Jeremy Landis.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.4 (or v_1.4.4) from the source code repository (GitHub). Release built using Java “19” 2022-09-20 build 19+36-2038 under Linux Debian 9.5. See also the relevant entry in reproducible-central.
2022-10-02 Release of logback versions 1.3.3 and 1.4.3
• Removed spurious System.out.println calls in ClassicEnvUtil and ContextInitializer classes, fixing LOGBACK-1690.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.3 (or v_1.4.3) from the source code repository (GitHub). Release built using Java “19” 2022-09-20 build 19+36-2038 under Linux Debian 9.5.
2022-10-02 Release of logback versions 1.3.2 and 1.4.2
• Significantly improved the performance of LogbackMDCAdapter, i.e. logback’s implementation of org.slf4j.spi.MDCAdapter. This was requested in LOGBACK-1684 by Sami Korhonen.
• Fixed issue with <appender-ref> elements embedded within <if>/<then>/<else> blocks. This fixes LOGBACK-1673 reported by Juan Pablo Santos Rodriguez.
• Fixed issue with sub-elements of >shutdownHook< element in configuration files. Joran now correctly handles these elements. This fixes LOGBACK-1672 reported by Juan Pablo Santos Rodriguez.
• Joran now automatically renames ch.qos.logback.core.hook.DelayingShutdownHook class name as ch.qos.logback.core.hook.DefaultShutdownHook in configuration files. This fixes LOGBACK-1678.
• In configuration files, when an <appender> element is nested within another <appender> element, logback will now emit a warning message. This change was made in response to LOGBACK-1674 reported by Luke Stephenson.
• In configuration files, when an <if> element is nested within an <appender>, <logger> or <root> elements, logback will now emit a warning message. This change is related to the previously mentioned issues.
• In configuration files, when an appender is nested within another appender, logback will now emit a warning message. This change was made in response to LOGBACK-1674 reported by Luke Stephenson.
• Unit tests were migrated from Junit 4 to Junit 5. Certain tests are now Jigsaw/JPMS modularized and run on the modules-path. These are located in so alled “blackbox” modules, namely logback-core-blackbox and logback-classic-blackbox.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.2 (or v_1.4.2) from the source code repository (GitHub). Release built using Java “19” 2022-09-20 build 19+36-2038 under Linux Debian 9.5.
2022-09-14 Release of logback versions 1.3.1 and 1.4.1
• Logback-classic now correctly invokes DefaultJoranConfigurator when running in a (JPMS) modular environment. This fixes LOGBACK-1670 reported by Alexey Gavrilov who also provided the relevant test case.
• Logback will now correctly retrieve its own version information when running in a (JPMS) modular environment. This fixes LOGBACK-1677.
• Logback version 1.3.1 now correctly declares javax.servlet.ServletContainerInitializer as a provided service. This fixes LOGBACK-1671 as reported by Chad Wilson.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.1 (or v_1.4.1) from the source code repository (GitHub). Release built using Java “18” 2022-03-22 build 18+36-2087 under Linux Debian 9.5.
2022-08-28 Release of logback versions 1.3.0 and 1.4.0
Here is a list of changes with respect to the previous version.
• Logback-classic now initializes itself using a default Configurator provider called DefaultJoranConfigurator. Users can overiride the default configurator by installing their own custom Configurator provider as a loadable service.
• The ch.qos.logback.classic.jmx package was removed for security reasons and for lack of use.
• Fixed incorrect initialization of java.time.DateTimeFormatter in CachingDateFormat class. This fixes LOGBACK-1659 kindly reported by Bertrand Renuart.
• Fixed performance issue in FileFilterUtil.filesInFolderMatchingStemRegex method reported in LOGBACK-1409by Abdy Wilkinson with David Schlosnagle providing the relevant PR.
• In logback-access, fixed the retreival of the response status using comitted state. This issue was reported in LOGBACK-1580 by joakime Joakim Erdfelt who also provided the relevant PR.
• In logback-access, fixed error handling in the getRequestContent and buildRequestParameterMap methods in AccessEvent class. Joakim Erdfelt provided the relevant PR.
• Fixed a number of issues related to the nanosecond field in LoggingEvent. These were reported in LOGBACK-1657 LOGBACK-1661 by Bertrand Renuart.
• Fixed a number of issues related to the sequenceNumber field in LoggingEvent. These were reported in LOGBACK-1662 LOGBACK-1663 by Bertrand Renuart.
• Logback-classic now prints its version number at initialization. This information is also available via the logbackVersion() method in ch.qos.logback.core.util.EnvUtil. This feature was requested in LOGBACK-1597 by Gabe Tobias with Bertrand Renuart providing the relevant PR.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.0 (or v_1.4.0) from the source code repository (GitHub). Release built using Java “18” 2022-03-22 build 18+36-2087 under Linux Debian 9.5.
2022-08-09 Release of logback version 1.3.0-beta0
• Escape sequences are no longer interpreted for the attribute named value defined in the <variable> element in configuration files. By escape sequences we mean the escape sequences for Java String literals such as ‘\t’ or '\n’.
The value attribute of the <variable> element was the only place such interpretation was performed. However, after reviewing the code, it was determined that there was no need to interpret any such escape sequence. We estimate that this change will be transparent to end-users.
• Better error handling of configuration files with a missing <if> element in an if/then pair. See also LOGBACK-1651.
• Better error handling of configuration files where variables are read from a malformed properties file. See also LOGBACK-1652.
• A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.0-beta0 from the source code repository (GitHub). Release built using Java “18” 2022-03-22 build 18+36-2087 under Linux Debian 9.5.
2022-05-19 Release of logback version 1.3.0-alpha16
• Restored SiftingAppender functionality which was removed during the rewrite of Joran.
• Second phase filtering of Models is now done by annotation. This fixes LOGBACK-1638 and LOGBACK-1639.
A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.0-alpha16 from the source code repository (GitHub). Release built using Java “18” 2022-03-22 build 18+36-2087 under Linux Debian 9.5.
2022-05-09 Release of logback version 1.3.0-alpha15
This release is championed by commercetools, a leader company in digital commerce.
• Restored support for “if/then/else” elements in configuration files. This fixes LOGBACK-1625. When defining XML to Model transformation rules, a new rule has to be passed a Supplier of Action instances instead of a single (potentially re-used) Action instance. This change simplifies the logic of Action code, as an Action instance will never be reused, making configurations easier to debug.
• Many bugs reported by Google OSS-fuzz have been fixed. These bugs relate to invalid and sometimes even wildly invalid inputs which should not occur in legitimate deployments of logback.
• Fixed NPE in ThrowableProxy if extractSupressedThrowables method returns null. This fixes LOGBACK-1623 reported by Oyvind Horneland.
A bit-wise identical binary of this version can be reproduced by checking out the tag v_1.3.0-alpha15 from the source code repository (GitHub). Release built using Java “18” 2022-03-22 build 18+36-2087 under Linux Debian 11.2.
2022-04-20 Release of logback.db version 1.2.11.1
As of logback version 1.2.8 DBAppender no longer ships with logback. However, DBAppender for logback-classic is available under the following Maven coordinates:
ch.qos.logback.db:logback-classic-db:1.2.11.1
and for logback-access under
ch.qos.logback.db:logback-access-db:1.2.11.1
Both of these artifacts require ch.qos.logback.db:logback-core-db:1.2.11.1 which will be pulled in automatically by Maven’s transitivity rules.
• This release corrects the artifact name of logback-classic-db fixing LOGBACK-1631 as reported by Juan Pablo Santos Rodriguez.
2022-04-15 Release of logback.db version 1.2.11
As of logback version 1.2.8 DBAppender no longer ships with logback. However, the logback-db project remedies this omission.
2022-03-05 Release of version 1.2.11
• Backported fix for LOGBACK-1027.
• Fixed incorrect String cast in JNDIUtil. This corrects LOGBACK-1604 reported by Chris Cheshire.
• In SMTPAppenderBase empty username parameter is now treated the same null. This fixes LOGBACK-1594 reported by Mark Woon who also provided the relevant PR.
2021-02-11 Release of version 1.3.0-alpha14
• A bug was introduced in 1.3.0-alpha13 which caused the second appender-ref declaration to be ignored. This issue is described in LOGBACK-1614 based on an initial report by C. Ahlers in the logback-user mailing list.
2021-01-31 Release of version 1.3.0-alpha13
• Starting with version 1.3.0-alpha13 logback releases are reproducible. This means that anyone checking out the code corresponding to the release version from GitHub and building that local copy, will get obtain an identical binary to the binary found on Maven central. Note that due to issue MJAR-275 with the module-info.java produced in earlier java versions, reproducible builds require Java 18.
• Once the Model is created from XML configuration file, Model processing is now independent of any XML related code. This fixes LOGBACK-1613.
• Fixed incorrect String cast in JNDIUtil. This corrects LOGBACK-1604 reported by Chris Cheshire.
• In SMTPAppenderBase empty username parameter is now treated same as null. This fixes LOGBACK-1594 reported by Mark Woon who also provided the relevant PR.
2021-12-23 Release of version 1.2.10
• ContextInitializer no longer complains about missing logback.groovy configuration file. This fixes LOGBACK-1601.
2021-12-22 Release of version 1.3.0-alpha12
Note that 1.3.0-alpha12 contains the same security related changes as version 1.3.0-alpha11 and 1.2.9.
• Logback events now store time using java.time.Instant which supports nanosecond resolution. This fixes LOGBACK-1374 and also LOGBACK-1599.
• Properties in an unreferenced appender no longer cause warnings from ImplicitModelHandler. This fixes LOGBACK-1572.
• Properties in an unreferenced appender no longer cause warnings from ImplicitModelHandler. This fixes LOGBACK-1572.
• ContextInitializer no longer complains about missing logback.groovy configuration file. This fixes LOGBACK-1601.
.
2021-12-16 Release of version 1.2.9
We note that the vulnerability mentioned in CVE-2021-42550 requires write access to logback’s configuration file as a prerequisite. Please understand that log4Shell and CVE-2021-42550 are of different severity levels.
In response to CVE-2021-42550 (aka LOGBACK-1591) we have decided to make the following steps.
Hardened logback’s JNDI lookup mechanism to only honor requests in the java: namespace. All other types of requests are ignored. Many thanks to Michael Osipov for suggesting this change and providing the relevant PR.
SMTPAppender was hardened.
Temporarily removed DB support for security reasons.
Removed Groovy configuration support. As logging is so pervasive and configuration with Groovy is probably too powerful, this feature is unlikely to be reinstated for security reasons.
We note that the aforementioned vulnerability requires write access to logback’s configuration file as a prerequisite. Please understand that log4Shell/CVE-2021-44228 and CVE-2021-42550 are of different severity levels. A successful RCE attack with CVE-2021-42550 requires all of the following conditions to be met:
- write access to logback.xml
- use of versions < 1.2.9
- reloading of poisoned configuration data, which implies application restart or scan="true" set prior to attack
As an additional extra precaution, in addition to upgrading to logback version 1.2.9, we also recommend users to set their logback configuration files as read-only.
202-12-16 Release of version 1.3.0-alpha11
Note that 1.3.0-alpha11 contains the same security related changes as version 1.2.9.
• Migrated from javax.servlet to jakarta.servlet. This entails migration to Tomcat version 10.0.10 and Jetty version 11.0.6 in logback-access. This fixes LOGBACK-1575 reported by Daniel Svensson. Note that Jetty version 11 requires Java version 11 or later.
• Added hostnameVerification to property SSLSocketAppender. This fixes LOGBACK-1574 as reported by Andrei Komarov with Bruno Harbulot providing the relevant patch.
2021-12-14 Release of version 1.2.8
• In response to CVE-2021-42550 and LOGBACK-1591 we have decided to make the following steps.
we have disabled all JNDI lookup code in logback until further notice. This impacts ContextJNDISelector and <insertFromJNDI> element in configuration files.
we have removed all database (JDBC) related code in the project with no replacement.
