You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by "moritz löser (Jira)" <ji...@apache.org> on 2021/12/10 15:02:00 UTC

[jira] [Commented] (LOG4J2-905) Ability to disable (date) lookup completely, compatibility issues with other libraries like Camel

    [ https://issues.apache.org/jira/browse/LOG4J2-905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457193#comment-17457193 ] 

moritz löser commented on LOG4J2-905:
-------------------------------------

and now we hit:[https://www.lunasec.io/docs/blog/log4j-zero-day/] probably we need a global switch now :P.

> Ability to disable (date) lookup completely, compatibility issues with other libraries like Camel
> -------------------------------------------------------------------------------------------------
>
>                 Key: LOG4J2-905
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-905
>             Project: Log4j 2
>          Issue Type: Improvement
>          Components: Lookups
>            Reporter: moritz löser
>            Assignee: Gary D. Gregory
>            Priority: Critical
>              Labels: date, lookup
>             Fix For: 2.7
>
>
> (see [here|http://stackoverflow.com/questions/27103400/log4j2-how-to-disable-date-lookup-log4j-throws-exception] for some details )
> At the moment it is not possible to log stuff like this:
> {noformat}
> log.info("${date:now:buhu}");
> {noformat}
> ("ERROR Invalid date format: "now:yyyyMMdd-HHmmss", using default java.lang.IllegalArgumentException: Illegal pattern character 'n'")
> Because log4j2 tries to change the logged output - want to substitute a date. This is intransparently limiting the logging. 
> nobody knows what kind of strings are allowed and what kind of strings will be interpreted by log4j2. But it becomes worse if you use slf4j and switch the logger implementation to log4j2 - it could happen that just switching breaks your code.
> This is a *real issue* if you use libraries like *Apache Camel* because camel itself uses strings like {noformat}${date:now:YYYY...}{noformat} to substitute stuff like file names. see http://camel.apache.org/simple.html
> At the moment camel is logging this stuff on debug (sometime i need it to see if i correctly set up camel) so it is no production issue here. But what about other libraries or the future?
> The only way i see is a switch to disable all kinds of lookups and it should probably off by default.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)