This all sounds great.
On top of real issues, I am sure this will present exceptions being thrown
here and there where we can make at the very least said exceptions carry
meaningful messages instead of a mysterious IOOB or AIOBE.
I guess it all depends what I want to do with my nights and weekend
I think it is reasonable to say we can support this through 2 instead of 1
variable.
Duo?
Gary
On Sun, Jan 9, 2022, 16:24 Ralph Goers wrote:
> I’m looking at this and have a couple of concerns. The script has
>
>
> HADOOP_ROOT_LOGGER=${HADOOP_ROOT_LOGGER:-${HADOOP_LOGLEVEL},console}
>
> HADO
I agree, let's make it easier for Hadoop :-)
Gary
On Sun, Jan 9, 2022, 15:54 Matt Sicker wrote:
> This sounds fairly reasonable, though I haven’t looked at implementation
> details. We should make a Jira ticket to track the change. Otherwise, I
> think it’s a good idea to support the syntax.
>
Matt Sicker
>
> > On Jan 8, 2022, at 04:52, Gary Gregory wrote:
> >
> > Our Javadoc say "Copyright © 1999-1969 ..." on
> > https://logging.apache.org/log4j/2.x/log4j-api/apidocs/index.html
> >
> > Gary
>
Our Javadoc say "Copyright © 1999-1969 ..." on
https://logging.apache.org/log4j/2.x/log4j-api/apidocs/index.html
Gary
I asked a few questions in the wiki comment section.
>Remove “strange” interfaces that had to be created before Java 8 provided
default methods.
Looking at our Javadoc, it seems we forgot to deprecate our copy of
BiConsumer. We did deprecate our copy of Supplier so that's good.
Gary
On Sat, Jan
We have mentioned in the past going through Jiras in a meeting once in a
while. Does anyone still have to appetite for this review? Should we
schedule it?
Gary
to voting by
> means of "lazy approval"[2] using the (private)
> `secur...@logging.apache.org` mailing list:
>
> 6x +1 (accepting the process), all binding
> 2x +0 (abstaining)
>
> Details:
>
> +1 (accepting the process):
> Ralph Goers (binding)
> Gary Gre
-1 This component reached End-of-Life in 2015.
Gary
On Thu, Jan 6, 2022 at 12:46 PM wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> ceki pushed a change to branch v1.2.8
> in repository https://gitbox.apache.org/repos/asf/logging-log4j1.git.
>
>
> at 0cde9
On Mon, Jan 3, 2022 at 7:30 AM Volkan Yazıcı wrote:
> Fantastic work Ralph! Please see my comments below:
>
> On Tue, Dec 28, 2021 at 9:39 AM Ralph Goers
> wrote:
> > Most of the components that were generating test jars have been split
> into two modules - the main component,
> > which only bui
[X] +1, accept the process
Gary
On Mon, Jan 3, 2022 at 6:59 AM Volkan Yazıcı wrote:
> Hello,
>
> As discussed earlier[1], this is a vote to introduce the process that
> enforces CVE submissions and their content should be first subject to
> voting using the (private) `secur...@logging.apache.or
I was thinking about this the other day in the following terms: How would a
user or dev know that something went wrong?
Let's say I load a config and I see the logging is incorrect in some way.
Under the covers, it's because recursion hit a limit. So how can a user or
dev know they need to enable
[X] +1, Option 1
Gary
On Wed, Dec 29, 2021 at 2:33 PM Christian Grobmeier
wrote:
> Hello,
>
> as discussed in another thread, this is a vote about the future of log4j
> 1. This vote stays open for the usual 72h.
> Options are explained below.
>
> You can vote for:
>
> [ ] +1, Option 1
> [ ]
Great idea. I would suggest one account for the each component. I'm not
sure anyone but the PMC would care about a logging services account.
