Description
Apache Log4j is a Java-based logging utility originally written by Ceki Gülcü. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks.
Gülcü has since created SLF4J, Reload4j, and Logback which are alternatives to Log4j.
The Apache Log4j team developed Log4j 2 in response to the problems of Log4j
1.2, 1.3, java.util.logging and Logback, addressing issues which appeared in
those frameworks. In addition, Log4j 2 offered a plugin architecture which
makes it more extensible than its predecessor. Log4j 2 is not backwards
compatible with 1.x versions, although an "adapter" is available. On August 5,
2015, the Apache Logging Services Project Management Committee announced that
Log4j 1 had reached end of life and that users of Log4j 1 were advised to
upgrade to Apache Log4j 2. On January 12, 2022, a forked and renamed log4j
version 1.2 was released by Ceki Gülcü as Reload4j version 1.2.18.0 with the
aim of fixing the most urgent issues in log4j 1.2.17 that had accumulated
since its release in 2013.
On December 9, 2021, a zero-day vulnerability involving arbitrary code execution in Log4j 2 was published by the Alibaba Cloud Security Team and given the descriptor "Log4Shell". It has been characterized by Tenable as "the single biggest, most critical vulnerability of the last decade".
