You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by rg...@apache.org on 2022/02/17 05:12:50 UTC
[logging-log4j2] branch release-2.x updated: LOG4J2-3297 - Limit loading of configuration via a url to https by default
This is an automated email from the ASF dual-hosted git repository.
rgoers pushed a commit to branch release-2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/release-2.x by this push:
new 3bd53c1 LOG4J2-3297 - Limit loading of configuration via a url to https by default
3bd53c1 is described below
commit 3bd53c14f53c8178320a95fd27be8eac05081257
Author: Ralph Goers <rg...@apache.org>
AuthorDate: Wed Feb 16 22:12:18 2022 -0700
LOG4J2-3297 - Limit loading of configuration via a url to https by default
---
src/site/xdoc/manual/configuration.xml.vm | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/site/xdoc/manual/configuration.xml.vm b/src/site/xdoc/manual/configuration.xml.vm
index fcfde25..424f238 100644
--- a/src/site/xdoc/manual/configuration.xml.vm
+++ b/src/site/xdoc/manual/configuration.xml.vm
@@ -2027,15 +2027,14 @@ public class AwesomeTest {
</td>
</tr>
<tr>
- <td><a name="configurationAuthenticationProvider"/>log4j2.Configuration.authenticationProvider
+ <td><a name="configurationAuthorizationProvider"/>log4j2.Configuration.authorizationProvider
<br />
- (<a name="log4j.configurationAuthenticationProvider"/>log4j.configurationAuthenticationProvider
+ (<a name="log4j.configurationAuthorizationProvider"/>log4j.configurationAuthorizationProvider
</td>
- <td>LOG4J_CONFIGURATION_ALLOWED_PROTOCOLS</td>
- <td> </td>
+ <td>LOG4J_CONFIGURATION_AUTHORIZATION_PROVIDER</td>
+ <td>org.apache.logging.log4j.core.util.BasicAuthorizationProvider</td>
<td>
- A comma separated list of the protocols that may be used to load a configuration file. The default is https.
- To completely prevent accessing the configuration via a URL specify a value of "_none".
+ The fully qualified class name of the AuthorizationProvider.
</td>
</tr>
<tr>