`org.apache.logging.log4j:log4j-core`

Ecosystem:
maven

Package URL:
pkg:maven/org.apache.logging.log4j:log4j-core

Total PRs:
777 Dependabot PRs

Latest PR:
2 days ago

Unique Repositories:
334 repositories

Unique Repos (30 days):
13 repositories

Security Advisories

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender

GHSA-vwqq-5vrc-xw9h CVE-2020-9488 LOW published over 5 years ago • updated about 6 hours ago

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version 2.13.2. This could allow an SMTPS connection t...

Remote code injection in Log4j

GHSA-jfh8-c2jp-5v3q CVE-2021-44228 CRITICAL published almost 4 years ago • updated about 2 hours ago

# Summary Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. As per [Apache's Log4j sec...

Incomplete fix for Apache Log4j vulnerability

GHSA-7rjr-3q55-vv33 CVE-2021-45046 CRITICAL published almost 4 years ago • updated about 4 hours ago

# Impact The fix to address [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) in Apache Log4j 2.15.0 was incomplete in certain non...

Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion

GHSA-p6xc-xr62-6r2g CVE-2021-45105 HIGH published almost 4 years ago • updated about 2 hours ago

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This...

Apache Log4j 1.x (EOL) allows Denial of Service (DoS)

GHSA-vp98-w2p3-mv35 CVE-2023-26464 HIGH published over 2 years ago • updated about 1 hour ago

** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages ...

View all 6 advisories

Recent PRs

RSS Feed

build(deps): bump the gradle-production-dependencies group across 2 directories with 8 updates

AcheampongStephen/OpenTelemetry #35

2.25.1 → 2.25.2 Patch PR

Closed about 2 months ago 1 comment

build(deps): bump the gradle group across 1 directory with 59 updates

ricekot/zap-extensions #5

2.24.2 → 2.25.2 Minor PR

Closed 2 months ago 1 comment

Bump the upstream-libs group with 5 updates

SWAT-engineering/java-watch #73

2.25.1 → 2.25.2 Patch PR

Open 2 months ago 9 comments

build(deps): bump org.apache.logging.log4j:log4j-core from 2.24.1 to 2.25.2

Netcracker/qubership-inventory-tool-cli #142

2.24.1 → 2.25.2 Minor PR

Open 2 months ago

Bump the upstream-libs group in /rascal-lsp with 9 updates

usethesource/rascal-language-servers #808

2.25.1 → 2.25.2 Patch PR

Closed 2 months ago 4 comments

Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2 in the maven-dev-deps group

jruby/jruby-rack #335

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

chore(deps): bump the java-dependencies group in /cloud-run-functions/java with 4 updates

DataDog/serverless-gcp-sample-apps #74

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

BernhardAngerer/simple-speedtest-client #51

2.25.1 → 2.25.2 Patch PR

Merged 2 months ago

Bump the gradle-all group across 1 directory with 29 updates

ambarishvrao/opensearch-migrations-public #6

2.25.1 → 2.25.2 Patch PR

Closed 2 months ago 1 comment

Bump the maven-patch-group group across 1 directory with 16 updates

rvesse/jena #188

2.25.0 → 2.25.2 Patch PR

Closed 2 months ago 1 comment

Bump the patches group with 11 updates

National-Digital-Twin/fuseki-yaml-config #20

2.24.3 → 2.25.2 Minor PR

Open 2 months ago 2 comments

build(deps): bump the dependencies group across 1 directory with 106 updates

froque/jooby #125

2.24.3 → 2.25.2 Minor PR

Open 2 months ago 1 comment

fix(deps): bump the prod-deps group across 1 directory with 8 updates

folio-org/applications-poc-tools #268

2.25.1 → 2.25.2 Patch PR

Merged 2 months ago 3 comments

deps(deps): bump the maven-dependencies group across 1 directory with 65 updates

Kingsrook/qqq #231

2.23.0 → 2.25.2 Minor PR

Closed 2 months ago 1 comment

build(deps): bump the gradle-dependencies group across 1 directory with 17 updates

AllayMC/Allay #723

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

chore(deps): bump org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.2

Andy-vienna/facturaX #33

2.24.3 → 2.25.2 Minor PR

Closed 2 months ago

build(deps): bump the gradle-dependencies group across 1 directory with 16 updates

