[jira] [Work started] (LOG4J2-3427) ServiceLoader usage in a servlet environment
[ https://issues.apache.org/jira/browse/LOG4J2-3427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on LOG4J2-3427 started by Piotr Karwasz. - > ServiceLoader usage in a servlet environment > > > Key: LOG4J2-3427 > URL: https://issues.apache.org/jira/browse/LOG4J2-3427 > Project: Log4j 2 > Issue Type: Improvement >Reporter: Piotr Karwasz >Assignee: Piotr Karwasz >Priority: Major > > It is fair to assume that a servlet container like Tomcat might contain > multiple copies of Log4j 2.x: > * a copy of Log4j 2.x can be used as logging provider for the entire server, > * each web application can contain another copy of Log4j 2.x > One of the shortcomings of {{ServiceLoader}} is that it detects services in > both the web application's and server's classloader, but only those in the > web application are usable: those in the server's classloader can not extend > the service class contained in the application's classloader. > A typical usage of {{ServiceLoader}} to find all instances of a certain > service can therefore end up in a {{{}ServiceConfigurationError{}}}. Those > are caught in Log4j 2.x, but usually end up in all services (also the viable > ones) being {*}discarded{*}. > Hence a tool is necessary to only discard those services, which are contained > in the server's classloader. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Closed] (LOG4J2-3419) Unable to create custom logging level using log4j 2 Bridge API
[ https://issues.apache.org/jira/browse/LOG4J2-3419?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Piotr Karwasz closed LOG4J2-3419. - > Unable to create custom logging level using log4j 2 Bridge API > -- > > Key: LOG4J2-3419 > URL: https://issues.apache.org/jira/browse/LOG4J2-3419 > Project: Log4j 2 > Issue Type: Bug > Components: Log4j 1.2 bridge >Affects Versions: 2.17.1 > Environment: Using log4j 2 bridge API: log4j-1.2-api-2.17.1.jar >Reporter: Ragini Gawande >Assignee: Piotr Karwasz >Priority: Blocker > Fix For: 2.17.3 > > Attachments: DemoCustom.zip, Level.java, log4j.properties > > > Unable to create custom logging level using log4j 2 Bridge API > Following did not create a custom logging level > *public static final int FINE_INT = 13000;* > *public static final Level FINE = new Level(FINE_INT, "FINE", 7);* > > Using FINE logging level is considered to be DEBUG level by default while > printing it > *Adding log:* > log.log({*}Level.FINE{*},"PRINT: Level.FINE log"); > > *Expected log printed:* > 2022-02-25 15:50:09,208 Main[6788] :main: example.com.Test *FINE* - PRINT: > Level.FINE log > > *Actual log printed:* > 2022-02-25 15:50:09,208 Main[6788] :main: example.com.Test *DEBUG* - PRINT: > Level.FINE log -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (LOG4J2-3419) Unable to create custom logging level using log4j 2 Bridge API
[ https://issues.apache.org/jira/browse/LOG4J2-3419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17511613#comment-17511613 ] Ragini Gawande commented on LOG4J2-3419: [~pkarwasz], The latest snapshot version is giving us the expected output 2022-03-24 11:56:21,249 Main[35716] :main: example.com.Test FATAL - Ragini Level.FATAL log 2022-03-24 11:56:21,249 Main[35716] :main: example.com.Test ERROR - Ragini Level.ERROR log 2022-03-24 11:56:21,249 Main[35716] :main: example.com.Test WARNING - Ragini Level.WARNING log 2022-03-24 11:56:21,249 Main[35716] :main: example.com.Test SEVERE - Ragini Level.SEVERE log 2022-03-24 11:56:21,249 Main[35716] :main: example.com.Test UM_INFO - Ragini Level.UM_INFO log 2022-03-24 11:56:21,250 Main[35716] :main: example.com.Test INFO - Ragini Level.INFO log 2022-03-24 11:56:21,250 Main[35716] :main: example.com.Test CONFIG - Ragini Level.CONFIG log 2022-03-24 11:56:21,250 Main[35716] :main: example.com.Test FINE - Ragini Level.FINE log 2022-03-24 11:56:21,250 Main[35716] :main: example.com.Test FINER - Ragini Level.FINER log 2022-03-24 11:56:21,250 Main[35716] :main: example.com.Test FINEST - Ragini Level.FINEST log Thanks for getting this issues resolved. > Unable to create custom logging level using log4j 2 Bridge API > -- > > Key: LOG4J2-3419 > URL: https://issues.apache.org/jira/browse/LOG4J2-3419 > Project: Log4j 2 > Issue Type: Bug > Components: Log4j 1.2 bridge >Affects Versions: 2.17.1 > Environment: Using log4j 2 bridge API: log4j-1.2-api-2.17.1.jar >Reporter: Ragini Gawande >Assignee: Piotr Karwasz >Priority: Blocker > Fix For: 2.17.3 > > Attachments: DemoCustom.zip, Level.java, log4j.properties > > > Unable to create custom logging level using log4j 2 Bridge API > Following did not create a custom logging level > *public static final int FINE_INT = 13000;* > *public static final Level FINE = new Level(FINE_INT, "FINE", 7);* > > Using FINE logging level is considered to be DEBUG level by default while > printing it > *Adding log:* > log.log({*}Level.FINE{*},"PRINT: Level.FINE log"); > > *Expected log printed:* > 2022-02-25 15:50:09,208 Main[6788] :main: example.com.Test *FINE* - PRINT: > Level.FINE log > > *Actual log printed:* > 2022-02-25 15:50:09,208 Main[6788] :main: example.com.Test *DEBUG* - PRINT: > Level.FINE log -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (LOG4J2-3446) AGPBI: {"kind":"error","text":"MethodHandle.invoke and MethodHandle.invokeExact are only supported starting with Android O (--min-api 26)","sources":[{}],"tool":"D8"}
leiyao created LOG4J2-3446: -- Summary: AGPBI: {"kind":"error","text":"MethodHandle.invoke and MethodHandle.invokeExact are only supported starting with Android O (--min-api 26)","sources":[{}],"tool":"D8"} Key: LOG4J2-3446 URL: https://issues.apache.org/jira/browse/LOG4J2-3446 Project: Log4j 2 Issue Type: Bug Components: Build Affects Versions: 2.17.2 Reporter: leiyao Fix For: 2.17.2 Attachments: 微信图片_20220324111842.png Adding org.apache.logging.log4j:log4j-core:2.17.2 to an Android project ,but when I install app on device by androidstudio, the error come out.(MethodHandle.invoke and MethodHandle.invokeExact are only supported starting with Android O (--min-api 26) ). Could you help me? com.android.builder.dexing.DexArchiveBuilderException: com.android.builder.dexing.DexArchiveBuilderException: Failed to process C:\Users\leiyao7\.gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-core\2.17.2\fa43ba4467f5300b16d1e0742934149bfc5ac564\log4j-core-2.17.2.jar at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at java.util.concurrent.ForkJoinTask.getThrowableException(ForkJoinTask.java:593) at java.util.concurrent.ForkJoinTask.reportException(ForkJoinTask.java:677) at java.util.concurrent.ForkJoinTask.join(ForkJoinTask.java:720) at com.android.ide.common.internal.WaitableExecutor.waitForTasksWithQuickFail(WaitableExecutor.java:149) at com.android.build.gradle.internal.transforms.DexArchiveBuilderTransform.transform(DexArchiveBuilderTransform.java:420) at com.android.build.gradle.internal.pipeline.TransformTask$2.call(TransformTask.java:239) at com.android.build.gradle.internal.pipeline.TransformTask$2.call(TransformTask.java:235) at com.android.builder.profile.ThreadRecorder.record(ThreadRecorder.java:102) at com.android.build.gradle.internal.pipeline.TransformTask.transform(TransformTask.java:230) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:104) at org.gradle.api.internal.project.taskfactory.IncrementalTaskInputsTaskAction.doExecute(IncrementalTaskInputsTaskAction.java:47) at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:42) at org.gradle.api.internal.project.taskfactory.AbstractIncrementalTaskAction.execute(AbstractIncrementalTaskAction.java:25) at org.gradle.api.internal.project.taskfactory.StandardTaskAction.execute(StandardTaskAction.java:28) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter$3.run(ExecuteActionsTaskExecuter.java:568) at org.gradle.internal.operations.