Bump org.apache.commons:commons-compress from 1.25.0 to 1.26.0 in /log4j-parent

.github/workflows/scorecards-analysis.yaml

@@ -70,6 +70,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0    # 2.1.22
+        uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea    # 2.1.22
         with:
           sarif_file: results.sarif

log4j-parent/pom.xml

@@ -69,7 +69,7 @@
     <cassandra.version>3.11.16</cassandra.version>
     <cassandra-driver.version>3.11.5</cassandra-driver.version>
     <commons-codec.version>1.16.1</commons-codec.version>
-    <commons-compress.version>1.25.0</commons-compress.version>
+    <commons-compress.version>1.26.0</commons-compress.version>
     <commons-csv.version>1.10.0</commons-csv.version>
     <commons-dbcp2.version>2.11.0</commons-dbcp2.version>
     <commons-io.version>2.15.1</commons-io.version>
@@ -78,7 +78,7 @@
     <!-- `com.conversantmedia:disruptor` version 1.2.16 requires Java 9: -->
     <conversant.disruptor.version>1.2.15</conversant.disruptor.version>
     <disruptor.version>3.4.4</disruptor.version>
-    <elasticsearch-java.version>8.12.1</elasticsearch-java.version>
+    <elasticsearch-java.version>8.12.2</elasticsearch-java.version>
     <embedded-ldap.version>0.9.0</embedded-ldap.version>
     <felix.version>7.0.5</felix.version>
     <flapdoodle-embed.version>4.9.0</flapdoodle-embed.version>
@@ -123,7 +123,7 @@
     <lightcouch.version>0.2.0</lightcouch.version>
     <log4j.version>1.2.17</log4j.version>
     <log4j2-cachefile-transformer.version>2.15.0</log4j2-cachefile-transformer.version>
-    <log4j2-ecs-layout.version>1.5.0</log4j2-ecs-layout.version>
+    <log4j2-ecs-layout.version>1.6.0</log4j2-ecs-layout.version>
     <logback.version>1.3.14</logback.version>
     <maven.version>3.9.6</maven.version>
     <mockito.version>4.11.0</mockito.version>
@@ -143,7 +143,7 @@
     <system-stubs.version>2.0.3</system-stubs.version>
     <tomcat-juli.version>10.0.27</tomcat-juli.version>
     <velocity.version>1.7</velocity.version>
-    <wiremock.version>2.35.1</wiremock.version>
+    <wiremock.version>2.35.2</wiremock.version>
     <xmlunit.version>2.9.1</xmlunit.version>
     <xz.version>1.9</xz.version>
     <zstd.version>1.5.5-11</zstd.version>

pom.xml

@@ -304,7 +304,7 @@
   <properties>
 
     <!-- project version -->
-    <revision>2.23.0-SNAPSHOT</revision>
+    <revision>2.23.1-SNAPSHOT</revision>
 
     <!-- =================
          Common properties
@@ -318,7 +318,7 @@
          2. This value is employed in various places while creating the distribution
          To mitigate these, we define a *dummy* value here and let the CI replace it during a release.
          Hence, *DO NOT MANUALLY EDIT THIS VALUE*! -->
-    <project.build.outputTimestamp>2023-12-22T14:39:06Z</project.build.outputTimestamp>
+    <project.build.outputTimestamp>2024-02-17T09:33:13Z</project.build.outputTimestamp>
 
