Skip to content

Bump org.apache.logging.log4j:log4j-bom from 2.25.3 to 2.25.4#669

Merged
docwho2 merged 1 commit intomainfrom
dependabot/maven/org.apache.logging.log4j-log4j-bom-2.25.4
Mar 30, 2026
Merged

Bump org.apache.logging.log4j:log4j-bom from 2.25.3 to 2.25.4#669
docwho2 merged 1 commit intomainfrom
dependabot/maven/org.apache.logging.log4j-log4j-bom-2.25.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026

Bumps org.apache.logging.log4j:log4j-bom from 2.25.3 to 2.25.4.

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.25.4

This patch release delivers fixes for configuration inconsistencies and formatting issues across several layouts.

  • Restores alignment between documented and actual configuration attributes.
  • Fixes formatting and sanitization issues in XML and RFC5424 layouts.
  • Improves handling of invalid characters and non-standard values.

The authoritative list of recognized configuration attributes is available in the PluginReference.

Fixed

  • Don't issue warnings if extra argument in parameterized logging is null. (#3975, #4014)
  • Restore support for documented Rfc5424Layout parameter names. (#4022, #4074)
  • Take Throwable#toString() into account while rendering stack traces in Pattern Layout. (#3623, #4033)
  • Added debug level logs for successful resource loading in Loader class. (#4058, #4060)
  • Align SslConfiguration factory method usage with Log4j 2.12+ API. The verifyHostname attribute is now correctly recognized. (#4061, #4075)
  • Fix sanitization of structured data parameter names in RFC5424 layout. (#4073)
  • Replace invalid characters in XmlLayout output with the Unicode replacement character (U+FFFD). (#4077)
  • Replace invalid characters in Log4j1XmlLayout output with the Unicode replacement character (U+FFFD). (#4078)
  • Replace invalid characters in MapMessage.asXml() output with the Unicode replacement character (U+FFFD). (#4079)
  • Write non-finite floating-point numbers as strings in JsonWriter. (#4080)
Commits
  • 0628e53 Update the project.build.outputTimestamp property
  • a2590b4 Add debug logs for successful resource loading in Loader (#4060)
  • b788154 Changelog for additional fixes
  • 59bd6b3 Avoid referring to PluginBuilderAttribute.class in PluginProcessor (#4041)
  • 79568db Take Throwable#toString() into account while rendering stack traces in Patt...
  • 0881bc5 Add versioning and support policy information (#3341)
  • 0543b52 docs: recommend use of appropriately scoped trust roots (#4006)
  • 7a1e0ad Fix warning when last argument is null (#4014)
  • 5286148 Remove Log4j Jakarta EE link from navigation file (#4025)
  • adcda32 Retire Log4j Scala (#4030)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump org.apache.logging.log4j:log4j-bom from 2.25.3 to 2.25.4
fd45a71 
Bumps [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2) from 2.25.3 to 2.25.4.
- [Release notes](https://github.com/apache/logging-log4j2/releases)
- [Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc)
- [Commits](apache/logging-log4j2@rel/2.25.3...rel/2.25.4)

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-bom
  dependency-version: 2.25.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 30, 2026
docwho2
docwho2 approved these changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@docwho2 docwho2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approve Dependabot

@docwho2 docwho2 merged commit d66b430 into main Mar 30, 2026
1 check passed
@dependabot dependabot bot deleted the dependabot/maven/org.apache.logging.log4j-log4j-bom-2.25.4 branch March 30, 2026 10:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docwho2 docwho2 docwho2 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@docwho2