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:402) at org.gradle.internal.operations.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:394) at org.gradle.internal.operations.DefaultBuildOperationExecutor$1.execute(DefaultBuildOperationExecutor.java:165) at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:250) at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:158) at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:92) at org.gradle.internal.operations.DelegatingBuildOperationExecutor.run(DelegatingBuildOperationExecutor.java:31) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeAction(ExecuteActionsTaskExecuter.java:553) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeActions(ExecuteActionsTaskExecuter.java:536) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.access$300(ExecuteActionsTaskExecuter.java:109) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter$TaskExecution.executeWithPreviousOutputFiles(ExecuteActionsTaskExecuter.java:276) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter$TaskExecution.execute(ExecuteActionsTaskExecuter.java:265) at org.gradle.internal.execution.steps.ExecuteStep.lambda$execute$0(ExecuteStep.java:32) at java.util.Optional.map(Optional.java:2
[jira] [Updated] (LOG4J2-3445) not able to deploy log4j 2.12.4 with jboss web-app (jersey issue)
[ https://issues.apache.org/jira/browse/LOG4J2-3445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sajed updated LOG4J2-3445: -- Description: I did a migration for log4j, using log4j 2.12.4 (used this version because my app works under Java 7), I'm getting the following error (you can see that I cloned an existing issue like this but not works for me the metioned solution there): 00:44:47,794 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/restcomm].[Jersey]] (http-/172.31.0.233:8080-1) JBWEB000235: Allocate exception for servlet Jersey: java.lang.ArrayIndexOutOfBoundsException: 12164 at jersey.repackaged.org.objectweb.asm.ClassReader.(ClassReader.java:174) [jersey-server-1.18.1.jar:1.18.1] at jersey.repackaged.org.objectweb.asm.ClassReader.(ClassReader.java:153) [jersey-server-1.18.1.jar:1.18.1] at jersey.repackaged.org.objectweb.asm.ClassReader.(ClassReader.java:359) [jersey-server-1.18.1.jar:1.18.1] at com.sun.jersey.spi.scanning.AnnotationScannerListener.onProcess(AnnotationScannerListener.java:138) [jersey-server-1.18.1.jar:1.18.1] at com.sun.jersey.core.spi.scanning.JarFileScanner.scan(JarFileScanner.java:97) [jersey-core-1.18.1.jar:1.18.1] at com.sun.jersey.spi.scanning.servlet.WebAppResourcesScanner$1.f(WebAppResourcesScanner.java:94) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.core.util.Closing.f(Closing.java:71) [jersey-core-1.18.1.jar:1.18.1] at com.sun.jersey.spi.scanning.servlet.WebAppResourcesScanner.scan(WebAppResourcesScanner.java:92) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.spi.scanning.servlet.WebAppResourcesScanner.scan(WebAppResourcesScanner.java:79) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.api.core.ScanningResourceConfig.init(ScanningResourceConfig.java:80) [jersey-server-1.18.1.jar:1.18.1] at com.sun.jersey.api.core.servlet.WebAppResourceConfig.init(WebAppResourceConfig.java:102) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.api.core.servlet.WebAppResourceConfig.(WebAppResourceConfig.java:89) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.api.core.servlet.WebAppResourceConfig.(WebAppResourceConfig.java:74) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.spi.container.servlet.WebComponent.getWebAppResourceConfig(WebComponent.java:668) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.spi.container.servlet.ServletContainer.getDefaultResourceConfig(ServletContainer.java:417) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.spi.container.servlet.ServletContainer.getDefaultResourceConfig(ServletContainer.java:584) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.spi.container.servlet.WebServletConfig.getDefaultResourceConfig(WebServletConfig.java:87) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.spi.container.servlet.WebComponent.createResourceConfig(WebComponent.java:699) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.spi.container.servlet.WebComponent.createResourceConfig(WebComponent.java:674) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.spi.container.servlet.WebComponent.init(WebComponent.java:205) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.spi.container.servlet.ServletContainer.init(ServletContainer.java:376) [jersey-servlet-1.18.1.jar:1.18.1] at com.sun.jersey.spi.container.servlet.ServletContainer.init(ServletContainer.java:559) [jersey-servlet-1.18.1.jar:1.18.1] at javax.servlet.GenericServlet.init(GenericServlet.java:242) [jboss-servlet-api_3.0_spec-1.0.2.Final.jar:1.0.2.Final] at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1194) [jbossweb-7.2.0.Final.jar:7.2.0.Final] at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:950) [jbossweb-7.2.0.Final.jar:7.2.0.Final] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:151) [jbossweb-7.2.0.Final.jar:7.2.0.Final] at org.mobicents.servlet.sip.startup.SipStandardContextValve.invoke(SipStandardContextValve.java:263) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481) [jbossweb-7.2.0.Final.jar:7.2.0.Final] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.2.0.Final.jar:7.2.0.Final] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.0.Final.jar:7.2.0.Final] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.0.Final.jar:7.2.0.Final] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.0.Final.jar:7.2.0.Final] at org.a
[jira] [Updated] (LOG4J2-3445) not able to deploy log4j 2.12.4 with jboss web-app (jersey issue)
