| Release | Version |
|---|---|
| bullseye | 2.17.1-1~deb11u1 |
| bullseye (security) | 2.17.0-1~deb11u1 |
| bookworm | 2.19.0-2 |
| trixie | 2.19.0-2 |
| forky | 2.19.0-2 |
| sid | 2.19.0-2 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2025-68161 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2. ... |
| Bug | Description |
|---|---|
| CVE-2021-45105 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ... |
| CVE-2021-45046 | It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ... |
| CVE-2021-44832 | Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fi ... |
| CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ... |
| CVE-2020-9488 | Improper validation of certificate with host mismatch in Apache Log4j ... |
| CVE-2017-5645 | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ... |
| DSA / DLA | Description |
|---|---|
| DLA-2870-1 | apache-log4j2 - security update |
| DLA-2852-1 | apache-log4j2 - security update |
| DSA-5024-1 | apache-log4j2 - security update |
| DSA-5022-1 | apache-log4j2 - security update |
| DLA-2842-1 | apache-log4j2 - security update |
| DSA-5020-1 | apache-log4j2 - security update |