Skip to content

build(deps): bump org.apache.logging.log4j:log4j-bom from 2.25.3 to 2.25.4#2449

Merged
MikeEdgar merged 1 commit intomainfrom
dependabot/maven/org.apache.logging.log4j-log4j-bom-2.25.4
Apr 2, 2026
Merged

build(deps): bump org.apache.logging.log4j:log4j-bom from 2.25.3 to 2.25.4#2449
MikeEdgar merged 1 commit intomainfrom
dependabot/maven/org.apache.logging.log4j-log4j-bom-2.25.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 2, 2026
edited
Loading

Bumps org.apache.logging.log4j:log4j-bom from 2.25.3 to 2.25.4.

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.25.4

This patch release delivers fixes for configuration inconsistencies and formatting issues across several layouts.

  • Restores alignment between documented and actual configuration attributes.
  • Fixes formatting and sanitization issues in XML and RFC5424 layouts.
  • Improves handling of invalid characters and non-standard values.

The authoritative list of recognized configuration attributes is available in the PluginReference.

Fixed

  • Don't issue warnings if extra argument in parameterized logging is null. (#3975, #4014)
  • Restore support for documented Rfc5424Layout parameter names. (#4022, #4074)
  • Take Throwable#toString() into account while rendering stack traces in Pattern Layout. (#3623, #4033)
  • Added debug level logs for successful resource loading in Loader class. (#4058, #4060)
  • Align SslConfiguration factory method usage with Log4j 2.12+ API. The verifyHostname attribute is now correctly recognized. (#4061, #4075)
  • Fix sanitization of structured data parameter names in RFC5424 layout. (#4073)
  • Replace invalid characters in XmlLayout output with the Unicode replacement character (U+FFFD). (#4077)
  • Replace invalid characters in Log4j1XmlLayout output with the Unicode replacement character (U+FFFD). (#4078)
  • Replace invalid characters in MapMessage.asXml() output with the Unicode replacement character (U+FFFD). (#4079)
  • Write non-finite floating-point numbers as strings in JsonWriter. (#4080)
Commits
  • 0628e53 Update the project.build.outputTimestamp property
  • a2590b4 Add debug logs for successful resource loading in Loader (#4060)
  • b788154 Changelog for additional fixes
  • 59bd6b3 Avoid referring to PluginBuilderAttribute.class in PluginProcessor (#4041)
  • 79568db Take Throwable#toString() into account while rendering stack traces in Patt...
  • 0881bc5 Add versioning and support policy information (#3341)
  • 0543b52 docs: recommend use of appropriately scoped trust roots (#4006)
  • 7a1e0ad Fix warning when last argument is null (#4014)
  • 5286148 Remove Log4j Jakarta EE link from navigation file (#4025)
  • adcda32 Retire Log4j Scala (#4030)
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Apr 2, 2026
@github-actions github-actions bot added this to the 0.12.1 milestone Apr 2, 2026
@MikeEdgar MikeEdgar enabled auto-merge (squash) April 2, 2026 08:45
@dependabot dependabot bot force-pushed the dependabot/maven/org.apache.logging.log4j-log4j-bom-2.25.4 branch from 0bdcef0 to a84d649 Compare April 2, 2026 09:07
@dependabot
build(deps): bump org.apache.logging.log4j:log4j-bom
e67f5bb 
Bumps [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2) from 2.25.3 to 2.25.4.
- [Release notes](https://github.com/apache/logging-log4j2/releases)
- [Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc)
- [Commits](apache/logging-log4j2@rel/2.25.3...rel/2.25.4)

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-bom
  dependency-version: 2.25.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/maven/org.apache.logging.log4j-log4j-bom-2.25.4 branch from a84d649 to e67f5bb Compare April 2, 2026 09:32
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 2, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@MikeEdgar MikeEdgar merged commit 2b34d47 into main Apr 2, 2026
7 of 8 checks passed
@MikeEdgar MikeEdgar deleted the dependabot/maven/org.apache.logging.log4j-log4j-bom-2.25.4 branch April 2, 2026 10:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

0.12.1

Development

Successfully merging this pull request may close these issues.

1 participant

@MikeEdgar