2021-11-11 - Release of version 1.2.7
• Added hostnameVerification to property SSLSocketAppender. This fixes LOGBACK-1574 as reported by Andrei Komarov with Bruno Harbulot providing the relevant patch.
2021-09-10 Release of version 1.2.6
• To prevent XML eXternal Entity injection (XXE) attacks, Joran no longer reads external entities passed in XML files. This fixes LOGBACK-1465 as reported by Shuibo Ye.
2021-08-23 Release of version 1.3.0-alpha10
• CachingDateFormatter is now synchronization-free and performs about 30 times faster. This fixes LOGBACK-1421.
• AsyncAppenderBase now drains its buffer in one go, considerably improving throughput. See benchmarking results for further details.
• ThrowableProxy now supports circular exceptions. This fixes LOGBACK-1027 with Jan S. (jpstotz) providing the relevant patch.
• LogbackServiceProvider now invokes LoggerContext.start() method upon completion of initialization. This fixes LOGBACK-1121 reported by Johannes Herr.
• Better error reporting in case of missing right curly brace during variable substitution. This fixes LOGBACK-1417.
• Better error reporting in case of unknown properties in components when reading XML configuration files. This fixes LOGBACK-1570.
• Utility method ConcerterUtil.setContextForConverters() now handles CompositeConverter instances correctly. This fixes LOGBACK-1571.
2021-08-13 Release of version 1.3.0-alpha9
• In ILoggingEvent, added a getMarker() method with a default implementation returning the first marker in the marker list. This method is deprecated and exists solely for backward compatibility reasons. Logback components should use getMarkerList() and cater for all available markers and not only the first marker. This fixes LOGBACK-1569 reported by Pelle Krøgholt .
2021-08-12 Release of version 1.3.0-alpha8
• Upped the requested slf4j-api version by LogbackServiceProvider to 2.0.99 instead of 1.8.99. This fixes LOGBACK-1568.
2021-08-10 Release of version 1.3.0-alpha7
• AccessEvent in the logback-access module now tries to get a reference to a given HttpRequest session without trying to create it if missing. This fixes LOGBACK-1219 reported by Chris West with Iliya Krapchatov providing the relevant patch.
• To prevent XML eXternal Entity injection (XXE) attacks, Joran no longer reads external entities passed in XML files. This fixes LOGBACK-1465 as reported by Shuibo Ye.
• The logback-access module now supports Jetty version 9.4.9 and Tomcat version 9.0.50, the latest versions compatible with Java 8.
• Migrated SMTPAppender to use jakarta.mail instead of javax.mail. This fixes LOGBACK-1516.
• Added the kvp conversion word in logback-classic in order to support KeyValuePair. KeyValuePair is part of the fluent API introduced in SLF4J 2.0.
• Patterns with composite converters now correctly detect if child converters handle exceptions. This issue was reported in LOGBACK-1566.
• Removed unused dependency on the edu.washington.cs.types.checker:checker-framework artifact. This fixes LOGBACK-1501 reported by Jeremy Landis.
Implementation of TargetLengthBasedClassNameAbbreviator has been both simplified and augmented with an LRU cache. This fixes LOGBACK-1509 reported by Michael Skells who also provided a relevant PR.
2021-07-28 Release of version 1.3.0-alpha6
Joran, logback’s configuration system, has been rewritten to use an internal representation model which can be processed separately. As a side effect, logback configuration scripts are now largely order-free. For example, appenders can now be defined after they are first referenced in a logger. Moreover, unreferenced appenders are no longer instantiated. Given the breadth of the changes in Joran codebase, support for SiftingAppender and Groovy configuration have been dropped temporarily.
In addition to the important Joran and Jigsaw modularization changes mentioned above, this version contains the same fixes as in logback versions 1.2.4 and 1.2.5.
2021-07-26 Release of version 1.2.5
Instead of an Appender, the LayoutWrappingEncoder now accepts a variable of type ContextAware as a parent. This fixes LOGBACK-1326 as reported by Phil Clay who also provided the relevant patch.
2021-07-19 Release of version 1.2.4
Added support for minimum length in %i filename pattern. This fixes LOGBACK-1248 with John Gardiner Myers providing the relevant patch.
For size bound log file archiving, allow TimeBasedArchiveRemove to remove files with indexes containing up to 5 digits. This fixes LOGBACK-1175.
Added %prefix composite converter which automatically prefixes child converter output with the name of the converter. This feature is quite handy in environments where log files need to be parsed and monitored. tools.
2019-10-11 Release of version 1.3.0-alpha5
ConsoleAppender now delegates filtering of ANSI sequences to Jansi. This fixes LOGBACK-1392 reported by Alexandre Dutra who also provided the relevant patch.
2018-02-11 Release of version 1.3.0-alpha4
Given that all currently available versions of Groovy are incompatible with Java 9, at least when built with Maven, we have momentarily dropped support for Groovy configuration, a.k.a Gaffer. For details refer to this thread and relevant jira issue.
Due to lack of user interest, logback-classic no longer supports logging separation by way of ContextSelector.
Under JPMS (Java 9), module ch.qos.logback.core is now able to read module java.xml. This fixes LOGBACK-1381 reported by Mark Raynsford.
February 10th, 2018, Release of version 1.3.0-alpha3
Under JPMS (Java 9), allow user code to implement ch.qos.logback.classic.spi.Configurator as a service. This fixes LOGBACK-1380 reported by Mark Raynsford.
Fix issue with properties containing JSON strings as reported in LOGBACK-1101.
2018-01-30 Release of version 1.3.0-alpha2
Depend on SLF4J version 1.8.0-beta1 instead of 1.8.0-beta1-SNAPSHOT.
Fix build under Travis.
2018-01-30 Release of version 1.3.0-alpha1
In the absence of a class attribute, the shutdownHook configuration directive now correctly assumes ch.qos.logback.core.hook.DefaultShutdownHook class. This fixes LOGBACK-1162 reported by Alex Selesse.
Logback’s internal ThreadPoolExecutor now has an initial pool of 1 thread instead of 8 previously.
TimeBasedArchiveRemover is now able to deal with indexes over 999. This fixes LOGBACK-1175 reported by Diego Furtado who also provided the relevant PR.
SizeAndTimeBasedRollingPolicy will correctly remove archived log files created within a given time period even if the last modified date for said files has been modified since archiving or is otherwise incorrect. This fixes LOGBACK-1361 as reported by Peter Risko.
String to Level conversion now handles strings with tailing spaces. This fixes LOGBACK-1288 reported by Gaurav Khanna.
MDCFilter will enforce the presence of MDCKey and value properties, refusing to start when either property absent. This fixes LOGBACK-1165 reported by Martin Steiger.
Added the feature to update mime message before sending the email. This enhancement was requested in LOGBACK-1284 by Miguel Vale who also provided the relevant PR.
If omitted, the scanPeriod attribute in configuration file defaults to 1 minute. The documentation stated as much but the code had not followed through. This issue was reported in LOGBACK-1194 with F. Buechler providing the appropriate patch.
Updated JavaMail version to 1.6. This fixes LOGBACK-1094 reported by Romain Moreau.
Removed “final” modifier for the LoggerContext.getLogger(String) method. This fixes LOGBACK-1308 reported by Richard Sand.
2018-01-18 Release of version 1.3.0-alpha0
Added support for minimum length in %i filename pattern. This fixes LOGBACK-1248 with John Gardiner Myers providing the relevant patch.
Correct parsing of java.version system property for Java 9 and later. This fixes LOGBACK-1260 with Patrick Reinhart providing the relevant patch.
ConsoleAppender now works with consoles confused by output strings of zero length, e.g. Java Web Start. This fixes issue LOGBACK-1282 reported by Clas Forsberg.
2017-03-30 Release of version 1.2.3
Fix unintentional dependency on OutputStreamAppender in LayoutWrappingEncoder as reported in LOGBACK-1287.
Fix spurious System.out.println in AsyncAppender’s worker thread. This issue was reported in LOGBACK-1292 by Nikolas Loutas with Thibault Meyer the relevant patch.
ConsoleAppender exception when run under Java WebStart. This problem was reported in LOGBACK-1282 by Clas Forsberg.
2017-03-16 Release of version 1.2.2
AsyncAppender no longer drops events when the current thread has its interrupt flag set. This issue was reported in LOGBACK-1247 by Jakob Bergendahl who also provided the relevant pull request.
Removed JMSQueueAppender and JMSTopicAppender. These appenders were undocumented and had no apparent users.
Remove comment in logback-classic’s META-INF/services/javax.servlet.ServletContainerInitializer file in order to keep Wildfly 8 happy. This issue was reported in LOGBACK-1265 by Andy Wilkinson.
FileSize.toString() now reports files sizes in GB in addition to sizes in MB and KB and Bytes. This fixes issue LOGBACK-1278.
March 1st, 2017, Release of version 1.1.11
Fix thread-safety issue with PatternLayoutBase reported in LOGBACK-1270 by Artem Bilan. Note that the fix was already present in the 1.2.x series and was back-ported to the 1.1.x series.
February 9th, 2017, Release of version 1.2.1
To ensure backward compatibility of configuration files, the immediateFlush property set for a LayoutWrappingEncoder is propagated to the enclosing OutputStreamAppender.
2017-02-08 Release of version 1.2.0
Encoder interface has changed and is no longer expected to handle an OutputStream.
Encoder interface has changed and is no longer expected to handle an OutputStream. This simplification allows finer-grain locking resulting in significantly improved performance.
Release 1.2.0 fixes a rather severe serialization vulnerability in SocketServer and ServerSocketReceiver. Users running these components should upgrade immediately.
This release fixes a rather severe serialization vulnerability in SocketServer and ServerSocketReceiver. Users running these components should upgrade immediately.
In TimeBasedRollingPolicy, fixed issue with totalSizeCap of more than 2^31. This problem was reported in 1231 by Simon Teng.
Logback-classic now searches for the file logback-test.xml first, logback.groovy second and logback.xml third. In previous versions logback.groovy was looked up first which was nonsensical in presence of logback-test.xml. This fixes LOGBACK-1245 reported by Joern Huxhorn.
2017-02-05 Release of version 1.1.10
Several changes to improve throughput (see spreadsheet)
- The ReentrantLock in OutputStreamAppender is now "unfair". In previous versions of logback, a fair lock was used. Fair locks are much slower. Just as importantly, logback has no mandate to influence thread scheduling.
- FileAppender now offers the bufferSize option. Previously, a fixed-size 8K buffer was used. Increasing the bufferSize, for example to 256K, significantly reduces thread-contention.
- Critical parts of the code now use COWArrayList, a custom developed allocation-free lock-free thread-safe implementation of the {@link List} interface. It is optimized for cases where iterations over the list vastly outnumber modifications on the list. It is based on CopyOnWriteArrayList but allows allocation-free iterations over the list.
- In PatternLayoutBase the same StringBuilder is used over and over to reduce memory allocation. This is safe as long as the owning appender guarantees serial access to its layout. In the next version of logback, i.e. 1.2.x, the read-write lock will no longer protect access to the layout and there will be no guarantee of serial access.
In web-applications, logback-classic will automatically install a listener which will stop the logging context and release resources when your web-app is reloaded. This enhancement was requested LOGBACK-1170 by Martin Wegner.
The AccessEvent.prepareForDeferredProcessing() method was not idempotent. This caused subtle bugs under Jetty. See LOGBACK-1189 for details. Many thanks to Per Olesen, Evan Meagher, Nick Babcock and Mark Elliot for hunting down this bug.
As it may be time-consuming in certain environments, the HOSTNAME property is now computed lazily. This optimization requested in LOGBACK-1221 by Eugene Petrenko.
Joran now supports external XML entities. This feature was requested in 1091 and the relevant PR graciously provided by Jonas Neukomm.
2017-01-20 Release of version 1.1.9
Logback’s internal executor service had a thread pool size of 2 which could be used up rather quickly, e.g. configuration scanning in addition to an active ServerSocketAppender. When both threads where permanently in use, compression could not proceed. To alleviate this problem, the thread pool size has been increased to 8. See issue LOGBACK-1238 for more details.
