Information on source package apache-log4j2

Available versions

ReleaseVersion
bullseye2.17.1-1~deb11u1
bullseye (security)2.17.1-1~deb11u2
bookworm2.19.0-2
trixie2.19.0-2
forky2.19.0-2
sid2.19.0-2

Open issues

BugbullseyebookwormtrixieforkysidDescription
CVE-2026-34481vulnerablevulnerablevulnerablevulnerablevulnerableApache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2. ...
CVE-2026-34480vulnerablevulnerablevulnerablevulnerablevulnerableApache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/ma ...
CVE-2026-34479vulnerablevulnerablevulnerablevulnerablevulnerableThe Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to ...
CVE-2025-68161fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2. ...

Resolved issues

BugDescription
CVE-2026-34478Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2. ...
CVE-2026-34477The fix for CVE-2025-68161 https://logging.apache.org/security.html#C ...
CVE-2021-45105Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...
CVE-2021-45046It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ...
CVE-2021-44832Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fi ...
CVE-2021-44228Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ...
CVE-2020-9488Improper validation of certificate with host mismatch in Apache Log4j ...
CVE-2017-5645In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...

Security announcements

DSA / DLADescription
DLA-4444-1apache-log4j2 - security update
DLA-2870-1apache-log4j2 - security update
DLA-2852-1apache-log4j2 - security update
DSA-5024-1apache-log4j2 - security update
DSA-5022-1apache-log4j2 - security update
DLA-2842-1apache-log4j2 - security update
DSA-5020-1apache-log4j2 - security update
Search for package or bug name: Reporting problems