Apache logging services logo

General Information

For information about reporting or asking questions about security problems, please see the security page of the Logging project.

Apache log4net Security Vulnerabilities

This page lists all security vulnerabilities fixed in released versions of Apache log4net. Each vulnerability is given a security impact rating by the development team - please note that this rating may vary from platform to platform. We also list the versions of log4net the flaw is known to affect, and where a flaw has not been verified list the version with a question mark.

Please note that binary patches are never provided. If you need to apply a source code patch, use the building instructions for the log4net version that you are using.

If you need help on building log4net or other help on following the instructions to mitigate the known vulnerabilities listed here, please send your questions to the public Logging Users mailing list.

If you have encountered an unlisted security vulnerability or other unexpected behaviour that has security impact, or if the descriptions here are incomplete, please report them privately to the Apache Security Team. Thank you.

Errors and Ommissions

Please report any errors or omissions to the dev mailing list.