-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LOG4J2-3211 - Remove Messge Lookups #623
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Strongly in favor of this. Thank you for putting it together, Ralph!
@@ -38,7 +38,7 @@ public void testDateLookupInMessage(final LoggerContext context, @Named("List") | |||
final String template = "${date:YYYY-MM-dd}"; | |||
context.getLogger(PatternLayoutLookupDateTest.class.getName()).info(template); | |||
final String string = listAppender.getMessages().get(0); | |||
assertFalse(string.contains(template), string); | |||
assertTrue(string.contains(template), string); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This class and log4j-list-lookups.xml could be deleted.
@@ -121,7 +121,7 @@ public void testLookup() { | |||
.setMessage(msg).build(); | |||
final StringBuilder sb = new StringBuilder(); | |||
converter.format(event, sb); | |||
assertEquals("bar", sb.toString(), "Unexpected result"); | |||
assertEquals("${foo}", sb.toString(), "Unexpected result"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given the feature is gone, we can probably remove this test as it’s covered elsewhere
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't want to remove any test for this release. Just change them to prove the change was made.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm down with this idea. I don't believe lookups should be applied to layouts at the message level anyways.
@@ -1497,18 +1497,6 @@ WARN [main]: Message 2</pre> | |||
The call site can look like this: | |||
</p> | |||
<pre class="prettyprint linenums">logger.info("@|KeyStyle {}|@ = @|ValueStyle {}|@", entry.getKey(), entry.getValue());</pre> | |||
<p> | |||
Use <code>{lookups}</code> to log messages like <code>logger.info("Try ${esc.d}{date:YYYY-MM-dd}")</code> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it make sense to put a note here, something like this:
From Log4j 2.16.0, support for lookups in log messages has been removed for security reasons. Both the
{lookups}
and the{nolookups}
options on the%m
,%msg
and%message
pattern are now silently ignored.
git-svn-id: https://svn.apache.org/repos/asf/logging/log4j/branches/BRANCH_2_0_EXPERIMENTAL/rgoers@1185987 13f79535-47bb-0310-9956-ffa450edef68
No description provided.