[ https://issues.apache.org/jira/browse/LOG4J2-3445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sajed updated LOG4J2-3445: -- Attachment: web.xml > not able to deploy log4j 2.12.4 with jboss web-app (jersey issue) > - > > Key: LOG4J2-3445 > URL: https://issues.apache.org/jira/browse/LOG4J2-3445 > Project: Log4j 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.12.4 > Environment: JBOSS Web-App using servlet 3.0 >Reporter: Sajed >Priority: Major > Attachments: web.xml > > > I m trying to upgrade my log4j to log4j2 , itried with log4j 2.8.1 with > changes in web.xml, weblogic.xml and log4j2.xml files, it was getting > deployed successfully. As this version is having vulnerability i tried with > other versions 2.13.1, 2.13.2, 2.13.3, 2.14.0, 2.14.1 with log4j-api and > log4j-core jar and log4j-slf4j-impl all with same version, slf4j-api-1.7.30 > all giving following error : > An error occurred during activation of changes, please see the log for > details. > null null > java.lang.IllegalArgumentException: > > *in weblogic server logs :* > > following error: weblogic.application.ModuleException: null > null > at > weblogic.servlet.internal.WebAppModule.createModuleException(WebAppModule.java:1824) > at weblogic.servlet.internal.WebAppModule.init(WebAppModule.java:270) > at weblogic.servlet.internal.WebAppModule.init(WebAppModule.java:682) > at > weblogic.application.internal.flow.ScopedModuleDriver.init(ScopedModuleDriver.java:162) > at > weblogic.application.internal.ExtensibleModuleWrapper.init(ExtensibleModuleWrapper.java:98) > at > weblogic.application.internal.flow.ModuleListenerInvoker.init(ModuleListenerInvoker.java:84) > at > weblogic.application.internal.flow.InitModulesFlow.initModule(InitModulesFlow.java:288) > at > weblogic.application.internal.flow.InitModulesFlow.initModules(InitModulesFlow.java:301) > at > weblogic.application.internal.flow.InitModulesFlow.prepare(InitModulesFlow.java:329) > at > weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:706) > at > weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:42) > at > weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:237) > at > weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:48) > at > weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:158) > at > weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:61) > at > weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:208) > at > weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98) > at > weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:233) > at > weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:749) > at > weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1238) > at > weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:252) > at > weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:172) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:171) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:13) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:46) > at > weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:548) > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311) > at weblogic.work.ExecuteThread.run(ExecuteThread.java:263) > Caused by: java.lang.IllegalArgumentException: > at com.bea.objectweb.asm.ClassReader.(Unknown Source) > at com.bea.objectweb.asm.ClassReader.(Unknown Source) > at > weblogic.application.utils.annotation.ClassInfoImpl.(ClassInfoImpl.java:41) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.polulateOneClassInfo(ClassfinderClassInfos.java:240) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.populateClassInfos(ClassfinderClassInfos.java:193) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.(ClassfinderClassInfos.java:44) > at > weblogic.servlet.internal.War.initializeClassInfosIfNecessary(War.java:446) > at weblogic.servlet.internal.War.getAnnotated
[jira] [Updated] (LOG4J2-3445) not able to deploy log4j 2.12.4 with jboss web-app (jersey issue)
[ https://issues.apache.org/jira/browse/LOG4J2-3445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sajed updated LOG4J2-3445: -- Environment: JBOSS Web-App using servlet 3.0 (was: WebLogic Server Version: 12.1.3.0.0) > not able to deploy log4j 2.12.4 with jboss web-app (jersey issue) > - > > Key: LOG4J2-3445 > URL: https://issues.apache.org/jira/browse/LOG4J2-3445 > Project: Log4j 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.12.4 > Environment: JBOSS Web-App using servlet 3.0 >Reporter: Sajed >Priority: Major > > I m trying to upgrade my log4j to log4j2 , itried with log4j 2.8.1 with > changes in web.xml, weblogic.xml and log4j2.xml files, it was getting > deployed successfully. As this version is having vulnerability i tried with > other versions 2.13.1, 2.13.2, 2.13.3, 2.14.0, 2.14.1 with log4j-api and > log4j-core jar and log4j-slf4j-impl all with same version, slf4j-api-1.7.30 > all giving following error : > An error occurred during activation of changes, please see the log for > details. > null null > java.lang.IllegalArgumentException: > > *in weblogic server logs :* > > following error: weblogic.application.ModuleException: null > null > at > weblogic.servlet.internal.WebAppModule.createModuleException(WebAppModule.java:1824) > at weblogic.servlet.internal.WebAppModule.init(WebAppModule.java:270) > at weblogic.servlet.internal.WebAppModule.init(WebAppModule.java:682) > at > weblogic.application.internal.flow.ScopedModuleDriver.init(ScopedModuleDriver.java:162) > at > weblogic.application.internal.ExtensibleModuleWrapper.init(ExtensibleModuleWrapper.java:98) > at > weblogic.application.internal.flow.ModuleListenerInvoker.init(ModuleListenerInvoker.java:84) > at > weblogic.application.internal.flow.InitModulesFlow.initModule(InitModulesFlow.java:288) > at > weblogic.application.internal.flow.InitModulesFlow.initModules(InitModulesFlow.java:301) > at > weblogic.application.internal.flow.InitModulesFlow.prepare(InitModulesFlow.java:329) > at > weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:706) > at > weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:42) > at > weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:237) > at > weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:48) > at > weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:158) > at > weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:61) > at > weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:208) > at > weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98) > at > weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:233) > at > weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:749) > at > weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1238) > at > weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:252) > at > weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:172) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:171) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:13) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:46) > at > weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:548) > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311) > at weblogic.work.ExecuteThread.run(ExecuteThread.java:263) > Caused by: java.lang.IllegalArgumentException: > at com.bea.objectweb.asm.ClassReader.(Unknown Source) > at com.bea.objectweb.asm.ClassReader.(Unknown Source) > at > weblogic.application.utils.annotation.ClassInfoImpl.(ClassInfoImpl.java:41) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.polulateOneClassInfo(ClassfinderClassInfos.java:240) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.populateClassInfos(ClassfinderClassInfos.java:193) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.(ClassfinderClassInfos.java:44) > at > weblogic.servlet.internal.War.initializeClassInfosIfNecessary(War.java:446) > at weblo
[jira] [Updated] (LOG4J2-3445) not able to deploy log4j 2.12.4 with jboss web-app (jersey issue)
