You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Varun Thacker (JIRA)" <ji...@apache.org> on 2018/03/28 00:49:00 UTC
[jira] [Created] (SOLR-12154) Disallow Log4j2 explicit usage via
forbidden APIs
Varun Thacker created SOLR-12154:
------------------------------------
Summary: Disallow Log4j2 explicit usage via forbidden APIs
Key: SOLR-12154
URL: https://issues.apache.org/jira/browse/SOLR-12154
Project: Solr
Issue Type: Task
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Varun Thacker
Assignee: Varun Thacker
Fix For: 7.4
We need to add org.apache.logging.log4j.** to forbidden APIs
From [Tomás|https://reviews.apache.org/users/tflobbe/] on the reviewboard discussion ( [https://reviews.apache.org/r/65888/] )
{quote} We *don't* do log4j calls in the code in general, we have that explicitly forbidden in forbidden APIS today, and code that does something with log4j has to supress that. Developers must instead use slf4j APIs. I don't believe that's changing now with log4j2, or does it?
{quote}
We need to address this before 7.4 to make sure we don't break anything by using Log4j2 directly
After SOLR-7887 the following classes explicitly import the org.apache.logging.log4j.** package so let's validate it's usage
- Log4j2Watcher
- SolrLogLayout
- StartupLoggingUtils
- RequestLoggingTest
- LoggingHandlerTest
- SolrTestCaseJ4
- TestLogLevelAnnotations
- LogLevel
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org