Upgrade log4j to 2.15.0 (#81709)

Originally we tried to a log4j update in #47298, but we were unable to
that due to the `DeprecationLoggerTests.testLogPermissions` test
failing. The test relied on mocking and got removed in
https://github.com/elastic/elasticsearch/pull/61474/files#diff-70de5a6ba5c637e7f19c51341417760d6e957beb5a1fa5703049095ea2719ee0L47

Now we should be able to the upgrade and then we can address the Security
Manager permission questions raised in #47298 separately.

* Initialize pattern layout with AccessController.doPrivileged

We need the `getClassLoader` permissions

* Disable the SecurityManager for command testing because of `CommandLoggingConfigurator` 
which fails under the `SecurityManager`

Author: arteam

build-tools-internal/version.properties

@@ -14,7 +14,7 @@ snakeyaml         = 1.26
 icu4j             = 68.2
 supercsv          = 2.4.0
 # when updating log4j, please update also docs/java-api/index.asciidoc
-log4j             = 2.11.1
+log4j             = 2.15.0
 slf4j             = 1.6.2
 ecsLogging        = 1.2.0
 

modules/repository-url/build.gradle

@@ -40,7 +40,8 @@ tasks.named("thirdPartyAudit").configure {
     'javax.servlet.ServletContextListener',
     'org.apache.avalon.framework.logger.Logger',
     'org.apache.log.Hierarchy',
-    'org.apache.log.Logger'
+    'org.apache.log.Logger',
+    'javax.jms.Message'
   )
 }
 

modules/repository-url/licenses/log4j-1.2-api-2.11.1.jar.sha1

@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7

modules/repository-url/licenses/log4j-1.2-api-2.15.0.jar.sha1

@@ -116,6 +116,7 @@ tasks.named("thirdPartyAudit").configure {
           'org.apache.avalon.framework.logger.Logger',
           'org.apache.log.Hierarchy',
           'org.apache.log.Logger',
+          'javax.jms.Message',
           'org.eclipse.persistence.descriptors.ClassDescriptor',
           'org.eclipse.persistence.internal.oxm.MappingNodeValue',
           'org.eclipse.persistence.internal.oxm.TreeObjectBuilder',

plugins/discovery-azure-classic/build.gradle

@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7

plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.11.1.jar.sha1

@@ -125,6 +125,7 @@ tasks.named("thirdPartyAudit").configure {
           'org.apache.avalon.framework.logger.Logger',
           'org.apache.log.Hierarchy',
           'org.apache.log.Logger',
+          'javax.jms.Message',
           'javax.xml.bind.DatatypeConverter',
           'javax.xml.bind.JAXBContext'
   )

plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.15.0.jar.sha1

@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7

plugins/discovery-ec2/build.gradle

@@ -52,6 +52,8 @@ tasks.named("thirdPartyAudit").configure {
           'org.apache.avalon.framework.logger.Logger',
           'org.apache.log.Hierarchy',
           'org.apache.log.Logger',
+          'org.apache.avalon.framework.logger.Logger',
+          'javax.jms.Message',
           'org.apache.http.ConnectionReuseStrategy',
           'org.apache.http.Header',
           'org.apache.http.HttpEntity',

plugins/discovery-ec2/licenses/log4j-1.2-api-2.11.1.jar.sha1

@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7

plugins/discovery-ec2/licenses/log4j-1.2-api-2.15.0.jar.sha1

@@ -135,6 +135,8 @@ tasks.named("thirdPartyAudit").configure {
     'org.apache.avalon.framework.logger.Logger',
     'org.apache.log.Hierarchy',
     'org.apache.log.Logger',
+    'javax.jms.Message',
+
     // optional apache http client dependencies
     'org.apache.http.ConnectionReuseStrategy',
     'org.apache.http.Header',

plugins/discovery-gce/build.gradle

@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7

plugins/discovery-gce/licenses/log4j-1.2-api-2.11.1.jar.sha1

@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7

plugins/discovery-gce/licenses/log4j-1.2-api-2.15.0.jar.sha1

@@ -0,0 +1 @@
+8bb417869ab3baa19f2fc70e6d776d041f0a8ebc

plugins/repository-gcs/build.gradle

@@ -290,6 +290,7 @@ tasks.named("thirdPartyAudit").configure {
           'org.apache.avalon.framework.logger.Logger',
           'org.apache.log.Hierarchy',
           'org.apache.log.Logger',
+          'javax.jms.Message',
           'software.amazon.ion.IonReader',
           'software.amazon.ion.IonSystem',
           'software.amazon.ion.IonType',

plugins/repository-gcs/licenses/log4j-1.2-api-2.11.1.jar.sha1

@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7

plugins/repository-gcs/licenses/log4j-1.2-api-2.15.0.jar.sha1

@@ -201,11 +201,9 @@ tasks.named("thirdPartyAudit").configure {
             'org.apache.commons.compress.utils.IOUtils',
             'org.apache.commons.csv.CSVFormat',
             'org.apache.commons.csv.QuoteMode',
-            'org.apache.kafka.clients.producer.Callback',
             'org.apache.kafka.clients.producer.Producer',
             'org.apache.kafka.clients.producer.RecordMetadata',
             'org.codehaus.stax2.XMLStreamWriter2',
-            'org.jctools.queues.MessagePassingQueue$Consumer',
             'org.jctools.queues.MpscArrayQueue',
             'org.osgi.framework.Bundle',
             'org.osgi.framework.BundleActivator',

