Hello all, I am very happy to announce the immediate availability of reload4j version 1.2.18.1. It is intended as a drop-in replacement for log4j version 1.2.17. By drop in, we mean the replacement of log4j.jar with reload4j.jar in your build with no source code changes in .java files being necessary. Reload4j has the following Maven coordinates: <dependency> <groupId>ch.qos.reload4j</groupId> <artifactId>reload4j</artifactId> <version>1.2.18.1</version> </dependency> Reload4j was built using Java 8 but targets Java 1.5. Version 1.2.8.0 and 1.2.18.1 correct the following issues: The unit tests were updated but no actual code was changed except for the removal of NTEventAppender and the correction of the following issues: - Standardize and sanitize the build - CVE-2021-4104 (JMSAppender) - fixed in 1.2.18.0 by hardening - CVE-2022-23302 (JMSSink) - fixed in 1.2.18.1 by hardening - CVE-2019-17571 (SocketServer) - fixed in 1.2.18.0 by hardening - CVE-2020-9493 CVE-2022-23307 (Chainsaw) - fixed in 1.2.18.1 by hardening - CVE-2022-23305 (JDBCAppender) - fixed in 1.2.18.1 by *removal* - broken MDC in newer JDKs - fixed in 1.2.18.0 In the absence of a robust and well tested countermeasure, JDBCAppender has been removed to prevent SQL injection attacks. We have a proposed countermeasure which may yet salvage JDBCAppender. https://github.com/qos-ch/reload4j/pull/26 Project web-site: https://reload4j.qos.ch/ Source repository: https://github.com/qos-ch/reload4j With release 1.2.18.0 and 1.2.18.1 we have addressed the most pressing issues regarding log4j 1.x vulnerabilities. As both log4j 1.x and reload4j do *not* offer a message lookup mechanism, they did not suffer from the notorious log4shell vulnerability. Donations and sponsorship You can also support SLF4J/logback/reload4j projects via donations and sponsorship. We thank our current supporters and sponsors for their continued contributions. Sponsorship link: https://github.com/sponsors/qos-ch?o=esb Announcement mailing list: You can receive SLF4J/logback/reload4j related announcements by subscribing QOS.ch announce list, please visit the following URL. http://www.qos.ch/mailman/listinfo/announce Enjoy, -- Ceki Gülcü