Hello,
As noticed by Boris Unckel in LOG4J2-3579[1], there are some issues
when running Log4j2 under a SecurityManager, both from the
`ServiceLoader` and `PropertiesUtil` perspective.
>From the `PropertiesUtil` perspective:
* version 2.17.2 (cr. [2]) ignored all property sources that caused
an
Side note: The SecurityManager will eventually go away, which might not
matter for us for a long time!
See https://openjdk.org/jeps/411
Gary
On Sun, Aug 21, 2022 at 8:12 AM Piotr P. Karwasz
wrote:
> Hello,
>
> As noticed by Boris Unckel in LOG4J2-3579[1], there are some issues
> when running Lo
Hello all,
thanks Piotr to take care for the topic. One thing to consider:
> The environment and system properties sources are protected by internal Java
> security checks,...
Unfortunately not after applying the fix: PropertiesUtil[1] loads all the
services which provide a PropertySource ins
Fixing semantics of running with a SecurityManager in the 2.x branch makes
perfect sense. In 3.x, we might be able to relax that type of code as it’s
mostly module related security boundaries we need to continue supporting.
—
Matt Sicker
> On Aug 21, 2022, at 11:32, . . wrote:
>
> Hello all,
