[
https://issues.apache.org/jira/browse/LOG4J2-1560?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15462619#comment-15462619
]
Simon Willnauer commented on LOG4J2-1560:
-----------------------------------------
Sorry I should have been more verbose here. Both Apache Lucene and
Elasticsearch run tests with a security manager installed by the test framework
such that we have full control over what our tests as well as our production
code is doing. Writing any files outside of the test directory, setting system
properties without our permission etc. This also requires that all relevant
code applies doPriviledged blocks where needed. It would have like also caught
these kind of issues show here. What I can offer is to open an issue and help
to get you up to speed if this is of interest. I think it could help us
especially since we are heavy user of the security manager to prevent issues
down the road. So, if you feel like this is something you want to employ then I
am more than happy to invest time.
> Log4j can lose exceptions when a security manager is present
> ------------------------------------------------------------
>
> Key: LOG4J2-1560
> URL: https://issues.apache.org/jira/browse/LOG4J2-1560
> Project: Log4j 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.6.2
> Reporter: Jason Tedor
> Attachments: log4j-exception-logging-issue.tar.gz,
> throwable-proxy-security.exception.patch
>
>
> When Log4j is rendering an exception, it can attempt to load classes that it
> does not have permissions to load when a security manager is present.
> I have a patch and a failing test case for this; I will submit it shortly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
