[
https://issues.apache.org/jira/browse/LOG4J2-604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14291275#comment-14291275
]
Gary Gregory commented on LOG4J2-604:
-------------------------------------
I'm thinking we can close this issue for now. Thoughts?
> Audit use of ClassLoader, Class.forName, etc.
> ---------------------------------------------
>
> Key: LOG4J2-604
> URL: https://issues.apache.org/jira/browse/LOG4J2-604
> Project: Log4j 2
> Issue Type: Epic
> Components: API, Core
> Affects Versions: 2.0-rc2
> Reporter: Matt Sicker
> Assignee: Matt Sicker
> Priority: Critical
>
> The idiom {{Class.forName}} is almost always a bad idea if it's called
> without a classloader to go along with it. The only acceptable place to put
> it is in something like Loader.loadClass as a last resort.
> To make sure everything works as expected in non-trivial environments (e.g.,
> multiple LoggerContexts associated to completely different ClassLoaders like
> in webapps or bundles), all usage of dynamic class loading should be audited
> for correctness. The appropriate neighbour class can be used for getting a
> class loader in most cases (i.e., another already loaded class that should be
> from the same JAR).
> I'll try to add some integration tests that create sub-classloaders that
> isolate contexts from one another to ensure correctness.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
