Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-7887 Upgrade Solr to use log4j2 -- log4j 1 now officially end of life
  3. SOLR-12154

Disallow Log4j2 explicit usage via forbidden APIs

Attach filesAttach ScreenshotVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • None
    • 7.4
    • None
    • None

    Description

      We need to add org.apache.logging.log4j.** to forbidden APIs

      From Tomás on the reviewboard discussion ( https://reviews.apache.org/r/65888/ ) 

       We don't do log4j calls in the code in general, we have that explicitly forbidden in forbidden APIS today, and code that does something with log4j has to supress that. Developers must instead use slf4j APIs. I don't believe that's changing now with log4j2, or does it?

      We need to address this before 7.4 to make sure we don't break anything by using Log4j2 directly 

      After SOLR-7887 the following classes explicitly import the org.apache.logging.log4j.** package so let's validate it's usage

      - Log4j2Watcher

      - SolrLogLayout

      - StartupLoggingUtils

      - RequestLoggingTest

      - LoggingHandlerTest

      - SolrTestCaseJ4

      - TestLogLevelAnnotations

      - LogLevel

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            varun Varun Thacker
            varun Varun Thacker
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment