[Java] Log4j 1.2.12 のadditivity, ConsoleAppender

1 minute read

Note: On August 5, 2015 the Logging Services Project Management Committee announced that Log4j 1.x had reached end of life. / Log4j version 1 is no longer supported …But now I’m looking into log4j-1.2.

originally log4j-1.2.8 On the application that was only there

log4j-1.2.12 Something strange because the is included. The log appears twice. And unintentionally appearing in System Out… Here are some notes about these two points.

Double appearance

First of all, it seems to be related to the point of double appearance. Additivity

Log4j Logger hierarchy and additivity behavior

Additivity is set to true by default, that is children inherit the appenders of their ancestors by default. Additivity is set to true by default, and children will inherit their ancestor’s appenders by default.

Unintentionally appear in System Out

For SystemOut, the following is questionable when I look at log4j change history.

Quote.

  • 1.2.12 TRACE level introduced, ConsoleAppender modified to follow redirection of System.out The TRACE level was introduced, and ConsoleAppender was changed to follow the redirect of System.out.
  • 1.2.13 TRACE level missing info fixed, ConsoleAppender.follow added to make redirection following an optional behavior. Correct TRACE level missing information and add ConsoleAppender.follow to perform redirect following any action. Did.
  • log4j version 1.2.13 Bug #37122: Console appender now behaves as before to fix compatibility problem with JBoss introduced in 1.2.12 release due to fix for bug 31056.Can still be configured to detect changes in the System.out and System.err streams as needed by setting the follow property.ConsoleAppender is 1.2 due to the fix of bug 31056. It works as before to fix a compatibility issue with JBoss introduced in the .12 release. You can now configure it to detect changes in the System.out and System.err streams by setting the following properties:

The behavior of ConsoleAppender seems to have changed. 1 If you try 1.2.17 here, the behavior will return to the same as 1.2.8.

compatibility

API/ABI changes review for log4j

I will write down what I have checked so far, whether it is okay to raise it to 1.2.17 in business. Also, Log4j seems to have a vulnerability related to deserialization of unreliable data. It seems that I haven’t done so, so that’s a memo.