[jira] [Commented] (LOG4J2-1820) Log4j 2.8 can lose exceptions when a security manager is present

Wed, 01 Mar 2017 13:46:03 -0800 

    [ 
https://issues.apache.org/jira/browse/LOG4J2-1820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15891116#comment-15891116
 ] 

Jason Tedor commented on LOG4J2-1820:
-------------------------------------

The metadata is applied properly with {{git am}}:

{code}
16:44:00 [jason:~/src/apache/logging-log4j2] master(-1)+* ± git log 
--pretty=oneline | head -1
9ec88e21312c892c25c01caab42d936d3a299736 [LOG4J2-1831] NullPointerException in 
HtmlLayout. Add due-to.
16:44:06 [jason:~/src/apache/logging-log4j2] master(-1)+* ± git am 
~/0002-Handle-security-exception-on-getting-class-loader.patch 
Applying: Handle security exception on getting class loader
16:44:09 [jason:~/src/apache/logging-log4j2] master(+1/-1)+* ± git log 
master^..master
commit b518205ff661941d59f554a71744b6bd15e41c0b
Author: Jason Tedor <ja...@tedor.me>
Date:   Fri Feb 17 16:12:27 2017 -0500

    Handle security exception on getting class loader
    
    When logging a stack trace, Log4j attempts to get the class loader for
    the caller class. If it does not have permissions to get this class
    loader, a security exception will be thrown. Log4j does not handle this
    exception and this exception unwinds to the caller. This causes the
    original exception to be lost, and can even unwind the JVM. This commit
    fixes this by treating the class loader as unavailable in this
    case. This preserves the original exception.
{code}

{quote}
It's easier to apply that properly as a pull request.
{quote}

I don't think this project accepts pull requests, is that correct?


> Log4j 2.8 can lose exceptions when a security manager is present
> ----------------------------------------------------------------
>
>                 Key: LOG4J2-1820
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-1820
>             Project: Log4j 2
>          Issue Type: Bug
>    Affects Versions: 2.8
>            Reporter: Jason Tedor
>            Assignee: Gary Gregory
>             Fix For: 2.8.2
>
>         Attachments: 
> 0001-Handle-security-exception-on-getting-class-loader.patch, 
> 0002-Handle-security-exception-on-getting-class-loader.patch
>
>
> When Log4j is rendering an exception, it can attempt to access a class loader 
> that it does not have permissions to access when a security manager is 
> present.
> I have a patch and a failing test case for this; I will submit it shortly.
> This is similar to LOG4J2-1560.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscr...@logging.apache.org
For additional commands, e-mail: log4j-dev-h...@logging.apache.org

Reply via email to