AllayMC/Allay #722

2.25.1 → 2.25.2 Patch PR

Open 2 months ago 3 comments

Bump the dependencies group with 4 updates

skodjob/test-frame #340

2.25.1 → 2.25.2 Patch PR

Merged 2 months ago 1 comment

Bump the patches group with 5 updates

telicent-oss/rdf-abac #135

2.25.1 → 2.25.2 Patch PR

Merged 2 months ago

build(deps): bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

marcoklaassen/google-cal-sync #128

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

Bump the general-dependencies group with 4 updates

streamshub/flink-sql #116

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

Bump the dependencies group across 1 directory with 9 updates

skodjob/data-generator #75

2.25.1 → 2.25.2 Patch PR

Closed 2 months ago 1 comment

Bump org.apache.logging.log4j:log4j-core from 2.20.0 to 2.25.2

huaweicloud/huaweicloud-sdk-java-obs #192

2.20.0 → 2.25.2 Minor PR

Open 2 months ago

Bump the dependencies group across 1 directory with 9 updates

lucko/bytesocks #25

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

Bump the dependencies group across 1 directory with 10 updates

scalar-labs/scalardl #276

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

Bump the prod-deps group with 4 updates

dsingley/testPKI #50

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

Bump the java group with 5 updates

openviglet/shio #1054

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

build(deps): bump the gradle-dependencies group across 1 directory with 17 updates

AllayMC/Allay #721

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2 in /listmgr

milgradesec/listmgr #73

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

Bump the all group across 2 directories with 4 updates

apache/logging-log4j-samples #374

2.25.1 → 2.25.2 Patch PR

Closed 2 months ago 1 comment

Bump the patches group across 1 directory with 8 updates

telicent-oss/fuseki-yaml-config #57

2.25.1 → 2.25.2 Patch PR

Closed 2 months ago 1 comment

maven: bump org.apache.logging.log4j:log4j-core from 2.13.0 to 2.25.2

HippotechOrg/sampleapp #174

2.13.0 → 2.25.2 Minor PR

Open 2 months ago

Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

DreamVoid/MiraiMC #578

2.25.1 → 2.25.2 Patch PR

Merged 2 months ago

Bump org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.2 in /sandbox-maven

tdupoiron-org/sandbox-maven #45

2.25.0 → 2.25.2 Patch PR

Open 2 months ago

Bump the maven-patch-group group with 6 updates

apache/jena #3477

2.25.1 → 2.25.2 Patch PR

Merged 2 months ago

Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

martin-g/wicket-webjars #192

2.25.1 → 2.25.2 Patch PR

Merged 2 months ago

fix(deps): bump the prod-deps group with 4 updates

folio-org/folio-flow-engine #124

2.25.1 → 2.25.2 Patch PR

Open 2 months ago 2 comments

Bump the maven-dependencies group across 1 directory with 31 updates

holixon/AxonFramework #142

2.25.0 → 2.25.2 Patch PR

Open 2 months ago 1 comment

Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

ShaftHQ/SHAFT_ENGINE #2107

2.25.1 → 2.25.2 Patch PR

Merged 2 months ago 1 comment

Bump the maven-dependencies group with 8 updates

AxonFramework/AxonFramework #3726

2.25.1 → 2.25.2 Patch PR

Merged 2 months ago

Bump the maven-dependencies group across 1 directory with 31 updates

abbierwolf/AxonFramework #112

2.24.3 → 2.25.2 Minor PR

Open 2 months ago 1 comment

fix(deps): bump the prod-deps group with 7 updates

folio-org/applications-poc-tools #267

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

z1lc/core #1487

2.25.1 → 2.25.2 Patch PR

Merged 2 months ago

build(deps): bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2 in /babduino

thomasleplus/CafeBab #246

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

Bump the dev-dependencies group in /java with 11 updates

wolpert/svarm #178

2.25.1 → 2.25.2 Patch PR

Merged 2 months ago

Bump the minor-and-patch group across 1 directory with 20 updates

basis-technology-corp/open-source-parent #190

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

hyperxpro/StreamSockets #64

2.25.1 → 2.25.2 Patch PR

Open 2 months ago

build(deps): bump the gradle-production-dependencies group across 2 directories with 7 updates

AcheampongStephen/OpenTelemetry #19

2.25.1 → 2.25.2 Patch PR

Closed 2 months ago 1 comment

Bump the prod-deps group across 1 directory with 7 updates

SonarCryptography/sonar-crypto #17

2.25.0 → 2.25.2 Patch PR

Open 2 months ago

Bump the test group across 1 directory with 4 updates

coolchock/reproducer #14

2.24.3 → 2.25.2 Minor PR

Open 2 months ago 1 comment

Package Details

Name:	`org.apache.logging.log4j:log4j-core`
Ecosystem:	maven
PURL Type:	maven
Package URL:	`pkg:maven/org.apache.logging.log4j:log4j-core`
JSON API:	View JSON

Security Advisories

6

Active advisories

CRITICAL 2

HIGH 2

MODERATE 1

LOW 1

View All maven Advisories

Package Information

Description:

The Apache Log4j Implementation

Repository:	https://github.com/apache/logging-log4j2
Homepage:	https://logging.apache.org/log4j/3.x/
Latest Release:	`2.24.3` 12 months ago
Dependent Repos:	82,953
Dependent Packages:	8,839
Ranking:	Top 0.0126% by dependent repos Top 0.0068% by dependent pkgs

PR Status

Open 391 (50.3%)

Merged 214 (27.5%)

Closed 166 (21.4%)

PR Types

Minor 431 (55.5%)

Major 1 (0.1%)

Patch 320 (41.2%)