log4sh is an advanced logging framework for shell scripts (eg. sh, bash) that
works similar to the logging products available from the Apache Software
Foundataion (eg. log4j, log4perl).
log4sh provides different releases so that users can depend on functionality
within a release series. It uses a variant of the X.Y.Z
Semantic Versioning system.
- X -- major release. Significant functionality has changed, and users of the
code will definitely require changes to continue using it. These are
- Y -- minor release. New functionality was added. To maintain stability for
users, stable releases are numbered with even numbers (e.g. 1.4), with
development releases numbered with odd numbers (e.g. 1.5). Development
releases possibly include functionality that breaks backwards compatibility.
- Z -- patch release. Bug fixes, and minor new functionality that remains 100%
log4sh was originally hosted on Source Forge as
https://sourceforge.net/p/log4sh/. It moved here in Sep 2017 to be hosted
alongside the other projects by @kward (https://github.com/kward).
2021-12-12 log4sh is not Log4Shell. log4sh is written in pure shell
code, and does not use Java in any way, shape, or form. It is therefore not
vulnerable to the Log4j exploit mentioned in CVE-2021-4428, which is also named
Log4Shell or LogJam. For more information, about the unrelated exploit, see