[ https://issues.apache.org/jira/browse/LOG4J2-3423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17501079#comment-17501079 ]
Piotr P. Karwasz commented on LOG4J2-3423: ------------------------------------------ Undertow had the same issue (cf. [UNDERTOW-1338|https://issues.redhat.com/browse/UNDERTOW-1338]) and the JDK bug number is [JDK-6956385,|https://bugs.openjdk.java.net/browse/JDK-6956385], which is has been open since 2010. > JAR file containing Log4j configuration isn't closed > ---------------------------------------------------- > > Key: LOG4J2-3423 > URL: https://issues.apache.org/jira/browse/LOG4J2-3423 > Project: Log4j 2 > Issue Type: Bug > Components: Core > Affects Versions: 2.14.0 > Environment: Windows > Reporter: Radim Tlusty > Assignee: Gary D. Gregory > Priority: Major > Fix For: 2.17.3 > > > If the Log4j configuration file is inside of a JAR file, then the JAR file > (which is backed by the {{JarURLConnection}} retrieved from > {{{}URL.openConnection{}}}) isn't closed. > This causes problems on Tomcat running on Windows during undeploying of an > application, because the opened JAR file can't be deleted. > The problem was introduced during implementation of LOG4J2-2901 (version > 2.14.0), where the {{URL.openStream}} was replaced by {{URL.openConnection}} > in the class {{{}org.apache.logging.log4j.core.config.ConfigurationSource{}}}. > The proposed solution (https://github.com/apache/logging-log4j2/pull/780) is > to use the {{URL.openConnection}} only when needed (~ configuration URL has > HTTPS protocol), otherwise similar code as in previous versions (<= 2.13.3) > would be used. > -- This message was sent by Atlassian Jira (v8.20.1#820001)