[
https://issues.apache.org/jira/browse/LOG4J2-633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matt Sicker resolved LOG4J2-633.
--------------------------------
Resolution: Won't Fix
SecurityManager is going away after Java 21, and Java 21 doesn't allow for
specifying a custom SecurityManager. This issue is no longer relevant.
> Need to check permissions when registering shutdown hooks and obtaining
> classloaders
> ------------------------------------------------------------------------------------
>
> Key: LOG4J2-633
> URL: https://issues.apache.org/jira/browse/LOG4J2-633
> Project: Log4j 2
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.0-rc1
> Reporter: Ralph Goers
> Priority: Major
>
> http://docs.oracle.com/javase/6/docs/api/java/lang/RuntimePermission.html
> documents what operations require RuntimePermission checks. Log4j 2 doesn't
> check these in a lot of cases.
> Log4j should check the permissions but do so in a manner that doesn't
> significantly impact performance. For example, registering shutdown hooks is
> infrequent and so the overhead is minimal while calls to obtain a Classloader
> are done much more frequently and so the permission checks need to be
> minimized.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
