Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-1926

Remove dependency on RMI and Management APIs from log4j-api

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.8
    • Fix Version/s: 2.9.0
    • Component/s: API
    • Labels:
    • Environment:

      Android

      Description

      (Remko: Paraphrasing discussion on the log4j dev mailing list. Please feel free to update/modify):

      When the Apache HttpClient 5.0 library gets pulled into an Android project, the Lint static code analyzer reports two severe violations due to transitive dependency through Log4j APIs 2.8 on Java RMI and Java Management APIs.

      At the moment adding a transitive dependency on log4j2-api causes any Android build to fail with a scary invalid package error. Surely this error can be ignored with a custom lint rule but it may present a certain reason for concert to less experienced developers.

      This is caused by Log4j's use of MarshalledObject: User domain objects and exceptions are wrapped in MarshalledObject when LogEvents are serialized. This allows applications like Lilith to deserialize LogEvents even when not all domain classes are on the classpath (LOG4J2-1226).

      Consider finding a different way to solve this problem that does not require MarshalledObject.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                remkop@yahoo.com Remko Popma
                Reporter:
                olegk Oleg Kalnichevski
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: