logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Sicker (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LOG4J2-1820) Log4j 2.8 can lose exceptions when a security manager is present
Date Wed, 22 Feb 2017 04:46:44 GMT

    [ https://issues.apache.org/jira/browse/LOG4J2-1820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15877466#comment-15877466

Matt Sicker commented on LOG4J2-1820:

The use of {{ClassLoader.getParent()}} also requires a security check in ClassLoaderContextSelector.

As for running tests with a custom SecurityManager, I think a basic TestRule parameter could
be parameterized via @Params.

> Log4j 2.8 can lose exceptions when a security manager is present
> ----------------------------------------------------------------
>                 Key: LOG4J2-1820
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-1820
>             Project: Log4j 2
>          Issue Type: Bug
>    Affects Versions: 2.8
>            Reporter: Jason Tedor
>         Attachments: 0001-Handle-security-exception-on-getting-class-loader.patch
> When Log4j is rendering an exception, it can attempt to access a class loader that it
does not have permissions to access when a security manager is present.
> I have a patch and a failing test case for this; I will submit it shortly.
> This is similar to LOG4J2-1560.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org

View raw message