Fixed issue with FileAppender instances embedded within SiftingAppender reporting filename collisions after reaching timeout and subsequently restarted. This problem was reported in LOGBACK-1167 by Michael Edgar.
Fixed SizeAndTimeBasedFNATP deprecation warning emitted even the replacement, i.e. SizeAndTimeBasedRollingPolicy, is in use. See LOGBACK-1236. This issue was reported by Claudius Nicolae.
Added proper implementation for LogbackValve.getScheduledExecutorService() method. The missing implementation manifested itself in the form of an UnsupportedOperationException thrown by LogbackValve. This problem is further described in LOGBACK-1181 reported by Andreas von Roepenack.
2016-12-09 Release of version 1.1.8
Removed the two period safeguard, aka untouchable periods, for archive removal beyond the size specified by totalSizeCap in TimeBasedRollingPolicy. It turns out the safeguard is not required and is unexpected as attested by LOGBACK-1166.
Fixed issue with Joran incorrectly reporting "Unexpected aggregationType AS_BASIC_PROPERTY_COLLECTION". This issue was raised in LOGBACK-1158 by Christian Hübner.
Gaffer (logback’s groovy configurator) now supports the valueOf convention. This issue was raised in LOGBACK-1232 by Frans Orsel.
The org.slf4j.impl.StaticLoggerBinder class shipping in logback-classic no longer catches Throwable but Exception. This change was requested in LOGBACK-1159 by David J. M. Karlsen.
BeanDescriptionFactory no longer outputs a superfluous warning message in case the class contains bridge methods. This fixes LOGBACK-1164 reported by Phil Clay.
2016-03-29 Release of version 1.1.7
Logback is now compact3 profile compatible. This improvement was requested in LOGBACK-1071 by Axel Fontaine with Max Urech providing the relevant pull-request.
Fixed ConcurrentModificationException being thrown when the reset() method is invoked on the LoggerContext instance. This issue was reported in LOGBACK-397 by Szczepan Faber with Ross Sargant providing the relevant test case.
TimeBasedRollingPolicy now supports the totalSizeCap property which allows the user to limit the total size of archived logs.
SizeAndTimeBasedRollingPolicy offers the same functionality as SizeAndTimeBasedFNATP did previously but with a simpler configuration structure.
Archive removal by RollingFileAppender is now performed asynchronously.
Unnecessary and incompatible %i token in fileNamePattern option with RollingFileAppender/TimeBasedRollingPolicy is now detected and the user alerted to the misconfiguration problem. This fixes LOGBACK-1143.
Joran can now handle logger names ending with a $, i.e. the first character in variable substitution. This issue was raised in LOGBACK-1149 by by Stevo Slavic.
2016-02-29 Release of version 1.1.6
LogbackValve (in logback-access) now attempts to load the configuration file as a resource if it cannot be found on the filesystem (LOGBACK-1069). This is helpful in scenarios where applications are using an embedded Tomcat server.
JMXConfigurator.reloadDefaultConfiguration() method now tolerates programmatic configuration without a URL. This change was provided by Vedran Pavic in PR 302.
RollingFileAppender will output an error message if the date time pattern in the %d token within the fileNamePattern is not collision free. This fixes LOGBACK-1137. In a similar vein, every instance of FileAppender will now detect if it shares the same File option value as given for an appender defined earlier. In addition, RollingFileAppender instances now check for colliding FileNamePattern values.
Fixed NullPointerException thrown by RollingFileAppender if the name of the rollover target path did not contain a parent. This issue was reported in LOGBACK-1054 by Paulius Matulionis. Analysis of the problem and the relevant PR was provided by Ferenc Palkovics.
BasicConfigurator.configure method call executes significantly faster. Improved documentation for configuration using JDK 1.6 service-provider facility. These changes are in response to LOGBACK-1141 requesting faster logback start-up time.
Fixed issue with variable substitution with the value ending in a colon. This problem was reported in LOGBACK-1140 by Eric Cook.
February 13th, 2016, Release of version 1.1.5
MDC values are no longer inherited by child threads.
Child threads no longer inherit MDC values. In previous versions of logback as well as log4j 1.x, MDC values were inherited by child threads. Several users have argued convincingly that MDC inheritance by child threads was unhelpful and even dangerous. This change fixes LOGBACK-422 and LOGBACK-624
When the FileNamePattern string for RollingFileAppender/SizeAndTimeBasedFNATP lacks a %i token, then compression for the second archive in the same period cannot occur as the target file already exists. Under those circumstances, logback leaves behind .tmp files as reported in LOGBACK-992, LOGBACK-173 and LOGBACK-920. In this release, this particular condition is detected by RollingFileAppender which will not start but alert the user instead.
AsyncAppender is now configurable to never block. This feature was requested by Jeff Wartes in LOGBACK-898 with Jeff Wartes and Gareth Davis providing the relevant patch.
2016-02-11 Release of version 1.1.4
Logback 1.1.4 requires SLF4J version 1.7.16 or later.
Added event replay support as introduced in SLF4J version 1.7.15. In most circumstances, logback-classic should run fine with earlier versions of slf4j-api, including all versions in the 1.6.x and 1.7.x series. However, with a version of slf4j-api.jar earlier than 1.7.15 in the classpath, attempting introspection of a Logger instance will result in a NoClassDefFoundError similar to that shown below.
Exception in thread “main” java.lang.NoClassDefFoundError: org/slf4j/event/LoggingEvent at java.lang.Class.getDeclaredMethods0(Native Method) at java.lang.Class.privateGetDeclaredMethods(Class.java:2451) at java.lang.Class.privateGetPublicMethods(Class.java:2571) at java.lang.Class.getMethods(Class.java:1429) at java.beans.Introspector.getPublicDeclaredMethods(Introspector.java:1261) at java.beans.Introspector.getTargetMethodInfo(Introspector.java:1122) at java.beans.Introspector.getBeanInfo(Introspector.java:414) at java.beans.Introspector.getBeanInfo(Introspector.java:161)
Packaging data (as output in stack traces) is now disabled by default.
In case an application throws exceptions frequently, then computing packaging data can be very costly and will cause the application to run slower. Making bad worse. To alleviate this problem, packaging data is no longer computed by default. It has to be enabled explicitly. In the absence of explicit instructions, i.e. the user has not specified a converter handling exceptions, PatternLayout in logback-classic will follow the settings defining for the logging environment. If packaging data is disabled, then it add %ex as a suffix in the pattern, and if packaging data is enabled then %xEx will be added. These changes fix LOGBACK-730 and LOGBACK-966.
Fixed a bug in TimeBasedFileNamingAndTriggeringPolicyBase causing time-based rolling policies to always rollover according to the local system time and ignore the time zone passed in the file name pattern. The issue was reported by Lukasz Sanek who also provided the relevant fix.
AsyncAppenderBase now restores the current thread’s interrupt flag when catching an InterruptedException. The issue (LOGBACK-910) was raised by Henrik Nordvik who also provided the relevant fix.
2015-03-24 Release of version 1.1.3
As of version 1.1.3, all logback modules require JDK 1.6 instead of previously JDK 1.5. This change was put to consultation on the logback mailing lists with no objections raised.
Fixed FileAppender’s prudent mode so that it properly recovers from IO Errors (LOGBACK-1046)
Irrelevant or internal stack trace lines can now be omitted. Pull request provided by Tomasz Nurkiewicz (LOGBACK-540).
AccessEvent now creates a copy of request attributes when its prepareForDeferredProcessing() method is called. This makes attributes visible even if an appender uses a background thread to process events. (LOGBACK-1033)
All threads opened by ch.qos.logback.core.util.ExecutorServiceUtil#THREAD_FACTORY are now daemons, which fixes an application hang on shutdown when LoggerContext#stop() is not called (LOGBACK-929). Note that daemon threads are abruptly terminated by the JVM, which may cause undesirable results, such as corrupted files written by the FileAppender. It is still highly recommended for the application to call LoggerContext#stop() (e.g., in a shutdown hook) to gracefully shutdown appenders.
Fixed an issue with RollingFileAppender where the first rollover file could be unintentionally deleted, depending on the specified filename pattern (LOGBACK-894).
Fixed an issue with TeeHttpServletResponse where the system default encoding would be used instead of the response encoding when constructing a new writer (LOGBACK-1023).
Fixed ConfigurationDelegate.groovy to allow any appender that implements AppenderAttachable, which supports third-party appenders, such as reactor-logback’s AsyncAppender (LOGBACK-1008)
Added support for specifying the callstack depth range in the PatternLayout. For example, %caller{1…2} displays the first two calls in the callstack.
Added HTTP request method to MDCInsertingServletFilter.
Fixed time-zone dependent code in RollingCalendarTest. (LOGBACK-116)
Simplified connection logic of SocketAppender to reduce multithreading overhead and unnecessary instantiation of SocketConnector objects.
Fixed race condition in SMTPAppenderBase causing missing or duplicate emails. (LOGBACK-909)
Fixed an issue with FileAppender in prudent mode, where an interrupt could prevent further access to the file (LOGBACK-875).
Fixed IllegalStateException when multiple threads write files to same directory (LOGBACK-128).
Changed queue consumption strategy in AbstractSocketAppender from “take” to “peek/remove” in order to avoid losing an event on each socket connection break. Zero is now a deprecated queue size. A queue size of one should be taken instead to indicate synchronous processing. (LOGBACK-977)
RequestLogImpl now has an overridable configure method to allow extending implementations to configure it via methods other than the logback-access.xml file.
Fixed a bug in AccessEvent which could cause any AsyncAppender based appender to corrupt the request headers, request parameters, or response headers, before logging.
SQL scripts to set up your logback database are now provided as JAR resources (LOGBACK-948).
Threads created internally by logback are now named logback-n, where n is an integer. For the first thread n is set to 1, for each successive thread n is incremented by 1.
Added max runtime parameter to AsyncAppender to allow the appender to flush events, up to a maximum delay, during a stop of the LoggerContext. This can be used to ensure that all queued events are flushed.
Added new configuration element shutdownHook to allow the user to specify a ShutdownHook implementation that will stop the Logback context upon JVM exit.
BasicStatusManager now prevents adding more than one instance of OnConsoleStatusListener as a status listener. This fixes LOGBACK-976.
TimeBasedRollingPolicy now accepts a time zone in its %d conversion pattern. (LOGBACK-611)
It is now possible to configure the character encoding used by SyslogAppender to encode messages using the setCharset() method. This fixes LOGBACK-732
2014-04-02 Release of version 1.1.2
Create an abstract method, createOutputStream, as an extension point for subclasses of SyslogBaseAppender to create their own OutputStream. LOGBACK-890
Removed deprecated constructors in SocketAppender and related classes.
Fixed incorrect date format in SyslogAppender. (LOGBACK-936)
Fixed NullPointerException when substituting blank variables (LOGBACK-959)
Fixed NullPointerException that occurs when stopping a SyslogAppender that did not properly initialize, e.g., due to a hostname resolution failure. (LOGBACK-960)
Use fair locking in OutputStreamAppender. Patch provided by Sergey Bykov. (LOGBACK-268)
In case of missing included files, IncludeAction no longer prints a stack trace but prints a warning instead. (LOGBACK-954)
Fixed character escaping in XMLLayout (LOGBACK-728) and HTMLLayout (LOGBACK-440).
2014-02-05 Release of version 1.1.1
Logback now supports an unlimited level of variable resolution graphs rather than being limited to one level deep resolution. This enhancement was requested by Anton Wiedermann in LOGBACK-943 with Eric Dahl providing the relevant pull request.
Fixed LOGBACK-942 which was causing SocketAppender to drop events. Eric Dahl provided the relevant pull request.
2014-01-28 Release of version 1.1.0
Previously, logback silently ignored configuration files that did not have the “.xml” or “.groovy” file extension. Now, a LogbackException is thrown to flag this error.