     <!-- ========================
          Site-specific properties

src/changelog/.2.x.x/update_co_elastic_clients_elasticsearch_java.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns="http://logging.apache.org/log4j/changelog"
+       xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.3.xsd"
+       type="updated">
+  <issue id="2315" link="https://github.com/apache/logging-log4j2/pull/2315"/>
+  <description format="asciidoc">Update `co.elastic.clients:elasticsearch-java` to version `8.12.2`</description>
+</entry>

src/changelog/.2.x.x/update_co_elastic_logging_log4j2_ecs_layout.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns="http://logging.apache.org/log4j/changelog"
+       xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.3.xsd"
+       type="updated">
+  <issue id="2301" link="https://github.com/apache/logging-log4j2/pull/2301"/>
+  <description format="asciidoc">Update `co.elastic.logging:log4j2-ecs-layout` to version `1.6.0`</description>
+</entry>

src/changelog/.2.x.x/update_com_github_tomakehurst_wiremock_jre8.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns="http://logging.apache.org/log4j/changelog"
+       xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.3.xsd"
+       type="updated">
+  <issue id="2306" link="https://github.com/apache/logging-log4j2/pull/2306"/>
+  <description format="asciidoc">Update `com.github.tomakehurst:wiremock-jre8` to version `2.35.2`</description>
+</entry>

src/changelog/.2.x.x/update_github_codeql_action.xml

@@ -3,6 +3,6 @@
        xmlns="http://logging.apache.org/log4j/changelog"
        xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.3.xsd"
        type="updated">
-  <issue id="2295" link="https://github.com/apache/logging-log4j2/pull/2295"/>
-  <description format="asciidoc">Update `github/codeql-action` to version `3.24.3`</description>
+  <issue id="2317" link="https://github.com/apache/logging-log4j2/pull/2317"/>
+  <description format="asciidoc">Update `github/codeql-action` to version `3.24.5`</description>
 </entry>

src/changelog/.2.x.x/update_org_apache_commons_commons_compress.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns="http://logging.apache.org/log4j/changelog"
+       xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.3.xsd"
+       type="updated">
+  <issue id="2304" link="https://github.com/apache/logging-log4j2/pull/2304"/>
+  <description format="asciidoc">Update `org.apache.commons:commons-compress` to version `1.26.0`</description>
+</entry>

src/changelog/2.23.0/.release-notes.adoc.ftl

@@ -0,0 +1,27 @@
+////
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+         https://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+////
+
+[#release-notes-${release.version?replace("[^a-zA-Z0-9]", "-", "r")}]
+== ${release.version}
+
+<#if release.date?has_content>Release date:: ${release.date}</#if>
+
+This release adds support for LMAX Disruptor 4.x and several performance and bug fixes.
+
+In order to maintain compatibility with JRE 8, support for LMAX Disruptor 3.x is maintained.
+
+<#include "../.changelog.adoc.ftl">

src/changelog/2.23.0/.release.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to you under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<release xmlns="http://logging.apache.org/log4j/changelog"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.3.xsd"
+         date="2024-02-17" version="2.23.0"/>

src/site/_constants.adoc

@@ -34,7 +34,7 @@
 ////
 
 :project-github-url: https://github.com/apache/logging-log4j2
-:project-version: 2.23.0-SNAPSHOT
+:project-version: 2.23.1-SNAPSHOT
 :project-name: Log4j
 :project-id: log4j
 :java-target-version: 8

src/site/_release-notes.adoc

@@ -37,6 +37,7 @@
 = Release Notes
 
 include::_release-notes/_2.x.x.adoc[]
+include::_release-notes/_2.23.0.adoc[]
 include::_release-notes/_2.22.1.adoc[]
 include::_release-notes/_2.22.0.adoc[]
 include::_release-notes/_2.21.1.adoc[]

