Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-604

Audit use of ClassLoader, Class.forName, etc.

    Details

    • Type: Epic
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0-rc2
    • Fix Version/s: None
    • Component/s: API, Core
    • Labels:
      None
    • Epic Name:
      Audit ClassLoaders

      Description

      The idiom Class.forName is almost always a bad idea if it's called without a classloader to go along with it. The only acceptable place to put it is in something like Loader.loadClass as a last resort.

      To make sure everything works as expected in non-trivial environments (e.g., multiple LoggerContexts associated to completely different ClassLoaders like in webapps or bundles), all usage of dynamic class loading should be audited for correctness. The appropriate neighbour class can be used for getting a class loader in most cases (i.e., another already loaded class that should be from the same JAR).

      I'll try to add some integration tests that create sub-classloaders that isolate contexts from one another to ensure correctness.

        Attachments

          Activity

            People

            • Assignee:
              jvz Matt Sicker
              Reporter:
              jvz Matt Sicker
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: