Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hack around Log4j bug rendering exceptions #20306

Merged
merged 4 commits into from Sep 3, 2016

Conversation

Projects
None yet
4 participants
@jasontedor
Copy link
Member

commented Sep 2, 2016

Log4j has a bug where it does not handle a security exception that can
be thrown when it is rendering a stack trace. This commit intentionally
introduces jar hell with the ThrowableProxy class to work around this
bug until a fix is a released.

Relates #20304

jasontedor added some commits Sep 2, 2016

Prepare for Log4j hack
This commit copies ThrowableProxy from Log4j and exempts ThrowableProxy
and its inner classes from jar hell checks. This is to prepare for a
hack to work around a bug in Log4j.
Hack around Log4j bug rendering exceptions
Log4j has a bug where it does not handle a security exception that can
be thrown when it is rendering a stack trace. This commit intentionally
introduces jar hell with the ThrowableProxy class to work around this
bug until a fix is a released.
@abeyad

This comment has been minimized.

Copy link
Contributor

commented Sep 2, 2016

LGTM

@@ -277,6 +277,9 @@ static void checkClass(Map<String,Path> clazzes, String clazz, Path jarpath) {
if (clazz.equals("org.joda.time.base.BaseDateTime")) {
return; // apparently this is intentional... clean this up
}
if (clazz.startsWith("org.apache.logging.log4j.core.impl.ThrowableProxy")) {
return; // deliberate to hack around a bug in Log4j

This comment has been minimized.

Copy link
@s1monw

s1monw Sep 2, 2016

Contributor

can we have a reference to the actual issue in here. It's just easier to reason about this with a direct link?

This comment has been minimized.

Copy link
@jasontedor

jasontedor Sep 2, 2016

Author Member

I pushed 88e91ae.

@s1monw

This comment has been minimized.

Copy link
Contributor

commented Sep 2, 2016

left one comment LGTM otherwise

jasontedor added some commits Sep 2, 2016

Add comment for Log4j exception logging bug
This commit adds a comment to the jar hell exemption for
org.apache.logging.log4j.core.impl.ThrowableProxy and its inner classes
due to an exception logging bug in Log4j.
Fix ThrowableProxy.java path and omit checkstyle
This commit moves ThrowableProxy.java to a path that corresponds to its
package name, and adds checkstyle suppressions since this class violates
our checkstyle policy.

@jasontedor jasontedor merged commit b9966fe into elastic:master Sep 3, 2016

2 checks passed

CLA Commit author is a member of Elasticsearch
Details
elasticsearch-ci Build finished.
Details

@jasontedor jasontedor deleted the jasontedor:throwable-proxy-hack branch Sep 3, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.