Gary
On Thu, Dec 30, 2021, 17:40 Matt Sicker wrote:
> We recently had an idea discussed on a video call about potentially
> starting some Twitter et al. a
I like the idea of voting on whether or not we want to CVE a fix because I
hope it will make us focus on how to message the issue as clearly as
possible in addition to having more eyes looking at similar possible issues.
Gary
On Thu, Dec 30, 2021 at 4:02 AM Volkan Yazıcı wrote:
> Hello,
>
> The
+1 :-)
Gary
On Thu, Dec 30, 2021, 08:40 Carter Kozak wrote:
> Thank you!
>
> -ck
>
> > On Dec 30, 2021, at 02:27, Volkan Yazıcı wrote:
> >
> > Pushed to both `release-2.x` and `master`.
> >
> >> On Wed, Dec 29, 2021 at 10:25 AM Volkan Yazıcı wrote:
> >>
> >> I suggest hooking apache-rat:chec
That would be great.
Gary
On Wed, Dec 29, 2021, 12:54 Matt Sicker wrote:
> The SHA files are generated via a Maven plugin that only outputs the hash,
> not the filename. Looks like we need to figure out how to configure that.
> --
> Matt Sicker
>
> > On Dec 29, 2021, at 02:53, Volkan Yazıcı wr
+1
Gary
On Wed, Dec 29, 2021 at 4:25 AM Volkan Yazıcı wrote:
> I suggest hooking apache-rat:check up to the verify stage in Maven. This
> will make CI run that goal too. Objections?
>
I agree w Volkan here as well.
Gary
On Wed, Dec 29, 2021, 02:53 Volkan Yazıcı wrote:
> Shall we cancel this, upgrade to 2.17.1, and revote?
>
> On Tue, Dec 21, 2021 at 5:02 AM Matt Sicker wrote:
>
> > This is a vote to release Log4j Kotlin API version 1.2.0, the next
> version
> > of the Kotli
Volkan's right, better to lead by example and use our latest and safest
Gary
On Wed, Dec 29, 2021, 02:56 Volkan Yazıcı wrote:
> Shall we cancel this, upgrade to 2.17.1, and revote?
>
> On Thu, Dec 23, 2021 at 10:45 PM Matt Sicker wrote:
>
> > This is a vote to release Log4j Scala API 13.0. Thi
Hi Matt,
dist.a.o is missing ASC files for:
- apache-log4j-api-scala-13.0-bin.zip
- apache-log4j-api-scala-13.0-bin.tar.gz
Gary
On Thu, Dec 23, 2021 at 4:45 PM Matt Sicker wrote:
> This is a vote to release Log4j Scala API 13.0. This release primarily
> adds support for Scala 3.
>
> Please do
+1
ASC files from dist.a.o OK
sha512 files from dist.a.o OK
RAT check OK
'mvn clean install' OK
'mvn site -DskipTests' fails with
ERROR [org.apache.fop.fo.FONode:85] 2021-12-28 21:56:54,956 - I/O error
while loading image: null
ERROR [org.apache.fop.fo.FONode:85] 2021-12-28 21:56:55,015 - I/O erro
27;!log4j-cassandra'" ran correctly. Verified
> hashes and asc files. RAT passed too.
>
> On 12/28/2021 7:46 PM, Gary Gregory wrote:
> > +1
> >
> > SHA512 OK
> > ASC OK
> > RAT check OK
> > mvn clean install -pl '!log4j-cassandra' OK
+1
SHA512 OK
ASC OK
RAT check OK
mvn clean install -pl '!log4j-cassandra' OK
openjdk version "1.8.0_312"
OpenJDK Runtime Environment (build 1.8.0_312-bre_2021_10_20_23_15-b00)
OpenJDK 64-Bit Server VM (build 25.312-b00, mixed mode)
Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537)
Ma
The good thing is that the ASC files are in the proper format to
verify with 'gpg --verify' :-)
The bad thing is that 'shasum --check' does not understand our sha512 or
sha256 files :-(
Gary
On Tue, Dec 28, 2021 at 7:22 PM Gary Gregory wrote:
> I think it is more inte
I think it is more interesting to download the dist archive instead of the
Maven repo because each PMC member is supposed to validate sigs, so:
wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate
https://dist.apache.org/repos/dist/dev/logging/log4j/
ATM you get more than you need
A legal URI cannot contain a space (per the RFC), you'll have to escape it
to %20.
