This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch 3.7.x
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/3.7.x by this push:
new 22313d557d JAMES-3881 Unregister LOG4J MBeans (#1459)
22313d557d is described below
commit 22313d557dff3fd6dbba4e6aa5a6df74551fc074
Author: Benoit TELLIER <[email protected]>
AuthorDate: Thu Feb 23 08:53:06 2023 +0700
JAMES-3881 Unregister LOG4J MBeans (#1459)
As they might allow arbitrary file read/writes
---
server/apps/spring-app/pom.xml | 3 ++-
.../apache/james/app/spring/JamesAppSpringMain.java | 20 ++++++++++++++++++++
2 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/server/apps/spring-app/pom.xml b/server/apps/spring-app/pom.xml
index 6a32970751..390ace06b6 100644
--- a/server/apps/spring-app/pom.xml
+++ b/server/apps/spring-app/pom.xml
@@ -48,10 +48,11 @@
<javamail.system-property8>-Dmail.mime.encodeparameters=true</javamail.system-property8>
<javamail.system-property9>-Dmail.mime.decodeparameters=true</javamail.system-property9>
<javamail.system-property10>-Dmail.mime.address.strict=false</javamail.system-property10>
+
<javamail.system-property11>-Djames.jmx.unregister.log4j.mbeans=true</javamail.system-property11>
<javamail.system-properties>${javamail.system-property1}
${javamail.system-property2}
${javamail.system-property3} ${javamail.system-property4}
${javamail.system-property5}
${javamail.system-property6} ${javamail.system-property7}
${javamail.system-property8}
- ${javamail.system-property9}
${javamail.system-property10}</javamail.system-properties>
+ ${javamail.system-property9} ${javamail.system-property10}
${javamail.system-property11}</javamail.system-properties>
<!-- JMX system properties -->
<!-- For more details see -->
diff --git
a/server/apps/spring-app/src/main/java/org/apache/james/app/spring/JamesAppSpringMain.java
b/server/apps/spring-app/src/main/java/org/apache/james/app/spring/JamesAppSpringMain.java
index 9c0d2364a0..7366395b6c 100644
---
a/server/apps/spring-app/src/main/java/org/apache/james/app/spring/JamesAppSpringMain.java
+++
b/server/apps/spring-app/src/main/java/org/apache/james/app/spring/JamesAppSpringMain.java
@@ -18,23 +18,33 @@
****************************************************************/
package org.apache.james.app.spring;
+import java.lang.management.ManagementFactory;
import java.util.Calendar;
+import javax.management.MBeanServer;
+import javax.management.ObjectName;
+import javax.management.QueryExp;
+
import org.apache.commons.daemon.Daemon;
import org.apache.commons.daemon.DaemonContext;
import org.apache.james.container.spring.context.JamesServerApplicationContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.github.fge.lambdas.Throwing;
+
/**
* Bootstraps James using a Spring container.
*/
public class JamesAppSpringMain implements Daemon {
+ private static final ObjectName ALL_OBJECT_NAME = null;
+ private static final QueryExp ALL_QUERY_EXP = null;
private static final Logger log =
LoggerFactory.getLogger(JamesAppSpringMain.class.getName());
private JamesServerApplicationContext context;
public static void main(String[] args) throws Exception {
+ unregisterLog4JMBeans();
long start = Calendar.getInstance().getTimeInMillis();
@@ -47,6 +57,16 @@ public class JamesAppSpringMain implements Daemon {
}
+ private static void unregisterLog4JMBeans() {
+ if (System.getProperty("james.jmx.unregister.log4j.mbeans",
"true").equals("true")) {
+ MBeanServer platformMBeanServer =
ManagementFactory.getPlatformMBeanServer();
+ platformMBeanServer.queryMBeans(ALL_OBJECT_NAME, ALL_QUERY_EXP)
+ .stream()
+ .filter(objectInstance ->
objectInstance.getClassName().startsWith("org.apache.logging.log4j"))
+ .forEach(Throwing.consumer(objectInstance ->
platformMBeanServer.unregisterMBean(objectInstance.getObjectName())));
+ }
+ }
+
@Override
public void destroy() {
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
