[I] ComponentBuilder fails to recognize verifyHostName attribute in Ssl component (Log4j 2.25.3) [logging-log4j2]

[via GitHub]

b-k-patel opened a new issue, #4061:
URL: https://github.com/apache/logging-log4j2/issues/4061

   ## Description
   
   Using Log4j 2.25.3 to address CVE-2025-68161, I am unable to configure 
hostname verification programmatically using the ComponentBuilder API.
   When attempting to add the verifyHostName attribute to a nested Ssl 
component (intended for a Syslog or Socket appender), the StatusLogger reports 
an error stating that the attribute is invalid.
   Steps to Reproduce:
   
   Use Log4j 2.25.3 (Core and API).
   Create a programmatic configuration using 
ConfigurationBuilderFactory.newConfigurationBuilder().
   Create an Ssl component and attempt to set the hostname verification 
attribute
   In my case I am trying to use Syslog appender and add SSL  component inside 
it
   ## Configuration
   ComponentBuilder sslComponent = builder.newComponent("Ssl")
       .addAttribute("protocol", "TLS")
       .addAttribute("verifyHostName", "true"); // Fails here
   
   Add this component to a Syslog appender.
   Initialize the configuration.
   **Observed Result:**
   The console output shows:
   Syslog Error Detected: Ssl contains an invalid element or attribute 
"verifyHostName"
   **Internal Investigation:**
   I extracted the Log4j2Plugins.dat file from the official 
log4j-core-2.25.3.jar (downloaded from Maven Central). A string analysis of the 
binary metadata reveals:
   Contains("Ssl") -> True
   Contains("verifyHostName") -> False
   This suggests the plugin metadata was not correctly updated in the 2.25.3 
release to include the verifyHostName attribute for the Ssl component, 
preventing the ComponentBuilder from validating and applying it.
   Expected Result:
   The ComponentBuilder should recognize verifyHostName as a valid attribute 
for the Ssl component, allowing for secure TLS endpoint identification as 
specified in the 2.25.3 documentation.
   **Version:** [Log4j version]
   
   **Operating system:** [OS and version]
   Windows 11 
   
   **JDK:** [JDK distribution and version]
   Java 21
   ## Logs
   
   ```
   [Stacktraces, errors, etc. relevant applications logs.]
   ```
   
   ## Reproduction
   
   [An isolated test reproducing the test.
   JUnit tests similar to the ones in the code base are extremely appreciated.]
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org