Groovy configuration now supports appenderRef, which allows the use of AsyncAppender in Groovy. (LOGBACK-269)
SizeAndTimeBasedFNATP now supports a protected function #createArchiveRemover that allows subclasses to specify a custom archive remover used in RollingFileAppender. The default archive remover is SizeAndTimeBasedArchiveRemover.
PackagingDataCalculator now catches and ignores UnsupportedOperationException so that it can determine whether the JVM supports Reflection#getCallerClass() without printing that exception’s stack trace. This only affects Java 7u40+, which removed support for Reflection#getCallerClass(). (LOGBACK-885)
To facilitate debugging, SimpleSocketServer now names its threads: "Logback SimpleSocketServer (port PORTNUM)". SocketNode client threads are named: "Logback SocketNode (client: IPADDR)".
Fixed silently lost messages from SyslogAppender when they exceeded the system datagram size limit. The default max message size was hard coded to 65KB but now matches the system limit (as read from DatagramSocket#getSendBufferSize()) unless a nonzero limit is specified via SyslogAppender#setMaxMessageSize(). (LOGBACK-926)
Fixed various documentation typos, including LOGBACK-466, LOGBACK-768, LOGBACK-904, LOGBACK-921, and LOGBACK-927.
ContextBase.setStatusManager now correctly validates the given status manager. (LOGBACK-912)
The SocketNode creates an ObjectInputStream using the socket’s input stream, which blocks waiting for the stream header. This wait has been moved from the constructor to SocketNode.run() so that the node can be created without blocking. (LOGBACK-350)
Fixed SecurityException during initialization in Google AppEngine. (LOGBACK-760)
The <include> element now allows optional resources (previously, only optional files). (LOGBACK-928)
Added new layout conversion word (%D or %elapsedTime), which gets the time taken to serve the request. This applies only to Jetty and Tomcat logs via logback-access. (LOGBACK-320)
Fixed SMTP error when the subject line contained multiple new-lines. (LOGBACK-865)
Fixed unnecessary re-initialization of the servlet’s LoggerContext while attempting to destroy it.
Added the following syslog facilities to SyslogStartConverter: NTP, AUDIT, ALERT, CLOCK (LOGBACK-754)
Fixed NullPointerException when setting a JUL logger’s level to null, which should have reset the logger level to the parent’s effective level. (LOGBACK-906)
Added support to get suppressed exceptions. This is currently only implemented for RootCauseFirstThrowableProxyConverter and ThrowableProxyConverter. (LOGBACK-516)
Fixed problem of Janino classes not found in some environments (axis2, GWT, etc.). (LOGBACK-832)
Fixed various unit tests, including modifications for consistent results in Jenkins. (LOGBACK-842)
Allow Gaffer to read the logback.debug system property to enable verbose output during Groovy-based configuration. Also added debug statements to Gaffer.
Fixed IllegalArgumentException when missing periods and dollar signs in the logger name. (LOGBACK-384)
Fixed NullPointerException during JNDI lookup.
Fixed dangling data source connections from DBAppender that caused “maximum open cursors exceeded”.
Fixed incorrect stack trace depth when specifying %throwable with argument. (LOGBACK-160)
Fixed MySQL setup script to use lower-case table name to match the references in the file. This had caused an error on systems where case sensitivity matters.
Fixed NullPointerException when getting code source in PackagingDataCalculator.
The search path for logback-access.xml is now ${catalina.base} and then ${catalina.home} if not found. (LOGBACK-844)
The LoggingEvent constructor delays message formatting so that it can be computed lazily by the getFormattedMessage method. This fixes LOGBACK-873 and re-fixes LOGBACK-495.
PackagingDataCalculator now checks for the case where the caller has no protection domain. This fixes LOGBACK-617 reported by Yuri de Wit. The relevant fix was provided by Mikhail Mazursky.
2013-05-10 Release of version 1.0.13
In logback-access MANIFEST file, imports of Jetty and Tomcat are now optional. This fixes LOGBACK-300 reported by Christian Brensing who also provided the appropriate pull request.
Logback will now correctly parse variables with a default separator string nested within accolades, e.g. "{a:-b}". Such strings resemble variable references but lack the $ prefix, e.g "${a:-b}". This fixes LOGBACK-859 reported by Yoni Moses.
In InterpretationContext class replaced code using JDK 1.6 API with code using JDK 1.5. This fixes LOGBACK-860 reported by Bas Stoker.
Updated the “org.fusesource.jansi:jansi” dependency to version 1.9.
2013-04-26 Release of version 1.0.12
A new SSLSocketAppender extends the basic SocketAppender providing the ability to deliver logging events over the Secure Socket Layer (SSL). The corresponding SimpleSSLSocketServer extends the classic SimpleSocketServer as a basic logging server application that receives logging events from a SSLSocketAppender.
Receiver components are configured in logback.xml just like any other logback component.
While SimpleSocketServer (and its new SSL-enabled counterpart, SimpleSSLSocketServer) provide an easy-to-use standalone logging server application, a new component type known as a receiver allows any application to receive logging events from remote appenders over a TCP/IP network connection, using Logback Classic. Receiver components are configured in logback.xml just like any other logback component.
A receiver can either listen passively for connections from remote SocketAppender components acting as clients, or it can assume the client role, initiating a connection to a remote appender acting as a server. The receiver components shipped with Logback include full support for logging event delivery over the Secure Sockets Layer (SSL).
All of the new socket-based receiver and appender components were contributed by Carl Harris. See Receivers in the Logback Manual for more information on configuring receiver components. See SocketAppender and ServerSocketAppender for information on configuring appenders as event sources for receiver components.
RollingFileAppender will now detect when file property collides with fileNamePattern, emit an error message and refuse to initialize. This was requested in LOGBACK-796 by Karl Pietrzak who also provided a patch.
In configuration files, the <include> element now admits the optional attribute. This fixes LOGBACK-230 reported by Attila Kiraly. Many thanks to Tommy Becker who contributed a patch.
In response to LOGBACK-829, serialization of Logger instances has been significantly simplified and much unnecessary bloat removed. As an added bonus, the new serialization of Logger objects is also compatible with serialization streams using older Logger instances. Logger instances serialized by logback 1.0.11 and earlier can be read by logback version 1.0.12 and later and vice-versa.
The code detecting whether Groovy is available on the class path deals with the case where logback binaries are installed as endorsed libraries. This fixes LOGBACK-831.
Groovy configurator no longer supports SiftingAppender.
In response to LOGBACK-244, LOGBACK-724 and in particular patches provided by Tommy Becker and David Roussel component tracking code has been simplified and completely re-written. SiftingAppender now supports the timeout and maxAppenderCount parameters. As a direct consequence of modifications to component tracking code, the groovy configurator no longer supports SiftingAppender.
SiftingAppender now propagates properties defined elsewhere in the configuration file into the configuration process of nested appenders. This fixes LOGBACK-833 with David Roussel providing the appropriate patch.
As all other actions affecting properties, TimestampAction now inserts the user-specified property into the local scope by default. The property was inserted into the context scope in earlier versions of logback. This fixes LOGBACK-835 with David Roussel providing the appropriate patch.
Logback is now able to retrieve the name of localhost when running under OS X and Java 7. This issue was reported by LOGBACK-749 by Oliver Schrenk with patches provided by Ralph Goers and Pavel Valodzka.
The mdc converter can now handle default values. This feature was requested in LOGBACK-246 by Michael Osipov with Denis Bazhenov providing a patch.
DBAppender in logback-classic module no longer assumes that caller information is always available. This fixes LOGBACK-805 reported by Daris Cooper who also provided a corrective patch.
In order to simplify our build, several unit tests have been ported from Scala to Java. It follows that logback no longer depends on Scala, not even during the test phase of the build.
2013-03-25 Release of version 1.0.11
Under Unix*, the basic/quick file rename method supplied by Java does not work if the source and target files are on different file systems. This problem was reported in LOGBACK-108 by Daniel Potter. In order to deal with this issue, logback now will perform rename by copying if the source and target files are on different file systems and the host JDK is version 1.7 or later. See also the related error code.
The “cn” conversion word now correctly maps to ContextNameConverter class. This fixes LOGBACK-463 reported by Michael Osipov with Mark A. Ziesemer providing the appropriate patch.
Added gray to the list of ANSI colors supported by logback. The relevant pull request was kindly provided by Craig P. Motlin.
The discoverConnectionProperties() method in class ConnectionSourceBase no longer leaks connections. This fixes LOGBACK-798 reported by Sayevskiy Viacheslav. Many thanks to Ivan (Wee-Willie-Winkie) who contributed the appropriate fix.
In logback-access, more correct determination of whether contents of an HttpServletRequest are URL encoded or not. The bug fix was submitted by David Schneider. The same issue was later independently reported by Grzegorz Kuligowski in LOGBACK-814.
Both SocketAppenderBase and SimpleSocketServer now use a socket factory to create sockets. These changes were asked in LOGBACK-815 and LOGBACK-816 by Carl Harris who also contributed the relevant patch.
2013-03-15 Release of version 1.0.10
Upgraded the (optional) groovy dependency to version 2.0.7 (from 2.0.0).
The logger cache field in LoggerContext now uses a ConcurrentHashMap instead of a regular HashMap. This dramatically improves the speed of logger retrieval and incidentally fixes LOGBACK-142.
In SyslogAppender allow suffixPattern to begin with literal text. This issue was reported Bruno Polaco in LOGBACK-782 who also provided the relevant patch.
In order to reduce unnecessary boilerplate several common types and packages are now imported automatically. This feature was contributed by Joris Kuipers.
Computation of caller information now takes into account Groovy frames (if running under Groovy). This fixes LOGBACK-811.
2012-12-05 Release of version 1.0.9
Removed an erroneous compile-time dependency on Tomcat in the logback-classic module. This issue was reported by Arnaud Heritier.
2012-12-04 Release of version 1.0.8
logback-classic updated to use SLF4J version 1.7.2 instead of version 1.6.6.
The logback-classic module now uses SLF4J version 1.7.2 instead of version 1.6.6. This only impacts projects running under an OSGi platform as SLF4J versions 1.7.x and 1.6.x are 100% binary compatible.
Fixed incorrect BufferStream assignment after recovery in ResilientFileOutputStream. This issue was reported in LOGBACK-765 by David Markwick.
Fixed incorrect parsing of variables in case of colon character followed by a dollar character. This issue was reported in LOGBACK-744.
SyslogAppender now sends out the header line of stack traces. This issue was reported LOGBACK-411 and separately as LOGBACK-750.
A StatusListener implementing LifeCycle interface was not started if specified via the logback.statusListenerClass system property. This issue was reported in LOGBACK-767 by Adam Sokowicz.
In order to avoid duplication, automatic status printing will be disabled if the user explicitly registers a status listener.
Added OnErrorConsoleStatusListener to print status messages on the error console, i.e. on System.err. This feature was requested in LOGBACK-292 by Abraham Lin.
Added NopStatusListener class which simply drops incoming status messages. By explicitly registering a NopStatusListener listener, automatic status printing can be turned off.
2012-08-24 Release of version 1.0.7
Janino library upgraded to version 2.6.1.
As of Janino version 2.6.0, in addition to janino.jar, commons-compiler.jar needs to be on the class path as well. Please see the Janino setup instructions.
Groovy dependency upgraded to version 2.0.0.
Please see the Groovy setup instructions.
The code handling variable substitution has been completely re-written. As requested in LOGBACK-729, variables can be now be nested arbitrarily, even within the default value section. For example, ${a${b:-c}:-${d:-e}} is now a valid logback variable expression yielding "e", assuming variables with the keys 'd’, ‘b’ and ‘ac’ are undefined. The new variable substitution code is designed to be backward compatible with existing configuration files.
Substitution properties are now correctly recognized by scan and scanPeriod attributes of <configuration> element in configuration files. This fixes LOGBACK-396 reported by Oh Chin Boon
The color-related conversion words now set the default color correctly. Xu Huisheng provided the relavant patch.
