[
https://issues.apache.org/jira/browse/SOLR-12154?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Varun Thacker updated SOLR-12154:
---------------------------------
Description:
We need to add org.apache.logging.log4j.** to forbidden APIs
From [Tomás|https://reviews.apache.org/users/tflobbe/] on the reviewboard
discussion ( [https://reviews.apache.org/r/65888/] )
{quote} We *don't* do log4j calls in the code in general, we have that
explicitly forbidden in forbidden APIS today, and code that does something with
log4j has to supress that. Developers must instead use slf4j APIs. I don't
believe that's changing now with log4j2, or does it?
{quote}
We need to address this before 7.4 to make sure we don't break anything by
using Log4j2 directly
After SOLR-7887 the following classes explicitly import the
org.apache.logging.log4j.** package so let's validate it's usage
- Log4j2Watcher
- SolrLogLayout
- StartupLoggingUtils
- RequestLoggingTest
- LoggingHandlerTest
- SolrTestCaseJ4
- TestLogLevelAnnotations
- LogLevel
was:
We need to add org.apache.logging.log4j.** to forbidden APIs
From [Tomás|https://reviews.apache.org/users/tflobbe/] on the reviewboard
discussion ( [https://reviews.apache.org/r/65888/] )
{quote} We *don't* do log4j calls in the code in general, we have that
explicitly forbidden in forbidden APIS today, and code that does something with
log4j has to supress that. Developers must instead use slf4j APIs. I don't
believe that's changing now with log4j2, or does it?
{quote}
We need to address this before 7.4 to make sure we don't break anything by
using Log4j2 directly
After SOLR-7887 the following classes explicitly import the
org.apache.logging.log4j.** package so let's validate it's usage
- Log4j2Watcher
- SolrLogLayout ( already has a SuppressForbidden annotation )
- StartupLoggingUtils
- RequestLoggingTest
- LoggingHandlerTest
- SolrTestCaseJ4
- TestLogLevelAnnotations
- LogLevel
> Disallow Log4j2 explicit usage via forbidden APIs
> -------------------------------------------------
>
> Key: SOLR-12154
> URL: https://issues.apache.org/jira/browse/SOLR-12154
> Project: Solr
> Issue Type: Sub-task
> Reporter: Varun Thacker
> Assignee: Varun Thacker
> Priority: Blocker
> Fix For: 7.4
>
>
> We need to add org.apache.logging.log4j.** to forbidden APIs
> From [Tomás|https://reviews.apache.org/users/tflobbe/] on the reviewboard
> discussion ( [https://reviews.apache.org/r/65888/] )
> {quote} We *don't* do log4j calls in the code in general, we have that
> explicitly forbidden in forbidden APIS today, and code that does something
> with log4j has to supress that. Developers must instead use slf4j APIs. I
> don't believe that's changing now with log4j2, or does it?
> {quote}
> We need to address this before 7.4 to make sure we don't break anything by
> using Log4j2 directly
> After SOLR-7887 the following classes explicitly import the
> org.apache.logging.log4j.** package so let's validate it's usage
> - Log4j2Watcher
> - SolrLogLayout
> - StartupLoggingUtils
> - RequestLoggingTest
> - LoggingHandlerTest
> - SolrTestCaseJ4
> - TestLogLevelAnnotations
> - LogLevel
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
