ppkarwasz opened a new pull request, #4161: URL: https://github.com/apache/logging-log4j2/pull/4161
## Summary > [!NOTE] > >Stacked on #4158 (`feat/2.x/xinclude-opt-in`). Routes every external resource an XML configuration references through `ConfigurationSource`, the same way the configuration file itself is resolved. A single `ConfigurationSourceResolver` (implementing `EntityResolver` + `LSResourceResolver`) resolves: - `xi:include` targets, - the validation schema (the `schema` attribute), and - the schema's own `xsd:include`/`xsd:import` resources. As a result, all of them support the Log4j URI conventions (such as the `classpath:` scheme) and are subject to the `log4j2.configurationAllowedProtocols` restrictions, limiting the blast radius of a (trusted) configuration. ## Behavior changes - A schema validation failure, or a resource rejected by the resolver (for example a sub-schema fetched over a disallowed protocol), now fails the configuration with a `ConfigurationException` instead of only logging. ## Notes - Schema validation remains a configuration-authoring aid, not a security control: per the threat model the configuration file is trusted. The `ConfigurationSource` / `ALLOWED_PROTOCOLS` routing is defense-in-depth within that single trusted tier. - Tests (`XmlConfigurationSchemaTest`): a conforming config validates, a `File` appender is rejected by a `Console`-only schema, and an `http` sub-schema include is blocked by `ALLOWED_PROTOCOLS`; plus the existing XInclude tests. The changelog entry's `<issue>` will be set to this PR number once assigned. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
