Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-7887 Upgrade Solr to use log4j2 -- log4j 1 now officially end of life
  3. SOLR-12154

Disallow Log4j2 explicit usage via forbidden APIs

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • None
    • 7.4
    • None
    • None

    Description

      We need to add org.apache.logging.log4j.** to forbidden APIs

      From Tomás on the reviewboard discussion ( https://reviews.apache.org/r/65888/ ) 

       We don't do log4j calls in the code in general, we have that explicitly forbidden in forbidden APIS today, and code that does something with log4j has to supress that. Developers must instead use slf4j APIs. I don't believe that's changing now with log4j2, or does it?

      We need to address this before 7.4 to make sure we don't break anything by using Log4j2 directly 

      After SOLR-7887 the following classes explicitly import the org.apache.logging.log4j.** package so let's validate it's usage

      - Log4j2Watcher

      - SolrLogLayout

      - StartupLoggingUtils

      - RequestLoggingTest

      - LoggingHandlerTest

      - SolrTestCaseJ4

      - TestLogLevelAnnotations

      - LogLevel

      Attachments

        1. SOLR-12154.patch
          10 kB
          Varun Thacker
        2. SOLR-12154.patch
          12 kB
          Varun Thacker

        Activity

          People

            varun Varun Thacker
            varun Varun Thacker
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: