You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@daffodil.apache.org by "Steve Lawrence (Jira)" <ji...@apache.org> on 2023/02/03 18:50:00 UTC

[jira] [Commented] (DAFFODIL-2787) log4j-core and log4j-api version mismatch can lead to very confusing errors

    [ https://issues.apache.org/jira/browse/DAFFODIL-2787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17683995#comment-17683995 ] 

Steve Lawrence commented on DAFFODIL-2787:
------------------------------------------

Log4j documentation does discuss the separation of log4j-api and log4j-core dependencies:

https://logging.apache.org/log4j/2.x/manual/api-separation.html

Based on that, I think we are doing the right thing in Daffodil by only depending on the log4j-api. It's then up to projects depending on Daffodil to add the right log4j-core dependency if that's the logging infrastructure they want, or some other dependencies if they want to use some other logging mechanism (e.g. log4j-to-slf4j).

Unfortunately, Log4j says this on that same page:

{quote}
Note that having two different versions of log4j-api and log4j-core on your classpath is not guaranteed to work correctly
{quote}

Which we have found to be the case, at least with log4j-api-2.19.0 and log4j-core-2.17.1. It's unclear if there's a good way to ensure compatible version are used.

Maybe one option is to add log4j-core as a dependency, and users can always exclude and override it if they want something different. This makes the common case just work.

Another option is to investigate other logging frameworks that don't have this issue and guarantee some kind of compatibility. Other infrastructures might also better handle capabilities needed to make the CLI thread-safe as described in DAFFODIL-2778. In trying to fix DAFFODIL-2778, I've found that log4j really does seem way too complicated for what we need.

> log4j-core and log4j-api version mismatch can lead to very confusing errors
> ---------------------------------------------------------------------------
>
>                 Key: DAFFODIL-2787
>                 URL: https://issues.apache.org/jira/browse/DAFFODIL-2787
>             Project: Daffodil
>          Issue Type: Bug
>          Components: Infrastructure
>    Affects Versions: 3.4.0
>            Reporter: Steve Lawrence
>            Priority: Major
>             Fix For: 3.5.0
>
>
> Daffodil libs do not explicitly depend on log4j-core, with the reason being that users can provide whatever log4j implementation that they want (maybe there's something else aside from log4j-core?)
> The problem with this is that if projects that depend on daffodil do not also depend on a log4j implementation then they get a warning like this:
> {quote}ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
> {quote}
> For this reason, many schema projects add an explicit log4j-core dependency to suppress this warning. However, if the version of log4j-core they depend on does not match the version of log4j-api that Daffodil uses then you get a really verbose, unhelpful, and probably wrong, error message about classLoaderLayeringStrategy. And this is fairly common since we frequently update our dependencies but schema projects tend to lag behind.
> We need to either have a dependency on log4j-core so schema projects don't need to worry about adding this depend and matching versions, or use some other dependency mechanism to ensure whatever log4j implementation is used matches our log4j-api version.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)