Skip to content

vorburger/Learning-Log4j2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
app
app
 
 
gradle/wrapper
gradle/wrapper
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle.kts
settings.gradle.kts
 
 

Repository files navigation

Learning-Log4j2

Background

See https://github.com/vorburger/Log4j_CVE-2021-44228

Providers & Priorities

$ ./gradlew run
Jan 14, 2022 6:30:52 PM ch.vorburger.log4j.App main
INFO: hello, world

As we can see, this logged "hello, world" using JUL to the console (unless otherwise configured). It uses the (new) log4j-to-jul module, which I (vorburger@) contributed in https://issues.apache.org/jira/browse/LOG4J2-3282.

The interesting part here is noticing that in this project we have dependencies to both log4j-to-jul AND log4j-core (which can happen, for various reasons) - but log4j-to-jul takes precedence over log4j-core, which is ignored.

This is because LogManager respects the priority of each Provider, and JUL's is 15 (or 20, after this PR) whereas Core's is 10.

We can make LogManager print details about this e.g. by putting a log4j2.StatusLogger.properties on the classpath, which after this bug is fixed will show:

WARN StatusLogger Multiple logging implementations found: 
Factory: org.apache.logging.log4j.core.impl.Log4jContextFactory, Weighting: 10
Factory: org.apache.logging.log4j.tojul.JULLoggerContextFactory, Weighting: 15
Using factory: org.apache.logging.log4j.tojul.JULLoggerContextFactory

About

Playground repo to try out Log4j related things

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Languages