-
Notifications
You must be signed in to change notification settings - Fork 24.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tolerate unprivileged log4j getClassLoaders calls #81840
Tolerate unprivileged log4j getClassLoaders calls #81840
Conversation
09e59a7
to
62a3c22
Compare
Pinging @elastic/es-core-infra (Team:Core/Infra) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it looks good to me, I don't know how to test this in a unit test though..
💔 Backport failed
You can use sqren/backport to manually backport by running |
LGTM. |
Tolerate unprivileged log4j getClassLoaders calls, as if (but not exactly) like they were wrapped in doPriv. This is precautionary step as security permission exceptions have been observed during testing.
Tolerate unprivileged log4j getClassLoaders calls, as if (but not exactly) like
they were wrapped in doPriv. This is precautionary step as security permission
exceptions have been observed during testing.
This change also reverts changes to tests in the log4j 2.15 Upgrade #81709,
as they should no longer be needed, given this change and changes in #81851.
No explicit new test has been added in this PR, but the code in question is
exercised extensively by existing tests, since the policy is set in the test
framework. The test reverts mentioned above confirm that the changes are
working as expected.
This change is a workaround to the issue raised in log4j:
https://issues.apache.org/jira/browse/LOG4J2-3236