[ https://issues.apache.org/jira/browse/LOG4J2-3423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17500826#comment-17500826 ]
ASF subversion and git services commented on LOG4J2-3423: --------------------------------------------------------- Commit e652dc36b629ee8355c68fe6546928f907f79301 in logging-log4j2's branch refs/heads/release-2.x from Gary Gregory [ https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=e652dc3 ] [LOG4J2-3423] JAR file containing Log4j configuration isn't closed. > JAR file containing Log4j configuration isn't closed > ---------------------------------------------------- > > Key: LOG4J2-3423 > URL: https://issues.apache.org/jira/browse/LOG4J2-3423 > Project: Log4j 2 > Issue Type: Bug > Components: Core > Affects Versions: 2.14.0 > Environment: Windows > Reporter: Radim Tlusty > Assignee: Gary D. Gregory > Priority: Major > > If the Log4j configuration file is inside of a JAR file, then the JAR file > (which is backed by the {{JarURLConnection}} retrieved from > {{{}URL.openConnection{}}}) isn't closed. > This causes problems on Tomcat running on Windows during undeploying of an > application, because the opened JAR file can't be deleted. > The problem was introduced during implementation of LOG4J2-2901 (version > 2.14.0), where the {{URL.openStream}} was replaced by {{URL.openConnection}} > in the class {{{}org.apache.logging.log4j.core.config.ConfigurationSource{}}}. > The proposed solution (https://github.com/apache/logging-log4j2/pull/780) is > to use the {{URL.openConnection}} only when needed (~ configuration URL has > HTTPS protocol), otherwise similar code as in previous versions (<= 2.13.3) > would be used. > -- This message was sent by Atlassian Jira (v8.20.1#820001)