Upgrade to Log4J 2.18.0 (#88237)

build-tools-internal/version.properties

@@ -13,7 +13,7 @@ jackson           = 2.13.2
 snakeyaml         = 1.26
 icu4j             = 68.2
 supercsv          = 2.4.0
-log4j             = 2.17.1
+log4j             = 2.18.0
 slf4j             = 1.6.2
 ecsLogging        = 1.2.0
 

docs/changelog/88237.yaml

@@ -0,0 +1,5 @@
+pr: 88237
+summary: Upgrade to Log4J 2.18.0
+area: Infra/Core
+type: upgrade
+issues: []

modules/repository-azure/licenses/log4j-slf4j-impl-2.17.1.jar.sha1

@@ -1 +0,0 @@
-84692d456bcce689355d33d68167875e486954dd

modules/repository-azure/licenses/log4j-slf4j-impl-2.18.0.jar.sha1

@@ -0,0 +1 @@
+e0ea6ef49f1349bb30e8c6e8a7052d0f3ee7a719

modules/repository-gcs/licenses/log4j-1.2-api-2.17.1.jar.sha1

@@ -1 +0,0 @@
-db3a7e7f07e878b92ac4a8f1100bee8325d5713a

modules/repository-gcs/licenses/log4j-1.2-api-2.18.0.jar.sha1

@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210

modules/repository-s3/licenses/log4j-1.2-api-2.17.1.jar.sha1

@@ -1 +0,0 @@
-db3a7e7f07e878b92ac4a8f1100bee8325d5713a

modules/repository-s3/licenses/log4j-1.2-api-2.18.0.jar.sha1

@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210

modules/repository-url/licenses/log4j-1.2-api-2.17.1.jar.sha1

@@ -1 +0,0 @@
-db3a7e7f07e878b92ac4a8f1100bee8325d5713a

modules/repository-url/licenses/log4j-1.2-api-2.18.0.jar.sha1

@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210

plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.17.1.jar.sha1

@@ -1 +0,0 @@
-db3a7e7f07e878b92ac4a8f1100bee8325d5713a

plugins/discovery-azure-classic/licenses/log4j-1.2-api-2.18.0.jar.sha1

@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210

plugins/discovery-ec2/licenses/log4j-1.2-api-2.17.1.jar.sha1

@@ -1 +0,0 @@
-db3a7e7f07e878b92ac4a8f1100bee8325d5713a

plugins/discovery-ec2/licenses/log4j-1.2-api-2.18.0.jar.sha1

@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210

plugins/discovery-gce/licenses/log4j-1.2-api-2.17.1.jar.sha1

@@ -1 +0,0 @@
-db3a7e7f07e878b92ac4a8f1100bee8325d5713a

plugins/discovery-gce/licenses/log4j-1.2-api-2.18.0.jar.sha1

@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210

plugins/repository-hdfs/licenses/log4j-1.2-api-2.17.1.jar.sha1

@@ -1 +0,0 @@
-db3a7e7f07e878b92ac4a8f1100bee8325d5713a

plugins/repository-hdfs/licenses/log4j-1.2-api-2.18.0.jar.sha1

@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210

plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.17.1.jar.sha1

@@ -1 +0,0 @@
-84692d456bcce689355d33d68167875e486954dd

plugins/repository-hdfs/licenses/log4j-slf4j-impl-2.18.0.jar.sha1

@@ -0,0 +1 @@
+e0ea6ef49f1349bb30e8c6e8a7052d0f3ee7a719

server/build.gradle

@@ -178,7 +178,9 @@ tasks.named("thirdPartyAudit").configure {
             'com.lmax.disruptor.LifecycleAware',
             'com.lmax.disruptor.RingBuffer',
             'com.lmax.disruptor.Sequence',
+            'com.lmax.disruptor.SequenceBarrier',
             'com.lmax.disruptor.SequenceReportingEventHandler',
+            'com.lmax.disruptor.TimeoutException',
             'com.lmax.disruptor.WaitStrategy',
             'com.lmax.disruptor.dsl.Disruptor',
             'com.lmax.disruptor.dsl.ProducerType',
@@ -215,6 +217,7 @@ tasks.named("thirdPartyAudit").configure {
             'org.osgi.framework.BundleEvent',
             'org.osgi.framework.BundleReference',
             'org.osgi.framework.FrameworkUtil',
+            'org.osgi.framework.ServiceReference',
             'org.osgi.framework.ServiceRegistration',
             'org.osgi.framework.SynchronousBundleListener',
             'org.osgi.framework.wiring.BundleWire',