src/site/_release-notes/_2.23.0.adoc

@@ -0,0 +1,68 @@
+////
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+         https://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+////
+
+[#release-notes-2-23-0]
+== 2.23.0
+
+Release date:: 2024-02-17
+
+This release adds support for LMAX Disruptor 4.x and several performance and bug fixes.
+
+In order to maintain compatibility with JRE 8, support for LMAX Disruptor 3.x is maintained.
+
+
+[#release-notes-2-23-0-added]
+=== Added
+
+* Added support for LMAX Disruptor 4.x (https://github.com/apache/logging-log4j2/issues/1821[1821])
+
+[#release-notes-2-23-0-changed]
+=== Changed
+
+* Simplify BND configuration after upgrade from version `6.4.1` to `7.0.0`
+
+[#release-notes-2-23-0-deprecated]
+=== Deprecated
+
+* Deprecate the configuration attribute `verbose` (i.e., `<Configuration verbose="..."`) and `StatusConsoleListener` filters (https://github.com/apache/logging-log4j2/pull/2226[2226])
+* Deprecated the `RingBufferLogEventHandler` class for removal from the public API in 3.x
+
+[#release-notes-2-23-0-fixed]
+=== Fixed
+
+* Fix regression in `JdkMapAdapterStringMap` performance. (https://github.com/apache/logging-log4j2/issues/2238[2238])
+* Fix the behavior of `Logger#setLevel` and `Logger#getLevel` in the Log4j 1.2 bridge. (https://github.com/apache/logging-log4j2/issues/2282[2282])
+* Fix the behavior of `CoreLogger#getLevel` and `CoreLogger#setLevel` in the `log4j-jul` module. (https://github.com/apache/logging-log4j2/issues/2282[2282])
+* Allow deserialization of all arrays of allowed classes. (https://issues.apache.org/jira/browse/LOG4J2-3680[LOG4J2-3680])
+* Allow the <Properties> node to appear in any position in the configuration element.
+* Fix forgotten `threadName` field in `RingBufferLogEvent#clear()` (https://github.com/apache/logging-log4j2/issues/2234[2234])
+* Fix `StringBuilder` cache corruption on recursive access
+* Fixed use of `SecurityManager` in `LoaderUtil` where `AccessController::doPrivileged` should only be invoked when a `SecurityManager` is installed. Some runtimes do not seem to have this method available. (https://github.com/apache/logging-log4j2/issues/2129[2129])
+* Fix `log4j-spring-cloud-config-client` dependencies to include only those required. (https://github.com/apache/logging-log4j2/pull/2157[2157])
+* Fix typo in Kubernetes `clientKeyData` configuration property.
+
+[#release-notes-2-23-0-updated]
+=== Updated
+
+* Update `com.fasterxml.jackson:jackson-bom` to version `2.16.1` (https://github.com/apache/logging-log4j2/pull/2126[2126])
+* Update `commons-codec:commons-codec` to version `1.16.1` (https://github.com/apache/logging-log4j2/pull/2277[2277])
+* Update `io.netty:netty-bom` to version `4.1.107.Final` (https://github.com/apache/logging-log4j2/pull/2284[2284])
+* Update `org.apache.logging:logging-parent` to version `10.6.0` (https://github.com/apache/logging-log4j2/pull/2197[2197])
+* Update `org.eclipse.jetty:jetty-bom` to version `9.4.54.v20240208` (https://github.com/apache/logging-log4j2/pull/2287[2287])
+* Update `org.jctools:jctools-core` to version `4.0.3` (https://github.com/apache/logging-log4j2/pull/2270[2270])
+* Update `org.springframework:spring-framework-bom` to version `5.3.32` (https://github.com/apache/logging-log4j2/pull/2293[2293])
+* Update `org.zeromq:jeromq` to version `0.6.0` (https://github.com/apache/logging-log4j2/pull/2271[2271])

src/site/_release-notes/_2.x.x.adoc

@@ -23,46 +23,17 @@
 This releases contains ...
 
 
-[#release-notes-2-x-x-added]
-=== Added
-
-* Added support for LMAX Disruptor 4.x (https://github.com/apache/logging-log4j2/issues/1821[1821])
-
 [#release-notes-2-x-x-changed]
 === Changed
 
