Giters

vorburger / Learning-Log4j2

Playground repo to try out Log4j related things

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Learning-Log4j2

Background

See https://github.com/vorburger/Log4j_CVE-2021-44228

Providers & Priorities

$ ./gradlew run
Jan 14, 2022 6:30:52 PM ch.vorburger.log4j.App main
INFO: hello, world

As we can see, this logged "hello, world" using JUL to the console (unless otherwise configured). It uses the (new) log4j-to-jul module, which I (vorburger@) contributed in https://issues.apache.org/jira/browse/LOG4J2-3282.

The interesting part here is noticing that in this project we have dependencies to both log4j-to-jul AND log4j-core (which can happen, for various reasons) - but log4j-to-jul takes precedence over log4j-core, which is ignored.

This is because LogManager respects the priority of each Provider, and JUL's is 15 (or 20, after this PR) whereas Core's is 10.

We can make LogManager print details about this e.g. by putting a log4j2.StatusLogger.properties on the classpath, which after this bug is fixed will show:

WARN StatusLogger Multiple logging implementations found: 
Factory: org.apache.logging.log4j.core.impl.Log4jContextFactory, Weighting: 10
Factory: org.apache.logging.log4j.tojul.JULLoggerContextFactory, Weighting: 15
Using factory: org.apache.logging.log4j.tojul.JULLoggerContextFactory

About

Playground repo to try out Log4j related things

Languages

Language:Kotlin 59.8%Language:Java 40.2%