Branch: refs/heads/6.2 Home: https://github.com/hibernate/hibernate-orm Commit: dab1a2a9176649da54b26442fb9abadfae450efe https://github.com/hibernate/hibernate-orm/commit/dab1a2a9176649da54b2644... Author: Yoann Rodière <yoann(a)hibernate.org&gt; Date: 2026-04-13 (Mon, 13 Apr 2026) Changed paths: M hibernate-core/src/test/resources/log4j2.properties Log Message: ----------- HHH-20334 Fix invalid log4j config Log4j 2.25 is more strict with its checks. Fix extracted from https://github.com/hibernate/hibernate-orm/commit/6c3c1684d9147cfb06c5ad9... Commit: 6d3e6bc5aab90dbe01d0022ff5bafe8b97139c76 https://github.com/hibernate/hibernate-orm/commit/6d3e6bc5aab90dbe01d0022... Author: Yoann Rodière <yoann(a)hibernate.org&gt; Date: 2026-04-13 (Mon, 13 Apr 2026) Changed paths: M settings.gradle Log Message: ----------- HHH-20334 Upgrade to Log4j 2.25.4 Technically we only: 1. Use it for testing 2. Have an API dependency in hibernate-testing, which provides some tools to work with log4j So the various CVEs are not really relevant: * https://logging.apache.org/security.html#CVE-2026-34478 * https://logging.apache.org/security.html#CVE-2026-34479 * https://logging.apache.org/security.html#CVE-2026-34481 Still, let’s avoid the noise related to automated tools reporting the problem. Compare: https://github.com/hibernate/hibernate-orm/compare/35291f140772...6d3e6bc... To unsubscribe from these emails, change your notification settings at https://github.com/hibernate/hibernate-orm/settings/notifications