Gary
On Tue, Dec 28, 2021 at 3:29 PM Leon Finker wrote:
> Hi,
>
> In one of our applications we're hitting the following issue in the
> latest log4j2 versions. We specify a config file, and it's found and
> loade
On Tue, Dec 28, 2021 at 2:59 PM Jason Pyeron wrote:
> > -Original Message-
> > From: Matt Sicker [mailto:mattsic...@apache.org]
> > Sent: Tuesday, December 28, 2021 2:27 PM
> > To: annou...@apache.org; dev@logging.apache.org
> > Subject: CVE-2021-44832: Apache Log4j2 vulnerable to RCE via
The main point is, I thought, we agreed to not say/do anything until we
have a PLAN. See also Ralph's request to call for a VOTE or wrap up the
email with the list of options.
Gary
On Tue, Dec 28, 2021 at 2:08 PM Matt Sicker wrote:
> I looked through most of the PR (besides the pom changes). Se
, arch: "x86_64", family: "mac"
Darwin *** 21.2.0 Darwin Kernel Version 21.2.0: Sun Nov 28 20:28:54 PST
2021; root:xnu-8019.61.5~1/RELEASE_X86_64 x86_64
Gary
On Mon, Dec 27, 2021 at 8:30 PM Gary Gregory wrote:
> +1
>
> - OK gpg verify of all 2.17.1 ASC files on
> https
+1
- OK gpg verify of all 2.17.1 ASC files on
https://dist.apache.org/repos/dist/dev/logging/log4j/
- RAT check fails on 2 MD files, not a blocker, just needs ASL headers.
- OK mvn clean install -pl '!log4j-cassandra'
Again for me, the log4j-cassandra module crashes the JVM for me. If I try
diff
Note that it is not the branch name that starts with "rel/", it is the tag
name.
Gary
On Sun, Dec 26, 2021, 16:21 Ron Grabowski
wrote:
> I interpreted your comment as the branch name on the 2.17.0 site says
> 'log4j-2.17.0' which doesn't exist, it should be 'rel/2.17.0'. I updated
> pom.xml in
On Sun, Dec 26, 2021 at 6:16 AM Volkan Yazıcı wrote:
> Many people get confused by the default branch of the repository on GitHub.
> I want to make it point to `release-2.x` rather than `master`. Objections?
>
+1
Gary
On Fri, Dec 24, 2021 at 5:35 PM Ralph Goers
wrote:
> The stuff on the about page is “news” and will disappear in an upcoming
> release. The security page will stick around indefinitely.
>
Ah, I did not get that. Now I do.
Gary
>
> Ralph
>
> > On Dec 24, 2021,
e all know Log4j 1.x reached end of life in August 2015. Log4j 1.2.17
> > was released on May 26, 2012. The last commit was to update the
> > web site 7 years ago. The changes.xml file shows there were commits up to
> > sometime in 2012, all of which were performed by Gary Grego
Hi All:
I find it hard to track what CVE is associated with what Log4j version and
Java version, so I created this table:
https://github.com/apache/logging-log4j2/blob/release-2.x/docs/cve-map.md
In general, I'm not a fan of duplicating information like we do on our
About page and Security page,
I versions need to be variables somehow, it's going to be forgotten for
each new release...
Gary
On Fri, Dec 24, 2021 at 4:27 PM GitBox wrote:
>
> carterkozak commented on a change in pull request #657:
> URL:
> https://github.com/apache/logging-log4j2/pull/657#discussion_r775080805
>
>
>
> ###
in PMC activities
> in quite a while or, in one case, is focused
> primarily on a non-Java project.
>
> Ralph
>
> > On Dec 24, 2021, at 10:25 AM, Gary Gregory
> wrote:
> >
> > Vladimir: It is traditional for the person who called the VOTE to tally
> the
> &
gt;
Let's not do that! ;-) Don't weigh your vote for not having had to suffer
through log4j 1 releases, DLLs and all ;-)
Gary
> -ck
>
> On Fri, Dec 24, 2021, at 12:05, Gary Gregory wrote:
> > On Fri, Dec 24, 2021 at 11:47 AM Ralph Goers >
> > wrote:
> >
> &
.apache.org/phonebook.html?project=logging
>
> So the updated summary is
>
> Binding +1 votes were received from Ralph Goers, Dominik Psenner, Matt
> Sicker, Ron Grabowski, and Remko Popma
> Binding -1 votes were received from Gary Gregory and Christian Grobmeier
> A non-binding
2012, all of which were performed by Gary Gregory
> and Christian Grobmeier who ironically both voted no to opening the repo
> back up.
Note that the repo DISCUSS/VOTE thread seemed informal because it did
specify the rules for -1/+1: Is a -1 a VETO or does the VOTE follow RELEASE
rules? Thi
"we are doing a CVE+" -> "we might do a CVE+"
On Fri, Dec 24, 2021, 09:19 Gary Gregory wrote:
> Hi Volkan,
> Nothing is ideal or great about a Log4j1 revival IMO. I still see more
> cons than pros. I understand that some people choose to stay stuck on it
>
andora's box will be open. The only
> thing we can do from then on is to share the goal statement with the
> incoming PRs and simply reject them.
>
> On Thu, Dec 23, 2021 at 10:50 PM Gary Gregory
> wrote:
>
> > -1
> > We just created logging-log4j1 and converted t
-1
We just created logging-log4j1 and converted the SVN repo into it, let's
stick to that. I even made a commit ;-)
I claim it is a good thing to start with a new repo because it creates a
tiny bit of friction, for a project that is still End-of-Life after all.
Even if it is a bit of friction to br
rently
> it is
> > > broken again.
> > >
> > > I totally share your frustration, same here. Though sparing time to fix
> > > this is pretty difficult nowadays.
> > >
> > > I also need to confess, in those brief moments of insanity, I
> cont
ess, in those brief moments of insanity, I contemplate
> nuking all those flaky tests. This will simplify the CI magic a lot and
> enhance our confidence in the tests.
>
> On Tue, Dec 21, 2021 at 3:10 AM Gary Gregory
> wrote:
>
> > After getting https://github.com/apache/logging-
On Thu, Dec 23, 2021 at 11:14 AM Vladimir Sitnikov <
sitnikov.vladi...@gmail.com> wrote:
> >A, so in fact "1.x has LOTs of known CVEs." translate to one CVE.
>
> This is false.
> There are multiple CVEs.
>
Again: References, please, otherwise you're just making FUD.
> The vulnerabilities ha
On Thu, Dec 23, 2021 at 11:05 AM Vladimir Sitnikov <
sitnikov.vladi...@gmail.com> wrote:
>
> >Where is this CVE tonnage?
>
> JMSAppender
> JMSSink
> chainsaw
> SocketServer
> infinite recursion (1.x does have some recursive code trying to replace
> variables)
>
>
> I do not know CVE numbers, y
>Now we have a real issue: 1.x has LOTs of known CVEs.
>Could we refrain from theoretical discussions?
We document CVE-2019-17571/
Where is this CVE tonnage?
Gary
On Thu, Dec 23, 2021 at 10:39 AM Vladimir Sitnikov <
sitnikov.vladi...@gmail.com> wrote:
> Volkan>To the best of
> Volkan>my knowle
make that the default branch. Then I plan to rename trunk to a nice
> name like
> DEAD-HEAD (GRATEFUL)
>
> Ralph
>
> > On Dec 23, 2021, at 7:20 AM, Gary Gregory
> wrote:
> >
> > A name like "version" should only be for tags. Once a version is
> rel
On Thu, Dec 23, 2021 at 8:48 AM Vladimir Sitnikov <
sitnikov.vladi...@gmail.com> wrote:
> Gary,
>
> If someone manages to have **both** log4j-1.2.17.jar **and**
> log4j-1.2.18.jar
> on the same classpath, nothing can help them. Really.
> Binary compatibility can't heal that.
>
You're confusing ma
ame IMO because we're ONLY EVER going to have
1.2 releases, so it might as well stay in master/main/trunk.
Gary
On Thu, Dec 23, 2021 at 9:17 AM Gary Gregory wrote:
> WAIT, what? That does not make sense, it's the same bad name we ended up
> in with the "2.12" branch instea
anch so trunk can be left alone.
>
> Ralph
>
> > On Dec 23, 2021, at 6:41 AM, Gary Gregory
> wrote:
> >
> > If we use this repo, is everyone OK renaming "trunk" to "master" in
> order
> > to match the branch name of our other repos?
> >
>
e name to something else than
'trunk' as long as we do it consistently across all Log4j repos; it would
be best to be consistent across Logging Services project repos. Otherwise,
I know I'll fat finger something ;-)
Gary
> -ck
>
> > On Dec 23, 2021, at 08:41, Gary Greg
If we use this repo, is everyone OK renaming "trunk" to "master" in order
to match the branch name of our other repos?
Gary
On Thu, Dec 23, 2021 at 1:34 AM Ralph Goers
wrote:
> I have cloned the read-only log4j repo to
> https://github.com/apache/logging-log4j1.
>
> I have followed the build in
On Thu, Dec 23, 2021 at 8:31 AM Vladimir Sitnikov <
sitnikov.vladi...@gmail.com> wrote:
> >Would - in this case - an 1.2.18 with a NoOp NTEventLogAppender be OK?
>
> I am sure 1.2.18 with NoOp (or even throwing NTEventLogAppender unless a
> silence system property is set)
> appender would be more
On Thu, Dec 23, 2021 at 8:20 AM Christian Grobmeier
wrote:
>
> On Thu, Dec 23, 2021, at 14:05, Gary Gregory wrote:
> > One of the difficulties was likely related to building the Windows DLLs
> > for
> > using the Windows Event Log Appender (
> >
> https://logging
ing the normal processes and apply
> patches, vote on new committers etc.
>
> My 2 cents.
>
> Christian
>
>
> On Mon, Dec 20, 2021, at 01:36, Gary Gregory wrote:
> > Improving legacy compatibility is what I've been pushing. I agree with
> > Matt. IMO resurrect
Vladimir,
I appreciate your energy and your enthusiasm, I do, but you're going to
have to pick your battles IMO.
I would say we (not but really wearing my PMC hat) have passively agreed
that we can move toward fixing CVEs and potential CVEs in what would be a
1.2.18.
For us to get there and whil
Well done Ralph, I'll take a look today.
Gary
On Thu, Dec 23, 2021, 01:34 Ralph Goers wrote:
> I have cloned the read-only log4j repo to
> https://github.com/apache/logging-log4j1.
>
> I have followed the build instructions and had to modify the javadoc
> plugin to not fail on errors. Now it fa
rbatim from log4j2, so I don’t
> see the issue here. I looked at the rat report on the site and it looked
> fine, too.
