[CMS-14907] Make LookupFilter compatible with log4j2-2.16 for lookup of the contextName - Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 12.6.22, 13.4.13, 14.7.2, 15.0.0
Component/s: None
Labels:
None

Processed by team:
Pulsar

Description

As of log4j2 2.16+, jndi based lookups are now by default disabled.
The most common usage thereof, for brXM, is specifically the lookup of the logging/contextName to filter log events for specific contexts, like with:

<LookupFilter key="jndi:logging/contextName" value="cms" onMatch="ACCEPT"/>

This specific jndi lookup is not a security vulnerability however, so to cater for log4j2 2.16+ with now default disabled jndi lookup,
a custom (fixed) workaround has been implemented which only intercepts a filter key="jndi:logging/contextName" and then do the jndi lookup directly, not via log4j2.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Ate Douma

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Dec/21 10:04 PM

Updated:: 15/Dec/21 12:44 PM

Resolved:: 15/Dec/21 7:58 AM