Fixed a race-condition in AsyncAppender and its worker thread. This issue was reported in LOGBACK-720 by Arnd Hannemann who also supplied the relevant patch.
If a PropertyDefiner implements LifeCycle, then its start() method will now be invoked.
Added the includeCallerData property in SMTPAppender to precompute caller data before storing events for future transmission. This property addresses LOGBACK-734 reported by Patrick Hogarty.
7th of June, 2012 Release of version 1.0.6
SMTPAppender now supports the retrieval of a javax.mail.Session resource from JNDI. This feature was requested in LBCLASSIC-332 by Hrotko Gabor.
Listeners passed to statusListener() method in GafferConfigurator (the groovy configurator) are now correctly started.
2012-06-06 Release of version 1.0.5
ConsoleAppender can now activate the Jansi library for ANSI color code support on Windows systems. Unix-based operating systems such as Linux and Mac OS X already support ANSI color codes by default.
PatternLayout now supports composite conversion specifiers for coloring.
2012-05-31 Release of version 1.0.4
Added AsyncAppender for asynchronous invocation of nested appenders. This was a long-standing and popular request as attested by LBCLASSIC-177, LBCORE-92 and LBCLASSIC-242.
SMTPAppender now admits the asynchronousSending property, set to ‘true’ by default. However, it can be set to ‘false’ for synchronous email transmission. This property was requested in LBCLASSIC-323 by Patrick Houk.
It is now possible to set a system property called “logback.debug” in order to force printing of internal status messages on the console regardless of the value of the debug attribute found within the <configuration> element. This behavior was requested in LBCLASSIC-225 by Aaron Digulla with the relevant patch kindly provided by Antony Stubbs.
MarkerFilter now correctly recognizes nested markers. This issue was reported in LBCLASSIC-295 by Paolo Mazzoncini who also provided the relevant patch.
Fixed invalid multiple configuration warning when deployed under Weblogic. This issue was reported in LBCLASSIC-159 by Hontvári József and with the appropriate patch provided by Derek Mahar.
SyslogAppender now admits the throwableExcluded property allowing the exclusion of throwable data if so desired. This solves LBCLASSIC-327 reported by Don Faulkner.
SyslogAppender now admits the stackTracePattern property allowing the customization of the string appearing just before each stack trace line. This fixes LBCLASSIC-333 reported by Ingebrigt Berg who also provided the relavant patch.
DBAppender now supports SQLite. This feature was requested in LBGENERAL-53 by Tony Trinh who also provided the relevant patch.
2012-05-04 Release of version 1.0.3
PatternLayoutEncoder class now admits the immediateFlush property (set to true by default). By setting this property to 'false’, logging throughput can be quintupled, although your mileage may vary. This enhancement was requested in LBCORE-243.
In order to facilitate parsing of log files, logback can now output the pattern used for the log output at the top of log files as a header. This feature was requested by James Strachan in LBCORE-234.
SMTPAppender failed to transmit messages under JDK 1.5. After some investigation, Dave discovered that this was due to setting the corePoolSize parameter of the relevant ThreadPoolExecutor to 0. Setting corePoolSize to a higher value, e.g. 1, under JDK 1.5 solves the problem and fixes LBCLASSIC-323 reported by Lutz Huehnken.
LevelChangePropagator now retains references to j.u.l. loggers whose level it sets. This fixes garbage collection issues reported in LBCLASSIC-256 by Samuel Stanojevic who also provided the appropriate patch.
2012-04-26 Release of version 1.0.2
Breaking change partially reverted in 1.0.3
By default PatternLayout will now output its pattern at the top of log files
This feature, although still available, is no longer enabled by default. See release notes for version 1.0.3 for details.
ReconfigureOnChangeFilter will avoid excessive synchronization in case of CPU intensive applications. This fixes LBCLASSIC-234, a recalcitrant bug reported by Uri Unger who also provided the key steps for reproducing it.
RollingFileAppender now creates missing directories for compressed archive files. This fixes LBCORE-169 reported by Tomasz Nurkiewicz with patches supplied by Paulo Andrade and Mats Henrikson.
SizeAndTimeBasedFNATP will now remove files with indexes higher than 99. It will also correctly compute the highest index value when an application is restarted. This fixes bug LBCORE-221 reported by Dieter Mueller and Dawid Chodura.
2012-03-07 Release of version 1.0.1
Setting the debug attribute to true in the <configuration> element now registers a OnConsoleStatusListener with the StatusManager. Thus, problems occurring during the lifetime of your application, well after logback is initialized, can be reported when the debug attribute is set. This behavior is closer to what users expect.
Added new property the cleanHistoryOnStart to TimeBasedRollingPolicy. By setting this property to true, history removal will work as expected even in the case of short-lived applications. This fixes LBCORE-226 reported by Bruce E. Irving.
It is now possible to specify multiple %d tokens in the file name pattern of TimeBasedRollingPolicy. Auxiliary %d tokens must be marked as such by passing the AUX parameter. This feature was requested in LBCORE-242 by Thomas Corte.
Logback now supports suppressed exceptions introduced in Java 7. This fixes LBCLASSIC-276.
SMTPAppender clears the relevant cyclic buffer before asynchronous transmission. This corrects LBCLASSIC-221 as reported by Chris Cheshire.
SiftingAppender will consider stale and consequently remove nested appenders which are closed or improperly started. This caters for the use case described in LBCLASSIC-316 by Guus Bloemsma.
RequestLogImpl can now lookup for the logback-access configuration file as a class path resource. This feature was requested in LBACCESS-26 by Marshall Pierce.
Updated the Janino dependency to version 2.5.16. In addition, the code checking for the availability of Janino on the class path was updated to take Janino 2.6 into account, thus fixing LBCORE-210.
2011-11-01 Release of version 1.0.0
The logback-access module now targets Tomcat 7.x and Jetty 7.x & 8.x as its servlet container platforms. This fixes LBACCESS-17 reported by Grzegorz Grzybek.
Breaking change: properties are no longer automatically inserted into the context
Properties now have a scope. Previously, the definition of a property added it to the context. As of version 1.0, properties are local, i.e. transient by default. For further details, please refer to the documentation on properties.
Environment variables are now looked up during property substitution. This feature was requested in LBCORE-212 by Alexandre Garnier.
SMTPAppender now sends emails asynchronously.
Investigation of LBCORE-224 reported by Cesar Alvarez Nunez points to bug in the JVM rather than in logback. A workaround has been found by using CopyOnWriteArrayList instead of the apparently buggy ReadWriteLock.
In STARTTLS mode, “mail.smtp.auth” property is no longer set automatically. This fixes LBCORE-225 reported by Mark Woon.
Logback-access now supports conditional configuration. This fixes LBACCESS-27 reported by Marshall Pierce.
Logback-access now supports inclusion of configuration files. See the chapter about configuration in the logback’s online manual for more information.
Added ch.qos.logback.core.read to “Import-Package” declaration in logback-classic’s manifest file. This fixes LBCLASSIC-131 reported by Michal Prihoda and Thomas Jaeckle.
Fixed infinitely recursive calls in AccessConverter#addError methods as reported in LBACCESS-25 by Pierre Queinnec.
Fixed incorrect switch fallthrough while selecting between the H2 and HSQL dialects as reported in LBCORE-218 by Pierre Queinnec.
2011-09-21 Release of version 0.9.30
Archive removal can now deal with prolonged periods of application inactivity and application stop and restarts. The issue is described in LBCORE-147 reported by Rafael Diaz Maurin.
Logback-classic now supports printing stack traces “root cause first” instead of the standard "root cause last". See the documentation for %rootException converter for further details. The %rootException converter was contributed by Tomasz Nurkiewicz in relation with LBCLASSIC-217.
In the ILoggingEvent interface the getMDC method is now deprecated and replaced by getMDCPropertyMap. The latter method was already part of the ILoggingEvent interface in prior versions of logback-classic. Furthermore, the value returned by ILoggingEvent.getMDCPropertyMap can now be an empty map but never null.
LoggingEvent no longer assumes that LogbackMDCAdapter is the only possible implementation of the MDCAdapter interface. This fixes LBCLASSIC-275 reported by Chris Dolan.
LogbackMDCAdapter now synchronizes over its thread local map. This prevents ConcurrentModificationException from occurring while a child thread copies the map from the parent. This fixes LBCLASSIC-289 reported by Josh Oddman.
It is now possible to specify multiple destination addresses separated by commas in the the to property of SMTPAppender. This fixes LBCORE-213 reported by Alexandre Garnier who also provided the relevant patch. In previous versions of logback multiple destination addresses could only be specified by using multiple to properties. As of version 0.9.30 both comma separated addresses and multiple to properties are supported.
When debug attribute is set to true within the <configuration> element, status messages are printed on the console after Joran (re)configures logback. Previously, all status messages were printed. With this release, only status messages created during (re)configuration are printed. This change fixes LBCLASSIC-273 reported by Joern Huxhorn.
Single quotes within a date conversion specifier in filename patterns are now handled correctly. This fixes LBCORE-214 reported by Derek Libby.
2011-06-09 Release of version 0.9.29
Fixed LBCLASSIC-254, a performance issue in LogbackMDCAdapter as reported by Michael Franz.
Given that events reference a snapshot of the current MDC map, the snapshot should not be cleared upon invocation of the MDC.clear operation. This issue was reported in LBCLASSIC-253 by Tommy Becker and independently fixed by the changes designated to fix LBCLASSIC-254.
As reported by Deepak Vadgama in LBCORE-199, the entry in every zip file created by FixedWindowRollingPolicy had the same name. The issue was solved by adding a timestamp to the name of the entry in the zip files as suggested by a Benoit Xhenseval.
ConfigurationWatchList no longer emits an error message when it encounters a configuration file placed in a jar file, fixing LBCLASSIC-246 as reported by Joern Huxhorn. This release also fixes LBCLASSIC-247 reported by Michael Franz.
Logback now emits a clearer error message in case a conversion pattern misses a closing parenthesis or if an opening parenthesis is misplaced. This fixes LBCORE-193 reported by B. K. Oxley.
Fixed thread safety issue in LRUMessageCache reported in LBCLASSIC-255 by César Álvarez Núñez.
The AccessEvent class in logback-access module now implements the IAccessEvent interface. This fixes LBACCESS-12 reported by Joern Huxhorn.
January 25th, 2011 Release of version 0.9.28
Breaking change: In the Context interface, the previously misspelled property bithTime is now renamed as birthTime.
In the Context interface, the previously misspelled property bithTime is now renamed as birthTime. This is a backward-incompatible change. All pre-existing references to “bithTime” property now need to referenced as "birthTime".
Fixed issue 238 reported by Robert Elliot. GEventEvaluator’s start method now correctly sets the state of the instance.
JaninoEventEvaluator now expects Java blocks instead of boolean expressions. For even moderately complex logical statements, blocks can be more convenient to read or to write compared with boolean expressions. To ensure backward compatibility, existing boolean expressions are converted into blocks on the fly.
Corrected handling of null valued arguments by DBAppender. This fixes LBCLASSIC-239 reported by Artyom Kalita.
It is now possible to use the context birth time as the time reference for the <timestamp> element in configuration files.
Logback can now scan for included files as well. This solves LBCLASSIC-245.
December 22nd, 2010 Release of version 0.9.27
Added a new section in the documentation about real-world inspired recipes.
PatternLayout now supports compound conversion words of which “%replace” is one example. This change involved a significant re-write of the pattern tokenizer, the pattern parser and the pattern compiler. However, the changes should be backward compatible as far as users are concerned.
The to option of SMTPAppender now admits a pattern and is evaluated dynamically.
TeeServletInputStream no longer chokes on input over 8K in size. This fixes LBACCESS-10 as reported by Augusto Rodriguez.
TeeFilter now takes include and exclude parameters so that it can be enabled or disabled by host. This solves LBACCESS-15.
