[cross-project-issues-dev] reload4j 1.2.18 fixing pressing issues of log

[Matthias Sohn <matthias.sohn@xxxxxxxxx>]

The reload4j project [1] is a fork of Apache log4j version 1.2.17 with

the goal of fixing pressing issues. It is intended as a drop-in

replacement for log4j version 1.2.17.

The reload4j project aims to fix the most urgent issues in log4j 1.2.17

which hasn't seen a new release since 2012. Note that on 2022-01-06 the

Apache Logging PMC formally voted to reaffirm the EOL (End of Life)

status of log4j 1.x. Despite best efforts it was therefore impossible to

revive the log4j 1.x project within the Apache Software Foundation.

The first release 1.2.18 of reload4j was released yesterday.

Most notably version 1.2.18 contains the following changes

- remove unused method JNDIUtil.getInitialContext()

- fix CVE-2019-17571 [2]

- fix CVE-2021-4104 [3]

This new version might help all those projects which still depend on log4j 1.x.

[1] https://reload4j.qos.ch/

[2] https://github.com/advisories/GHSA-2qrg-x229-3v8q

[3] https://github.com/advisories/GHSA-fp5r-v3w9-4333

-Matthias