[ https://issues.apache.org/jira/browse/LOG4J2-3445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sajed updated LOG4J2-3445: -- Affects Version/s: 2.12.4 (was: 2.11.1) (was: 2.12.1) (was: 2.14.0) (was: 2.13.3) (was: 2.14.1) > not able to deploy log4j 2.12.4 with jboss web-app (jersey issue) > - > > Key: LOG4J2-3445 > URL: https://issues.apache.org/jira/browse/LOG4J2-3445 > Project: Log4j 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.12.4 > Environment: WebLogic Server Version: 12.1.3.0.0 >Reporter: Sajed >Priority: Major > > I m trying to upgrade my log4j to log4j2 , itried with log4j 2.8.1 with > changes in web.xml, weblogic.xml and log4j2.xml files, it was getting > deployed successfully. As this version is having vulnerability i tried with > other versions 2.13.1, 2.13.2, 2.13.3, 2.14.0, 2.14.1 with log4j-api and > log4j-core jar and log4j-slf4j-impl all with same version, slf4j-api-1.7.30 > all giving following error : > An error occurred during activation of changes, please see the log for > details. > null null > java.lang.IllegalArgumentException: > > *in weblogic server logs :* > > following error: weblogic.application.ModuleException: null > null > at > weblogic.servlet.internal.WebAppModule.createModuleException(WebAppModule.java:1824) > at weblogic.servlet.internal.WebAppModule.init(WebAppModule.java:270) > at weblogic.servlet.internal.WebAppModule.init(WebAppModule.java:682) > at > weblogic.application.internal.flow.ScopedModuleDriver.init(ScopedModuleDriver.java:162) > at > weblogic.application.internal.ExtensibleModuleWrapper.init(ExtensibleModuleWrapper.java:98) > at > weblogic.application.internal.flow.ModuleListenerInvoker.init(ModuleListenerInvoker.java:84) > at > weblogic.application.internal.flow.InitModulesFlow.initModule(InitModulesFlow.java:288) > at > weblogic.application.internal.flow.InitModulesFlow.initModules(InitModulesFlow.java:301) > at > weblogic.application.internal.flow.InitModulesFlow.prepare(InitModulesFlow.java:329) > at > weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:706) > at > weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:42) > at > weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:237) > at > weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:48) > at > weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:158) > at > weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:61) > at > weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:208) > at > weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98) > at > weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:233) > at > weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:749) > at > weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1238) > at > weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:252) > at > weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:172) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:171) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:13) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:46) > at > weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:548) > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311) > at weblogic.work.ExecuteThread.run(ExecuteThread.java:263) > Caused by: java.lang.IllegalArgumentException: > at com.bea.objectweb.asm.ClassReader.(Unknown Source) > at com.bea.objectweb.asm.ClassReader.(Unknown Source) > at > weblogic.application.utils.annotation.ClassInfoImpl.(ClassInfoImpl.java:41) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.polulateOneClassInfo(ClassfinderClassInfos.java:240) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.populateClassInfos(ClassfinderClassInfos.java:193) > at > weblogic.application.utils.annotation.Class
[jira] [Updated] (LOG4J2-3445) not able to deploy log4j 2.12.4 with jboss web-app (jersey issue)
[ https://issues.apache.org/jira/browse/LOG4J2-3445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sajed updated LOG4J2-3445: -- Fix Version/s: (was: 2.14.1) > not able to deploy log4j 2.12.4 with jboss web-app (jersey issue) > - > > Key: LOG4J2-3445 > URL: https://issues.apache.org/jira/browse/LOG4J2-3445 > Project: Log4j 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.11.1, 2.12.1, 2.14.0, 2.13.3, 2.14.1 > Environment: WebLogic Server Version: 12.1.3.0.0 >Reporter: Sajed >Priority: Major > > I m trying to upgrade my log4j to log4j2 , itried with log4j 2.8.1 with > changes in web.xml, weblogic.xml and log4j2.xml files, it was getting > deployed successfully. As this version is having vulnerability i tried with > other versions 2.13.1, 2.13.2, 2.13.3, 2.14.0, 2.14.1 with log4j-api and > log4j-core jar and log4j-slf4j-impl all with same version, slf4j-api-1.7.30 > all giving following error : > An error occurred during activation of changes, please see the log for > details. > null null > java.lang.IllegalArgumentException: > > *in weblogic server logs :* > > following error: weblogic.application.ModuleException: null > null > at > weblogic.servlet.internal.WebAppModule.createModuleException(WebAppModule.java:1824) > at weblogic.servlet.internal.WebAppModule.init(WebAppModule.java:270) > at weblogic.servlet.internal.WebAppModule.init(WebAppModule.java:682) > at > weblogic.application.internal.flow.ScopedModuleDriver.init(ScopedModuleDriver.java:162) > at > weblogic.application.internal.ExtensibleModuleWrapper.init(ExtensibleModuleWrapper.java:98) > at > weblogic.application.internal.flow.ModuleListenerInvoker.init(ModuleListenerInvoker.java:84) > at > weblogic.application.internal.flow.InitModulesFlow.initModule(InitModulesFlow.java:288) > at > weblogic.application.internal.flow.InitModulesFlow.initModules(InitModulesFlow.java:301) > at > weblogic.application.internal.flow.InitModulesFlow.prepare(InitModulesFlow.java:329) > at > weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:706) > at > weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:42) > at > weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:237) > at > weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:48) > at > weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:158) > at > weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:61) > at > weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:208) > at > weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98) > at > weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:233) > at > weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:749) > at > weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1238) > at > weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:252) > at > weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:172) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:171) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:13) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:46) > at > weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:548) > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311) > at weblogic.work.ExecuteThread.run(ExecuteThread.java:263) > Caused by: java.lang.IllegalArgumentException: > at com.bea.objectweb.asm.ClassReader.(Unknown Source) > at com.bea.objectweb.asm.ClassReader.(Unknown Source) > at > weblogic.application.utils.annotation.ClassInfoImpl.(ClassInfoImpl.java:41) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.polulateOneClassInfo(ClassfinderClassInfos.java:240) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.populateClassInfos(ClassfinderClassInfos.java:193) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.(ClassfinderClassInfos.java:44) > at > weblogic.servlet.internal.War.initializeClassInfosIfNecessary(War.java:446) > at weblogic.servlet.internal.