server/licenses/log4j-api-2.17.1.jar.sha1

@@ -1 +0,0 @@
-d771af8e336e372fb5399c99edabe0919aeaf5b2

server/licenses/log4j-api-2.18.0.jar.sha1

@@ -0,0 +1 @@
+c72ad9b1d8d42e4ea7befd8248bf05877af4c63d

server/licenses/log4j-core-2.17.1.jar.sha1

@@ -1 +0,0 @@
-779f60f3844dadc3ef597976fcb1e5127b1f343d

server/licenses/log4j-core-2.18.0.jar.sha1

@@ -0,0 +1 @@
+07c1882ede137548925eadb750615edab2f6e13c

server/src/main/java/module-info.java

@@ -358,5 +358,4 @@ module org.elasticsearch.server {
         with
             org.elasticsearch.cluster.coordination.NodeToolCliProvider,
             org.elasticsearch.index.shard.ShardToolCliProvider;
-    provides org.apache.logging.log4j.util.PropertySource with org.elasticsearch.common.logging.ESSystemPropertiesPropertySource;
 }

server/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java

@@ -20,11 +20,9 @@ import java.security.PermissionCollection;
 import java.security.Permissions;
 import java.security.Policy;
 import java.security.ProtectionDomain;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import java.util.function.Predicate;
 
 /** custom policy for union of static and dynamic permissions */
@@ -69,25 +67,6 @@ final class ESPolicy extends Policy {
         this.plugins = plugins;
     }
 
-    private static final Predicate<StackTraceElement> JDK_BOOT = f -> f.getClassLoaderName() == null;
-    private static final Predicate<StackTraceElement> ES_BOOTSTRAP = f -> f.getClassName().startsWith("org.elasticsearch.bootstrap");
-    private static final Predicate<StackTraceElement> IS_LOG4J = f -> "org.apache.logging.log4j.util.LoaderUtil".equals(f.getClassName())
-        && "getClassLoaders".equals(f.getMethodName());
-
-    /**
-     *  Returns true if the top of the call stack has:
-     *   1) Only frames belonging from the JDK's boot loader or org.elasticsearch.bootstrap, followed directly by
-     *   2) org.apache.logging.log4j.util.LoaderUtil.getClassLoaders
-     */
-    private static boolean isLoaderUtilGetClassLoaders() {
-        Optional<StackTraceElement> frame = Arrays.stream(Thread.currentThread().getStackTrace())
-            .dropWhile(JDK_BOOT.or(ES_BOOTSTRAP))
-            .limit(1)
-            .findFirst()
-            .filter(IS_LOG4J);
-        return frame.isPresent();
-    }
-
     @Override
     @SuppressForbidden(reason = "fast equals check is desired")
     public boolean implies(ProtectionDomain domain, Permission permission) {
@@ -124,11 +103,7 @@ final class ESPolicy extends Policy {
             if ("<<ALL FILES>>".equals(permission.getName())) {
                 hadoopHack();
             }
-        } else if (permission instanceof RuntimePermission
-            && "getClassLoader".equals(permission.getName())
-            && isLoaderUtilGetClassLoaders()) {
-                return true;
-            }
+        }
 
         // otherwise defer to template + dynamic file permissions
         return template.implies(domain, permission) || dynamic.implies(permission) || system.implies(domain, permission);

server/src/main/java/org/elasticsearch/common/logging/ESSystemPropertiesPropertySource.java

@@ -1,17 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0 and the Server Side Public License, v 1; you may not use this file except
- * in compliance with, at your election, the Elastic License 2.0 or the Server
- * Side Public License, v 1.
- */
-
-package org.elasticsearch.common.logging;
-
-import org.apache.logging.log4j.util.SystemPropertiesPropertySource;
-
-// This sucks!, but is resolved in log4J 2.18, as part of https://issues.apache.org/jira/browse/LOG4J2-3427
-public class ESSystemPropertiesPropertySource extends SystemPropertiesPropertySource {
-
-    public ESSystemPropertiesPropertySource() {}
-}

x-pack/plugin/core/licenses/log4j-1.2-api-2.17.1.jar.sha1

@@ -1 +0,0 @@
-db3a7e7f07e878b92ac4a8f1100bee8325d5713a

x-pack/plugin/core/licenses/log4j-1.2-api-2.18.0.jar.sha1

@@ -0,0 +1 @@
+09b1039c025e0d9a792daf1af0eac564e7181210

x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.17.1.jar.sha1

@@ -1 +0,0 @@
-84692d456bcce689355d33d68167875e486954dd

x-pack/plugin/identity-provider/licenses/log4j-slf4j-impl-2.18.0.jar.sha1

@@ -0,0 +1 @@
+e0ea6ef49f1349bb30e8c6e8a7052d0f3ee7a719

x-pack/plugin/security/licenses/log4j-slf4j-impl-2.17.1.jar.sha1

@@ -1 +0,0 @@
-84692d456bcce689355d33d68167875e486954dd

x-pack/plugin/security/licenses/log4j-slf4j-impl-2.18.0.jar.sha1

@@ -0,0 +1 @@
+e0ea6ef49f1349bb30e8c6e8a7052d0f3ee7a719

x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.17.1.jar.sha1

@@ -1 +0,0 @@
-84692d456bcce689355d33d68167875e486954dd

x-pack/plugin/vector-tile/licenses/log4j-slf4j-impl-2.18.0.jar.sha1

@@ -0,0 +1 @@
+e0ea6ef49f1349bb30e8c6e8a7052d0f3ee7a719