[
https://issues.apache.org/jira/browse/LOG4J2-3423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radim Tlusty updated LOG4J2-3423:
---------------------------------
Description:
If the Log4j configuration file is inside of a JAR file, then the JAR file
(which is backed by the {{JarURLConnection}} retrieved from
{{{}URL.openConnection{}}}) isn't closed.
This causes problems on Tomcat running on Windows during undeploying of an
application, because the opened JAR file can't be deleted.
The problem was introduced during implementation of LOG4J2-2901 (version
2.14.0), where the {{URL.openStream}} was replaced by {{URL.openConnection}} in
the class {{{}org.apache.logging.log4j.core.config.ConfigurationSource{}}}.
The proposed solution (https://github.com/apache/logging-log4j2/pull/780) is to
use the {{URL.openConnection}} only when needed (~ configuration URL has HTTPS
protocol), otherwise similar code as in previous versions (<= 2.13.3) would be
used.
was:
If the Log4j configuration file is inside of a JAR file, then the JAR file
(which is backed by the {{JarURLConnection}} retrieved from
{{{}URL.openConnection{}}}) isn't closed.
This causes problems on Tomcat running on Windows during undeploying of an
application, because the opened JAR file can't be deleted.
The problem was introduced during implementation of LOG4J2-2901 (version
2.14.0), where the {{URL.openStream}} was replaced by {{URL.openConnection}} in
the class {{{}org.apache.logging.log4j.core.config.ConfigurationSource{}}}.
The proposed solution (for which I will create pull request) is to use the
{{URL.openConnection}} only when needed (~ configuration URL has HTTPS
protocol), otherwise similar code as in previous versions (<= 2.13.3) would be
used.
> JAR file containing Log4j configuration isn't closed
> ----------------------------------------------------
>
> Key: LOG4J2-3423
> URL: https://issues.apache.org/jira/browse/LOG4J2-3423
> Project: Log4j 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.14.0
> Environment: Windows
> Reporter: Radim Tlusty
> Priority: Major
>
> If the Log4j configuration file is inside of a JAR file, then the JAR file
> (which is backed by the {{JarURLConnection}} retrieved from
> {{{}URL.openConnection{}}}) isn't closed.
> This causes problems on Tomcat running on Windows during undeploying of an
> application, because the opened JAR file can't be deleted.
> The problem was introduced during implementation of LOG4J2-2901 (version
> 2.14.0), where the {{URL.openStream}} was replaced by {{URL.openConnection}}
> in the class {{{}org.apache.logging.log4j.core.config.ConfigurationSource{}}}.
> The proposed solution (https://github.com/apache/logging-log4j2/pull/780) is
> to use the {{URL.openConnection}} only when needed (~ configuration URL has
> HTTPS protocol), otherwise similar code as in previous versions (<= 2.13.3)
> would be used.
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