[jira] [Updated] (LOG4J2-3445) not able to deploy log4j 2.12.4 with jboss web-app (jersey issue)
[ https://issues.apache.org/jira/browse/LOG4J2-3445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sajed updated LOG4J2-3445: -- Summary: not able to deploy log4j 2.12.4 with jboss web-app (jersey issue) (was: CLONE - not able to deploy log4j-core-2.14.1 in weblogic12c) > not able to deploy log4j 2.12.4 with jboss web-app (jersey issue) > - > > Key: LOG4J2-3445 > URL: https://issues.apache.org/jira/browse/LOG4J2-3445 > Project: Log4j 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.11.1, 2.12.1, 2.14.0, 2.13.3, 2.14.1 > Environment: WebLogic Server Version: 12.1.3.0.0 >Reporter: Sajed >Priority: Major > Fix For: 2.14.1 > > > I m trying to upgrade my log4j to log4j2 , itried with log4j 2.8.1 with > changes in web.xml, weblogic.xml and log4j2.xml files, it was getting > deployed successfully. As this version is having vulnerability i tried with > other versions 2.13.1, 2.13.2, 2.13.3, 2.14.0, 2.14.1 with log4j-api and > log4j-core jar and log4j-slf4j-impl all with same version, slf4j-api-1.7.30 > all giving following error : > An error occurred during activation of changes, please see the log for > details. > null null > java.lang.IllegalArgumentException: > > *in weblogic server logs :* > > following error: weblogic.application.ModuleException: null > null > at > weblogic.servlet.internal.WebAppModule.createModuleException(WebAppModule.java:1824) > at weblogic.servlet.internal.WebAppModule.init(WebAppModule.java:270) > at weblogic.servlet.internal.WebAppModule.init(WebAppModule.java:682) > at > weblogic.application.internal.flow.ScopedModuleDriver.init(ScopedModuleDriver.java:162) > at > weblogic.application.internal.ExtensibleModuleWrapper.init(ExtensibleModuleWrapper.java:98) > at > weblogic.application.internal.flow.ModuleListenerInvoker.init(ModuleListenerInvoker.java:84) > at > weblogic.application.internal.flow.InitModulesFlow.initModule(InitModulesFlow.java:288) > at > weblogic.application.internal.flow.InitModulesFlow.initModules(InitModulesFlow.java:301) > at > weblogic.application.internal.flow.InitModulesFlow.prepare(InitModulesFlow.java:329) > at > weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:706) > at > weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:42) > at > weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:237) > at > weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:48) > at > weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:158) > at > weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:61) > at > weblogic.deploy.internal.targetserver.operations.ActivateOperation.createAndPrepareContainer(ActivateOperation.java:208) > at > weblogic.deploy.internal.targetserver.operations.ActivateOperation.doPrepare(ActivateOperation.java:98) > at > weblogic.deploy.internal.targetserver.operations.AbstractOperation.prepare(AbstractOperation.java:233) > at > weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentPrepare(DeploymentManager.java:749) > at > weblogic.deploy.internal.targetserver.DeploymentManager.prepareDeploymentList(DeploymentManager.java:1238) > at > weblogic.deploy.internal.targetserver.DeploymentManager.handlePrepare(DeploymentManager.java:252) > at > weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.prepare(DeploymentServiceDispatcher.java:172) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doPrepareCallback(DeploymentReceiverCallbackDeliverer.java:171) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$000(DeploymentReceiverCallbackDeliverer.java:13) > at > weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$1.run(DeploymentReceiverCallbackDeliverer.java:46) > at > weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:548) > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311) > at weblogic.work.ExecuteThread.run(ExecuteThread.java:263) > Caused by: java.lang.IllegalArgumentException: > at com.bea.objectweb.asm.ClassReader.(Unknown Source) > at com.bea.objectweb.asm.ClassReader.(Unknown Source) > at > weblogic.application.utils.annotation.ClassInfoImpl.(ClassInfoImpl.java:41) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.polulateOneClassInfo(ClassfinderClassInfos.java:240) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.populateClassInfos(ClassfinderClassInfos.java:193) > at > weblogic.application.utils.annotation.ClassfinderClassInfos.(Class
[jira] [Created] (LOG4J2-3445) CLONE - not able to deploy log4j-core-2.14.1 in weblogic12c
Sajed created LOG4J2-3445: - Summary: CLONE - not able to deploy log4j-core-2.14.1 in weblogic12c Key: LOG4J2-3445 URL: https://issues.apache.org/jira/browse/LOG4J2-3445 Project: Log4j 2 Issue Type: Bug Components: Core Affects Versions: 2.11.1, 2.12.1, 2.14.0, 2.13.3, 2.14.1 Environment: WebLogic Server Version: 12.1.3.0.0 Reporter: Sajed Fix For: 2.14.1 I m trying to upgrade my log4j to log4j2 , itried with log4j 2.8.1 with changes in web.xml, weblogic.xml and log4j2.xml files, it was getting deployed successfully. As this version is having vulnerability i tried with other versions 2.13.1, 2.13.2, 2.13.3, 2.14.0, 2.14.1 with log4j-api and log4j-core jar and log4j-slf4j-impl all with same version, slf4j-api-1.7.30 all giving following error : An error occurred during activation of changes, please see the log for details. null null java.lang.IllegalArgumentException: *in weblogic server logs :* (Unknown Source) at com.bea.objectweb.asm.ClassReader.(Unknown Source) at weblogic.application.utils.annotation.ClassInfoImpl.(ClassInfoImpl.java:41) at weblogic.application.utils.annotation.ClassfinderClassInfos.polulateOneClassInfo(ClassfinderClassInfos.java:240) at weblogic.application.utils.annotation.ClassfinderClassInfos.populateClassInfos(ClassfinderClassInfos.java:193) at weblogic.application.utils.annotation.ClassfinderClassInfos.(ClassfinderClassInfos.java:44) at weblogic.servlet.internal.War.initializeClassInfosIfNecessary(War.java:446) at weblogic.servlet.internal.War.getAnnotatedClasses(War.java:376) at weblogic.servlet.utils.WarUtils.isJsfApplication(WarUtils.java:258) at weblogic.servlet.internal.WebAppModule.detectJsfApplication(WebAppModule.java:277) at weblogic.servlet.internal.WebAppModule.init(WebAppModule.java:262) -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (LOG4J2-3444) Log4j 1.2 Unsupported Flagging by Nessus
