Is solace 10.11 compatible with log4j2 (v2.15)?
Hi there.
Because of the actual log4j issue (Log4j2 Vulnerability (CVE-2021-44228)), i was asked to change our jms client implemtation to use the latest version of log4j2 (v2.15). The previous log4j version used by the client was log4j-1.2.16. Everything was working fine there.
I know this old version is not affected, nevertheless i have to change it to 2.15. :-)
Since i changed the client implemenation, the client has failed with:
Exception in thread "Send-esb/t/kfl/test" java.lang.NoClassDefFoundError: org/apache/commons/logging/LogFactory
at com.solacesystems.jndi.SolJNDIInitialContextFactory.(SolJNDIInitialContextFactory.java:62)
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:467)
when connecting to our solace broker. We use solace client libs v10.11.
Did I miss something or is solace 10.11 not working with log4j2?
Thank you for your support.
Kind regards,
Martin
Best Answer
-
Hi @mgaw,
I pinged our support team and got this response. Hope it helps!
The API logs using Apache Commons Logging so any logging framework compatible
with Apache Commons Logging can be used. Looking at the link below it seems to
be compatible using a logging bridge:
[1]https://logging.apache.org/log4j/2.x/log4j-jcl/index.htmlAlso I would recommend to upgrade to v2.16 since 2.15 still contains a
vulnerability
[2]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046).0
Answers
-
Hi @mgaw,
I pinged our support team and got this response. Hope it helps!
The API logs using Apache Commons Logging so any logging framework compatible
with Apache Commons Logging can be used. Looking at the link below it seems to
be compatible using a logging bridge:
[1]https://logging.apache.org/log4j/2.x/log4j-jcl/index.htmlAlso I would recommend to upgrade to v2.16 since 2.15 still contains a
vulnerability
[2]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046).0
