Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 43 Log4cxx Critical XML Character Issue Fix FEDORA-2026-31a8569c4b

fedora
Calendar Grey July 17, 2026
Scroller Fedora
Addressing the critical XML parsing issue in log4cxx 1.7.0 on Fedora 43 with a severity rating and update instructions.
Update to log4cxx 1.7.0

Summary

Log4cxx is a popular logging package written in C++. One of its distinctive

features is the notion of inheritance in loggers. Using a logger hierarchy it

is possible to control which log statements are output at arbitrary

granularity. This helps reduce the volume of logged output and minimize the

cost of logging.

Update Information:

Update to log4cxx 1.7.0. Fixes CVE-2026-40023: XMLLayout did not escape characters forbidden by the XML 1.0 specification, which could cause conforming XML parsers to reject the produced document, silently dropping log records. No ABI-relevant changes; liblog4cxx SONAME (%{sover}) is unchanged.

Change Log

* Fri Jul 3 2026 Till Hofmann - 1.7.0-2 - Skip 2GB-message test on 32-bit architectures * Fri May 22 2026 Till Hofmann - 1.7.0-1 - Update to 1.7.0 * Fri Jan 16 2026 Fedora Release Engineering - 1.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2457923 - CVE-2026-40023 log4cxx: Apache Log4cxx: Log processing impairment due to unsanitized XML characters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457923

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-31a8569c4b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: log4cxx
Product: Fedora 43
Version: 1.7.0
Release: 2.fc43
Summary: A port to C++ of the Log4j project

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.