[LOG4J2-3423] JAR file containing Log4j configuration isn't closed - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.14.0
Fix Version/s: 2.18.0
Component/s: Core
Labels:
None
Environment:

Windows

Description

If the Log4j configuration file is inside of a JAR file, then the JAR file (which is backed by the JarURLConnection retrieved from URL.openConnection) isn't closed.

This causes problems on Tomcat running on Windows during undeploying of an application, because the opened JAR file can't be deleted.

The problem was introduced during implementation of ~~LOG4J2-2901~~ (version 2.14.0), where the URL.openStream was replaced by URL.openConnection in the class org.apache.logging.log4j.core.config.ConfigurationSource.

The proposed solution (https://github.com/apache/logging-log4j2/pull/780) is to use the URL.openConnection only when needed (~ configuration URL has HTTPS protocol), otherwise similar code as in previous versions (<= 2.13.3) would be used.