2.10.0 (2017-11-18)

This release contains new features, bugfixes and minor enhancements. Some of the new features include support for the Java 9 module system, support for the new SLF4j 1.8 binding mechanism, simplification of the Log4j property naming scheme, and native support of Jetty’s logger. Log4j API is now a fully compliant Java 9 module while the other Log4j jars are Java 9 named automatic modules.

This release supports both SLF4J 1.7.x and SLF4J 1.8.x. Because SLF4J 1.7.x requires implementations to include classes in the org.slf4j.impl package log4j-sl4j-impl cannot be used as a Java 9 module. Support for SLF4J 1.7.x will be removed in a future release.

As of Log4j 2.9.0, the Log4j API was modified to use java.util.ServiceLoader to locate Log4j implementations, although the former binding mechanism is still supported. The Log4j API JAR is now a multi-release JAR to provide implementations of Java 9 specific classes. Multi-release JARs are not supported by the OSGi specification so OSGi modules will not be able to take advantage of these implementations but will not lose functionality as they will fall back to the implementations used in Java 7 and 8. More details on the new features and fixes are itemized below. Note that some tools are not compatible with multi-release JARs and may fail trying to process class files in the META-INF/versions/9 folder. Those errors should be reported to the tool vendor.

During testing of the release it was found that one unit test fails when run on Windows. When building from source either use mvn clean install -DskipTests on Windows or run the build on a different operating system. The unit test failure is a problem in the test, not in Log4j. As always, pre-built distributions can be downloaded from http://www.apache.org/dist/logging/log4j/ or the binaries JARs may be obtained from the Maven central repository.

Note that subsequent to the 2.9.0 release, for security reasons, SerializedLayout is deprecated and no longer used as default in the Socket and JMS appenders. SerializedLayout can still be used as before, but has to be specified explicitly. To retain old behaviour, you have to change configuration like:

  <Socket name="socket" host="localhost" port="9500"/>


  <Socket name="socket" host="localhost" port="9500">

We do, however, discourage the use of SerializedLayout and recommend JsonLayout as a replacement:

  <Socket name="socket" host="localhost" port="9500">
    <JsonLayout properties="true"/>

Note that subsequent to the 2.9.0 release, for security reasons, Log4j does not process DTD in XML files. If you used DTD for including snippets, you have to use XInclude or Composite Configuration instead.

The Log4j 2.10.0 API, as well as many core components, maintains binary compatibility with previous releases.

Log4j 2.10.0 requires a minimum of Java 7 to build and run. Log4j 2.3 was the last release that supported Java 6.

Basic compatibility with Log4j 1.x is provided through the log4j-1.2-api component, however it does not implement some of the very implementation specific classes and methods. The package names and Maven groupId have been changed to org.apache.logging.log4j to avoid any conflicts with Log4j 1.x.

For complete information on Apache Log4j 2, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Log4j 2 website.



  • Allow filtering of line breaks in layout pattern. (for LOG4J2-1203 by Mikael Ståldal, Robert Turner)

  • Simplify log4j system property naming scheme. (for LOG4J2-1431 by Matt Sicker)

  • Add fields with fixed values to JSON/XML/YAML layouts. (for LOG4J2-1694 by Mikael Ståldal, Michal Dvořák)

  • Add global configuration environment SPI. (for LOG4J2-1809 by Matt Sicker)

  • Provide ways to configure SSL that avoid plain-text passwords in the log4j configuration. The configuration may now specify a system environment variable that holds the password, or the path to a file that holds the password. (for LOG4J2-2054 by Remko Popma)

  • Modularize Log4j-api and make most other log4j jars automatic modules. (for LOG4J2-2056 by Ralph Goers)

  • Add possibility of sending the key of a message to Kafka using KafkaAppender. (for LOG4J2-2062 by Mikael Ståldal, Jorge Sanchez)

  • Add org.apache.logging.log4j.core.config.composite.CompositeConfiguration#toString(). (for LOG4J2-2071 by Gary Gregory, Carter Kozak)

  • Add a noop AppenderSkeleton for applications still using Log4j 1.x. (for LOG4J2-2098 by Ralph Goers)

  • XML encoding for PatternLayout. (for LOG4J2-2103 by Mikael Ståldal)

  • Add property to disable message pattern converter lookups. (for LOG4J2-2109 by Mikael Ståldal, Carter Douglas Kozak)

  • MapMessage should use deep toString for values. (for LOG4J2-2112 by Mikael Ståldal, Carter Douglas Kozak)