Fixed LBCLASSIC-231 as reported by Jeff Skjonsby. When configuring SizeAndTimeBasedFNATP, GaggerConfigurator (Groovy) will no longer throw a NullPointerException.
Every context now returns its own name when asked for the property CONTEXT_NAME. This fixes LBCORE-178 as requested by Michael Osipov.
20th of October, 2010 Release of version 0.9.26
Fixed LBCLASSIC-183 as reported by Anthony Whitford. Upon application restart, Tomcat should no longer complain about ThreadLocal variables created internally by logback.
SMPTAppender now lets users set a custom buffer size for the outgoing messages. This fixes LBCORE-170 as requested by Peter Royal.
When stopped, RollingFileAppender now calls stop() on its policy objects, fixing LBCORE-114 reported by Anders Wallgren.
Added mapping for OFF and ALL levels in JULHelper as requested in LBCLASSIC-226 by Christian Brensing.
October 13th, 2010 Release of version 0.9.25
Logback-classic now supports propagation of level changes from logback-classic onto the j.u.l. framework. This significantly reduces the performance impact of disabled log statements making it reasonable for real-world applications to use the jul-to-slf4j bridge.
The <appender-ref> element now supports variable substitution, thus fixing LBCLASSIC-224 as reported by David Harrigan.
As reported in LBCORE-164, SizeAndTimeBasedFNATP would cause previous logging files with indexes over nine to be overwritten on application restart. This complex bug was reported and precisely diagnosed by Dieter Mueller. He has also proposed a fix which was subsequently adopted as is.
June 30th, 2010 Release of version 0.9.24
Fixed NullPointerException thrown by MDCBasedDiscriminator in case the MDC map is null.
Fixed issue with SizeAndTimeBasedFNATP in presence of application stop/restart and non-null file property. This issue was reported by Tom Liu in LBCORE-131.
June 29th, 2010 Release of version 0.9.23
Fixed Groovy runtime dependency problem with ReconfigureOnChangeFilter, i.e. the auto-scan filter, when using non-groovy configuration files. This problem was reported in LBCLASSIC-214 by Alvin Chee.
Fixed MDCBasedDiscriminator so that it supports deferred processing. This issue was reported in LBCLASSIC-213 by Torsten Juergeleit.
June 21st, 2010 Release of version 0.9.22
Logback now supports configuration files written in Groovy which are more convenient than configuration files written in XML. We have also developed a tool to automatically migrate your logback.xml files to logback.groovy.
Inspired by the functionality offered by SiftingAppender, SMTPAppender now can track multiple buffers according to selection information returned by a discriminator.
Fixed synchronization issue in ConsoleAppender as reported in LBCORE-158 by David Roussel who also supplied a corrective patch.
May 8th, 2010 Release of version 0.9.21
SLF4J dependency upgraded to 1.6.0
Fixed concurrency problem in SiftingAppender as reported in LBCLASSIC-203 by Ellen Strnod.
Added GEventEvaluator which processes boolean expression written in the Groovy language.
Fixed rollover problem occurring when the target directory was missing as reported in LBCORE-151 by Torsten Juergeleit. A closely related problem was reported in LBCLASSIC-167 by Rick Janda.
April 2nd, 2010 Release of version 0.9.20
Fixed issue related to charsets in LayoutWrappingEncoder not being recognized in config files.
Logback now supports conditional processing of configuration files.
A new extension point for defining properties on the fly has been added. The code for this enhancement was provided by Aleksey Didik in LBCLASSIC-182.
Logback now provides an answer to the longstanding logging separation problem for static logger references in shared libraries. This fixes LBCLASSIC-166 and LBCLASSIC-87.
Removed the previously deprecated getFirstFilter method in FilterAttachable interface.
March 24, 2010 Release of version 0.9.19
Breaking change: FileAppender now expects an Encoder
In response to LBCORE-128, WriterAppender has been renamed as OutputStreamAppender, FileAppender now subclassing the latter. OutputStreamAppender and subclasses now take an Encoder instead of a Layout.
Contrary to layouts which simply transform a logging event into a String, an encoder is responsible for writing the actual event or more accurately the representation of the event onto the output stream. The role of the enclosing appender is now limited to managing the output stream (opening/closing) but not writing actual contents onto the stream. This change will require modifications to existing configuration files. We hope to make up for this inconvenience with cool new features which are only possible using encoders. During a transition period, layouts passed as parameter will be automatically wrapped by an encoder so that configuration files in the old format (using a layout instead of encoder) will continue to work unmodified.
Breaking change: DBAppender in logback-classic expects four additional columns
Instead of lumping log request arguments into a field, DBAppender (in logback-classic) now outputs up to four arguments in the logging request in separate columns, named arg0, arg1, arg2 and arg4. This solves LBCLASSIC-187 reported by Greg Thomas.
Existing databases can be migrated to the new table structure by altering the existing tables. Here is how it would be done in PostgreSQL and MySQL.
ALTER TABLE logging_event ADD COLUMN arg0 VARCHAR(254); ALTER TABLE logging_event ADD COLUMN arg1 VARCHAR(254); ALTER TABLE logging_event ADD COLUMN arg2 VARCHAR(254); ALTER TABLE logging_event ADD COLUMN arg3 VARCHAR(254);
In Oracle:
ALTER TABLE logging_event ADD arg0 VARCHAR(254); ALTER TABLE logging_event ADD arg1 VARCHAR(254); ALTER TABLE logging_event ADD arg2 VARCHAR(254); ALTER TABLE logging_event ADD arg3 VARCHAR(254);
FileAppender and derived classes can now gracefully deal with IO failures and recover quickly after the original cause of the IO failure is corrected. For example, if the log file is located on a network-attached storage (NAS), and the connection to the NAS server is lost, FileAppender and derived classes will recover quickly after the connection to the server is re-established.
The packages under ch.qos.logback.classic namespace no longer depend on org.slf4j.impl. This fixes LBCLASSIC-184 reported by Gunnar Wagenknecht.
Fixed LBCLASSIC-193. SyslogAppender will no longer shutdown when messages over 256Kb cause an IOException.
Added OnMarkerEvaluator which evaluates to true in the presence of user-specified markers. When used with SMTPAppender, it can trigger an outgoing email message when an event matches user-specified marker.
Request header names in AccessEvent (logback-access) are now stored in a case-insensitive way as specified in RFC 2616. This prevents compatibility issues, in particular with recent versions of Tomcat which store request header names in lower-case.
Fixed LBCORE-134 reported by Michael Franz. While reading configuration files (in XML), the event handler will correctly process body text, in particular spaces, even when delivered in multiple chunks. The previous behavior of trimming leading and trailing white space has been preserved. Moreover, body text consisting of white space surrounding child elements is ignored.
SiftingAppender now exposes its AppenderTracker. Moreover, the stopAndRemoveNow(String key) method was added to AppenderTracker, allowing immediate removal of a nested appender.
Fixed LBCORE-130. FileNamePattern no longer treats parenthesis as special.
The CharsetEncoder property in SMTPAppender can now be accessed and set from configuration files. This fixes LBCLASSIC-194.
Instead of sending its output to the System.out/err reference that was effective at initialization, ConsoleAppender will now seek the most current System.out/err reference and send its output there. This fixes LBCORE-143 as reported by Tom SH Liu.
DBAppender now outputs exception class and message. It will also output root causes, fixing LBCLASSIC-170 reported by Tomasz Nurkiewicz.
You can now override table and column names in DBAppender. This feature was requested in LBCLASSIC-188 reported by Tomasz Nurkiewicz.
Fixed missing EVENT_ID column problem on PostgreSQL as reported in LBCORE-126 by Brian Edwards.
Event id values in DBAppender are now 64bit instead of 32. This change was requested in LBCLASSIC-198 by Michael Lynch.
Added Sybase SQLAnywhere support in DBAppender. This feature was requested by Michael Lynch in LBCLASSIC-197.
Added H2 support in DBAppender.
Fixed LBSITE-36 reported by John Jimenez.
3rd of December 2009 Release of version 0.9.18
After a very long investigation resulting in somewhat a better understanding of licensing issues, logback is now dual-licensed under the EPL 1.0 and LGPL 2.1.
Due to a clerical error LBCORE-26 has re-raised its ugly head. It has now been tamed for good.
Fixed Private-Package and Export-Package sections in logback-classic.jar MANIFEST as reported in LBCLASSIC-165 and LBCLASSIC-121 by applying the relevant patches supplied by Hugues Malphettes.
Made the OSGi import declarations for Janino and javax optional as proposed by David Varnes in LBCORE-101.
ReconfigureOnChangeFilter did not pick up changes for configuration files containing spaces. This issue was reported in LBCORE-119 by Anders Wallgren.
Added tests cases which run logback artifacts as bundles within Felix. This should solve a series of problems related to OSGi.
When ill-formed configuration files fragments were included in another configuration file, the included file was not closed correctly. This issue was reported in LBCORE-122 by Michael Franz.
JaninoEventEvaluator now passes the throwable associated with an event as a java.lang.Throwable instead of an IThrowableProxy. This fixes LBCLASSIC-155 as reported by Hontvári József. See EvaluatorFilter documentation for more details.
The name of the log file nested within .zip archives was incorrectly set to be that of the tmp file logback creates during compression. Anders Wallgren reported and posted an appropriate patch for this problem in LBCORE-98. The nested file is now named after the zip archive file. Analysis showed that this was an appropriate strategy in all the cases we considered.
Fixed LBCLASSIC-149. The ContextNameConverter now correctly uses the context name of the event instead of its own context name.
When a logger is named after an inner class, the ‘$’ is used as a separator, instead of the usual '.’. This fixes the level inheritance issue described in LBCLASSIC-102 and as reported by Joern Huxhorn.
Fixed deadlock issue observed with appender which invoke loggers as reported in LBCLASSIC-154 by Andrew Perrine and debugged by Ralph Goers who also proposed the relevant patch.
9th of August 2009 Release of version 0.9.17
PackagingDataCalculator now correctly deals with NoClassDefFoundError thrown by class loaders. This fixes LBCLASSIC-125 reported by Roland Klein and independently by Didier Besset.
In configuration files, all tags names associated with explicit actions are now case-insensitive. This should diminish case-related errors users may make when writing configuration files. Tag names associated with implicit actions which are closely linked to the actual Java class being configured, still need to follow the camelCase convention. If you are unsure which case to use for a given tag name, just follow the camelCase convention for tag names which should be correct in most cases.
It is now possible to create uniquely named files by timestamp. Such files are appropriate for log files associated with batch applications. This enhancement fulfills LBCORE-91 as requested by Rick Beton and Szel Zoltan.
Append mode is now mandatory in RollingFileAppender. This was already the default and truncation mode is unreasonable in most cases. For example, in truncate mode when an application stops and is quickly re-started, any pre-existing log file for the current period will be lost.
The activeFile field in RollingFileAppender is now properly updated, fixing LBCORE-90 as reported by Valery Shorin.
The TimeBasedTriggeringPolicy has been heavily refactored. It is now possible to trigger rolling simultaneously by time and by size, fixing LBCORE-61.
Fixed LBCLASSIC-145 reported by Joern Huxhorn. The LoggingEventVO class now correctly populates its callerData field if the original ILoggingEvent already has it.
15th of July 2009 Release of version 0.9.16
In addition to nifty new features, this release contains several important internal changes. Given the importance of some of those internal changes, this release may be less stable than previous logback releases.
In logback-classic, LoggingEvent now implements the ILoggingEvent interface. All logback-classic components expect to process ILoggingEvent instances. Moreover, events which sent to a remote host are now of type LoggingEventVO.
Logback-classic will now automatically re-configure itself when its configuration file is modified. This enhancement was requested in LBCORE-59 by Michael Osipov.
FileAppender and its derived class RollingFileAppender are now based on a finer-grain synchronization model. This change is aimed at reducing various synchronization related bugs, namely LBCLASSIC-135 and its various sub-tasks.