[ https://issues.apache.org/jira/browse/LOG4J2-3444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17511518#comment-17511518 ] Piotr Karwasz commented on LOG4J2-3444: --- You can try replacing {{log4j}} with the [Log4j 1.x bridge|https://logging.apache.org/log4j/2.x/manual/migration.html], which provides binary compatibility with the most common Log4j 1.x usages. Is it flagged by your security scanner? > Log4j 1.2 Unsupported Flagging by Nessus > > > Key: LOG4J2-3444 > URL: https://issues.apache.org/jira/browse/LOG4J2-3444 > Project: Log4j 2 > Issue Type: Question >Reporter: Sanjeev Kumar >Priority: Major > > The Apache log4j open source software has a critical security vulnerabilities > in both major versions (1.x and 2.x). This is highlighted in: > +[https://logging.apache.org/log4j/2.x/security.html]+ > We have many products deployed in RHEL7 that currently uses log4j version 1.x > The Nessus Pluggin that scans the security vulnerabilities in products > declares that Log4j version 1.2 is unsupported. The Pluggin details are in: > +[https://www.tenable.com/plugins/nessus/156032]+ > This is solely based on Apache Log4j EOL notice to version 1.x and > recommendation to upgrade to version 2.17+. The details of which are > available in: > +[https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces]+ > But RedHat has been supporting deploying patches to version 1.2 to address > the recent security vulnerabilities and deploying patches as evident in: > +[https://access.redhat.com/errata/RHSA-2022:0439]+ > Since, we have many third-party products dependent on log4j version 1.2 and > we need to update these third party products to log4j version 2.x, it is a > huge development. We plan to upgrade to version 2.x in the future, but until > then we need to address the Nessus Pluggin scans that is declaring Log4j > version 1.2 as unsupported, which is clearly incorrect as per RedHat. > I request Log4j support to work work with Nessus Pluggin support to > facilitate declaring Log4j version 1.2.17+ as supported and not flag any > scans from Nessus Pluggin described above to flag the Log4j version 1.2.17+ > as unsupported.. It will give us some time frame to deploying the new Log4j > 2x. > Also, if thers any other way to contact Log4j support support in this matter, > please let me know. > Thanks, > Sanjeev > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (LOG4J2-3419) Unable to create custom logging level using log4j 2 Bridge API
[ https://issues.apache.org/jira/browse/LOG4J2-3419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17511491#comment-17511491 ] Piotr Karwasz commented on LOG4J2-3419: --- [~ragini], Check the newest snapshot. Strictly speaking the pattern {{%pid}} never existed in Log4j 1.x, but to maintain compatibility with the previous bridge releases I fixed it. > Unable to create custom logging level using log4j 2 Bridge API > -- > > Key: LOG4J2-3419 > URL: https://issues.apache.org/jira/browse/LOG4J2-3419 > Project: Log4j 2 > Issue Type: Bug > Components: Log4j 1.2 bridge >Affects Versions: 2.17.1 > Environment: Using log4j 2 bridge API: log4j-1.2-api-2.17.1.jar >Reporter: Ragini Gawande >Assignee: Piotr Karwasz >Priority: Blocker > Fix For: 2.17.3 > > Attachments: DemoCustom.zip, Level.java, log4j.properties > > > Unable to create custom logging level using log4j 2 Bridge API > Following did not create a custom logging level > *public static final int FINE_INT = 13000;* > *public static final Level FINE = new Level(FINE_INT, "FINE", 7);* > > Using FINE logging level is considered to be DEBUG level by default while > printing it > *Adding log:* > log.log({*}Level.FINE{*},"PRINT: Level.FINE log"); > > *Expected log printed:* > 2022-02-25 15:50:09,208 Main[6788] :main: example.com.Test *FINE* - PRINT: > Level.FINE log > > *Actual log printed:* > 2022-02-25 15:50:09,208 Main[6788] :main: example.com.Test *DEBUG* - PRINT: > Level.FINE log -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (LOG4J2-3419) Unable to create custom logging level using log4j 2 Bridge API
[ https://issues.apache.org/jira/browse/LOG4J2-3419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17511479#comment-17511479 ] ASF subversion and git services commented on LOG4J2-3419: - Commit 798f3026c2e086e732e6aac0744d0154da33bb39 in logging-log4j2's branch refs/heads/release-2.x from Piotr P. Karwasz [ https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=798f302 ] [LOG4J2-3419] Allows %pid in Log4j 1.x patterns Although `%pid` was never a valid Log4j 1.x pattern, it was supported in the previous bridge versions. This fixes a regression with respect to `log4j-1.2-api` version 2.17.2. > Unable to create custom logging level using log4j 2 Bridge API > -- > > Key: LOG4J2-3419 > URL: https://issues.apache.org/jira/browse/LOG4J2-3419 > Project: Log4j 2 > Issue Type: Bug > Components: Log4j 1.2 bridge >Affects Versions: 2.17.1 > Environment: Using log4j 2 bridge API: log4j-1.2-api-2.17.1.jar >Reporter: Ragini Gawande >Assignee: Piotr Karwasz >Priority: Blocker > Fix For: 2.17.3 > > Attachments: DemoCustom.zip, Level.java, log4j.properties > > > Unable to create custom logging level using log4j 2 Bridge API > Following did not create a custom logging level > *public static final int FINE_INT = 13000;* > *public static final Level FINE = new Level(FINE_INT, "FINE", 7);* > > Using FINE logging level is considered to be DEBUG level by default while > printing it > *Adding log:* > log.log({*}Level.FINE{*},"PRINT: Level.FINE log"); > > *Expected log printed:* > 2022-02-25 15:50:09,208 Main[6788] :main: example.com.Test *FINE* - PRINT: > Level.FINE log > > *Actual log printed:* > 2022-02-25 15:50:09,208 Main[6788] :main: example.com.Test *DEBUG* - PRINT: > Level.FINE log -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (LOG4J2-3444) Log4j 1.2 Unsupported Flagging by Nessus
[ https://issues.apache.org/jira/browse/LOG4J2-3444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17511458#comment-17511458 ] Gary D. Gregory commented on LOG4J2-3444: - I do not see that we have to get in between two companies' businesses. You should contact them. > Log4j 1.2 Unsupported Flagging by Nessus > > > Key: LOG4J2-3444 > URL: https://issues.apache.org/jira/browse/LOG4J2-3444 > Project: Log4j 2 > Issue Type: Question >Reporter: Sanjeev Kumar >Priority: Major > > The Apache log4j open source software has a critical security vulnerabilities > in both major versions (1.x and 2.x). This is highlighted in: > +[https://logging.apache.org/log4j/2.x/security.html]+ > We have many products deployed in RHEL7 that currently uses log4j version 1.x > The Nessus Pluggin that scans the security vulnerabilities in products > declares that Log4j version 1.2 is unsupported. The Pluggin details are in: > +[https://www.tenable.com/plugins/nessus/156032]+ > This is solely based on Apache Log4j EOL notice to version 1.x and > recommendation to upgrade to version 2.17+. The details of which are > available in: > +[https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces]+ > But RedHat has been supporting deploying patches to version 1.2 to address > the recent security vulnerabilities and deploying patches as evident in: > +[https://access.redhat.com/errata/RHSA-2022:0439]+ > Since, we have many third-party products dependent on log4j version 1.2 and > we need to update these third party products to log4j version 2.x, it is a > huge development. We plan to upgrade to version 2.x in the future, but until > then we need to address the Nessus Pluggin scans that is declaring Log4j > version 1.2 as unsupported, which is clearly incorrect as per RedHat. > I request Log4j support to work work with Nessus Pluggin support to > facilitate declaring Log4j version 1.2.17+ as supported and not flag any > scans from Nessus Pluggin described above to flag the Log4j version 1.2.17+ > as unsupported.. It will give us some time frame to deploying the new Log4j > 2x. > Also, if thers any other way to contact Log4j support support in this matter, > please let me know. > Thanks, > Sanjeev > -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (LOG4J2-3444) Log4j 1.2 Unsupported Flagging by Nessus
Sanjeev Kumar created LOG4J2-3444: - Summary: Log4j 1.2 Unsupported Flagging by Nessus Key: LOG4J2-3444 URL: https://issues.apache.org/jira/browse/LOG4J2-3444 Project: Log4j 2 Issue Type: Question Reporter: Sanjeev Kumar The Apache log4j open source software has a critical security vulnerabilities in both major versions (1.x and 2.x). This is highlighted in: +[https://logging.apache.org/log4j/2.x/security.html]+ We have many products deployed in RHEL7 that currently uses log4j version 1.x The Nessus Pluggin that scans the security vulnerabilities in products declares that Log4j version 1.2 is unsupported. The Pluggin details are in: +[https://www.tenable.com/plugins/nessus/156032]+ This is solely based on Apache Log4j EOL notice to version 1.x and recommendation to upgrade to version 2.17+. The details of which are available in: +[https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces]+ But RedHat has been supporting deploying patches to version 1.2 to address the recent security vulnerabilities and deploying patches as evident in: +[https://access.redhat.com/errata/RHSA-2022:0439]+ Since, we have many third-party products dependent on log4j version 1.2 and we need to update these third party products to log4j version 2.x, it is a huge development. We plan to upgrade to version 2.x in the future, but until then we need to address the Nessus Pluggin scans that is declaring Log4j version 1.2 as unsupported, which is clearly incorrect as per RedHat. I request Log4j support to work work with Nessus Pluggin support to facilitate declaring Log4j version 1.2.17+ as supported and not flag any scans from Nessus Pluggin described above to flag the Log4j version 1.2.17+ as unsupported.. It will give us some time frame to deploying the new Log4j 2x. Also, if thers any other way to contact Log4j support support in this matter, please let me know. Thanks, Sanjeev -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Closed] (LOG4J2-3439) log4j2 Spring Cloud config integration with MTLS gives NullPointerException
[ https://issues.apache.org/jira/browse/LOG4J2-3439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jayesh Netravali closed LOG4J2-3439. Closing as this is working as expected. > log4j2 Spring Cloud config integration with MTLS gives NullPointerException > --- > > Key: LOG4J2-3439 > URL: https://issues.apache.org/jira/browse/LOG4J2-3439 > Project: Log4j 2 > Issue Type: Bug >Reporter: Jayesh Netravali >Assignee: Piotr Karwasz >Priority: Major > Fix For: 2.17.3 > > Attachments: log4j-core-stacktrace.txt > > > Hello > > I am trying to use the log4j2 Spring cloud config integration capabilities > and have been referring to the sample application on the github project > [https://github.com/apache/logging-log4j2/tree/release-2.x/log4j-spring-cloud-config/log4j-spring-cloud-config-samples] > When I try to configure a MTLS HTTPs URL of my cloud config server in the > bootstrap.yaml of my client application which needs to fetch the log4j2.xml, > I get a NPE in the > org.apache.logging.log4j.core.net.ssl.SslConfiguration.createSslContext( > final boolean loadDefaultKeyManagerFactory, final boolean > loadDefaultTrustManagerFactory) method when the > SSLContext.getInstance(this.protocol); is invoked. On debugging I see that > the protocol being passed from the SslConfigurationFactory to the > SslConfiguration is "https" which causes SSLContext.getInstance() to throw an > exception and thus no sslContext is created. I have attached the stacktrace > for your reference. > Below is my configuration. Please let me know if I am missing something. > logging: > config: > https://localhost:/common/default/${CONFIG_SERVER_LABEL_ESCAPED}/log4j2.xml > log4j2: > debug: true > keyStoreLocation: file:///${HTTP_KEYSTORE_PATH} > keyStoreType: JKS > keyStorePassword: ${HTTP_KEYSTORE_PWD} > trustStoreLocation: file:///${HTTP_TRUSTSTORE_PATH} > trustStoreKeyStoreType: JKS > trustStorePassword: ${HTTP_TRUSTSTORE_PWD} > sslVerifyHostName: false -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (LOG4J2-3439) log4j2 Spring Cloud config integration with MTLS gives NullPointerException
[ https://issues.apache.org/jira/browse/LOG4J2-3439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17511096#comment-17511096 ] Jayesh Netravali commented on LOG4J2-3439: -- Thanks [~pkarwasz], validated with 2.17.3-SNAPSHOT and this is working now. Happy to close this issue and appreciate the entire community's prompt response in resolving this. > log4j2 Spring Cloud config integration with MTLS gives NullPointerException > --- > > Key: LOG4J2-3439 > URL: https://issues.apache.org/jira/browse/LOG4J2-3439 > Project: Log4j 2 > Issue Type: Bug >Reporter: Jayesh Netravali >Assignee: Piotr Karwasz >Priority: Major > Fix For: 2.17.3 > > Attachments: log4j-core-stacktrace.txt > > > Hello > > I am trying to use the log4j2 Spring cloud config integration capabilities > and have been referring to the sample application on the github project > [https://github.com/apache/logging-log4j2/tree/release-2.x/log4j-spring-cloud-config/log4j-spring-cloud-config-samples] > When I try to configure a MTLS HTTPs URL of my cloud config server in the > bootstrap.yaml of my client application which needs to fetch the log4j2.xml, > I get a NPE in the > org.apache.logging.log4j.core.net.ssl.SslConfiguration.createSslContext( > final boolean loadDefaultKeyManagerFactory, final boolean > loadDefaultTrustManagerFactory) method when the > SSLContext.getInstance(this.protocol); is invoked. On debugging I see that > the protocol being passed from the SslConfigurationFactory to the > SslConfiguration is "https" which causes SSLContext.getInstance() to throw an > exception and thus no sslContext is created. I have attached the stacktrace > for your reference. > Below is my configuration. Please let me know if I am missing something. > logging: > config: > https://localhost:/common/default/${CONFIG_SERVER_LABEL_ESCAPED}/log4j2.xml > log4j2: > debug: true > keyStoreLocation: file:///${HTTP_KEYSTORE_PATH} > keyStoreType: JKS > keyStorePassword: ${HTTP_KEYSTORE_PWD} > trustStoreLocation: file:///${HTTP_TRUSTSTORE_PATH} > trustStoreKeyStoreType: JKS > trustStorePassword: ${HTTP_TRUSTSTORE_PWD} > sslVerifyHostName: false -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (LOG4J2-3419) Unable to create custom logging level using log4j 2 Bridge API
[ https://issues.apache.org/jira/browse/LOG4J2-3419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17511075#comment-17511075 ] Ragini Gawande commented on LOG4J2-3419: [~pkarwasz] , I verified my code with the latest snapshot created on March 21st with that patch the log levels are printed correctly but the ID is not printed correctly {noformat} 2022-03-23 13:10:14,862 Main[FATALid] :main: example.com.Test FATAL - Ragini Level.FATAL log 2022-03-23 13:10:14,863 Main[ERRORid] :main: example.com.Test ERROR - Ragini Level.ERROR log 2022-03-23 13:10:14,863 Main[WARNINGid] :main: example.com.Test WARNING - Ragini Level.WARNING log 2022-03-23 13:10:14,864 Main[SEVEREid] :main: example.com.Test SEVERE - Ragini Level.SEVERE log 2022-03-23 13:10:14,864 Main[UM_INFOid] :main: example.com.Test UM_INFO - Ragini Level.UM_INFO log 2022-03-23 13:10:14,864 Main[INFOid] :main: example.com.Test INFO - Ragini Level.INFO log 2022-03-23 13:10:14,864 Main[CONFIGid] :main: example.com.Test CONFIG - Ragini Level.CONFIG log 2022-03-23 13:10:14,864 Main[FINEid] :main: example.com.Test FINE - Ragini Level.FINE log 2022-03-23 13:10:14,864 Main[FINERid] :main: example.com.Test FINER - Ragini Level.FINER log 2022-03-23 13:10:14,865 Main[FINESTid] :main: example.com.Test FINEST - Ragini Level.FINEST log{noformat} Here instead of printing the id its printing FATALid String > Unable to create custom logging level using log4j 2 Bridge API > -- > > Key: LOG4J2-3419 > URL: https://issues.apache.org/jira/browse/LOG4J2-3419 > Project: Log4j 2 > Issue Type: Bug > Components: Log4j 1.2 bridge >Affects Versions: 2.17.1 > Environment: Using log4j 2 bridge API: log4j-1.2-api-2.17.1.jar >Reporter: Ragini Gawande >Assignee: Piotr Karwasz >Priority: Blocker > Fix For: 2.17.3 > > Attachments: DemoCustom.zip, Level.java, log4j.properties > > > Unable to create custom logging level using log4j 2 Bridge API > Following did not create a custom logging level > *public static final int FINE_INT = 13000;* > *public static final Level FINE = new Level(FINE_INT, "FINE", 7);* > > Using FINE logging level is considered to be DEBUG level by default while > printing it > *Adding log:* > log.log({*}Level.FINE{*},"PRINT: Level.FINE log"); > > *Expected log printed:* > 2022-02-25 15:50:09,208 Main[6788] :main: example.com.Test *FINE* - PRINT: > Level.FINE log > > *Actual log printed:* > 2022-02-25 15:50:09,208 Main[6788] :main: example.com.Test *DEBUG* - PRINT: > Level.FINE log -- This message was sent by Atlassian Jira (v8.20.1#820001)