Apache Log4j, a Java-based logging utility created by Ceki Gülcü, is part of the Apache Logging Services project under the Apache Software Foundation. It's one of several Java logging frameworks. Log4j is widely used in Java applications for recording various events and information during program execution. It's known for its flexibility and configurability, allowing developers to control the output format and destination of log messages. Security vulnerabilities discovered in Log4j have highlighted the critical role of regular updates and patching for maintaining the integrity of applications.
July 2015: Log4j 2 General Availability Release
Log4j 2 was officially released in July 2015, marking its general availability. This version was a complete rewrite, drawing inspiration from Log4j 1 and java.util.logging.
Share
August 5, 2015: Log4j 1 End-of-Life Announcement
On August 5, 2015, the Apache Logging Services Project Management Committee declared Log4j 1 end-of-life and recommended users upgrade to Log4j 2.
Share
November 24, 2021: Log4Shell Vulnerability Discovery
The Log4Shell vulnerability in Log4j 2 was discovered and reported to Apache by Alibaba on November 24, 2021.
Share
December 6, 2021: Log4j 2.15.0-rc1 Release
On December 6, 2021, Log4j version 2.15.0-rc1 was released. This version removed the configuration setting that caused the Log4Shell vulnerability and introduced new settings to mitigate it.
Share
December 9, 2021: Log4Shell Vulnerability Disclosure
On December 9, 2021, the Log4Shell vulnerability, a zero-day exploit involving arbitrary code execution in Log4j 2, was publicly disclosed by the Alibaba Cloud Security Team. It was considered a highly critical vulnerability.
Share
January 12, 2022: Reload4j Release
On January 12, 2022, a forked and renamed version of Log4j 1.2, called Reload4j 1.2.18.0, was released by Ceki Gülcü to address urgent issues accumulated since the 2013 release of Log4j 1.2.17.
Share