Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-604

Audit use of ClassLoader, Class.forName, etc.

    XMLWordPrintableJSON

Details

    • Epic
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 2.0-rc2
    • None
    • API, Core
    • None
    • Audit ClassLoaders

    Description

      The idiom Class.forName is almost always a bad idea if it's called without a classloader to go along with it. The only acceptable place to put it is in something like Loader.loadClass as a last resort.

      To make sure everything works as expected in non-trivial environments (e.g., multiple LoggerContexts associated to completely different ClassLoaders like in webapps or bundles), all usage of dynamic class loading should be audited for correctness. The appropriate neighbour class can be used for getting a class loader in most cases (i.e., another already loaded class that should be from the same JAR).

      I'll try to add some integration tests that create sub-classloaders that isolate contexts from one another to ensure correctness.

      Attachments

        Activity

          People

            mattsicker Matt Sicker
            mattsicker Matt Sicker
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: