LOGGING: Upgrade to Log4J 2.11.1 (#32616)

* LOGGING: Upgrade to Log4J 2.11.1
* Upgrade to `2.11.1` to fix memory leaks in slow logger when logging large requests
   * This was caused by a bug in Log4J https://issues.apache.org/jira/browse/LOG4J2-2269 and is fixed in `2.11.1` via https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=9496c0c
* Fixes #32537
* Fixes #27300

buildSrc/version.properties

@@ -7,7 +7,7 @@ jts               = 1.15.0
 jackson           = 2.8.10
 snakeyaml         = 1.17
 # when updating log4j, please update also docs/java-api/index.asciidoc
-log4j             = 2.9.1
+log4j             = 2.11.1
 slf4j             = 1.6.2
 
 # when updating the JNA version, also update the version in buildSrc/build.gradle

docs/java-api/index.asciidoc

@@ -81,7 +81,7 @@ You need to also include Log4j 2 dependencies:
 <dependency>
     <groupId>org.apache.logging.log4j</groupId>
     <artifactId>log4j-core</artifactId>
-    <version>2.9.1</version>
+    <version>2.11.1</version>
 </dependency>
 --------------------------------------------------
 
@@ -109,7 +109,7 @@ If you want to use another logger than Log4j 2, you can use http://www.slf4j.org
 <dependency>
     <groupId>org.apache.logging.log4j</groupId>
     <artifactId>log4j-to-slf4j</artifactId>
-    <version>2.9.1</version>
+    <version>2.11.1</version>
 </dependency>
 <dependency>
     <groupId>org.slf4j</groupId>

plugins/repository-hdfs/build.gradle

@@ -564,7 +564,6 @@ thirdPartyAudit.excludes = [
   // we are not pulling in slf4j-ext, this is okay, Log4j will fallback gracefully
   'org.slf4j.ext.EventData',
 
-  'org.apache.log4j.AppenderSkeleton',
   'org.apache.log4j.AsyncAppender',
   'org.apache.log4j.helpers.ISO8601DateFormat',
   'org.apache.log4j.spi.ThrowableInformation',

plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.11.1.jar.sha1

@@ -0,0 +1 @@
+4b41b53a3a2d299ce381a69d165381ca19f62912

plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.9.1.jar.sha1

@@ -1 +0,0 @@
-0a97a849b18b3798c4af1a2ca5b10c66cef17e3a

server/build.gradle

@@ -220,7 +220,6 @@ thirdPartyAudit.excludes = [
   'com.fasterxml.jackson.dataformat.xml.JacksonXmlModule',
   'com.fasterxml.jackson.dataformat.xml.XmlMapper',
   'com.fasterxml.jackson.dataformat.xml.util.DefaultXmlPrettyPrinter',
-  'com.fasterxml.jackson.databind.node.JsonNodeFactory',
   'com.fasterxml.jackson.databind.node.ObjectNode',
   'org.fusesource.jansi.Ansi',
   'org.fusesource.jansi.AnsiRenderer$Code',
@@ -262,12 +261,6 @@ thirdPartyAudit.excludes = [
   'javax.mail.internet.MimeMultipart',
   'javax.mail.internet.MimeUtility',
   'javax.mail.util.ByteArrayDataSource',
-  'javax.persistence.AttributeConverter',
-  'javax.persistence.EntityManager',
-  'javax.persistence.EntityManagerFactory',
-  'javax.persistence.EntityTransaction',
-  'javax.persistence.Persistence',
-  'javax.persistence.PersistenceException',
   'org.apache.commons.compress.compressors.CompressorStreamFactory',
   'org.apache.commons.compress.utils.IOUtils',
   'org.apache.commons.csv.CSVFormat',
@@ -311,6 +304,16 @@ thirdPartyAudit.excludes = [
   'com.google.common.geometry.S2LatLng',
 ]
 
+if (JavaVersion.current() <= JavaVersion.VERSION_1_8) {
+  // Used by Log4J 2.11.1
+  thirdPartyAudit.excludes += [
+    'java.io.ObjectInputFilter',
+    'java.io.ObjectInputFilter$Config',
+    'java.io.ObjectInputFilter$FilterInfo',
+    'java.io.ObjectInputFilter$Status'
+  ]
+}
+
 if (JavaVersion.current() > JavaVersion.VERSION_1_8) {
   thirdPartyAudit.excludes += ['javax.xml.bind.DatatypeConverter']
 }

