Summary: | log4j.properties in xmlsec sources and builds has side effects in production environment | ||
---|---|---|---|
Product: | Security - Now in JIRA | Reporter: | Joachim Rousseau <syrion.com> |
Component: | Encryption | Assignee: | XML Security Developers Mailing List <security-dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | Java 1.4.1 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All |
Description
Joachim Rousseau
2008-05-29 07:40:21 UTC
Fixed as suggested. Did this fix go into any releases? xmlsec-1.4.3.jar seems to be the latest and it has the problem described. (In reply to comment #2) > Did this fix go into any releases? xmlsec-1.4.3.jar seems to be the latest and > it has the problem described. Here are the diffs for the fix that went into 1.4.3. Did you expect something different? $ svn diff -r350676 log4j.properties Index: log4j.properties =================================================================== --- log4j.properties (revision 350676) +++ log4j.properties (working copy) @@ -4,14 +4,13 @@ # # ------------------------------------------------------------------------ # -log4j.rootLogger=DEBUG, LOGTXT ######################################################################## # # Logging based on packages # ######################################################################## -log4j.logger.org.apache.xml.security=DEBUG, LOGTXT +log4j.logger.org.apache.xml.security=ERROR, LOGTXT log4j.logger.org.apache.xml.security.test.AllTests=DEBUG, LOGTXT ######################################################################## xmlsec 1.4.3 is OK, as its log4j config follows recommandations - no more root logger overriding - no more DEBUG level As an effect, xmlsec is not flooding production logs anymore. It works as expected. xmlsec 1.4.3 doesn't have the issue anymore. (In reply to comment #3) > (In reply to comment #2) > > Did this fix go into any releases? xmlsec-1.4.3.jar seems to be the latest and > > it has the problem described. |