Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Spring boot 2.7.x does not work with logback 1.3.x (Java 8) #34708

Closed
LSmyrnaios opened this issue Mar 21, 2023 · 7 comments
Closed

Spring boot 2.7.x does not work with logback 1.3.x (Java 8) #34708

LSmyrnaios opened this issue Mar 21, 2023 · 7 comments
Labels
status: declined A suggestion or change that we don't feel we should currently apply

Comments

@LSmyrnaios
Copy link

Hi,

Since logback moved to the new versions' scheme 1.3.x for Java 8 and 1.4.x for Java-11, Spring Boot has only integrate logback 1.4.x into version 3.x.x (which uses Java-11).

Java-8 users have been left behind.

As logback documentation proves, logback creates new releases simultaneously for versions 1.3.x and 1.4.x
That said, versions 1.3.x are "active" and Spring Boot 2.7.x should integrate them.

Please consider the following use-case:

I have a Java-8 app which uses logback v.1.3.6 and runs fine.
Now I want to load that app into a Spring Boot app, as a dependency, which using Spring Boot v.2.7.9.
When running gradle buildRun, I get the following error:

2023-03-21 22:17:42.807 [Thread-0] DEBUG o.s.b.d.r.c.RestartClassLoader.<init>(@85) - Created RestartClassLoader org.springframework.boot.devtools.restart.classloader.RestartClassLoader@552d2ea
Exception in thread "restartedMain" java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49)
Caused by: java.lang.NoClassDefFoundError: org/slf4j/impl/StaticLoggerBinder
        at org.springframework.boot.logging.logback.LogbackLoggingSystem.getLoggerContext(LogbackLoggingSystem.java:293)
        at org.springframework.boot.logging.logback.LogbackLoggingSystem.beforeInitialize(LogbackLoggingSystem.java:118)
        at org.springframework.boot.context.logging.LoggingApplicationListener.onApplicationStartingEvent(LoggingApplicationListener.java:238)
        at org.springframework.boot.context.logging.LoggingApplicationListener.onApplicationEvent(LoggingApplicationListener.java:220)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:176)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:169)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:131)
        at org.springframework.boot.context.event.EventPublishingRunListener.starting(EventPublishingRunListener.java:79)
        at org.springframework.boot.SpringApplicationRunListeners.lambda$starting$0(SpringApplicationRunListeners.java:56)
        at java.util.ArrayList.forEach(ArrayList.java:1259)
        at org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:120)
        at org.springframework.boot.SpringApplicationRunListeners.starting(SpringApplicationRunListeners.java:56)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:298)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1303)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1292)
        at com.example.app.MyApplication.main(MyApplication.java:39)
        ... 5 more
Caused by: java.lang.ClassNotFoundException: org.slf4j.impl.StaticLoggerBinder
        at java.net.URLClassLoader.findClass(URLClassLoader.java:387)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:418)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:352)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
        ... 22 more

It seems that Spring Boot uses slf4j 1.7.x, but logback 1.3.x uses slf4j 2.0.x, so the "StaticLoggerBinder" class is missing.

So, could you please add support for logback v.1.3.x in Spring Boot versions >= 2.7.x and < 3 ?

Thank you in advance.

@LSmyrnaios LSmyrnaios changed the title Spring boot 2.7.x does not work with logback 1.3.x, Java 8 Spring boot 2.7.x does not work with logback 1.3.x (Java 8) Mar 21, 2023
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Mar 21, 2023
@scottfrederick
Copy link
Contributor

@LSmyrnaios Thanks for getting in touch. Spring Boot 2.7.x has a managed dependency for Logback 1.2.x. As stated in our third-party upgrade policy, we won't upgrade to a new minor version like Logback 1.3.x in a patch release of 2.7.x. As you've noted, we'd not only have to upgrade to Logback 1.3.x but also to SLF4j 2.0.x. There is an issue that discusses why we can't do that in 2.7.x, let alone in a patch release.

@scottfrederick scottfrederick closed this as not planned Won't fix, can't repro, duplicate, stale Mar 21, 2023
@scottfrederick scottfrederick added status: declined A suggestion or change that we don't feel we should currently apply and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 21, 2023
@belingueres
Copy link

Running maven-enforcer-plugin on a project, rule requireUpperBoundDeps, shows that Hikari has a dependency with SLF4J 2.0.0-alpha1:

[ERROR] +-org.springframework.boot:spring-boot-starter-data-jpa:2.7.11
[ERROR] +-org.springframework.boot:spring-boot-starter-jdbc:2.7.11 (managed) <-- org.springframework.boot:spring-boot-starter-jdbc:2.7.11
[ERROR] +-com.zaxxer:HikariCP:4.0.3 (managed) <-- com.zaxxer:HikariCP:4.0.3
[ERROR] +-org.slf4j:slf4j-api:1.7.36 (managed) <-- org.slf4j:slf4j-api:2.0.0-alpha1

@LSmyrnaios
Copy link
Author

LSmyrnaios commented Apr 28, 2023

With the oportunity of continuing the discussion, @scottfrederick , I would like to ask if there is a possibility of upgrading to SLF4J v.2.0.x and logback v.1.3.x in the next big release of Spring Boot 2, v.2.8.0 (if such release is planned at all).

This is quite important for a lot of users running Java 8 and want the latest security and bug fixes for production systems.
Thank you in advance.

@wilkinsona
Copy link
Member

We have no plans for a Spring Boot 2.8 at this time.

@ASarco
Copy link

ASarco commented Nov 30, 2023

The problem is now there is a vulnerability in logback 1.2.12 cve-2023-6378 and there is no solution for SB 2.7.x users.

@bclozel
Copy link
Member

bclozel commented Nov 30, 2023

@ASarco See qos-ch/logback#745

@peterkempy
Copy link

Use logback version 1.2.13

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: declined A suggestion or change that we don't feel we should currently apply
Projects
None yet
Development

No branches or pull requests

8 participants