This update provides log4j 2.16.0, to address the critical vulnerability CVE-2021-44228 ("Log4Shell"). Note with 2.16.0, JNDI is entirely disabled by default; to use it, you must set log4j2.enableJndi (please carefully consider potential security issues before doing so).
The updated jansi adds (back) a feature, AnsiRenderer, which the newer log4j requires; this is the only change to jansi.
For other changes in log4j 2.16.0, see the upstream changelog. Most changes are compatible enhancements or bug fixes, but there may be some behaviour changes.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2021-66d6c484f3Please log in to add feedback.
This update has been submitted for testing by adamwill.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
works for me
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by bodhi.
This update has been pushed to stable.