-* Simplify BND configuration after upgrade from version `6.4.1` to `7.0.0`
-
-[#release-notes-2-x-x-deprecated]
-=== Deprecated
-
-* Deprecate the configuration attribute `verbose` (i.e., `<Configuration verbose="..."`) and `StatusConsoleListener` filters (https://github.com/apache/logging-log4j2/pull/2226[2226])
-* Deprecated the `RingBufferLogEventHandler` class for removal from the public API in 3.x
-
-[#release-notes-2-x-x-fixed]
-=== Fixed
-
-* Fix regression in `JdkMapAdapterStringMap` performance. (https://github.com/apache/logging-log4j2/issues/2238[2238])
-* Fix the behavior of `Logger#setLevel` and `Logger#getLevel` in the Log4j 1.2 bridge. (https://github.com/apache/logging-log4j2/issues/2282[2282])
-* Fix the behavior of `CoreLogger#getLevel` and `CoreLogger#setLevel` in the `log4j-jul` module. (https://github.com/apache/logging-log4j2/issues/2282[2282])
-* Allow deserialization of all arrays of allowed classes. (https://issues.apache.org/jira/browse/LOG4J2-3680[LOG4J2-3680])
-* Allow the <Properties> node to appear in any position in the configuration element.
-* Fix forgotten `threadName` field in `RingBufferLogEvent#clear()` (https://github.com/apache/logging-log4j2/issues/2234[2234])
-* Fix `StringBuilder` cache corruption on recursive access
-* Fixed use of `SecurityManager` in `LoaderUtil` where `AccessController::doPrivileged` should only be invoked when a `SecurityManager` is installed. Some runtimes do not seem to have this method available. (https://github.com/apache/logging-log4j2/issues/2129[2129])
-* Fix `log4j-spring-cloud-config-client` dependencies to include only those required. (https://github.com/apache/logging-log4j2/pull/2157[2157])
-* Fix typo in Kubernetes `clientKeyData` configuration property.
+* Improve performance of `CloseableThreadContext#closeMap()` (https://github.com/apache/logging-log4j2/pull/2296[2296])
 
 [#release-notes-2-x-x-updated]
 === Updated
 
-* Update `com.fasterxml.jackson:jackson-bom` to version `2.16.1` (https://github.com/apache/logging-log4j2/pull/2126[2126])
-* Update `commons-codec:commons-codec` to version `1.16.1` (https://github.com/apache/logging-log4j2/pull/2277[2277])
-* Update `github/codeql-action` to version `3.24.3` (https://github.com/apache/logging-log4j2/pull/2295[2295])
+* Update `co.elastic.clients:elasticsearch-java` to version `8.12.2` (https://github.com/apache/logging-log4j2/pull/2315[2315])
+* Update `co.elastic.logging:log4j2-ecs-layout` to version `1.6.0` (https://github.com/apache/logging-log4j2/pull/2301[2301])
+* Update `com.github.tomakehurst:wiremock-jre8` to version `2.35.2` (https://github.com/apache/logging-log4j2/pull/2306[2306])
+* Update `github/codeql-action` to version `3.24.5` (https://github.com/apache/logging-log4j2/pull/2317[2317])
 * Update `io.fabric8:docker-maven-plugin` to version `0.44.0` (https://github.com/apache/logging-log4j2/pull/2299[2299])
-* Update `io.netty:netty-bom` to version `4.1.107.Final` (https://github.com/apache/logging-log4j2/pull/2284[2284])
-* Update `org.apache.logging:logging-parent` to version `10.6.0` (https://github.com/apache/logging-log4j2/pull/2197[2197])
-* Update `org.eclipse.jetty:jetty-bom` to version `9.4.54.v20240208` (https://github.com/apache/logging-log4j2/pull/2287[2287])
-* Update `org.jctools:jctools-core` to version `4.0.3` (https://github.com/apache/logging-log4j2/pull/2270[2270])
-* Update `org.springframework:spring-framework-bom` to version `5.3.32` (https://github.com/apache/logging-log4j2/pull/2293[2293])
-* Update `org.zeromq:jeromq` to version `0.6.0` (https://github.com/apache/logging-log4j2/pull/2271[2271])
+* Update `org.apache.commons:commons-compress` to version `1.26.0` (https://github.com/apache/logging-log4j2/pull/2304[2304])