logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Tedor (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LOG4J2-1560) Log4j can lose exceptions when a security manager is present
Date Fri, 07 Oct 2016 15:36:20 GMT

    [ https://issues.apache.org/jira/browse/LOG4J2-1560?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15555404#comment-15555404
] 

Jason Tedor commented on LOG4J2-1560:
-------------------------------------

This patch was against master for inclusion in the 2.7 release. I also [inquired|https://issues.apache.org/jira/browse/LOG4J2-1560?focusedCommentId=15459218&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15459218]
in this thread about getting an immediate 2.6.3 release that included a version of this patch.
I was [asked|https://issues.apache.org/jira/browse/LOG4J2-1560?focusedCommentId=15463105&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15463105]
to prepare a patch against 2.6.3 for that purpose; that patch is included in LOG4J2-1563.
Instead of applying that patch against 2.6.2 and releasing 2.6.3 immediately as requested,
and applying this patch against master for inclusion in 2.7, for reasons not clear to me this
patch was not applied anywhere, and the patch in LOG4J2-1563 was not applied against 2.6.2,
but instead against master. The 2.6.3 released was never performed.

> Log4j can lose exceptions when a security manager is present
> ------------------------------------------------------------
>
>                 Key: LOG4J2-1560
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-1560
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.6.2
>            Reporter: Jason Tedor
>         Attachments: log4j-exception-logging-issue.tar.gz, throwable-proxy-security-exception-2.6.2.patch
>
>
> When Log4j is rendering an exception, it can attempt to load classes that it does not
have permissions to load when a security manager is present.
> I have a patch and a failing test case for this; I will submit it shortly.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org


Mime
View raw message