Varun Thacker created SOLR-12154:
------------------------------------
Summary: Disallow Log4j2 explicit usage via forbidden APIs
Key: SOLR-12154
URL: https://issues.apache.org/jira/browse/SOLR-12154
Project: Solr
Issue Type: Task
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Varun Thacker
Assignee: Varun Thacker
Fix For: 7.4
We need to add org.apache.logging.log4j.** to forbidden APIs
From [Tomás|https://reviews.apache.org/users/tflobbe/] on the reviewboard
discussion ( [https://reviews.apache.org/r/65888/] )
{quote} We *don't* do log4j calls in the code in general, we have that
explicitly forbidden in forbidden APIS today, and code that does something with
log4j has to supress that. Developers must instead use slf4j APIs. I don't
believe that's changing now with log4j2, or does it?
{quote}
We need to address this before 7.4 to make sure we don't break anything by
using Log4j2 directly
After SOLR-7887 the following classes explicitly import the
org.apache.logging.log4j.** package so let's validate it's usage
- Log4j2Watcher
- SolrLogLayout
- StartupLoggingUtils
- RequestLoggingTest
- LoggingHandlerTest
- SolrTestCaseJ4
- TestLogLevelAnnotations
- LogLevel
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