> --
> Matt Sicker
>
> > On Dec 21, 2021, at 14:55, Gary Gregory wrote:
> >
> > The RAT check (mvn apache-rat:check) fails on:
> >
> >
+1
I did the same steps as Rob but I only used Java 8:
- mvn apache-rat:check -DskipTests
- mvn clean install
- mvn site -DskipTests
openjdk version "1.8.0_312"
OpenJDK Runtime Environment (build 1.8.0_312-bre_2021_10_20_23_15-b00)
OpenJDK 64-Bit Server VM (build 25.312-b00, mixed mode)
Apache M
The RAT check (mvn apache-rat:check) fails on:
src/site/resources/js/jquery.min.js
src/site/resources/js/jquery.js
If it is indeed ok to ship these files, then the RAT check should exclude
these files and the NOTICE file be updated with an appropriate entry. I
know this is not the runtime, it
and a
> Log4j2.xml with just the console Appender.
> >>
> >> That should work though without any extra dependencies.
> >>
> >> Interestingly the same setup does work without errors with 2.12.3 on
> Java 7.
> >>
> >> What’s the difference betw
e declared Java 6 & 7 EOL for Log4j 2. Yet we are here
> > building
> > patch releases for them. We are only including the security patches. I
> see
> > Log4j 1.x
> > as exactly the same as those.
> >
> > Ralph
> >
> > > On Dec 21, 2021, at 6
I agree with Remko on all his points.
As I've stated before, IF there is a 1.2.18, it should ONLY be for CVEs,
and where applicable, fixed in the same style as we have for 2.x. This is,
IMO, what would be best for users *short* of migrating for 2.x.
A problem from my perspective will be users thi
Remko:
JMS is not built-in the JRE, do you have JMS in your configuration for
this test? If you do, then you'd need the JMS API and a provider as
dependencies.
Gary
On Tue, Dec 21, 2021 at 7:37 AM Ralph Goers wrote:
>
> Hmmm. This is not what I was expecting. If it didn’t work I would have
> e
+1 then
Gary
On Mon, Dec 20, 2021 at 10:50 PM Ralph Goers wrote:
>
> There was a bug in the site build. I checked the fix in to the branch. It
> doesn’t matter for the release.
>
> Ralph
>
> > On Dec 20, 2021, at 6:46 PM, Gary Gregory wrote:
> >
> > Buildin
I'm not sure this is the right branch, I think log4j-2.3.x is the
right one.
Ralph?
Gary
On Mon, Dec 20, 2021, 21:33 wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> rpopma pushed a commit to branch java6
> in repository https://gitbox.apache.org/repos/asf/loggi
After getting https://github.com/apache/logging-log4j2/pull/646 in what I
think is a good state, I have no idea if it is safe or not to merge because
the 1st build GitHub shows is red:
https://github.com/apache/logging-log4j2/runs/4589771553?check_suite_focus=true
I don't use GH actions the way we
Building from the git tag for HEAD detached at log4j-2.12.3-rc1 (2b9359b23)
- mvn apache-rat:check -DskipTests OK
- mvn clean install OK except a JVM crash I always get in the
Cassandra module tests, just like always.
- mvn site -DskipTests fails with:
[ERROR] Failed to execute goal
org.apache.ma
>
> PropertiesUtil populates the SystemProperties when it creates the Environment.
>
> Ralph
>
> > On Dec 20, 2021, at 12:18 PM, Gary Gregory wrote:
> >
> > Hello,
> >
> > I'd like to propose that we add an element called SystemProperty to
> > ou
Is https://github.com/apache/log4j a mirror of an SVN repo?
Gary
On Mon, Dec 20, 2021 at 2:31 PM Carter Kozak wrote:
>
> Same, git migration makes sense to me if we are fixing CVEs.
>
> -ck
>
> > On Dec 20, 2021, at 14:28, Matt Sicker wrote:
> >
> > Sorry, I forgot to vote explicitly. I'd be +
file
> you can include that gets loaded as a log4j2 system properties file,
> by the way.
>
> On Mon, Dec 20, 2021 at 1:19 PM Gary Gregory wrote:
> >
> > Hello,
> >
> > I'd like to propose that we add an element called SystemProperty to
> > our confi
Hello,
I'd like to propose that we add an element called SystemProperty to
our configuration. This would look like our current Property element
but would set a system property instead of a configuration property.
My use case is, at work, our tooling generates one XML configuration
file for a user
I don't see the need for the incubator or a new PMC, this is a recipe for
confusion for users and contributors: Log4j 1 is a component of the Apache
Logging Services project and should remain for Apache to provide the best
and consistent *story* for Java logging, at Apache at least.
Things are bad
"need to move log4j 1.x forward"
If this means more than only fixing CVEs it will create a giant hairball of
confusion for users between 1.x and 2.x.
Gary
On Mon, Dec 20, 2021, 09:06 Vladimir Sitnikov
wrote:
> Ron,
>
> There's a need to move log4j 1.x forward, and Ralph Goers suggested
> that
We need a better branch name IMO... one like the 2.12.x name, 2.12 ->
2.12.x? java6 -> 2.3.x?
Gary
On Mon, Dec 20, 2021, 00:45 wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> rgoers pushed a change to branch java6
> in repository https://gitbox.apache.org/repos/
Improving legacy compatibility is what I've been pushing. I agree with
Matt. IMO resurrecting 1.x sets a bad precedent and is a proverbial can of
worms.
Gary
On Sun, Dec 19, 2021, 17:55 Matt Sicker wrote:
> The alternative is to polish the 1.x compatibility in 2.x which is both
> actively maint
Should the mailing lists include the security list?
Gary
On Sun, Dec 19, 2021, 17:40 Matt Sicker wrote:
> Hi all, this is a lazy vote to release the latest changes to our common
> parent POM. The changes in this release are all the same changes made
> between the Apache parent pom versions 23 t
ne to even get 1.x back into a releasable state
> compared to the alternatives discussed in this thread.
>
> --
> Matt Sicker
>
> > On Dec 19, 2021, at 15:58, Gary Gregory wrote:
> >
> > WRT words, IIRC Apache only has top-level projects (for example,
> >
Thank Matt for hoovering up our debt, and thanks Sebb for pointing it out!
Gary
On Sun, Dec 19, 2021 at 4:54 PM Matt Sicker wrote:
>
> Yes, I’ve migrated at least one relevant key for log4net into the root keys
> file. As log4php is dormant, that other keys file may no longer be necessary.
> I
WRT words, IIRC Apache only has top-level projects (for example,
Apache Logging Services, Apache Commons, Apache HttpComponents),
within that you can have components, not other projects, for example,
Apache Log4j, Apache Commons IO, Apache HttpComponents HttpCore.
Gary
On Sun, Dec 19, 2021 at 4:2
On Sun, Dec 19, 2021 at 3:33 PM Vladimir Sitnikov
wrote:
>
> Ralph>if you want to resurrect the project then this really should go
> through
> Ralph>the ASF incubator with the Logging Services project as the sponsor
>
> Ralph,
> Do you think you know similar cases?
> Could you please suggest the p
Something like a setting in the prop file itself or yet another system
property "variable substitution depth"?
Gary
On Sun, Dec 19, 2021, 11:10 Vladimir Sitnikov
wrote:
> >Could it make sense to limit recursion to a few levels (e.g. 3 or 5) by
> default,
>
> +1
>
> Unlimited recursion is a disa
Yeah, this is super cool. At work, many of our customers want DTAP
configurations so we paramertize the config files for our software so we do
not need four sets of configuration folders and all their files.
Gary
On Sun, Dec 19, 2021, 11:04 Ralph Goers wrote:
> In my configuration I have
>
>
>
create-symbolic-links
> >
> > Maybe I read the docs from MS incorrectly.
> >
> > Tim
> >
> >
> > > On Dec 18, 2021, at 7:07 AM, Gary Gregory wrote:
> > >
> > > Hi All:
> > >
> > > And now for something co
at 8:14 AM Leo Simons wrote:
>
> Hey folks,
>
> So as requested I've made a conservative fully binary compatible version of
> all the build changes and security fixes, patches are on a new pull request
> at
>
> https://github.com/apache/log4j/pull/17
>
&g
st manner possible, IMO, help them
move forward to 2.x by helping on the mailing lists, Jira, GitHub, Slack,
there is no shortage of work to be done.
Ty,
Gary
On Sat, Dec 18, 2021, 13:17 Leo Simons wrote:
> On Sat, Dec 18, 2021 at 5:32 PM Leo Simons wrote:
>
> > On Sat, Dec 18
Hi All:
And now for something completely different.
I wonder why we do not do file rollovers like below, and if we should:
- Create the file with the target rolled over a name like applog-2021.txt
- Create a symlink for the constant name like applog.txt to point to
applog-2021.txt
- When it's rol
If you delete anything that is public or protected, you will break
binary compatibility, and that's a no-go IMO. If are going to really
want to release anything, you'll want to disable JNDI by default and
add an enablement property as we did for 2.17.0.
Gary
On Sat, Dec 18, 2021 at 9:13 AM Robert
+1
Building from the git tag (tags/log4j-2.17.0-rc1 a19ef9bce) OK; running:
- mvn clean install
- mvn site -DskipTests
- mvn apache-rat:check -DskipTests
openjdk version "1.8.0_312"
OpenJDK Runtime Environment (build 1.8.0_312-bre_2021_10_20_23_15-b00)
OpenJDK 64-Bit Server VM (build 25.312-b00,
Hi all,
[Reposting in a new thread]
Log4j 2 provides a compatibility layer for the 1.2 API and for some
configuration files. It is not a 100% drop in replacement, but it could be
made much better with some work. So, I would prefer that brain power for
1.x be applied in this direction, instead of
1.x be applied in this direction, such that we could say update to 2.x and
pow, it works :-)
Gary
On Thu, Dec 16, 2021, 08:13 Gary Gregory wrote:
> I am just voicing my opinion, others can still cause this to pass.
>
> Gary
>
> On Thu, Dec 16, 2021, 00:12 Vladimir Sitnikov
I am just voicing my opinion, others can still cause this to pass.
Gary
On Thu, Dec 16, 2021, 00:12 Vladimir Sitnikov
wrote:
> I thought there was an agreement on releasing 1.2.18 as "networkless"
> release.
> I think moving to Git (which is a no-op basically), would greatly simplify
> that.
>
-1
1.x has been EOL since 2015, this would only encourage full resurrection,
and inevitable feature creep, with possible confusion as to which version
1.x vs 2.x to use in which circumstance.
Gary
On Wed, Dec 15, 2021, 23:50 Vladimir Sitnikov
wrote:
> Hi,
>
> I suggest log4j 1.x moves from SVN
On Wed, Dec 15, 2021 at 1:01 PM Matt Sicker wrote:
>
> Same as Ralph. Glad to have some help performing an updated release,
> though unless we can get a few interested maintainers to join the
> project to help continue maintenance, it may cause a lot of confusion
> around EOL support. I do think i
On Wed, Dec 15, 2021 at 9:34 AM sebb wrote:
>
> On Wed, 15 Dec 2021 at 14:17, Gary Gregory wrote:
> >
> > It seems to me we should drop:
> > - 2.12.1
>
> BTW, this is referenced from:
>
> https://logging.apache.org/log4j/log4j-2.12.2/downlo
It seems to me we should drop:
- 2.12.1
- 2.15.0
?
Gary
Tracking here: https://issues.apache.org/jira/browse/LOG4J2-3228
Gary
On Tue, Dec 14, 2021, 13:46 Matt Sicker wrote:
> Agreed. While the serialization logic for Logger is pretty trivial, it
> would be best to avoid serialization APIs entirely.
>
> On Tue, Dec 14, 2021 at 12:42 PM
401 - 500 of 2025 matches
Mail list logo
