-
Notifications
You must be signed in to change notification settings - Fork 40.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to SLF4J 2.0 and Logback 1.4 #12649
Comments
Logback 1.3 is still in alpha so I think we should push this back to Spring Boot 2.2 |
Apparently the extension module of SLF4J prior to 1.8.0-beta2 contains a security vulnerability (see https://nvd.nist.gov/vuln/detail/CVE-2018-8088#VulnChangeHistorySection). As such, I wouldn't consider this ticket just an enhancement anymore. What do you think? |
@aprantl |
@snicoll Thanks for the quick reply. What would you recommend if an application based on Spring Boot relies on the extension module in its custom code? I guess the ext-module cannot be updated to 1.8.0-beta2 without dependency-managing the entire SLF4J and logback framework. Which again would not be possible considering the issue above. |
If you're not using |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
I am facing the same problem in my OSS project that I migrated to JPMS entirely. |
Disabling or changing the |
Thanks for the hint. Indeed it works when I launch my test with
and I still get the log output. However, I need the test to be portable, run by anybody in maven, any IDE, etc.
But it has to be set as a system property in the boostrapping. |
If you know that users of your project will never want to use Spring Boot's logging system, you can use an |
As a side note: The SLF4J 1.8 beta seems to work with Logback 1.2.3, if you return |
This has become more important for Spring Boot 3.0 and applications using an SMTP appender. In Logback 1.2, the SMTP appender uses |
@wilkinsona Will this get merged until Spring Boot 3.0.0? |
@code-magician323 As I said above, the current target is 3.0.0-RC1. |
It's possible to make Spring Boot 2.x work with Slf4j 2.0 simply by disabling the custom logging facade used by Spring Boot. To do so, one needs to set As I looked at the code, it should be possible to write a custom |
The module was removing in SLF4J 2.0 See gh-12649
How to do this in Intellij? |
this can be done within the pom.xml file, just look for the maven-surefire-plugin e.g.:
|
after reading the source code, add the following code to the startup class, then launch without exception.
|
this does let me boot, but wow the output log is insanely verbose now. and colorless. |
That's Logback's default configuration. You can customize it, perhaps using Boot's configuration as a starting point. Note that the file must be |
When starting Studio it fails loading org/slf4j/impl/StaticLoggerBinder due to chaneges in sping from version 2.7.8 See: * spring-projects/spring-boot#12649 (comment) * https://docs.spring.io/spring-boot/docs/2.7.8/reference/html/features.html#features.logging
With thanks to @rwinch, I've just learned that Boot doesn't work with Logback 1.3 (still in alpha). It fails on launch with the following exception:
StaticLoggerBinder
was removed in this commit which appears to be part of a broader effort to provide Jigsaw modules for SLF4J and Logback.The text was updated successfully, but these errors were encountered: