You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@logging.apache.org by "Radim Tlusty (Jira)" <ji...@apache.org> on 2022/03/02 11:55:00 UTC

[jira] [Updated] (LOG4J2-3423) JAR file containing Log4j configuration isn't closed

     [ https://issues.apache.org/jira/browse/LOG4J2-3423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Radim Tlusty updated LOG4J2-3423:
---------------------------------
    Description: 
If the Log4j configuration file is inside of a JAR file, then the JAR file (which is backed by the {{JarURLConnection}} retrieved from {{{}URL.openConnection{}}}) isn't closed.

This causes problems on Tomcat running on Windows during undeploying of an application, because the opened JAR file can't be deleted.

The problem was introduced during implementation of LOG4J2-2901 (version 2.14.0), where the {{URL.openStream}} was replaced by {{URL.openConnection}} in the class {{{}org.apache.logging.log4j.core.config.ConfigurationSource{}}}.

The proposed solution (for which I will create pull request) is to use the {{URL.openConnection}} only when needed (~ configuration URL has HTTPS protocol), otherwise similar code as in previous versions (<= 2.13.3) would be used.

 

  was:
If the Log4j configuration file is inside of a JAR file, then the JAR file (which is backed by the {{JarURLConnection}} retrieved from {{{}URL.openConnection{}}}) isn't closed.

This causes problems on Tomcat running on Windows during undeploying of an application, because the opened JAR file can't be deleted.

The problem was introduced during implementation of LOG4J2-2901 (version 2.14.0), where the {{URL.openStream}} was replaced by {{{}URL.openConnection{}}}.

The proposed solution (for which I will create pull request) is to use the {{URL.openConnection}} only when needed (~ configuration URL has HTTPS protocol), otherwise similar code as in previous versions (<= 2.13.3) would be used.

 


> JAR file containing Log4j configuration isn't closed
> ----------------------------------------------------
>
>                 Key: LOG4J2-3423
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3423
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.14.0
>         Environment: Windows
>            Reporter: Radim Tlusty
>            Priority: Major
>
> If the Log4j configuration file is inside of a JAR file, then the JAR file (which is backed by the {{JarURLConnection}} retrieved from {{{}URL.openConnection{}}}) isn't closed.
> This causes problems on Tomcat running on Windows during undeploying of an application, because the opened JAR file can't be deleted.
> The problem was introduced during implementation of LOG4J2-2901 (version 2.14.0), where the {{URL.openStream}} was replaced by {{URL.openConnection}} in the class {{{}org.apache.logging.log4j.core.config.ConfigurationSource{}}}.
> The proposed solution (for which I will create pull request) is to use the {{URL.openConnection}} only when needed (~ configuration URL has HTTPS protocol), otherwise similar code as in previous versions (<= 2.13.3) would be used.
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)