On 10/12/2021 11.10, Uwe Schindler wrote:
In general the sysprop "log4j2.formatMsgNoLookups=true" fix is the only correct
fix (maybe add it to the bootstrap class of solr). Updating log4j is not really needed.
This prevents any of those shit. There's no reason ever to parse ${} escapes in log
messages. The only place where this can be used is the format pattern in the config file,
but WTF was the idea behind that to pass ALL log messages through the expansion?
Man man, SNEAKY log4j!!! 😊
Very sneaky. Seems like logback handles these things a bit better.
Upgrading log4j to 2.15.0 seems to disable the parsing by default. This
version just hit maven central last night.
- Bram
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
