HeroDevs
Visit NES for Apache Log4j Home Page

Apache Log4j 2 Release Notes

Complete Changelog for NES for Apache Log4j 2

5 Patched Vulnerabilities
VEX Statements

Apache Log4j 2

2.17.3 (NES) - 2026-05-04

Notes

  • This release originates from the open‑source Apache Log4j project forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds.

Bug Fixes

  • Fix host name verification in SSLSocketManager. (CVE-2025-68161)
  • Align SslConfiguration factory method usage with Log4j 2.12+ API. (CVE-2026-34477)
  • Replace invalid XML characters in Log4j1XmlLayout. (CVE-2026-34479)
  • Replace invalid XML characters in XmlLayout. (CVE-2026-34480)
  • Write non-finite floating-point values as strings in JsonWriter. (CVE-2026-34481)

Full Version: 2.17.2-log4j-2.17.3