plugins/repository-hdfs/licenses/log4j-1.2-api-2.11.1.jar.sha1

@@ -0,0 +1 @@
+4a5aa7e55a29391c6f66e0b259d5189aa11e45d0

plugins/repository-hdfs/licenses/log4j-1.2-api-2.15.0.jar.sha1

@@ -0,0 +1 @@
+ba55c13d7ac2fd44df9cc8074455719a33f375b9

plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.11.1.jar.sha1

@@ -118,7 +118,8 @@ tasks.named("thirdPartyAudit").configure {
           'org.apache.log.Logger',
           //commons-logging provided dependencies
           'javax.servlet.ServletContextEvent',
-          'javax.servlet.ServletContextListener'
+          'javax.servlet.ServletContextListener',
+          'javax.jms.Message'
   )
 }
 

plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.15.0.jar.sha1

@@ -0,0 +1 @@
+bc960fe2acbe6f3952011f88a771de18301534e7

plugins/repository-s3/build.gradle

@@ -0,0 +1 @@
+8bb417869ab3baa19f2fc70e6d776d041f0a8ebc

plugins/repository-s3/licenses/log4j-1.2-api-2.11.1.jar.sha1

@@ -0,0 +1 @@
+8bb417869ab3baa19f2fc70e6d776d041f0a8ebc

plugins/repository-s3/licenses/log4j-1.2-api-2.15.0.jar.sha1

@@ -129,6 +129,8 @@
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.time.Clock;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -247,7 +249,12 @@ public static void lookupPatternLayout() throws Exception {
         assertThat(properties.getProperty("appender.audit_rolling.layout.type"), is("PatternLayout"));
         final String patternLayoutFormat = properties.getProperty("appender.audit_rolling.layout.pattern");
         assertThat(patternLayoutFormat, is(notNullValue()));
-        patternLayout = PatternLayout.newBuilder().withPattern(patternLayoutFormat).withCharset(StandardCharsets.UTF_8).build();
+        patternLayout = AccessController.doPrivileged(
+            (PrivilegedAction<PatternLayout>) () -> PatternLayout.newBuilder()
+                .withPattern(patternLayoutFormat)
+                .withCharset(StandardCharsets.UTF_8)
+                .build()
+        );
         customAnonymousUsername = randomAlphaOfLength(8);
         reservedRealmEnabled = randomBoolean();
     }

server/build.gradle

@@ -12,3 +12,8 @@ testClusters.matching { it.name == "integTest" }.configureEach {
   setting 'xpack.license.self_generated.type', 'trial'
   plugin ':x-pack:qa:freeze-plugin'
 }
+
+tasks.named("integTest").configure {
+  // Disabled because of log4j Security Manager permission issues in CLI tools
+  systemProperty 'tests.security.manager', 'false'
+}

server/licenses/log4j-api-2.11.1.jar.sha1

@@ -54,6 +54,9 @@ subprojects {
       "${-> testClusters.integTest.singleNode().getAuditLog()}"
     nonInputProperties.systemProperty 'tests.audit.yesterday.logfile',
       "${-> testClusters.integTest.singleNode().getAuditLog().getParentFile()}/integTest_audit-${new Date().format('yyyy-MM-dd')}-1.json.gz"
+
+    // Disabled because of log4j Security Manager permission issues in CLI tools
+    systemProperty 'tests.security.manager', 'false'
   }
 
   tasks.named("testingConventions").configure { enabled = false }

server/licenses/log4j-api-2.15.0.jar.sha1

@@ -4,3 +4,8 @@ testClusters.matching { it.name == "integTest" }.configureEach {
   setting 'xpack.license.self_generated.type', 'trial'
   plugin ':x-pack:qa:freeze-plugin'
 }
+
+tasks.named("integTest").configure {
+  // Disabled because of log4j Security Manager permission issues in CLI tools
+  systemProperty 'tests.security.manager', 'false'
+}

server/licenses/log4j-core-2.11.1.jar.sha1

@@ -106,11 +106,9 @@ tasks.named("thirdPartyAudit").configure {
           'org.apache.commons.compress.utils.IOUtils',
           'org.apache.commons.csv.CSVFormat',
           'org.apache.commons.csv.QuoteMode',
-          'org.apache.kafka.clients.producer.Callback',
           'org.apache.kafka.clients.producer.Producer',
           'org.apache.kafka.clients.producer.RecordMetadata',
           'org.codehaus.stax2.XMLStreamWriter2',
-          'org.jctools.queues.MessagePassingQueue$Consumer',
           'org.jctools.queues.MpscArrayQueue',
           'org.osgi.framework.Bundle',
           'org.osgi.framework.BundleActivator',

server/licenses/log4j-core-2.15.0.jar.sha1

@@ -0,0 +1 @@
+4a5aa7e55a29391c6f66e0b259d5189aa11e45d0

x-pack/plugin/core/build.gradle

@@ -0,0 +1 @@
+ba55c13d7ac2fd44df9cc8074455719a33f375b9

x-pack/plugin/core/licenses/log4j-1.2-api-2.11.1.jar.sha1

@@ -0,0 +1 @@
+8bb417869ab3baa19f2fc70e6d776d041f0a8ebc