[
https://issues.apache.org/jira/browse/SOLR-12154?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Varun Thacker updated SOLR-12154:
---------------------------------
Attachment: SOLR-12154.patch
> Disallow Log4j2 explicit usage via forbidden APIs
> -------------------------------------------------
>
> Key: SOLR-12154
> URL: https://issues.apache.org/jira/browse/SOLR-12154
> Project: Solr
> Issue Type: Sub-task
> Reporter: Varun Thacker
> Assignee: Varun Thacker
> Priority: Blocker
> Fix For: 7.4
>
> Attachments: SOLR-12154.patch
>
>
> We need to add org.apache.logging.log4j.** to forbidden APIs
> From [Tomás|https://reviews.apache.org/users/tflobbe/] on the reviewboard
> discussion ( [https://reviews.apache.org/r/65888/] )
> {quote} We *don't* do log4j calls in the code in general, we have that
> explicitly forbidden in forbidden APIS today, and code that does something
> with log4j has to supress that. Developers must instead use slf4j APIs. I
> don't believe that's changing now with log4j2, or does it?
> {quote}
> We need to address this before 7.4 to make sure we don't break anything by
> using Log4j2 directly
> After SOLR-7887 the following classes explicitly import the
> org.apache.logging.log4j.** package so let's validate it's usage
> - Log4j2Watcher
> - SolrLogLayout
> - StartupLoggingUtils
> - RequestLoggingTest
> - LoggingHandlerTest
> - SolrTestCaseJ4
> - TestLogLevelAnnotations
> - LogLevel
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