  • Provide a native Log4j 2 implementation of Eclipse Jetty’s org.eclipse.jetty.util.log.Logger. (for LOG4J2-2114 by Gary Gregory)

  • Properly escape newlines and other control characters in JSON. (for LOG4J2-2120 by Mikael Ståldal, Carter Douglas Kozak)


  • Update classes in org.apache.logging.log4j.core.net.ssl in APIs from String to a PasswordProvider producing char[] for passwords. (for LOG4J2-1896 by Remko Popma)

  • Provide support for overriding the Tomcat Log class in Tomcat 8.5+. (for LOG4J2-2025 by Ralph Goers)

  • Disable thread name caching by default when running on Java 8u102 or later. (for LOG4J2-2052 by Remko Popma)

  • Support new SLF4J binding mechanism introduced in SLF4J 1.8. (for LOG4J2-2057 by Ralph Goers)

  • Split up log4j-nosql into one module per appender. (for LOG4J2-2076 by Mikael Ståldal)

  • Update from Jackson 2.9.1 to 2.9.2. (for LOG4J2-2077 by Gary Gregory)

  • Update LMAX disruptor from 3.3.6 to 3.3.7. (for LOG4J2-2078 by Gary Gregory)

  • Update Apache Commons Compress from 1.14 to 1.15. (for LOG4J2-2081 by Gary Gregory)

  • Upgrade picocli to 2.0.3 from 0.9.8. (for LOG4J2-2088 by Remko Popma)

  • [TagLib] Update servlet-api provided dependency from 2.5 to 3.0.1. (for LOG4J2-2089 by Gary Gregory)

  • Update Apache Kafka kafka-clients from to 1.0.0. (for LOG4J2-2096 by Gary Gregory)

  • Jackson dependencies for 2.9.2 incorrectly bring in jackson-annotations 2.9.0 instead of 2.9.2. (for LOG4J2-2117 by Gary Gregory)


  • Nested pattern layout options broken. (for LOG4J2-1216 by Gary Gregory, Thies Wellpott, Barna Zsombor Klara, GFriedrich)

  • Until this change, messages appeared out of order in log file any time when the async logging queue was full. With this change, messages are only logged out of order to prevent deadlock when Log4j2 detects recursive logging while the queue is full. (for LOG4J2-2031 by Remko Popma)

  • CompositeConfiguration supports Reconfiguration. PR #115. (for LOG4J2-2036 by Gary Gregory, Robert Haycock)

  • Exception java.nio.charset.UnsupportedCharsetException: cp65001 in 2.9.0. (for LOG4J2-2053 by Gary Gregory)

  • If Log4j is used as the Tomcat logging implementation startup might fail if an application also uses Log4j. (for LOG4J2-2055 by Ralph Goers)

  • AbstractDatabaseManager should make a copy of LogEvents before holding references to them: AsyncLogger log events are mutable. (for LOG4J2-2060 by Remko Popma)

  • Log4j1XmlLayout does not provide the entire stack trace, it is missing the caused by information. (for LOG4J2-2070 by Gary Gregory, Doug Hughes)

  • Log4j-config.xsd should make AppenderRef optional for each Logger element. (for LOG4J2-2073 by Gary Gregory, Patrick Lucas)

  • The console appender should say why it cannot load JAnsi. (for LOG4J2-2074 by Gary Gregory)

  • Wrong Apache Commons CSV version referenced in the Javadoc of CsvParameterLayout. (for LOG4J2-2085 by Gary Gregory, István Neuwirth)

  • Jansi now needs to be enabled explicitly (by setting system property log4j.skipJansi to false). To avoid causing problems for web applications, Log4j will no longer automatically try to load Jansi without explicit configuration. (for LOG4J2-2087 by Remko Popma, Andy Gumbrecht)

  • Log4j respects the configured "log4j2.is.webapp" property (for LOG4J2-2091 by Mikael Ståldal, Carter Douglas Kozak)

  • LevelMixIn class for Jackson is coded incorrectly (for LOG4J2-2100 by Gary Gregory)

  • Non-string value in MapMessage caused ClassCastException. (for LOG4J2-2101 by Mikael Ståldal, Carter Douglas Kozak)

  • MapMessage JSON encoding will escape keys and values. (for LOG4J2-2102 by Mikael Ståldal, Carter Douglas Kozak)

  • MapMessage supports both StringBuilderFormattable and MultiFormatMessage. (for LOG4J2-2107 by Mikael Ståldal, Carter Douglas Kozak)

  • XML Schema for DynamicFilterThreshold does not accept multiple KeyValuePairs. (for LOG4J2-2289 by Gary Gregory, Hari Menon)