New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LOG4J2-3211 - Remove Messge Lookups #623
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -121,7 +121,7 @@ public void testLookup() { | |
.setMessage(msg).build(); | ||
final StringBuilder sb = new StringBuilder(); | ||
converter.format(event, sb); | ||
assertEquals("bar", sb.toString(), "Unexpected result"); | ||
assertEquals("${foo}", sb.toString(), "Unexpected result"); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Given the feature is gone, we can probably remove this test as it’s covered elsewhere There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I didn't want to remove any test for this release. Just change them to prove the change was made. |
||
} | ||
|
||
@Test | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1460,14 +1460,19 @@ WARN [main]: Message 2</pre> | |
<tr> | ||
<td align="center"> | ||
<a name="PatternMessage"/> | ||
<b>m</b>{lookups}{ansi}<br /> | ||
<b>msg</b>{lookups}{ansi}<br /> | ||
<b>message</b>{lookups}{ansi} | ||
<b>m</b>{ansi}<br /> | ||
<b>msg</b>{ansi}<br /> | ||
<b>message</b>{ansi} | ||
</td> | ||
<td> | ||
<p> | ||
Outputs the application supplied message associated with the logging event. | ||
</p> | ||
<p> | ||
From Log4j 2.16.0, support for lookups in log messages has been removed for security reasons. | ||
Both the<code>{lookups}</code> and the <code>{nolookups}</code> options on the %m, %msg and %message | ||
pattern are now ignored. If either is specified a message will be logged. | ||
</p> | ||
<!-- Copied and tweaked from Javadoc for org.apache.logging.log4j.core.pattern.JAnsiMessageRenderer --> | ||
<p> | ||
Add <code>{ansi}</code> to render messages with ANSI escape codes (requires JAnsi, | ||
|
@@ -1497,18 +1502,6 @@ WARN [main]: Message 2</pre> | |
The call site can look like this: | ||
</p> | ||
<pre class="prettyprint linenums">logger.info("@|KeyStyle {}|@ = @|ValueStyle {}|@", entry.getKey(), entry.getValue());</pre> | ||
<p> | ||
Use <code>{lookups}</code> to log messages like <code>logger.info("Try ${esc.d}{date:YYYY-MM-dd}")</code> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Would it make sense to put a note here, something like this:
|
||
using lookups, this will replace the date template <code>${esc.d}{date:YYYY-MM-dd}</code> | ||
with an actual date. This can be confusing in many cases, and it's often both easier and | ||
more obvious to handle the lookup in code. | ||
This feature is disabled by default and the message string is logged untouched. | ||
</p> | ||
<p> | ||
<b>Note: </b>Users are <b>STRONGLY</b> discouraged from using the lookups option. Doing so may allow uncontrolled user input | ||
containing lookups to take unintended actions. In almost all cases the software developer can accomplish the same tasks | ||
lookups perform directly in the application code. | ||
</p> | ||
</td> | ||
</tr> | ||
<tr> | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This class and log4j-list-lookups.xml could be deleted.