Fixed a bug in the localLevelReset() method in the Logger class which inadvertently used the DEBUG_INT value in the org.slf4j.spi.LocationAwareLogger interface instead of the DEBUG_INT value in ch.qos.logback.classic.Level class. The issue was first identified by Andy Ruch in a message to the logback-user list
If the logger name had 12 or more segments, the logger conversion specified would throw an ArrayIndexOfBounds exception. Lukas Zapletal has kindly reported this problem in LBCLASSIC-110 and provided a test case.
A new discriminator class called “ContextBasedDiscriminator” allows SiftingAppender to separate logging based on the context name. This fits nicely with the requirements expressed in LBCLASSIC-117 by Rick Janda.
When a context is reset, then its object and property maps are now cleared. This fixes LBCORE-104 reported by Johan Bos.
Fixed LBCORE-105. Configuration files placed in jar files will no longer lock the jar file. This issue was initially reported for log4j in bug 47465 Mark Thomas.
Fixed LBCORE-94. While configuring a RollingFileAppender, if the File property is declared after any rolling or triggering policies, then logback will now generate an error status message.
Fixed LBCLASSIC-134 reported by Darryl Smith. DuplicateMessageFilter will now behave correctly when invoked via Logger.isXXXEnabled methods.
Fixed LBCORE-107, incorrectly set context information for the NestedBasicPropertyIA instance in Joran, reported by Lóránt Pintér.
Fixed LBCLASSIC-109, reported by Andrew Ruch when a logger context was reset, the trace level was erroneously enabled.
12th of February 2009 Release of version 0.9.15
When the reset() method in LoggerContext is called, registered turbo filters are first stopped before being unregistered. This fixes LBCLASSIC-89 reported by Alexis Morillo.
Added a servlet for viewing internal status messages as an HTML table. Two separate implementations are available; one for logback-classic and the other for logback-access.
Added the clear() method to the StatusManager interface. After reconfiguration, it may be desirable to clear the status list maintained by a StatusManager. This change was requested by Alexis Morillo in LBCORE-77.
Fixed problem LBCLASSIC-104 related to loss of MDC information in deferred logging events.
Fixed issue LBCLASSIC-101. Logback jar files now include full OSGi bundle information in their manifests. This information is automatically added by Apache Felix’ Maven bundle plug-in. The generated manifest files contain an appropriate Bundle-RequiredExecutionEnvironment directive, fixing LBGENERAL-8.
The setter and getter methods for the layout property in AppenderBase class now have reasonable default implementations, instead of nop previously. This change was requested by Thilo Tanner in LBCORE-56.
Added log4j.dtd compatible XMLLayout as requested in LBCLASSIC-22.
New chapter on Joran.
29th of December 2008 Release of version 0.9.14
Corrected a serious deadlock problem occurring during configuration. It was reported in LBCLASSIC-81 by Holger Mense.
Corrected thread leakage observed with TimeBasedRollingPolicy’s AsynchronousCompressor. This bug was reported in LBCORE-78 by Szel Zoltan.
Added DuplicateMessageFilter, a turbo filter which detects duplicate messages, and beyond a certain number of repetitions, drops repeated messages.
Added a new appender called SiftingAppender. As its name intimates, a SiftingAppender can be used to separate (or sift) logging according to a given runtime attribute. For example, SiftingAppender can separate logging events according to user sessions, so that the logs generated by each user go into distinct log files, one log file per user.
BasicStatusManager’s internal buffer is now split into two parts, the header part and the tail part. The header part stores the fist H status messages whereas the tail part stores the last T messages. At present time H=T=150, although these values may change in future releases.
Fixed NullPointerException thrown when calling setContextMap on a fresh MDC. Issue was reported by Francois Terrier.
Evaluators are now wired into an appender automatically (implicit rules) without the help of EvaluatorAction. EvaluatorAction is now only needed for global evaluator elements. It follows that name attribute is necessary only for global evaluators. Embedded evaluators no longer need a name. This change fixes LBCLASSIC-100. In addition, EvaluatorAction has been modified to accept evaluators of any type and not just instances of JaninoEvaluator.
Logback-classic default configuration process will now automatically print status data on the console in case of warnings as well as errors. Previously, status data was printed only in case of errors.
ContextInitializer will now print the url of the configuration it is using. This should help reduce confusion when multiple config files are found on the class path. This change resolves LBCLASSIC-55 reported by Anton Tagunov and Henric Larsson.
In case multiple configuration files are found on the class path, ContextInitializer will now emit a warning. This fixes LBCLASSIC-85 filed by Szel Zoltan.
HTMLLayout now honors custom conversion words, thus fixing LBCORE-74 as reported by Natan Cox.
Fixed LBCORE-69 as reported by Andrey Rybin. SMTPAppenderBase now has support for charset encodings so that email messages can contain characters beyond US-ASCII.
SMTPAppender in logback-classic now defaults to OnErrorEvaluator instead of a janino-based evaluator. Thus, by default SMTPAppender no longer depends on Janino.
Added UnsynchronizedAppenderBase class based on Ralph Goers’ contribution in LBCORE-58. Note that AppenderBase remains unchanged. Appenders which need to handle synchronization on their own can do so by deriving from UnsynchronizedAppenderBase.
5th of December 2008 Release of version 0.9.13
A NullPointerException was being thrown when the level of a logger was set to null. The logger in question had to have children. This problem was reported in LBCLASSIC-91 by Mateusz Jedruch.
4th of December 2008 Release of version 0.9.12
Fixed bug LBCORE-26 reported by Tsutomu YANO and independently by Hontvári József and Gamaliel Amaudruz. RollingFileAppender when used in conjunction with DateBasedRollingPolicy will rollover existing log files at initialization if their timestamp warrants it.
Added support for file appending in prudent mode. Thus, multiple FileAppender instances running on multiple JVMs can safely write to the same log file. With certain limitations, prudent mode extends to RollingFileAppender.
Fixed LBCLASSIC-83. It is now possible to set the level of a logger to null, even if it was previously set to a non-null level. Previously, a NullPointerException would be thrown.
In response to LBCLASSIC-61, LBCLASSIC-33, LBCLASSIC-24 and LBCLASSIC-14 JMXConfigurator has been redesigned.
Fixed LBGENERAL-22. The log4j.properties translator web-application has been significantly refactored.
Fixed improvement request LBCLASSIC-59 relation to StatusListeners, originally submitted by Anton Tagunov.
The logger and class name converters now consider zero as having special meaning, and will return the simple class name, removing the package name prefix. This feature was asked by Silvano Maffeis.
In response to LBCLASSIC-54 support for turbo filters has refactored. The present code is safe under concurrent access while still offering good performance.
Fixed LBCORE-43 reported by Bruno Navert. Configuration files can now look up property files from classpath resources.
Fixed LBCLASSIC-86 related to AccessControlException thrown when run in a JVM with a SecurityManager.
Invoking the LoggerContext.reset() method resets logger levels to their default value, that is DEBUG for the root logger and null for all other loggers. This was requested in LBCLASSIC-90 by Mateusz Jedruch.
Fixed bug LBCLASSIC-69 reported by Anton Tagunov. The LevelToSyslogSeverity now correctly handles the TRACE level.
Fixed bug LBCLASSIC-57 reported by Anton Tagunov. SyslogAppender could overwhelm the Syslog server with very large messages. SyslogAppender now limits its message size to 256K.
Logback now supports setting the logger context name as well as inserting variables stored in JNDI as properties.
Fixed issue LBCLASSIC-49 reported by Oliver Lietz. The getLogger() method in LoggerContext class will now throw an IllegalArgumentException when invoked with a null argument.
28th of October 2008 Release of version 0.9.11
Fixed LBCLASSIC-77 reported independently by Gianni Doe, Yannick Haudry and Yossi Shaul. The childValue() method of CopyOnInheritThreadLocal class part of MDC code no longer throws a NullPointerException.
27th of October 2008 Release of version 0.9.10
In case of errors during initialization, logback-classic now automatically prints out its internal status. This has been a frequently requested feature.
The LogbackValve in logback-access (ensuring integration with Tomcat), will now systematically print its internal status upon initialization, unless told to be quiet. This greatly helps troubleshooting the configuration of logback-access under Tomcat.
Fixed bug 147 which occurred when the user inadvertently attempted to set the layout of a SyslogAppender. The code now actively prevents this. Documentation has been updated to reflect the change.
Fixed bug LBCLASSIC-56 originally reported by Michel Colette. Backslash characters are now correctly interpreted in filename patterns.
The TurboFilterChain in a LoggerContext is now cleared when the reset() method is called. This problem was reported on May 1st, 2008, by Julia Hu on the logback developers list.
Fixed issue LBCORE-48. During rollover, compression of large files would bring all logging to a halt. In this latest release, the rolled over file is first renamed, which is a relatively fast operation, and only then is the renamed file compressed asynchronously (in a separate thread).
Fixed issue LBCORE-11. It is now possible to instruct TimeBasedRollingPolicy to delete old files, thus controlling then number of archived log files.
Fixed issue LBCORE-42. If the parent directory of the log file does not exist, then FileAppender will create it, including any necessary but nonexistent parent directories.
Fixed LBCORE-15 reported by Klaus Unger and others. DBAppender should now work with Oracle 9, 10g and 11g, regardless of the JDBC driver type used.
Fixed issue LBCORE-17 reported by Thorbjørn Ravn Andersen. Logback now relies on Geronimo JMS API specifications instead of Sun’s JMS API specification, the latter requiring manual installation. With Geronimo JMS, logback can be built using Maven without needing to manually install any dependencies.
Fixed issue LBCORE-23. In PatternLayout, parenthesis can be used to group conversion patterns. It follows that the '(' and ')' carry special meaning and need to be escaped to be used as literals. This is now properly documented.
The location of the default configuration file can be specified by a system property. This feature was requested in LBCORE-32 by Ted Graham, Matt Fowles, Ivan Biddles and Ralph Goers.
Fixed issue LBCORE-55 reported by Natan Cox. WriterAppender now outputs its presentation footer and file footer in the correct order.
Fixed issue LBCORE-27 reported by Peter Royal. SMTPAppender now outputs its presentation footer and file footer in the correct order.
Fixed issue LBCLASSIC-67 reported by Alessandro Fustini. SMTPAppender now correctly configures the layout used to format the subject line of the outgoing email. It no longer appends a lengthy stack trace to the subject line.
Fixed issue LBCLASSIC-68 reported by Gili Tzabari. In environments where the TCCL (Thread Context Class Loader) was not set, logback was unable to located its default configuration files. Logback now uses the class loader that loaded logback itself to locate its resources instead of the TCCL. This approach is simpler and deemed to cover more environments, i.e. more widely applicable.
Fixed issue LBGENERAL-24 reported by Hung Tang. SMTPAppender now supports plain username/password authentication as well as both the STARTTLS command and SSL connections.
Fixed issue LBCLASSIC-48 reported by Peter Royal. SyslogAppender now correctly outputs hours as 0-23 and not as 1-12 as previously.
Added a new TurboFilter called DynamicThresholdFilter which can filter events depending on MDC values based on a variety of criteria such as company name, product or the end user. This filter was contributed by Ralph Goers in LBCLASSIC-53.
26th of March 2008 Release of version 0.9.9
MDC data in now inherited by child threads. This behaviour was already specified in the javadocs. The issue was raised by Martin Benda in bug 64 and independently by Peter Huber.
Logback no longer includes retro-weaver generated jars for JDK 1.4. There seems to be little of interest in JDK 1.4 builds. Calling retro-weaver increases logback’s build time by a few seconds each time – seconds in which we can do more productive things.
Fixed bug 104, silly but nonetheless serious copy-and-paste errors in the c.q.l.classic.Logger class, reported by Joern Huxhorn.
Having been replaced by SimpleSocketServer, the SocketServer class has been removed.
Fixed bug 105, sockets created by SocketAppenderBase is now closed, reported by Joern Huxhorn. More generally, SimpleSocketServer is much more careful to track open client connections and to close them.
