[ https://issues.apache.org/jira/browse/LOG4J2-633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Sicker resolved LOG4J2-633. -------------------------------- Resolution: Won't Fix SecurityManager is going away after Java 21, and Java 21 doesn't allow for specifying a custom SecurityManager. This issue is no longer relevant. > Need to check permissions when registering shutdown hooks and obtaining > classloaders > ------------------------------------------------------------------------------------ > > Key: LOG4J2-633 > URL: https://issues.apache.org/jira/browse/LOG4J2-633 > Project: Log4j 2 > Issue Type: Bug > Components: Core > Affects Versions: 2.0-rc1 > Reporter: Ralph Goers > Priority: Major > > http://docs.oracle.com/javase/6/docs/api/java/lang/RuntimePermission.html > documents what operations require RuntimePermission checks. Log4j 2 doesn't > check these in a lot of cases. > Log4j should check the permissions but do so in a manner that doesn't > significantly impact performance. For example, registering shutdown hooks is > infrequent and so the overhead is minimal while calls to obtain a Classloader > are done much more frequently and so the permission checks need to be > minimized. -- This message was sent by Atlassian Jira (v8.20.10#820010)