server/licenses/log4j-1.2-api-2.11.1.jar.sha1

@@ -0,0 +1 @@
+3aba3398fe064a3eab4331f88161c7480e848418

server/licenses/log4j-1.2-api-2.9.1.jar.sha1

@@ -1 +0,0 @@
-894f96d677880d4ab834a1356f62b875e579caaa

server/licenses/log4j-api-2.11.1.jar.sha1

@@ -0,0 +1 @@
+268f0fe4df3eefe052b57c87ec48517d64fb2a10

server/licenses/log4j-api-2.9.1.jar.sha1

@@ -1 +0,0 @@
-7a2999229464e7a324aa503c0a52ec0f05efe7bd

server/licenses/log4j-core-2.11.1.jar.sha1

@@ -0,0 +1 @@
+592a48674c926b01a9a747c7831bcd82a9e6d6e4

server/licenses/log4j-core-2.9.1.jar.sha1

@@ -1 +0,0 @@
-c041978c686866ee8534f538c6220238db3bb6be

server/src/test/java/org/elasticsearch/common/logging/LoggersTests.java

@@ -46,7 +46,7 @@ public class LoggersTests extends ESTestCase {
 
         @Override
         public void append(LogEvent event) {
-            lastEvent = event;
+            lastEvent = event.toImmutable();
         }
 
         ParameterizedMessage lastParameterizedMessage() {

test/logger-usage/build.gradle

@@ -45,3 +45,13 @@ thirdPartyAudit.excludes = [
   'org.osgi.framework.wiring.BundleWire',
   'org.osgi.framework.wiring.BundleWiring'
 ]
+
+if (JavaVersion.current() <= JavaVersion.VERSION_1_8) {
+  // Used by Log4J 2.11.1
+  thirdPartyAudit.excludes += [
+    'java.io.ObjectInputFilter',
+    'java.io.ObjectInputFilter$Config',
+    'java.io.ObjectInputFilter$FilterInfo',
+    'java.io.ObjectInputFilter$Status'
+  ]
+}

x-pack/plugin/security/licenses/log4j-slf4j-impl-2.11.1.jar.sha1

@@ -0,0 +1 @@
+4b41b53a3a2d299ce381a69d165381ca19f62912

x-pack/plugin/security/licenses/log4j-slf4j-impl-2.9.1.jar.sha1

@@ -1 +0,0 @@
-0a97a849b18b3798c4af1a2ca5b10c66cef17e3a

x-pack/plugin/sql/sql-action/build.gradle

@@ -76,8 +76,6 @@ thirdPartyAudit.excludes = [
         'com.fasterxml.jackson.dataformat.xml.JacksonXmlModule',
         'com.fasterxml.jackson.dataformat.xml.XmlMapper',
         'com.fasterxml.jackson.dataformat.xml.util.DefaultXmlPrettyPrinter',
-        'com.fasterxml.jackson.databind.node.JsonNodeFactory',
-        'com.fasterxml.jackson.databind.node.ObjectNode',
         'com.lmax.disruptor.BlockingWaitStrategy',
         'com.lmax.disruptor.BusySpinWaitStrategy',
         'com.lmax.disruptor.EventFactory',
@@ -116,12 +114,6 @@ thirdPartyAudit.excludes = [
         'javax.mail.internet.MimeMultipart',
         'javax.mail.internet.MimeUtility',
         'javax.mail.util.ByteArrayDataSource',
-        'javax.persistence.AttributeConverter',
-        'javax.persistence.EntityManager',
-        'javax.persistence.EntityManagerFactory',
-        'javax.persistence.EntityTransaction',
-        'javax.persistence.Persistence',
-        'javax.persistence.PersistenceException',
         'org.apache.commons.compress.compressors.CompressorStreamFactory',
         'org.apache.commons.compress.utils.IOUtils',
         'org.apache.commons.csv.CSVFormat',
@@ -150,3 +142,13 @@ thirdPartyAudit.excludes = [
         'org.zeromq.ZMQ$Socket',
         'org.zeromq.ZMQ'
 ]
+
+if (JavaVersion.current() <= JavaVersion.VERSION_1_8) {
+    // Used by Log4J 2.11.1
+    thirdPartyAudit.excludes += [
+      'java.io.ObjectInputFilter',
+      'java.io.ObjectInputFilter$Config',
+      'java.io.ObjectInputFilter$FilterInfo',
+      'java.io.ObjectInputFilter$Status'
+    ]
+}

x-pack/plugin/sql/sql-action/licenses/log4j-api-2.11.1.jar.sha1

@@ -0,0 +1 @@
+268f0fe4df3eefe052b57c87ec48517d64fb2a10

x-pack/plugin/sql/sql-action/licenses/log4j-api-2.9.1.jar.sha1

@@ -1 +0,0 @@
-7a2999229464e7a324aa503c0a52ec0f05efe7bd

x-pack/plugin/sql/sql-action/licenses/log4j-core-2.11.1.jar.sha1

@@ -0,0 +1 @@
+592a48674c926b01a9a747c7831bcd82a9e6d6e4

x-pack/plugin/sql/sql-action/licenses/log4j-core-2.9.1.jar.sha1

@@ -1 +0,0 @@
-c041978c686866ee8534f538c6220238db3bb6be