Fixed bug 110 in relation with the requestParameterMap field in AccessEvent - reported by Joern Huxhorn.
Fixed SLF4J bug 66 in relation with caller data when using log4j-over-slf4j - reported by Frnack Routier.
Fixed bug 129 reported by Michael Franz. As a result, Joran now supports nested as well as multiple file inclusions.
Fixed bug 100 reported by Joern Huxhorn. At serialization time, object array passed as parameter, when the LoggingEvent is are now serialized as strings.
Fixed bug 109 reported by Joern Huxhorn. There should no longer be any NullPointerExceptions thrown by deserialized AccessEvent instances.
Fixed bug 8 reported by Sebastien Pennec. The documentation has been updated to reflect the fact that in the context of conversion patterns the percent sign carries special meaning, in order to include the percent sign as a literal, it must be escaped with a backslash.
Fixed bug 52 reported by Kenichi Masuko. The bug has been fixed on March 8th, 2007. Starting with this release, Joran will support the injection of any enum type, not just FilterReply.
22th of August 2007 Release of version 0.9.8
This version of logback synchronizes with SLF4J version 1.4.3. In particular, logback now natively supports SLF4J’s MDC API introduced in SLF4J version 1.4.1. If you are using SLF4J version 1.4.1 or later please make sure upgrade to logback version 0.9.8 or later.
Fixed a number of documentation related bugs, in particular bug 90 reported by Luc Maisonobe and bug 88 reported by Sebastian Davids.
It is now possible to include configuration file fragments (in XML) as a resource. Previously, it was only possible to include a file by specifying a path to a file or a URL. This feature was requested by Michael Newcomb in bug 89.
Fixed caller data extraction problem as reported in bug 78 by Hans van der Meer.
The LoggingEvent class’ constructor now correctly takes into account the argument array passed by the user. This problem was reported in bug 85 by Robert Christian.
29th of May 2007 Release of version 0.9.7
This release corrects packaging bugs 75 and 76 related to the migration of logback to SLF4J version 1.4.0. There are no other changes.
23rd of May 2007 Release of version 0.9.6
Logback is now aligned and compatible with SLF4J version 1.4.0, thus correcting bug 73 as reported by Andy Gerweck.
Fixed NoClassDefFoundError problem when running under JDK 1.4 as reported by Brian Suksomwong.
Fixed bug 63 as reported by La Canea Rosario. Calling log4j (bridge) with the trace level will no longer cause an IllegalStateException to be thrown.
Fixed bug 70 as reported by Dirk Ooms. The %throwable conversion word is now recognized as documented in the logback manual. Moreover, the manual now mentions the %nopex word which can be used to force PatternLayout to ignore the exception contained in the logging request.
As in most releases, the documentation has been improved.
April 2nd, 2007 Release of version 0.9.5
Fixed methods isInfoEnabled, isWarnEnabled and isErrorEnabled methods in ch.qos.logback.classic.Logger class which failed to work correctly. This bug was reported today by Pavel Kral on the slf4j-user list.
Contrary to previous versions of logback, the various Logger.isXYZEnabled(Marker) methods now take into account the marker information passed as parameter.
As discussed in bug 54, during automatic initialization, it makes better sense to first check for logback-test.xml file and only if that fails, to check for logback.xml. Maven2 will guarantee that the logback-test.xml file, if places under test/resources will not be included in the artifact it produces.
March 29th, 2007 Release of version 0.9.4
Significant bug fixes made to c.q.l.access.TeeFilter and Co. Images and other binary files are now intercepted and replayed correctly. As for “x-www-form-urlencoded” post requests, their input buffer is left untouched. In a best-effort attempt, the input buffer for “x-www-form-urlencoded” post requests is later reconstructed through the request parameters. However, it may differ from the original buffer.
The logback team released today the first version of a plugin for Eclipse that allows developers to visualize logs generated by a running application. It offers several nice features. Please check the console plugin-in guide for more details.
March 20th, 2007 Release of version 0.9.3
Includes in configuration files are now supported by Joran, logback’s configuration framework. A file can contain an include element that has a file or url attribute pointing to a configuration file. See the chapter about configuration in the logback’s online manual for more information.
Corrected bug 53 reported by Wilkins Poe. There is now a dependencies page that shows the requirements of each of logback’s modules.
After a discussion on the SLF4J mailing list started by Franck Routier, a correction has been made when logging using the JCL104-over-slf4j module. Logback now correctly shows the caller location information.
As in most logback releases, the documentation has been improved.
March 5th, 2007 Release of version 0.9.2
The documentation is now in the docs/ directory to allow an easier access to the logback manual and website for offline viewing.
March 5th, 2007 Release of version 0.9.1
Logback-class now depends on SLF4J version 1.3.0 instead of 1.2.
Numerous improvements to the documentation.
Bug #46 reported by Mark Renyolds has been fixed. The TimeUtilTest should now run fine under any time zone.
Bug #45, also reported by Mark Reynolds, has been fixed. There should be no ClassCastException thrown anymore when passing an Object to the printing methods using the log4j-bridge module.
January 31st, 2007 Release of version 0.9
This version contains a new component, namely the ContextSelector, that provides context separation and management when logback is used by several web-apps running under the same server. A new chapter was added to the logback manual to detail the use of the ContextSelector, along with its associated components.
The JMXConfigurator has been improved. It now shows the context’s Status objects, which lets users check the internal state of logback.
The logback manual’s chapter 2, about logback’s architecture, has been updated with two sections: Under the hood and Performance.
January 23th, 2007 Release of version 0.8.1
This version contains new components in the Access module, allowing users to display the full HttpServletRequest or HttpServletResponse of an access event.
The documentation section has been updated. The short introduction was split into the chapter 1 and chapter 2 of the logback manual. The chapters about Appenders and Layouts have been updated to document new components of logback.
A demonstration webApp presenting logback’s major components is available. A document explains how to run it, and provides a step-by-step visit of the demo.
A first translation of logback jars to JDK1.4 is present in this release.
January 12th, 2007 Release of version 0.8
This version contains a whole new chapter, namely Chapter 3, about logback configuration. Several other documentation pages have been improved.
Logback now uses Generics in many components.
Several new components have been added to logback. A JMX Configurator now allows users to see and modify loggers or reload configuration among other possibilities. A document about this configurator is available in the corresponding section of the site. We’d like to thank Sebastian Davids for his ideas and contributions to this component.
A JMSTopicAppender and JMSQueueAppender are now available, as well as two new filters: LevelFilter and ThresholdFilter. A refactoring was done in the filters objects to ease the implementation of custom filters.
December 19th, 2006 Release of version 0.7.1
Version 0.7.1 of logback has been released.
This version contains more detailed information about logback access module, and its JMX components. A dedicated page explains how to configure and use logback access in Tomcat and Jetty, and access some of its components via JMX.
2006-12-18 Release of version 0.7
Version 0.7 of logback has been released.
Logback now ships with a new module: log4j-bridge. This new module can be used to intercept log4j calls and redirects them to logback components. More information about this module can be found in the corresponding documentation page.
The documentation has been vastly updated. Two new chapters, namely Filters and MDC, are available in the manual section.
2006-11-30 Release of version 0.6
Version 0.6 of logback has been released.
Logback classic now supports automatic configuration, allowing test and production environment configuration. TurboFilters make their first appearance in a logback release. They provide ultra-fast filtering possibilities. The logging context now supports listeners which will be contacted each time the context is reset or started. SMTPAppender allows for much more flexible configuration than before.
In logback access, new Appenders are available, namely SocketAppender and DBAppender. Logback access now supports filtering and event evaluations. A CountingFilter has been added. It provides statistical views of server access, reachable via JMX.
The documentation has also been improved. A complete new chapter has been added about Appenders, the short introduction to logback classic has been updated and a new module, containing many configuration examples has been added.
Logback now uses continuous integration in its development.
Tests have been improved, many new have been added. This release also provides some bug fixes.
2006-10-26 Release of version 0.5
Version 0.5 of logback has been released.
This release offers an important improvements in Joran. In particular, Joran can now replay configuration elements.
As in the previous release, a major area of work is the documentation which is being continuously improved.
2006-10-09 Release of version 0.4
Version 0.3 of logback has been released.
This release includes an improved access module, with specific implementations for the Jetty and Tomcat servers. Documentation was also added to show how to integrate logback-access with Jetty.
As for the classic module, several appenders and layouts have been added or improved. The error reporting of logback has also been enhanced, presenting the user with a link to an online page explaining possible reasons for the error.
Joran documentation was added, with examples in the core module.
2006-09-08 Release of version 0.3
Version 0.3 of logback has been released.
This release offers several new Appenders, support for Mapped Diagnostic Context, improved tests and documentation
In response to a bug report by Rickard Nilsson on the logback mailing list, a bug affecting parametrized logging was fixed.
We also released a PropertiesTranslator webapp that converts log4j.properties files to joran configuration files (in XML format).
2006-08-23 Release of version 0.2.5
Version 0.2.5 of logback has been released.
This release offers better documentation, with a number of corrections made in the short introduction to logback-classic.
2006-08-15 Release of version 0.2
Version 0.2 of logback has been released.
It offers better tests, some more functionality, and enhanced documentation. We also improved the site design to make it simpler and more efficient.
2006-07-26 Release of version 0.1
Version 0.1 of logback has been released.
2006-02-09 Logback web-site goes live
The logback web-site goes live on the 9th of February. At its present state, it is pretty primitive but updates will follow.
Related news
Red Hat Security Advisory 2024-4631-03 - Red Hat OpenShift Dev Spaces 3.15 has been released.
Red Hat Security Advisory 2024-3354-03 - Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include HTTP request smuggling, bypass, denial of service, deserialization, and traversal vulnerabilities.
Red Hat Security Advisory 2024-0793-03 - Red Hat Integration Camel for Spring Boot 4.0.3 release and security update is now available. Issues addressed include a denial of service vulnerability.
By Deeba Ahmed The 8220 gang, believed to be of Chinese origins, was first identified in 2017 by Cisco Talos when they targeted Drupal, Hadoop YARN, and Apache Struts2 applications for propagating cryptojacking malware. This is a post from HackRead.com Read the original post: 8220 Gang Targets Telecom and Healthcare in Global Cryptojacking Attack
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389 (CVSS score: 8.8) - TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 (CVSS score: 9.0) - Apache Log4j2 Deserialization of Untrusted
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.
The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling said. "All the
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.
Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device.
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked
MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This Metasploit module will start an LDAP server that the target will need to connect to.
Red Hat Security Advisory 2022-5532-01 - This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, information leakage, memory leak, privilege escalation, and traversal vulnerabilities.
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.
Security release also includes precautionary patches for potential Log4j-like flaw in Logback library
Open-Xchange App Suite versions 7.10.6 and below suffer from OS command injection and cross site scripting vulnerabilities. One particular cross site scripting issue only affects versions 7.10.5 and below.
A minor version update (from 7.10 to 7.11) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7020: elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure * CVE-2020-9484: tomcat: deserialization flaw in session persistence storage leading to RCE * CVE-2020-15250: ju...
Red Hat Security Advisory 2022-5498-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, buffer overflow, bypass, code execution, cross site scripting, denial of service, heap overflow, information leakage, privilege escalation, remote shell upload, remote SQL injection, and traversal vulnerabilities.
An update is now available for Red Hat Satellite 6.11This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3200: libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c * CVE-2021-3584: foreman: Authenticate remote code execution through Sendmail configuration * CVE-2021-4142: Satellite: Allow unintended SCA certificate to authenticate Candlepin * CVE-2021-21290: netty: Information disclosure via the local system temporary directory * CVE-2021-21295: netty: possible request smuggling in HTTP/2 due missing validation * CVE-2021-21409: netty: Request smuggling via content-length header * CVE-2021-30151: sidekiq: XSS via the queue name of the live-poll feature * CVE-2021-32839: python-sqlparse: ReDoS via regular expression i...
Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.