Explore top 10 tips to secure your open-source projects now. Read More
×Log4cxx is a popular logging package written in C++. One of its distinctive
features is the notion of inheritance in loggers. Using a logger hierarchy it
is possible to control which log statements are output at arbitrary
granularity. This helps reduce the volume of logged output and minimize the
cost of logging.
Update Information:
Update to log4cxx 1.7.0. Fixes CVE-2026-40023: XMLLayout did not escape characters forbidden by the XML 1.0 specification, which could cause conforming XML parsers to reject the produced document, silently dropping log records. No ABI-relevant changes; liblog4cxx SONAME (%{sover}) is unchanged.
* Fri Jul 3 2026 Till Hofmann
[ 1 ] Bug #2457923 - CVE-2026-40023 log4cxx: Apache Log4cxx: Log processing impairment due to unsanitized XML characters [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2457923
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-31a8569c4b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
Get the latest Linux and open source security news straight to your inbox.