Closed. This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 12 months ago. Improve this question My present project is fully dockerized with large number of Spring Boot containers. Most of them are built with log4j
Tag: log4j
Detecting Apache Log4j vulnerability presence in gradle transitive dependencies
There is a recent vulnerability in log4j https://nvd.nist.gov/vuln/detail/CVE-2021-44228 which has criticality score of 10 How to check the presence of Log4j vulnerable versions in gradle so that it would list all the dependencies including the transitive dependencies? Answer We can use To list the dependency tree. It will list all dependencies with their respective version. Since this output can be
Log4j ThreadContext.clear() not available with auto-complete?
according to the Log4j documentation I can call ThreadContext.clear(); but in my IDE I do not get clear() as an available method and I also get compilation errors, I only see clearAll(), etc., why? What is missing on the classpath? Log4j Version 2.16.0 is used. Answer As per https://svn.apache.org/viewvc?view=revision&revision=1594389, the clear() method is replaced with clearMap() (it was already deprecated
What is the current version of log4j-nosql and is it save?
For obvious reasons I am trying to update log4j to version 2.15. However the submodule log4j-nosql seems to be discontinued after 2.9.1: https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-nosql/ Is updating this submodule necessary? Which submodule contains the exploit? Answer I see no evidence that it’s “discontinued”, it’s just effectively feature-complete. They haven’t needed to update it, so they haven’t updated it. Is updating this submodule
Log4j vulnerability – Is Log4j 1.2.17 vulnerable (was unable to find any JNDI code in source)?
With regard to the Log4j JNDI remote code execution vulnerability that has been identified CVE-2021-44228 – (also see references) – I wondered if Log4j-v1.2 is also impacted, but the closest I got from source code review is the JMS-Appender. The question is, while the posts on the Internet indicate that Log4j 1.2 is also vulnerable, I am not able to
How to format log4j timestamp with nanoseconds and timezone?
I want to achieve a timestamp that has nanoseconds and time zone difference, example: 2021-11-30 22:21:41.829798+02:00 I failed with variations like: %d{yyyy-MM-dd HH:mm:ss.nnnnnnXXX} Dependency: Is that supported with log4j and if so how can I achieve that? thanks. Answer I was able to find an obvious solution 🙂 I separated the timestamp with nanos from the timezone itself and it
log4j custom appender stop method not getting called
I am trying to implement a custom log appender for log4j and will need to initialize some resources before start and cleanup at the end. Somehow my stop method will not be executed. I’ve tried using LogManager.shutdown(); but I cannot see my method getting called. This is my appender class: And this is a simple test I can see the
Adding log4j to build.gradle
Trying to create simple Gradle Java project in my Eclipse. I’m using LOG4J library, so my build.gradle looks: I added two lines in this file that I expect will allow to download log4j library: But looks this not help, because in case I build project with gradle I have compile errors. I suppose I declared log4j in deprecated way (I
Failed to generate .log file, but output console is there
I have tried to implement logs in the Serenity Cucumber framework and it prints logs in the console but doesn’t generate a .log file. This is logback-test.xml under src/test/resources <…
Log4j warning and ClassNotFoundException problem
I am trying to run my javaFX project on the console using the jar file of the project on windows. I am running the program with the following command: java -jar INF202_PROJECT.jar When I run it in the IDE (I am using intellij) it runs normally and as expected but I get the following output: And when I run the