LOGGING: Upgrade to Log4J 2.11.1 (#32675)

original-brownbear · web-flow · commit b7620a582b5d · 2018-08-07T21:21:16.000+02:00
* LOGGING: Upgrade to Log4J 2.11.1 * Upgrade to `2.11.1` to fix memory leaks in slow logger when logging large requests * This was caused by a bug in Log4J https://issues.apache.org/jira/browse/LOG4J2-2269 and is fixed in `2.11.1` via https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=9496c0c * Fixes #32537 * Fixes #27300
diff --git a/buildSrc/version.properties b/buildSrc/version.properties
@@ -7,7 +7,7 @@ jts               = 1.13
 jackson           = 2.8.6
 snakeyaml         = 1.15
 # when updating log4j, please update also docs/java-api/index.asciidoc
-log4j             = 2.9.1
+log4j             = 2.11.1
 slf4j             = 1.6.2
 
 # when updating the JNA version, also update the version in buildSrc/build.gradle
diff --git a/core/build.gradle b/core/build.gradle
@@ -179,8 +179,6 @@ thirdPartyAudit.excludes = [
   'com.fasterxml.jackson.dataformat.xml.JacksonXmlModule',
   'com.fasterxml.jackson.dataformat.xml.XmlMapper',
   'com.fasterxml.jackson.dataformat.xml.util.DefaultXmlPrettyPrinter',
-  'com.fasterxml.jackson.databind.node.JsonNodeFactory',
-  'com.fasterxml.jackson.databind.node.ObjectNode',
   'org.fusesource.jansi.Ansi',
   'org.fusesource.jansi.AnsiRenderer$Code',
   'com.lmax.disruptor.BlockingWaitStrategy',
@@ -221,12 +219,6 @@ thirdPartyAudit.excludes = [
   'javax.mail.internet.MimeMultipart',
   'javax.mail.internet.MimeUtility',
   'javax.mail.util.ByteArrayDataSource',
-  'javax.persistence.AttributeConverter',
-  'javax.persistence.EntityManager',
-  'javax.persistence.EntityManagerFactory',
-  'javax.persistence.EntityTransaction',
-  'javax.persistence.Persistence',
-  'javax.persistence.PersistenceException',
   'org.apache.commons.compress.compressors.CompressorStreamFactory',
   'org.apache.commons.compress.utils.IOUtils',
   'org.apache.commons.csv.CSVFormat',
@@ -259,6 +251,16 @@ thirdPartyAudit.excludes = [
   'org.noggit.JSONParser',
 ]
 
+if (JavaVersion.current() <= JavaVersion.VERSION_1_8) {
+  // Used by Log4J 2.11.1
+  thirdPartyAudit.excludes += [
+    'java.io.ObjectInputFilter',
+    'java.io.ObjectInputFilter$Config',
+    'java.io.ObjectInputFilter$FilterInfo',
+    'java.io.ObjectInputFilter$Status'
+  ]
+}
+
 if (JavaVersion.current() > JavaVersion.VERSION_1_8) {
   thirdPartyAudit.excludes += ['javax.xml.bind.DatatypeConverter']
 }
diff --git a/core/licenses/log4j-1.2-api-2.11.1.jar.sha1 b/core/licenses/log4j-1.2-api-2.11.1.jar.sha1
@@ -0,0 +1 @@
+3aba3398fe064a3eab4331f88161c7480e848418
diff --git a/core/licenses/log4j-1.2-api-2.9.1.jar.sha1 b/core/licenses/log4j-1.2-api-2.9.1.jar.sha1
diff --git a/core/licenses/log4j-api-2.11.1.jar.sha1 b/core/licenses/log4j-api-2.11.1.jar.sha1
@@ -0,0 +1 @@
+268f0fe4df3eefe052b57c87ec48517d64fb2a10
diff --git a/core/licenses/log4j-api-2.9.1.jar.sha1 b/core/licenses/log4j-api-2.9.1.jar.sha1
diff --git a/core/licenses/log4j-core-2.11.1.jar.sha1 b/core/licenses/log4j-core-2.11.1.jar.sha1
@@ -0,0 +1 @@
+592a48674c926b01a9a747c7831bcd82a9e6d6e4
diff --git a/core/licenses/log4j-core-2.9.1.jar.sha1 b/core/licenses/log4j-core-2.9.1.jar.sha1
diff --git a/docs/java-api/index.asciidoc b/docs/java-api/index.asciidoc
@@ -70,7 +70,7 @@ You need to also include Log4j 2 dependencies:
 <dependency>
     <groupId>org.apache.logging.log4j</groupId>
     <artifactId>log4j-core</artifactId>
-    <version>2.9.1</version>
+    <version>2.11.1</version>
 </dependency>
 --------------------------------------------------
 
@@ -98,7 +98,7 @@ If you want to use another logger than Log4j 2, you can use http://www.slf4j.org
 <dependency>
     <groupId>org.apache.logging.log4j</groupId>
     <artifactId>log4j-to-slf4j</artifactId>
-    <version>2.9.1</version>
+    <version>2.11.1</version>
 </dependency>
 <dependency>
     <groupId>org.slf4j</groupId>
diff --git a/plugins/repository-hdfs/build.gradle b/plugins/repository-hdfs/build.gradle
@@ -559,7 +559,6 @@ thirdPartyAudit.excludes = [
   // we are not pulling in slf4j-ext, this is okay, Log4j will fallback gracefully
   'org.slf4j.ext.EventData',
 
-  'org.apache.log4j.AppenderSkeleton',
   'org.apache.log4j.AsyncAppender',
   'org.apache.log4j.helpers.ISO8601DateFormat',
   'org.apache.log4j.spi.ThrowableInformation',
diff --git a/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.11.1.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.11.1.jar.sha1
@@ -0,0 +1 @@
+4b41b53a3a2d299ce381a69d165381ca19f62912
diff --git a/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.9.1.jar.sha1 b/plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.9.1.jar.sha1
diff --git a/test/logger-usage/build.gradle b/test/logger-usage/build.gradle
@@ -45,3 +45,13 @@ thirdPartyAudit.excludes = [
   'org.osgi.framework.wiring.BundleWire',
   'org.osgi.framework.wiring.BundleWiring'
 ]
+
+if (JavaVersion.current() <= JavaVersion.VERSION_1_8) {
+  // Used by Log4J 2.11.1
+  thirdPartyAudit.excludes += [
+    'java.io.ObjectInputFilter',
+    'java.io.ObjectInputFilter$Config',
+    'java.io.ObjectInputFilter$FilterInfo',
+    'java.io.ObjectInputFilter$Status'
+  ]
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+3aba3398fe064a3eab4331f88161c7480e848418`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+268f0fe4df3eefe052b57c87ec48517d64fb2a10`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+592a48674c926b01a9a747c7831bcd82a9e6d6e4`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+4b41b53a3a2d299ce381a69d165381ca19f62912`