aboutsummaryrefslogtreecommitdiff
path: root/doc/changelog.markdown
diff options
context:
space:
mode:
authorReinier Zwitserloot <r.zwitserloot@projectlombok.org>2021-12-12 01:14:04 +0100
committerReinier Zwitserloot <r.zwitserloot@projectlombok.org>2021-12-12 01:14:04 +0100
commit41a90527d3d8274aafcbd63629b3801c9e58c550 (patch)
tree307e2983353078bb168ae08b197541ba69e89b57 /doc/changelog.markdown
parentd3b763f9dab4a46e88ff10bc2132fb6f12fda639 (diff)
downloadlombok-41a90527d3d8274aafcbd63629b3801c9e58c550.tar.gz
lombok-41a90527d3d8274aafcbd63629b3801c9e58c550.tar.bz2
lombok-41a90527d3d8274aafcbd63629b3801c9e58c550.zip
[fixes #3063] Bump log4j2 dep version to avoid needless security warnings from dep scanners - lombok is not affected by CVE-2021-44228.
Diffstat (limited to 'doc/changelog.markdown')
-rw-r--r--doc/changelog.markdown1
1 files changed, 1 insertions, 0 deletions
diff --git a/doc/changelog.markdown b/doc/changelog.markdown
index 5c13e2e2..a1938014 100644
--- a/doc/changelog.markdown
+++ b/doc/changelog.markdown
@@ -4,6 +4,7 @@ Lombok Changelog
### v1.18.24 "Edgy Guinea Pig"
* FEATURE: Turning a field named `uShape` into a getter is tricky: `getUShape` or `getuShape`? The community is split on which style to use. Lombok does `getUShape`, but if you prefer the `getuShape` style, add to `lombok.config`: `lombok.accessors.capitalization = beanspec`. [Issue #2693](https://github.com/projectlombok/lombok/issues/2693) [Pull Request #2996](https://github.com/projectlombok/lombok/pull/2996). Thanks __@YonathanSherwin__!
* BUGFIX: Various save actions and refactor scripts in eclipse work better. [Issue #2995](https://github.com/projectlombok/lombok/issues/2995) [Issue #1309](https://github.com/projectlombok/lombok/issues/1309) [Issue #2985](https://github.com/projectlombok/lombok/issues/2985) [Issue #2509](https://github.com/projectlombok/lombok/issues/2509)
+* NOTE: A widely reported security issue with log4j2 ([CVE-2021-44228](https://www.randori.com/blog/cve-2021-44228/)) has absolutely no effect on either lombok itself nor does usage of lombok on its own, or even the usage of lombok's `@Log4j2`, cause any issues whatsoever: You have to ship your own log4j2 dependency in your app - update that to 2.15 or otherwise mitigate this issue (see the CVE page). To avoid unneccessary warnings from dependency checkers, our dep on log4j2, which is used solely for testing and cannot be exploited in any way, has been updated to 2.15.0. [Issue #3063](https://github.com/projectlombok/lombok/issues/3063)
### v1.18.22 (October 6th, 2021)
* PLATFORM: JDK17 support added. [Issue #2898](https://github.com/projectlombok/lombok/issues/2898).